mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
6e24b49741
Rename IBM_AIX_kernel_loader.4.sg to boot_IBM_AIX_kernel_loader.4.sg and tighten detection: only set sVersion to "PowerPC" if the AIX loader was actually detected (bDetected) to avoid false positives. In compiler_Rust.4.sg apply minor comment formatting and sanitize the extracted rustc version by using File.cleanString when assigning sVersion.
93 lines
No EOL
4 KiB
JavaScript
93 lines
No EOL
4 KiB
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: fernandom - menteb.in
|
|
|
|
meta("compiler", "Rust");
|
|
|
|
function detect() {
|
|
|
|
//x86
|
|
if (ELF.compareEP("f30f1efb31ed5e89e183e4..505452e8........81c3")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("31ed5e89e183e4..505452e8........81c3")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("31ed89e083e4..5050e8........8104")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
// x86-64
|
|
if (ELF.compareEP("4831ed4889e7488d35........4883e4..e8$$$$$$$$488b37488d57..4531c94c8d05........488d0d........488d3d$$$$$$$$5541574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$5541574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f30f1efa31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$4156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f30f1efa31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$5541574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$5541574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$41574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$53")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$554889e541574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$41574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$5541574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$41574156")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("4831ed4889e7488d35........4883e4..e8$$$$$$$$4881ec........8b074989f8ffc04898")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("4831ed4889e7488d35........4883e4..e8$$$$$$$$4881ec........8b0783c0..4898")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("4831ed4889e7488d35........4883e4..e8$$$$$$$$8b37488d57..488d3d$$$$$$$$41574156")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
// ARM64
|
|
if (ELF.compareEP("1d0080d21e0080d2e0030091........210000911fec7c92")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("1f2003d51d0080d21e0080d2e50300aae10340f9e2230091e6030091")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("1d0080d21e0080d2e50300aae10340f9e2230091e6030091")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("1d0080d21e0080d2fd030091e50300aae10340f9e2230091e6030091")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
// ARM32
|
|
if (ELF.compareEP("00b0a0e300e0a0e304109de40d20a0e104202de504002de5")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("00b0a0e300e0a0e310109fe501108fe00d00a0e10fc0c0e3")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
// ARMv7
|
|
if (ELF.compareEP("f0000b4ff0000e03497944684620f00f0ce54600f002f8..")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f0000b4ff0000e02bc6a4604b401b4dff824a008a39a44df")) {
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("f0000b4ff0000e5df8041b6a464df8042d4df8040ddff828")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
if (ELF.isStringInTablePresent(".strtab", "rust_panic")) {
|
|
bDetected = true;
|
|
|
|
var nSection = ELF.getSectionNumber(".debug_str"),
|
|
nOffset = ELF.getSectionFileOffset(nSection),
|
|
nSize = ELF.getSectionFileSize(nSection);
|
|
|
|
if (nSize > 0) {
|
|
var nStringOffset = ELF.findString(nOffset, 6, "rustc ");
|
|
if (nStringOffset != -1) {
|
|
sVersion = File.cleanString(ELF.getString(nStringOffset));
|
|
}
|
|
}
|
|
}
|
|
|
|
sLang = "Rust";
|
|
|
|
return result();
|
|
} |