Class: Rex::MachScan::Scanner::RegexScanner

Inherits:
JmpRegScanner show all
Defined in:
lib/rex/machscan/scanner.rb

Instance Attribute Summary

Attributes inherited from Generic

#fat, #mach, #regex

Instance Method Summary collapse

Methods inherited from JmpRegScanner

#_build_byte_list, #_parse_ret, #_ret_size

Methods inherited from Generic

#initialize, #scan

Constructor Details

This class inherits a constructor from Rex::MachScan::Scanner::Generic

Instance Method Details

#config(param) ⇒ Object



183
184
185
# File 'lib/rex/machscan/scanner.rb', line 183

def config(param)
  self.regex = Regexp.new(param['args'], nil, 'n')
end

#scan_segment(segment, param = {}) ⇒ Object



187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
# File 'lib/rex/machscan/scanner.rb', line 187

def scan_segment(segment, param={})
  base_addr = segment.vmaddr
  segment_offset = segment.fileoff
  offset = segment_offset

  hits = []

  while offset < segment.fileoff + segment.filesize && (offset = mach.index(regex, offset)) != nil

    idx = offset
    buf = ''
    mat = nil

    while (! (mat = buf.match(regex)))
      buf << mach.read(idx, 1)
      idx += 1
    end

    vaddr = base_addr + (offset - segment_offset)

    hits << [ vaddr, buf.unpack("H*") ]
    offset += buf.length
  end
  return hits
end