-
Notifications
You must be signed in to change notification settings - Fork 30
Siegfried byte signature format
The Siegfried byte signature format comprises two elements Patterns, which are interfaces, and Frames, which are structs.
A pattern is a test that is applied to a sequence of bytes.
See the set of methods you need to implement for a pattern here: https://godoc.org/github.com/richardlehane/siegfried/internal/bytematcher/patterns.
A frame encapsulates a pattern with offset information, mediating between the pattern and the bytestream. Offsets can be relative to the start or end of file or relative to a preceding or succeeding frame.
http://godoc.org/github.com/richardlehane/siegfried/internal/bytematcher/frames.
Signatures are just slices of frames. The order of Frames within a signature matters if you have frames with preceding or succeeding offsets.
E.g.:
[BOF 0: "ABCD"][PREV 0-20: "EFG"][PREV Wild: "HI"][BOF Wild: "OMG"][SUCC 5: "UVW"][EOF 0: "XYZ"]