Java Code Examples for ghidra.app.util.bin.ByteProvider#readBytes()

The following examples show how to use ghidra.app.util.bin.ByteProvider#readBytes() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ZLIB.java    From ghidra with Apache License 2.0 6 votes vote down vote up 
public final static boolean isZLIB( ByteProvider provider ) {
	try {
		byte [] bytes = provider.readBytes( 0, 2  );
		if ( Arrays.equals( bytes, ZLIB_COMPRESSION_NO_LOW ) ) {
			return true;
		}
		if ( Arrays.equals( bytes, ZLIB_COMPRESSION_DEFAULT ) ) {
			return true;
		}
		if ( Arrays.equals( bytes, ZLIB_COMPRESSION_BEST ) ) {
			return true;
		}
	}
	catch (Exception e) {
	}
	return false;
}
Example 2
Source File: PortableExecutableRichPrintScript.java    From ghidra with Apache License 2.0 6 votes vote down vote up 
private static int checksumDosHeader(ByteProvider provider, int programLength)
		throws IOException {

	int checksum = 0;

	byte[] data = provider.readBytes(0, DOSHeader.SIZEOF_DOS_HEADER + programLength);
	// blank out the PE offset, 'e_lfanew'
	data[0x3c] = 0;
	data[0x3d] = 0;

	for (int i = 0; i < DOSHeader.SIZEOF_DOS_HEADER + programLength; i++) {
		int b = data[i] & Conv.BYTE_MASK;
		checksum += rol32(b, (i & 0x1f));
	}
	return checksum;

}
Example 3
Source File: GZipUtil.java    From ghidra with Apache License 2.0 5 votes vote down vote up 
public final static boolean isGZip( ByteProvider provider ) {
	try {
		byte [] bytes = provider.readBytes( 0, GZipConstants.MAGIC_BYTES.length  );
		return Arrays.equals( bytes, GZipConstants.MAGIC_BYTES );
	}
	catch (Exception e) {
	}
	return false;
}
Example 4
Source File: XARUtil.java    From ghidra with Apache License 2.0 5 votes vote down vote up 
public final static boolean isXAR( ByteProvider provider ) {
	try {
		byte [] bytes = provider.readBytes( 0, XARConstants.MAGIC_BYTES.length  );
		return Arrays.equals( bytes, XARConstants.MAGIC_BYTES );
	}
	catch (Exception e) {
	}
	return false;
}
Example 5
Source File: DexConstants.java    From ghidra with Apache License 2.0 5 votes vote down vote up 
public final static boolean isDexFile( ByteProvider provider ) {
	try {
		byte [] bytes = provider.readBytes( 0, DEX_MAGIC_BASE.length( ) );
		return DEX_MAGIC_BASE.equals( new String( bytes ) );
	}
	catch ( Exception e ) {
		// ignore
	}
	return false;
}
Example 6
Source File: OdexConstants.java    From ghidra with Apache License 2.0 5 votes vote down vote up 
public final static boolean isOdexFile( ByteProvider provider ) {
	try {
		byte [] bytes = provider.readBytes( 0, ODEX_MAGIC_LENGTH );
		return ODEX_MAGIC_35.equals( new String( bytes ) ) ||
			   ODEX_MAGIC_36.equals( new String( bytes ) );
	}
	catch ( Exception e ) {
		// ignore
	}
	return false;
}
Example 7
Source File: DyldCacheUtils.java    From ghidra with Apache License 2.0 5 votes vote down vote up 
/**
 * Determines if the given {@link ByteProvider} is a DYLD cache.
 * 
 * @param provider The {@link ByteProvider}
 * @return True if the given {@link ByteProvider} is a DYLD cache; otherwise, false
 */
public final static boolean isDyldCache(ByteProvider provider) {
	if (provider == null) {
		return false;
	}
	byte[] bytes = new byte[DyldArchitecture.DYLD_V1_SIGNATURE_LEN];
	try {
		bytes = provider.readBytes(0, DyldArchitecture.DYLD_V1_SIGNATURE_LEN);
	}
	catch (IOException e) {
		return false;
	}
	return isDyldCache(new String(bytes).trim());
}
Example 8
Source File: BinaryPropertyListUtil.java    From ghidra with Apache License 2.0 4 votes vote down vote up 
public static boolean isBinaryPropertyList( ByteProvider provider ) throws IOException {
	byte [] bytes = provider.readBytes( 0, BinaryPropertyListConstants.BINARY_PLIST_MAGIC.length( ) );
	String magic = new String( bytes );
	return BinaryPropertyListConstants.BINARY_PLIST_MAGIC.equals( magic );
}
Example 9
Source File: Apple8900Decryptor.java    From ghidra with Apache License 2.0 4 votes vote down vote up 
public boolean isValid( ByteProvider provider ) throws IOException {
	byte [] bytes = provider.readBytes( 0, 4 );
	return Arrays.equals( bytes, Apple8900Constants.MAGIC_BYTES );
}
Example 10
Source File: DyldArchitecture.java    From ghidra with Apache License 2.0 4 votes vote down vote up 
public final static DyldArchitecture getArchitecture(ByteProvider provider) throws IOException {
	byte [] signatureBytes = provider.readBytes(0, DYLD_V1_SIGNATURE_LEN);
	String signature = new String( signatureBytes );
	return getArchitecture( signature.trim() );
}
Example 11
Source File: CoffLoader.java    From ghidra with Apache License 2.0 4 votes vote down vote up 
@Override
public Collection<LoadSpec> findSupportedLoadSpecs(ByteProvider provider) throws IOException {
	List<LoadSpec> loadSpecs = new ArrayList<>();

