mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
6e24b49741
Rename IBM_AIX_kernel_loader.4.sg to boot_IBM_AIX_kernel_loader.4.sg and tighten detection: only set sVersion to "PowerPC" if the AIX loader was actually detected (bDetected) to avoid false positives. In compiler_Rust.4.sg apply minor comment formatting and sanitize the extracted rustc version by using File.cleanString when assigning sVersion.
20 lines
No EOL
622 B
JavaScript
20 lines
No EOL
622 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
|
|
meta("boot", "IBM AIX kernel loader");
|
|
|
|
function detect() {
|
|
if (ELF.getNumberOfPrograms() >= 4) {
|
|
if (ELF.getProgramFileSize(1) <= 0x100) {
|
|
if (ELF.findString(ELF.getProgramFileOffset(1), Math.min(0x100, ELF.getProgramFileSize(1)), "IBM,RPA-Client-Config") != -1) {
|
|
bDetected = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (bDetected && ELF.findString(ELF.getProgramFileOffset(0), Math.min(0x100, ELF.getProgramFileSize(0)), "PowerPC") != -1) {
|
|
sVersion = "PowerPC";
|
|
}
|
|
|
|
return result();
|
|
} |