Return bytes scanned for each identification

[nishihatapalmer]

DROID sets a default max bytes to scan for identification, which defaults to 64k and can be set to -1 for unlimited scanning.

However, it is not currently easy to tune DROID for the best identification/speed trade off, or to know which signatures tend to perform badly.

Returning the bytes scanned per identification would make both problems trivial.

It might not be necessary to alter the underlying profile database (as that carries a lot of GUI and filtering baggage as well). It could be a command line option only that appends that value to the CSV output, if a flag was specified. Since the use case would be advanced profiling of a corpus or signature development.

[nishihatapalmer]

Another piece of information which would be useful to support signature development is an average count per signature of how many bytes they scanned when they failed to identify something. As for weakly specified signatures with wildcard scanning, these costs may dominate, rather than the times they actually found something.

That might be something added to the sigtool, rather than the main DROID engine. Reports the bytes read to match and bytes read on match failure, for each signature used.