	if (provider.length() < MIN_BYTE_LENGTH) {
		return loadSpecs;
	}

	CoffFileHeader header = new CoffFileHeader(provider);

	// Check to prevent false positives when the file is full of '\0' bytes.
	// If the machine type is unknown (0), check the first 64 bytes of the file and bail if
	// they are also all 0.
	if (header.getMagic() == CoffMachineType.IMAGE_FILE_MACHINE_UNKNOWN /* ie. == 0 */ &&
		provider.length() > COFF_NULL_SANITY_CHECK_LEN) {
		byte[] headerBytes = provider.readBytes(0, COFF_NULL_SANITY_CHECK_LEN);
		boolean allZeros = true;
		for (byte b : headerBytes) {
			allZeros = (b == 0);
			if (!allZeros) {
				break;
			}
		}
		if (allZeros) {
			return loadSpecs;
		}
	}

	if (CoffMachineType.isMachineTypeDefined(header.getMagic())) {
		header.parseSectionHeaders(provider);

		if (isVisualStudio(header) != isMicrosoftFormat()) {
			// Only one of the CoffLoader/MSCoffLoader will survive this check
			return loadSpecs;
		}
		String secondary = isCLI(header) ? "cli" : null;
		List<QueryResult> results =
			QueryOpinionService.query(getName(), header.getMachineName(), secondary);
		for (QueryResult result : results) {
			loadSpecs.add(new LoadSpec(this, header.getImageBase(true), result));
		}
		if (loadSpecs.isEmpty()) {
			loadSpecs.add(new LoadSpec(this, header.getImageBase(false), true));
		}
	}
	return loadSpecs;
}
Example 12
Source File: StringTable.java    From ghidra with Apache License 2.0 2 votes vote down vote up 
/**
 * Create a {@link StringTable} by reading the entire contents of a {@link ByteProvider}
 * into memory.
 * <p>
 * If the specified {@link ByteProvider} is null, an empty string table will be constructed.
 * <p>
 * @param bp
 * @return
 * @throws IOException
 */
public static StringTable readStringTable(ByteProvider bp) throws IOException {
	byte[] bytes = (bp != null) ? bp.readBytes(0, bp.length()) : new byte[0];
	return new StringTable(bytes);
}