Skip to content

clementwanjau/dectree-rs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Signature Decision Tree

Latest Release Build

A byte and mask based decision engine for creating byte sequences (and potential comparison masks) for general purpose signature matching implemented in pure rust.

Features:

  • Very fast signature matching.
  • Supports byte and mask based signatures.
  • Zero dependencies.

Usage

[dependencies]
dectree-rs = "0.1.1"

Example:

use dectree_rs::SignatureDecisionTree;

fn main() {
	let signature_base = vec![0x55, 0xe9, 0xd8, 0x01, 0xfe, 0xff, 0x32, 0x77, 0x89, 0x4f, 0x55];
	let mut tree = SignatureDecisionTree::new();
	tree.add_signature(signature_base.clone(), None, None);
	tree.get_signature(vec![0x55, 0xe9], None);
	tree.add_signature(signature_base.clone().into_iter().take(7).collect(), None, Some(signature_base.clone().into_iter().take(7).collect()));
	tree.add_signature(signature_base.clone().into_iter().take(4).collect(), None, Some(signature_base.clone().into_iter().take(4).collect()));
	tree.add_signature([signature_base.clone(), vec![0xfe, 0x38]].concat(), None, Some([signature_base.clone(), vec![0xfe, 0x38]].concat()));
	assert_eq!(tree.get_signature(vec![0x55, 0xe9, 0xd8, 0x01, 0xfe, 0xff, 0x32, 0x00, 0x99, 0x36, 0x5f, 0x21, 0xfd], None), Some(signature_base.clone().into_iter().take(7).collect()));
	assert_eq!(tree.get_signature(vec![0x55, 0xe9, 0xd8, 0x01, 0xfe, 0xff, 0x32], None), Some(signature_base.clone().into_iter().take(7).collect()));
	assert_eq!(tree.get_signature(vec![0x55, 0xe9, 0xd8, 0x01, 0xfe, 0x00], None), Some(signature_base.clone().into_iter().take(4).collect()));
	assert_eq!(tree.get_signature(vec![0x55], None), None);
}

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details

Authors

About

A signature decision tree implemented in rust.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages