dmknght/parse_windef_sigs.nim

## parse_windef_sigs.nim
import streams
import bitops
import strutils
import std/enumutils


const
  db_name = "mpavbase.vdm.extracted"

type
  SigHeader = object
    sig_type: uint8
    size_low: uint8
    size_high: uint8
  EKeyboardInterrupt = object of CatchableError
  SigTypes = enum
    SIGNATURE_TYPE_RESERVED = 1,
    SIGNATURE_TYPE_VOLATILE_THREAT_INFO = 2,
    SIGNATURE_TYPE_VOLATILE_THREAT_ID = 3,
    SIGNATURE_TYPE_CKOLDREC = 17,
    SIGNATURE_TYPE_KVIR32 = 32,
    SIGNATURE_TYPE_POLYVIR32 = 33,
    SIGNATURE_TYPE_NSCRIPT_NORMAL = 39,
    SIGNATURE_TYPE_NSCRIPT_SP = 40,
    SIGNATURE_TYPE_NSCRIPT_BRUTE = 41,
    SIGNATURE_TYPE_NSCRIPT_CURE = 44,
    SIGNATURE_TYPE_TITANFLT = 48,
    SIGNATURE_TYPE_PEFILE_CURE = 61,
    SIGNATURE_TYPE_MAC_CURE = 62,
    SIGNATURE_TYPE_SIGTREE = 64,
    SIGNATURE_TYPE_SIGTREE_EXT = 65,
    SIGNATURE_TYPE_MACRO_PCODE = 66,
    SIGNATURE_TYPE_MACRO_SOURCE = 67,
    SIGNATURE_TYPE_BOOT = 68,
    SIGNATURE_TYPE_CLEANSCRIPT = 73,
    SIGNATURE_TYPE_TARGET_SCRIPT = 74,
    SIGNATURE_TYPE_CKSIMPLEREC = 80,
    SIGNATURE_TYPE_PATTMATCH = 81,
    SIGNATURE_TYPE_RPFROUTINE = 83,
    SIGNATURE_TYPE_NID = 85,
    SIGNATURE_TYPE_GENSFX = 86,
    SIGNATURE_TYPE_UNPLIB = 87,
    SIGNATURE_TYPE_DEFAULTS = 88,
    SIGNATURE_TYPE_DBVAR = 91,
    SIGNATURE_TYPE_THREAT_BEGIN = 92,
    SIGNATURE_TYPE_THREAT_END = 93,
    SIGNATURE_TYPE_FILENAME = 94,
    SIGNATURE_TYPE_FILEPATH = 95,
    SIGNATURE_TYPE_FOLDERNAME = 96,
    SIGNATURE_TYPE_PEHSTR = 97,
    SIGNATURE_TYPE_LOCALHASH = 98,
    SIGNATURE_TYPE_REGKEY = 99,
    SIGNATURE_TYPE_HOSTSENTRY = 100,
    SIGNATURE_TYPE_STATIC = 103,
    SIGNATURE_TYPE_LATENT_THREAT = 105,
    SIGNATURE_TYPE_REMOVAL_POLICY = 106,
    SIGNATURE_TYPE_WVT_EXCEPTION = 107,
    SIGNATURE_TYPE_REVOKED_CERTIFICATE = 108,
    SIGNATURE_TYPE_TRUSTED_PUBLISHER = 112,
    SIGNATURE_TYPE_ASEP_FILEPATH = 113,
    SIGNATURE_TYPE_DELTA_BLOB = 115,
    SIGNATURE_TYPE_DELTA_BLOB_RECINFO = 116,
    SIGNATURE_TYPE_ASEP_FOLDERNAME = 117,
    SIGNATURE_TYPE_PATTMATCH_V2 = 119,
    SIGNATURE_TYPE_PEHSTR_EXT = 120,
    SIGNATURE_TYPE_VDLL_X86 = 121,
    SIGNATURE_TYPE_VERSIONCHECK = 122,
    SIGNATURE_TYPE_SAMPLE_REQUEST = 123,
    SIGNATURE_TYPE_VDLL_X64 = 124,
    SIGNATURE_TYPE_SNID = 126,
    SIGNATURE_TYPE_FOP = 127,
    SIGNATURE_TYPE_KCRCE = 128,
    SIGNATURE_TYPE_VFILE = 131,
    SIGNATURE_TYPE_SIGFLAGS = 132,
    SIGNATURE_TYPE_PEHSTR_EXT2 = 133,
    SIGNATURE_TYPE_PEMAIN_LOCATOR = 134,
    SIGNATURE_TYPE_PESTATIC = 135,
    SIGNATURE_TYPE_UFSP_DISABLE = 136,
    SIGNATURE_TYPE_FOPEX = 137,
    SIGNATURE_TYPE_PEPCODE = 138,
    SIGNATURE_TYPE_IL_PATTERN = 139,
    SIGNATURE_TYPE_ELFHSTR_EXT = 140,
    SIGNATURE_TYPE_MACHOHSTR_EXT = 141,
    SIGNATURE_TYPE_DOSHSTR_EXT = 142,
    SIGNATURE_TYPE_MACROHSTR_EXT = 143,
    SIGNATURE_TYPE_TARGET_SCRIPT_PCODE = 144,
    SIGNATURE_TYPE_VDLL_IA64 = 145,
    SIGNATURE_TYPE_PEBMPAT = 149,
    SIGNATURE_TYPE_AAGGREGATOR = 150,
    SIGNATURE_TYPE_SAMPLE_REQUEST_BY_NAME = 151,
    SIGNATURE_TYPE_REMOVAL_POLICY_BY_NAME = 152,
