예제 #1
0
        /**
         * Runs file identification for the binary file specified by targetFile
         *
         * @param targetFile   The binary file to be identified
         */
        public void runFileIdentification(IByteReader targetFile)
        {
            //record all positive identifications
            for (int iSig = 0; iSig < this.getNumInternalSignatures(); iSig++)
            {
                InternalSignature internalSig = this.getInternalSignature(iSig);
                //System.out.println("============================ Running identification for signature ID = "+internalSig.getID()+ " ===========================");

                if (internalSig.isFileCompliant(targetFile))
                {
                    //File matches this internal signature
                    targetFile.SetPositiveIdentification();
                    for (int i = 0; i < internalSig.getNumFileFormats(); i++)
                    {
                        FileFormatHit fileHit = new FileFormatHit(internalSig.getFileFormat(i), AnalysisController.HIT_TYPE_POSITIVE_GENERIC_OR_SPECIFIC, internalSig.isSpecific(), "");
                        targetFile.AddHit(fileHit);
                    }
                }
            }

            //remove any hits for which there is a higher priority hit
            if (targetFile.GetNumberOfHits() > 1)
            {
                this.removeLowerPriorityHits(targetFile);
            }

            //carry out file extension checking
            this.checkExtension(targetFile);

            // if there are still no hits then classify as unidentified
            if (targetFile.GetNumberOfHits() == 0)
            {
                targetFile.SetNoIdentification();
            }
        }
예제 #2
0
        /**
         * Determines the file extension
         * If the file has got some positive hits, then check these against this extension
         * If the file has not got any positive hits, then look for tentative hits
         * based on the extension only.
         *
         * @param targetFile   The binary file to be identified
         */
        private void checkExtension(IByteReader targetFile)
        {
            //work out if file has an extension
            bool hasExtension = true;
            int  dotPos       = targetFile.GetFileName().LastIndexOf(".");

            if (dotPos < 0)
            {
                hasExtension = false;
            }
            else if (dotPos == targetFile.GetFileName().Length - 1)
            {
                hasExtension = false;
            }
            else if (targetFile.GetFileName().LastIndexOf("/") > dotPos)
            {
                hasExtension = false;
            }
            else if (targetFile.GetFileName().LastIndexOf("\\") > dotPos)
            {
                hasExtension = false;
            }

            //
            if (hasExtension)
            {
                String fileExtension = targetFile.GetFileName().Substring(dotPos + 1);

                if (targetFile.GetNumberOfHits() > 0)
                {
                    //for each file format which is a hit, check that it expects the given extension - if not give a warning
                    for (int iHit = 0; iHit < targetFile.GetNumberOfHits(); iHit++)
                    {
                        if (!(targetFile.GetHit(iHit).GetFileFormat().HasMatchingExtension(fileExtension)))
                        {
                            targetFile.GetHit(iHit).SetIdentificationWarning(MessageDisplay.FILEEXTENSIONWARNING);
                        }
                    }                    //loop through hits
                }
                else
                {
                    //no positive hits have been found, so search for tenative hits
                    //loop through all file formats with no internal signature
                    for (int iFormat = 0; iFormat < this.getNumFileFormats(); iFormat++)
                    {
                        if (this.getFileFormat(iFormat).GetNumberOfInternalSignatures() == 0)
                        {
                            if (this.getFileFormat(iFormat).HasMatchingExtension(fileExtension))
                            {
                                //add this as a tentative hit
                                FileFormatHit fileHit = new FileFormatHit(this.getFileFormat(iFormat), AnalysisController.HIT_TYPE_TENTATIVE, false, "");
                                targetFile.AddHit(fileHit);
                                targetFile.SetTentativeIdentification();
                            }
                        }
                    }    //loop through file formats
                }
            }            //end of if(hasExtension)
            else
            {
                //if the file does not have an extension then add warning to all its hits
                for (int iHit = 0; iHit < targetFile.GetNumberOfHits(); iHit++)
                {
                    targetFile.GetHit(iHit).SetIdentificationWarning(MessageDisplay.FILEEXTENSIONWARNING);
                }
            }
        }
예제 #3
0
		/**
		 * Determines the file extension
		 * If the file has got some positive hits, then check these against this extension
		 * If the file has not got any positive hits, then look for tentative hits
		 * based on the extension only.
		 *
		 * @param targetFile   The binary file to be identified
		 */
		private void checkExtension(IByteReader targetFile)
		{

