Add / (search) commands to newshell + rewrite of rz_search #4742
Conversation
github-actions
bot
added
RzAnalysis
rz-find
API
RzCore
ARM
MIPS
PPC
X86
RzUtil
RzSearch
labels
| RZ_API void rz_search_collection_free(RZ_NULLABLE RzSearchCollection *sc); | ||
| RZ_API void rz_search_hit_free(RZ_NULLABLE RzSearchHit *hit); | ||
|
|
||
| RZ_API RZ_OWN RzList /*<RzSearchHit *>*/ *rz_search_run(RZ_NONNULL RzSearchOpt *opt, RZ_NONNULL RzSearchCollection *col, RZ_NONNULL RzIO *io, RZ_NONNULL RzList /*<RzIOMap *>*/ *search_in); |
There was a problem hiding this comment.
Maybe changing the search_in parameter to void * and infer the type based on some flag in opt. This way we can use this function later to search other things then IO.
There was a problem hiding this comment.
Not so sure about this, but maybe.
librz/search/search_internal.h
Outdated
|
|
||
| struct rz_search_collection_t { | ||
| RzPVector /*<void *>*/ *collection; ///< Collection of elements to search in a buffer | ||
| RzSearchOverCallback search_over; ///< Collection search over the collection callback |
There was a problem hiding this comment.
Docs are a little confusing. Is the search_over callback called for every element in the collection above?
There was a problem hiding this comment.
No, the function takes the vector and uses it
|
|
||
| typedef struct rz_search_hit_t { | ||
| RzSearchKeyword *kw; | ||
| ut64 addr; | ||
| char *metadata; ///< Metadata for extra details (can be NULL) |
There was a problem hiding this comment.
This seems to save mostly the type of the search hit or the things to search for (I saw aes and regex). Maybe changing it to an enum (RzSearchMetaDataType type) and a add a void *meta_data to save more complex stuff. This way we can save allocation of simple strings.
There was a problem hiding this comment.
I added it for the flags so we know it's hit.regex or hit.rsa etc...
There was a problem hiding this comment.
Ah I see. What about hit_desc then? Meta data seems kinda broad IMHO.
| @@ -3,8 +3,174 @@ | |||
| --- | |||
| name: cmd_search | |||
| commands: | |||
| - name: "//" | |||
| summary: Repeat the last seach | |||
There was a problem hiding this comment.
| summary: Repeat the last seach | |
| summary: Repeat the last search |
| @@ -3745,16 +3792,18 @@ RZ_API int rz_core_config_init(RzCore *core) { | |||
| SETOPTIONS(n, "auto", "rosections", "raw", NULL); | |||
|
|
|||
| /* search */ | |||
| SETCB("search.contiguous", "true", &cb_contiguous, "Accept contiguous/adjacent search hits"); | |||
| SETICB("search.align", 0, &cb_searchalign, "Only catch aligned search hits"); | |||
| SETB("search.progress", false, "Shows search progress (true: enable, false: disable)"); | |||
librz/search/collection.c
Outdated
| * | ||
| * \return On success returns a valid pointer, otherwise NULL. | ||
| */ | ||
| RZ_IPI RZ_OWN RzSearchCollection *rz_search_collection_new(RZ_NONNULL RzSearchOverCallback search_over, RZ_NULLABLE RzPVectorFree free) { |
There was a problem hiding this comment.
| RZ_IPI RZ_OWN RzSearchCollection *rz_search_collection_new(RZ_NONNULL RzSearchOverCallback search_over, RZ_NULLABLE RzPVectorFree free) { | |
| RZ_IPI RZ_OWN RzSearchCollection *rz_search_collection_new(RZ_NONNULL RzSearchOverCallback search_over, RZ_NULLABLE RzPVectorFree element_free) { |
Or something similar.
wargio
force-pushed
the
fuzz-dist-cmd-search
branch
from
2123d77
to
9b1253f
Compare
| @@ -4371,6 +4371,36 @@ RZ_IPI RzCmdStatus rz_print_pattern8_handler(RzCore *core, int argc, const char | |||
| return RZ_CMD_STATUS_OK; | |||
| } | |||
|
|
|||
| static void incAlphaBuffer(ut8 *buf, int bufsz) { | |||
| struct search_parameters { | ||
| RzCore *core; | ||
| typedef struct search_parameters { | ||
| RzCore *core; ///< RzCore instance to use |
There was a problem hiding this comment.
I think the search parameters should not store RzCore and RzCmdStateOutput, or maybe rename the structure in that case.
| typedef struct search_prelude_cb_ctx { | ||
| int counter; ///< Number of preludes found | ||
| RzCore *core; ///< RzCore to use | ||
| int depth; ///< analysis.depth value |
There was a problem hiding this comment.
Should it be size_t or ut32 for both depth and counter?
| - RZ_OUTPUT_MODE_TABLE | ||
| args: [] | ||
|
|
||
| - name: "/p" |
There was a problem hiding this comment.
For every search subcommand we need more detailed description and few examples.
| @@ -15,6 +15,18 @@ | |||
| #include <rz_io.h> | |||
| #include <rz_bin.h> | |||
|
|
|||
| typedef enum { | |||
| SEARCH_MODE_BYTES = 0, | |||
There was a problem hiding this comment.
I think these should be in librz/include/rz_search.h and also documented.
| // SPDX-FileCopyrightText: 2008 J. Alex Halderman | ||
| // SPDX-License-Identifier: BSD-3-Clause | ||
|
|
||
| // Originally from RSAKeyFinder 1.0 (2008-07-18) By Nadia Heninger and J. Alex Halderman |
| { 0x02, 0x01, 0x00, 0x30 }, | ||
| }; | ||
|
|
||
| /*Baby BER parser, just good enough for private keys. |
There was a problem hiding this comment.
Since there is comment already for this function , maybe convert to Doxygen?
| return start + 2 + lensize; | ||
| } | ||
|
|
||
| /* Check if `start` points to an ensemble of BER fields |
| return true; | ||
| } | ||
|
|
||
| // Finds and return index of a private key based on the asn1 bytes |
|
|
||
| #include <rz_search.h> | ||
| #include <rz_util.h> | ||
|
|
There was a problem hiding this comment.
Please add \file to note that it searches not only ANSI/ASCII but also Unicode and some other encodings
Your checklist for this pull request
Detailed description
This is a complete rewrite of the legacy code which is too complicated to import into new-shell.
The goal is to refactor
rz_searchand implement the search command properly using pre-existing code like search of strings via rz_utils and more.closes #1909