User Tools

Site Tools


krd:reader

krd reader

krd reader matches signatures with data read from /proc/kcore

- krd creates a buffer of n bytes, which it fills with bytes from kcore. When the buffer is full, it will simply rotate off 8 bits from the left, which removes the oldest byte. It then adds the newest byte in from the reader engine.

- How large should n be? This is defined by the signatures. At runtime, krd will read the signatures and check for the longest one, which then becomes the buffer for reading kcore. The default n is 256 (for manual reading).

- For manual reading, krd does not check the signature database, but hex from stdin.

ie : krd -h 0A0B0C0D0E0Fwhatever

krd/reader.txt · Last modified: 2010/04/15 21:18 (external edit)