krd:reader
krd reader
krd reader matches signatures with data read from /proc/kcore
- krd creates a buffer of n bytes, which it fills with bytes from kcore. When the buffer is full, it will simply rotate off 8 bits from the left, which removes the oldest byte. It then adds the newest byte in from the reader engine.
- How large should n be? This is defined by the signatures. At runtime, krd will read the signatures and check for the longest one, which then becomes the buffer for reading kcore. The default n is 256 (for manual reading).
- For manual reading, krd does not check the signature database, but hex from stdin.
ie : krd -h 0A0B0C0D0E0Fwhatever
krd/reader.txt · Last modified: 2010/04/15 21:18 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