    SIGNATURE_TYPE_TUNNEL_X86 = 153,
    SIGNATURE_TYPE_TUNNEL_X64 = 154,
    SIGNATURE_TYPE_TUNNEL_IA64 = 155,
    SIGNATURE_TYPE_VDLL_ARM = 156,
    SIGNATURE_TYPE_THREAD_X86 = 157,
    SIGNATURE_TYPE_THREAD_X64 = 158,
    SIGNATURE_TYPE_THREAD_IA64 = 159,
    SIGNATURE_TYPE_FRIENDLYFILE_SHA256 = 160,
    SIGNATURE_TYPE_FRIENDLYFILE_SHA512 = 161,
    SIGNATURE_TYPE_SHARED_THREAT = 162,
    SIGNATURE_TYPE_VDM_METADATA = 163,
    SIGNATURE_TYPE_VSTORE = 164,
    SIGNATURE_TYPE_VDLL_SYMINFO = 165,
    SIGNATURE_TYPE_IL2_PATTERN = 166,
    SIGNATURE_TYPE_BM_STATIC = 167,
    SIGNATURE_TYPE_BM_INFO = 168,
    SIGNATURE_TYPE_NDAT = 169,
    SIGNATURE_TYPE_FASTPATH_DATA = 170,
    SIGNATURE_TYPE_FASTPATH_SDN = 171,
    SIGNATURE_TYPE_DATABASE_CERT = 172,
    SIGNATURE_TYPE_SOURCE_INFO = 173,
    SIGNATURE_TYPE_HIDDEN_FILE = 174,
    SIGNATURE_TYPE_COMMON_CODE = 175,
    SIGNATURE_TYPE_VREG = 176,
    SIGNATURE_TYPE_NISBLOB = 177,
    SIGNATURE_TYPE_VFILEEX = 178,
    SIGNATURE_TYPE_SIGTREE_BM = 179,
    SIGNATURE_TYPE_VBFOP = 180,
    SIGNATURE_TYPE_VDLL_META = 181,
    SIGNATURE_TYPE_TUNNEL_ARM = 182,
    SIGNATURE_TYPE_THREAD_ARM = 183,
    SIGNATURE_TYPE_PCODEVALIDATOR = 184,
    SIGNATURE_TYPE_MSILFOP = 186,
    SIGNATURE_TYPE_KPAT = 187,
    SIGNATURE_TYPE_KPATEX = 188,
    SIGNATURE_TYPE_LUASTANDALONE = 189,
    SIGNATURE_TYPE_DEXHSTR_EXT = 190,
    SIGNATURE_TYPE_JAVAHSTR_EXT = 191,
    SIGNATURE_TYPE_MAGICCODE = 192,
    SIGNATURE_TYPE_CLEANSTORE_RULE = 193,
    SIGNATURE_TYPE_VDLL_CHECKSUM = 194,
    SIGNATURE_TYPE_THREAT_UPDATE_STATUS = 195,
    SIGNATURE_TYPE_VDLL_MSIL = 196,
    SIGNATURE_TYPE_ARHSTR_EXT = 197,
    SIGNATURE_TYPE_MSILFOPEX = 198,
    SIGNATURE_TYPE_VBFOPEX = 199,
    SIGNATURE_TYPE_FOP64 = 200,
    SIGNATURE_TYPE_FOPEX64 = 201,
    SIGNATURE_TYPE_JSINIT = 202,
    SIGNATURE_TYPE_PESTATICEX = 203,
    SIGNATURE_TYPE_KCRCEX = 204,
    SIGNATURE_TYPE_FTRIE_POS = 205,
    SIGNATURE_TYPE_NID64 = 206,
    SIGNATURE_TYPE_MACRO_PCODE64 = 207,
    SIGNATURE_TYPE_BRUTE = 208,
    SIGNATURE_TYPE_SWFHSTR_EXT = 209,
    SIGNATURE_TYPE_REWSIGS = 210,
    SIGNATURE_TYPE_AUTOITHSTR_EXT = 211,
    SIGNATURE_TYPE_INNOHSTR_EXT = 212,
    SIGNATURE_TYPE_ROOTCERTSTORE = 213,
    SIGNATURE_TYPE_EXPLICITRESOURCE = 214,
    SIGNATURE_TYPE_CMDHSTR_EXT = 215,
    SIGNATURE_TYPE_FASTPATH_TDN = 216,
    SIGNATURE_TYPE_EXPLICITRESOURCEHASH = 217,
    SIGNATURE_TYPE_FASTPATH_SDN_EX = 218,
    SIGNATURE_TYPE_BLOOM_FILTER = 219,
    SIGNATURE_TYPE_RESEARCH_TAG = 220,
    SIGNATURE_TYPE_ENVELOPE = 222,
    SIGNATURE_TYPE_REMOVAL_POLICY64 = 223,
    SIGNATURE_TYPE_REMOVAL_POLICY64_BY_NAME = 224,
    SIGNATURE_TYPE_VDLL_META_X64 = 225,
    SIGNATURE_TYPE_VDLL_META_ARM = 226,
    SIGNATURE_TYPE_VDLL_META_MSIL = 227,
    SIGNATURE_TYPE_MDBHSTR_EXT = 228,
    SIGNATURE_TYPE_SNIDEX = 229,
    SIGNATURE_TYPE_SNIDEX2 = 230,
    SIGNATURE_TYPE_AAGGREGATOREX = 231,
    SIGNATURE_TYPE_PUA_APPMAP = 232,
    SIGNATURE_TYPE_PROPERTY_BAG = 233,
    SIGNATURE_TYPE_DMGHSTR_EXT = 234,
    SIGNATURE_TYPE_DATABASE_CATALOG = 235,


