Package envi :: Module bytesig :: Class SignatureTree

Class SignatureTree

A byte based decision tree which uses all the RAMs but is really fast....

Signatures consist of a byte sequence and an optional mask sequence. If present each mask byte is used to logical and the byte being compared before comparison. This allows the creation of signatures which have parts of the sig generalized.

FIXME allow sigs to have a reliability rating FIXME allow sig nodes to store depth and truncate the tree early (and then mask the rest)

Instance Methods

[hide private]

__init__(self)

source code

_addChoice(self, siginfo, node)

source code

_getNode(self, depth, choices, choice)

source code

addSignature(self, bytes, masks=None, val=None)
Add a signature to the search tree.

source code

isSignature(self, bytes, offset=0)

source code

getSignature(self, bytes, offset=0)

source code

Method Details

[hide private]

addSignature(self, bytes, masks=None, val=None)

source code

Add a signature to the search tree. If masks goes unspecified, it will be assumed to be all ones (\xff * len(bytes)).

Additionally, you may specify "val" as the object to get back with getSignature().