krd reader
krd reader matches signatures with data read from /proc/kcore
- krd creates a buffer of n bytes, which it fills with bytes from kcore. When the buffer is full, it will simply rotate off 8 bits from the left, which removes the oldest byte. It then adds the newest byte in from the reader engine.
- How large should n be? This is defined by the signatures. At runtime, krd will read the signatures and check for the longest one, which then becomes the buffer for reading kcore. The default n is 256 (for manual reading).
- For manual reading, krd does not check the signature database, but hex from stdin.
ie : krd -h 0A0B0C0D0E0Fwhatever