			//work out if file has an extension
			bool hasExtension = true;
			int dotPos = targetFile.GetFileName().LastIndexOf(".");
			if (dotPos < 0)
			{
				hasExtension = false;
			}
			else if (dotPos == targetFile.GetFileName().Length - 1)
			{
				hasExtension = false;
			}
			else if (targetFile.GetFileName().LastIndexOf("/") > dotPos)
			{
				hasExtension = false;
			}
			else if (targetFile.GetFileName().LastIndexOf("\\") > dotPos)
			{
				hasExtension = false;
			}

			//
			if (hasExtension)
			{
				String fileExtension = targetFile.GetFileName().Substring(dotPos + 1);

				if (targetFile.GetNumberOfHits() > 0)
				{

					//for each file format which is a hit, check that it expects the given extension - if not give a warning
					for (int iHit = 0; iHit < targetFile.GetNumberOfHits(); iHit++)
					{
						if (!(targetFile.GetHit(iHit).GetFileFormat().HasMatchingExtension(fileExtension)))
						{
							targetFile.GetHit(iHit).SetIdentificationWarning(MessageDisplay.FILEEXTENSIONWARNING);
						}
					}//loop through hits

				}
				else
				{
					//no positive hits have been found, so search for tenative hits
					//loop through all file formats with no internal signature
					for (int iFormat = 0; iFormat < this.getNumFileFormats(); iFormat++)
					{
						if (this.getFileFormat(iFormat).GetNumberOfInternalSignatures() == 0)
						{
							if (this.getFileFormat(iFormat).HasMatchingExtension(fileExtension))
							{
								//add this as a tentative hit
								FileFormatHit fileHit = new FileFormatHit(this.getFileFormat(iFormat), AnalysisController.HIT_TYPE_TENTATIVE, false, "");
								targetFile.AddHit(fileHit);
								targetFile.SetTentativeIdentification();
							}
						}
					}//loop through file formats
				}
			}//end of if(hasExtension)
			else
			{
				//if the file does not have an extension then add warning to all its hits
				for (int iHit = 0; iHit < targetFile.GetNumberOfHits(); iHit++)
				{
					targetFile.GetHit(iHit).SetIdentificationWarning(MessageDisplay.FILEEXTENSIONWARNING);
				}
			}
		}
예제 #4
0
		/**
		 * Runs file identification for the binary file specified by targetFile
		 *
		 * @param targetFile   The binary file to be identified
		 */
		public void runFileIdentification(IByteReader targetFile)
		{

			//record all positive identifications
			for (int iSig = 0; iSig < this.getNumInternalSignatures(); iSig++)
			{
				InternalSignature internalSig = this.getInternalSignature(iSig);
				//System.out.println("============================ Running identification for signature ID = "+internalSig.getID()+ " ===========================");

				if (internalSig.isFileCompliant(targetFile))
				{
					//File matches this internal signature
					targetFile.SetPositiveIdentification();
					for (int i = 0; i < internalSig.getNumFileFormats(); i++)
					{
						FileFormatHit fileHit = new FileFormatHit(internalSig.getFileFormat(i), AnalysisController.HIT_TYPE_POSITIVE_GENERIC_OR_SPECIFIC, internalSig.isSpecific(), "");
						targetFile.AddHit(fileHit);
					}
				}
			}

			//remove any hits for which there is a higher priority hit
			if (targetFile.GetNumberOfHits() > 1)
			{
				this.removeLowerPriorityHits(targetFile);
			}

			//carry out file extension checking
			this.checkExtension(targetFile);

			// if there are still no hits then classify as unidentified
			if (targetFile.GetNumberOfHits() == 0)
			{
				targetFile.SetNoIdentification();
			}
		}