diff options
Diffstat (limited to 'tools/pe_bliss/entropy.cpp')
| -rw-r--r-- | tools/pe_bliss/entropy.cpp | 111 |
1 files changed, 0 insertions, 111 deletions
diff --git a/tools/pe_bliss/entropy.cpp b/tools/pe_bliss/entropy.cpp deleted file mode 100644 index acefa63e83..0000000000 --- a/tools/pe_bliss/entropy.cpp +++ /dev/null @@ -1,111 +0,0 @@ -/*************************************************************************/ -/* Copyright (c) 2015 dx, http://kaimi.ru */ -/* */ -/* Permission is hereby granted, free of charge, to any person */ -/* obtaining a copy of this software and associated documentation */ -/* files (the "Software"), to deal in the Software without */ -/* restriction, including without limitation the rights to use, */ -/* copy, modify, merge, publish, distribute, sublicense, and/or */ -/* sell copies of the Software, and to permit persons to whom the */ -/* Software is furnished to do so, subject to the following conditions: */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ -#include <cmath> -#include "entropy.h" -#include "utils.h" - -namespace pe_bliss -{ -//Calculates entropy for PE image section -double entropy_calculator::calculate_entropy(const section& s) -{ - if(s.get_raw_data().empty()) //Don't count entropy for empty sections - throw pe_exception("Section is empty", pe_exception::section_is_empty); - - return calculate_entropy(s.get_raw_data().data(), s.get_raw_data().length()); -} - -//Calculates entropy for istream (from current position of stream) -double entropy_calculator::calculate_entropy(std::istream& file) -{ - uint32_t byte_count[256] = {0}; //Byte count for each of 255 bytes - - if(file.bad()) - throw pe_exception("Stream is bad", pe_exception::stream_is_bad); - - std::streamoff pos = file.tellg(); - - std::streamoff length = pe_utils::get_file_size(file); - length -= file.tellg(); - - if(!length) //Don't calculate entropy for empty buffers - throw pe_exception("Data length is zero", pe_exception::data_is_empty); - - //Count bytes - for(std::streamoff i = 0; i != length; ++i) - ++byte_count[static_cast<unsigned char>(file.get())]; - - file.seekg(pos); - - return calculate_entropy(byte_count, length); -} - -//Calculates entropy for data block -double entropy_calculator::calculate_entropy(const char* data, size_t length) -{ - uint32_t byte_count[256] = {0}; //Byte count for each of 255 bytes - - if(!length) //Don't calculate entropy for empty buffers - throw pe_exception("Data length is zero", pe_exception::data_is_empty); - - //Count bytes - for(size_t i = 0; i != length; ++i) - ++byte_count[static_cast<unsigned char>(data[i])]; - - return calculate_entropy(byte_count, length); -} - -//Calculates entropy for this PE file (only section data) -double entropy_calculator::calculate_entropy(const pe_base& pe) -{ - uint32_t byte_count[256] = {0}; //Byte count for each of 255 bytes - - size_t total_data_length = 0; - - //Count bytes for each section - for(section_list::const_iterator it = pe.get_image_sections().begin(); it != pe.get_image_sections().end(); ++it) - { - const std::string& data = (*it).get_raw_data(); - size_t length = data.length(); - total_data_length += length; - for(size_t i = 0; i != length; ++i) - ++byte_count[static_cast<unsigned char>(data[i])]; - } - - return calculate_entropy(byte_count, total_data_length); -} - -//Calculates entropy from bytes count -double entropy_calculator::calculate_entropy(const uint32_t byte_count[256], std::streamoff total_length) -{ - double entropy = 0.; //Entropy result value - //Calculate entropy - for(uint32_t i = 0; i < 256; ++i) - { - double temp = static_cast<double>(byte_count[i]) / total_length; - if(temp > 0.) - entropy += std::abs(temp * (std::log(temp) * pe_utils::log_2)); - } - - return entropy; -} -} |