angr.analyses.flirt.flirt_sig¶
- exception angr.analyses.flirt.flirt_sig.FlirtSignatureError¶
Bases:
AngrErrorDescribes errors related to FLIRT signatures, especially parsing.
- class angr.analyses.flirt.flirt_sig.FlirtSignature¶
Bases:
objectThis class describes a FLIRT signature without any internal data that is only available after parsing.
- __init__(arch, platform, sig_name, sig_path, unique_strings=None, compiler=None, compiler_version=None, os_name=None, os_version=None)¶
- class angr.analyses.flirt.flirt_sig.FlirtSignatureParsed¶
Bases:
objectDescribes a FLIRT signature file after parsing.
- __init__(version, arch, file_types, os_types, app_types, features, crc, ctype, ctypes_crc, nfuncs, pattern_size, libname, root)¶
- version
- arch
- file_types
- os_types
- app_types
- features
- crc
- ctype
- ctypes_crc
- nfuncs
- pattern_size
- libname
- root
- parse_tree(file_obj, root=False)¶
Parse a FLIRT function tree.
- parse_public_function(file_obj, offset)¶
- Return type:
tuple[FlirtFunction,int,int]- Parameters:
offset (int)
- parse_referenced_functions(file_obj)¶
- Return type:
- parse_modules(file_obj)¶
- Return type:
- parse_module(file_obj)¶
- Return type:
- static is_bit_set_be(mask, mask_len, bit_offset)¶
- static parse_node(file_obj, length, variant_mask)¶
- classmethod parse_header(file_obj)¶
Parse only the FLIRT signature header (no function tree).
The returned object has
rootset to None. Useparse()if you also need the function tree, or callparse_tree_from()later on a separately opened file to populaterooton demand.The following struct definitions come from radare2
// FLIRT v5+ ut8 magic[6]; ut8 version; ut8 arch; ut32 file_types; ut16 os_types; ut16 app_types; ut16 features; ut16 old_n_functions; ut16 crc16; ut8 ctype[12]; ut8 library_name_len; ut16 ctypes_crc16;
// FLIRT v6+ ut32 nfuncs;
// FLIRT v8+ ut16 pattern_size;
// FLIRT v10 ut16 unknown;
- Return type:
- classmethod parse(file_obj)¶
Parse a FLIRT signature file, including the function tree.
- Return type: