Add rz_search_collection_strings

rizinorg · Nov 26, 2024 · 9b1253f · 9b1253f
1 parent fd68bba
commit 9b1253f
Show file tree

Hide file tree

Showing 14 changed files with 346 additions and 195 deletions.
diff --git a/librz/include/rz_search.h b/librz/include/rz_search.h
@@ -42,6 +42,9 @@ RZ_API RZ_OWN RzSearchCollection *rz_search_collection_bytes();
 RZ_API bool rz_search_collection_bytes_add(RZ_NONNULL RzSearchCollection *col, RZ_NONNULL const char *metadata, RZ_NONNULL const ut8 *bytes, RZ_NULLABLE const ut8 *mask, size_t length);
 RZ_API bool rz_search_collection_bytes_add_pattern(RZ_NONNULL RzSearchCollection *col, RZ_NONNULL const char *hex_pattern);
 
+RZ_API RZ_OWN RzSearchCollection *rz_search_collection_strings(RZ_NONNULL RzUtilStrScanOptions *opts, RzStrEnc expected, bool caseless);
+RZ_API bool rz_search_collection_string_add(RZ_NONNULL RzSearchCollection *col, RZ_NONNULL const char *string);
+
 RZ_API RZ_OWN RzSearchCollection *rz_search_collection_magic(RZ_NONNULL const char *magic_dir);
 
 RZ_API bool rz_search_collection_match_any(RZ_NULLABLE RzSearchCollection *sc, RZ_NONNULL const ut8 *buffer, size_t length);

diff --git a/librz/include/rz_util/rz_str_search.h b/librz/include/rz_util/rz_str_search.h
@@ -14,10 +14,10 @@ extern "C" {
  * Represent a detected string.
  */
 typedef struct {
-	char *string; ///< Pointer to the string
+	char *string; ///< Pointer to the decoded utf-8 string
 	ut64 addr; ///< Address of the string in the RzBuffer
-	ut32 size; ///< Size of buffer containing the string in bytes
-	ut32 length; ///< Length of string in chars
+	ut32 size; ///< Raw size of buffer containing the string in bytes
+	ut32 length; ///< Decoded length of string in utf-8 chars
 	RzStrEnc type; ///< String type
 } RzDetectedString;
 

diff --git a/librz/main/rz-find.c b/librz/main/rz-find.c
@@ -15,6 +15,18 @@
 #include <rz_io.h>
 #include <rz_bin.h>
 
+typedef enum {
+	SEARCH_MODE_BYTES = 0,
+	SEARCH_MODE_REGEXP,
+	SEARCH_MODE_STRING,
+	SEARCH_MODE_AES,
+	SEARCH_MODE_PRIVATE_KEY,
+	SEARCH_MODE_MAGIC,
+	SEARCH_MODE_XREFS,
+	/* enum size */
+	SEARCH_MODE_LAST
+} search_mode;
+
 typedef struct {
 	bool showstr;
 	bool rad;
@@ -26,7 +38,7 @@ typedef struct {
 	bool widestr;
 	bool nonstop;
 	bool json;
-	int mode;
+	search_mode mode;
 	int align;
 	ut8 *buf;
 	ut64 bsize;
@@ -48,7 +60,7 @@ static void rzfind_options_fini(RzfindOptions *ro) {
 
 static void rzfind_options_init(RzfindOptions *ro) {
 	memset(ro, 0, sizeof(RzfindOptions));
-	ro->mode = RZ_SEARCH_MODE_STRING;
+	ro->mode = SEARCH_MODE_STRING;
 	ro->bsize = 4096;
 	ro->to = UT64_MAX;
 	ro->keywords = rz_list_newf(NULL);
@@ -370,7 +382,7 @@ static int rzfind_open_file(RzfindOptions *ro, const char *file, const ut8 *data
 	io->cb_printf = printf;
 	RzBinFile *bf = rz_bin_open(bin, file, &opt);
 
-	if (ro->mode == RZ_SEARCH_MODE_STRING) {
+	if (ro->mode == SEARCH_MODE_STRING) {
 		PJ *pj = NULL;
 		if (ro->json) {
 			pj = pj_new();
@@ -402,7 +414,7 @@ static int rzfind_open_file(RzfindOptions *ro, const char *file, const ut8 *data
 		goto done;
 	}
 
-	if (ro->mode == RZ_SEARCH_MODE_MAGIC) {
+	if (ro->mode == SEARCH_MODE_MAGIC) {
 		/* TODO: implement using api */
 		char *tostr = (to && to != UT64_MAX) ? rz_str_newf("-e search.to=%" PFMT64d, to) : rz_str_dup("");
 		rz_sys_cmdf("rizin"
@@ -414,14 +426,14 @@ static int rzfind_open_file(RzfindOptions *ro, const char *file, const ut8 *data
 		free(tostr);
 		goto done;
 	}
-	if (ro->mode == RZ_SEARCH_MODE_ESIL) {
+	if (ro->mode == SEARCH_MODE_ESIL) {
 		/* TODO: implement using api */
 		rz_list_foreach (ro->keywords, iter, kw) {
 			rz_sys_cmdf("rizin -qc \"/E %s\" \"%s\"", kw, efile);
 		}
 		goto done;
 	}
-	if (ro->mode == RZ_SEARCH_MODE_KEYWORD) {
+	if (ro->mode == SEARCH_MODE_KEYWORD) {
 		rz_list_foreach (ro->keywords, iter, kw) {
 			if (ro->hexstr) {
 				if (ro->mask) {
@@ -435,7 +447,7 @@ static int rzfind_open_file(RzfindOptions *ro, const char *file, const ut8 *data
 				rz_search_kw_add(rs, rz_search_keyword_new_str(kw, ro->mask, NULL, 0));
 			}
 		}
-	} else if (ro->mode == RZ_SEARCH_MODE_STRING) {
+	} else if (ro->mode == SEARCH_MODE_STRING) {
 		rz_search_kw_add(rs, rz_search_keyword_new_hexmask("00", NULL)); // XXX
 	}
 
@@ -543,10 +555,10 @@ RZ_API int rz_main_rz_find(int argc, const char **argv) {
 			ro.nonstop = 1;
 			break;
 		case 'm':
-			ro.mode = RZ_SEARCH_MODE_MAGIC;
+			ro.mode = SEARCH_MODE_MAGIC;
 			break;
 		case 'e':
-			ro.mode = RZ_SEARCH_MODE_REGEXP;
+			ro.mode = SEARCH_MODE_REGEXP;
 			ro.hexstr = 0;
 			rz_list_append(ro.keywords, (void *)opt.arg);
 			break;
@@ -555,13 +567,13 @@ RZ_API int rz_main_rz_find(int argc, const char **argv) {
 			ro.exec_command = opt.arg;
 			break;
 		case 's':
-			ro.mode = RZ_SEARCH_MODE_KEYWORD;
+			ro.mode = SEARCH_MODE_KEYWORD;
 			ro.hexstr = false;
 			ro.widestr = false;
 			rz_list_append(ro.keywords, (void *)opt.arg);
 			break;
 		case 'w':
-			ro.mode = RZ_SEARCH_MODE_KEYWORD;
+			ro.mode = SEARCH_MODE_KEYWORD;
 			ro.hexstr = false;
 			ro.widestr = true;
 			rz_list_append(ro.keywords, (void *)opt.arg);
@@ -593,7 +605,7 @@ RZ_API int rz_main_rz_find(int argc, const char **argv) {
 			}
 			char *hexdata = rz_hex_bin2strdup((ut8 *)data, data_size);
 			if (hexdata) {
-				ro.mode = RZ_SEARCH_MODE_KEYWORD;
+				ro.mode = SEARCH_MODE_KEYWORD;
 				ro.hexstr = true;
 				ro.widestr = false;
 				rz_list_append(ro.keywords, (void *)hexdata);
@@ -604,7 +616,7 @@ RZ_API int rz_main_rz_find(int argc, const char **argv) {
 			ro.to = rz_num_math(NULL, opt.arg);
 			break;
 		case 'x':
-			ro.mode = RZ_SEARCH_MODE_KEYWORD;
+			ro.mode = SEARCH_MODE_KEYWORD;
 			ro.hexstr = 1;
 			ro.widestr = 0;
 			rz_list_append(ro.keywords, (void *)opt.arg);
@@ -620,7 +632,7 @@ RZ_API int rz_main_rz_find(int argc, const char **argv) {
 		case 'h':
 			return show_help(argv[0], 0);
 		case 'z':
-			ro.mode = RZ_SEARCH_MODE_STRING;
+			ro.mode = SEARCH_MODE_STRING;
 			break;
 		case 'Z':
 			ro.showstr = true;

diff --git a/librz/meson.build b/librz/meson.build
@@ -14,8 +14,8 @@ subdir('diff')
 subdir('io')
 subdir('bp')
 subdir('syscall')
-subdir('search')
 subdir('magic')
+subdir('search')
 subdir('flag')
 subdir('reg')
 subdir('type')

diff --git a/librz/search/aes_search.c b/librz/search/aes_search.c
@@ -46,9 +46,9 @@ static bool aes128_key_test(const ut8 *buf) {
 	return word1 && word2;
 }
 
-#define SEARCH_OVER_AES_KEY_FCN(name) search_over_aes_##name
-#define SEARCH_OVER_AES_KEY(bits) \
-	static bool SEARCH_OVER_AES_KEY_FCN(bits)(ut64 address, const ut8 *buffer, size_t size, RzThreadQueue *hits) { \
+#define AES_KEY_FIND_FCN(name) aes##name##_key_find_in_buffer
+#define AES_KEY_FIND(bits) \
+	static bool AES_KEY_FIND_FCN(bits)(ut64 address, const ut8 *buffer, size_t size, RzThreadQueue *hits) { \
 		for (size_t offset = 0; offset < size; offset += AES##bits##_SEARCH_LENGTH) { \
 			if (aes##bits##_key_test(buffer + offset)) { \
 				RzSearchHit *hit = rz_search_hit_new("aes", address + offset, AES##bits##_KEY_LENGTH); \
@@ -61,37 +61,31 @@ static bool aes128_key_test(const ut8 *buf) {
 		return true; \
 	}
 
-SEARCH_OVER_AES_KEY(128)
-SEARCH_OVER_AES_KEY(192)
-SEARCH_OVER_AES_KEY(256)
+AES_KEY_FIND(128)
+AES_KEY_FIND(192)
+AES_KEY_FIND(256)
 
-bool search_over_aes(RzPVector /*<SearchAesKey *>*/ *collection, ut64 address, const ut8 *buffer, size_t size, RzThreadQueue *hits) {
-	void **it;
-	rz_pvector_foreach (collection, it) {
-		SearchAesKey search_key = (SearchAesKey)*it;
-		if (!search_key(address, buffer, size, hits)) {
-			return false;
-		}
+static bool aes_keys_find(void *user, ut64 address, const ut8 *buffer, size_t size, RzThreadQueue *hits) {
+	if (!AES_KEY_FIND_FCN(128)(address, buffer, size, hits)) {
+		return false;
+	} else if (!AES_KEY_FIND_FCN(192)(address, buffer, size, hits)) {
+		return false;
+	} else if (!AES_KEY_FIND_FCN(256)(address, buffer, size, hits)) {
+		return false;
 	}
 	return true;
 }
 
+static bool aes_keys_is_empty(void *user) {
+	// we always return false.
+	return false;
+}
+
 /**
  * \brief      Allocates and initialize an AES RzSearchCollection
  *
  * \return     On success returns a valid pointer, otherwise NULL
  */
 RZ_API RZ_OWN RzSearchCollection *rz_search_collection_aes_keys() {
-	RzSearchCollection *sc = rz_search_collection_new(search_over_aes, NULL);
-	if (!sc) {
-		return NULL;
-	}
-	if (!rz_pvector_push(sc->collection, SEARCH_OVER_AES_KEY_FCN(128)) ||
-		!rz_pvector_push(sc->collection, SEARCH_OVER_AES_KEY_FCN(192)) ||
-		!rz_pvector_push(sc->collection, SEARCH_OVER_AES_KEY_FCN(256))) {
-		RZ_LOG_ERROR("search: failed to initialize AES search collection\n");
-		rz_search_collection_free(sc);
-		return NULL;
-	}
-	return sc;
+	return rz_search_collection_new(aes_keys_find, aes_keys_is_empty, NULL, NULL);
 }