proc handler() {.noconv.} =
  raise newException(EKeyboardInterrupt, "Keyboard Interrupt")


proc is_readable(input: char): bool =
  if ord(input) >= 32 and ord(input) <= 126:
    return true
  return false


proc enum_field_name(value: uint8): string =
  for field_name in items(SigTypes):
    if value == uint8(field_name):
      return $field_name

  return "ERR_UNKNOWN_TYPE_" & $value


proc str_escape(input: string): seq[string] =
  result.add("")

  for input_char in input:
    var
      converted_char = ""
      char_readable = true

    # Check if input_char is a readable character (ascii)
    if is_readable(input_char):
      converted_char = $input_char
    else:
      converted_char = "\\x" & toHex($input_char)
      char_readable = false

    # We concat character to the last element of seq if:
    # 1. Current char is readable
    # 2. Last element of seq is readable
    if char_readable and not result[^1].startsWith("\\"):
      result[^1] &= converted_char
    elif result[0] == "":
      # Replace element by current element
      result[0] = converted_char
    else:
      # Previous char wasn't readable, do not concat
      result.add(converted_char)


proc read_db() =
  setControlCHook(handler)
  var
    fsig = newFileStream(db_name, fmRead)
    header: SigHeader
    sig_len: uint
    sig_type_name: string

  try:
    while not atEnd(fsig):
      # Read header
      discard fsig.readData(addr(header), sizeof(header))
      # size_low | size_high << 8
      sig_len = bitor(uint(header.size_low), rotateLeftBits(uint(header.size_high), 8))
      sig_type_name = enum_field_name(header.sig_type)

      if header.sig_type == uint(SIGNATURE_TYPE_THREAT_BEGIN):
        echo "===================Threat BEGIN==================="

      echo "SigType: ", sig_type_name
      echo "s_low: ", header.size_low, " s_high: ", header.size_high, " len: ", sig_len

      # Read header and map values completed. Start reading signature value
      fsig.setPosition(fsig.getPosition() + 1)
      var sig_value = fsig.readStr(int(sig_len))
      echo "Value: ", sig_value.str_escape()

      if header.sig_type == uint(SIGNATURE_TYPE_THREAT_END):
        echo "-------------------Threat END---------------------\n"
      else:
        echo ""

  except CatchableError:
    return
  finally:
    fsig.close()


read_db()
	import streams
	import bitops
	import strutils
	import std/enumutils


	const
	db_name = "mpavbase.vdm.extracted"

	type
	SigHeader = object
	sig_type: uint8
	size_low: uint8
	size_high: uint8
	EKeyboardInterrupt = object of CatchableError
	SigTypes = enum
	SIGNATURE_TYPE_RESERVED = 1,
	SIGNATURE_TYPE_VOLATILE_THREAT_INFO = 2,
	SIGNATURE_TYPE_VOLATILE_THREAT_ID = 3,
	SIGNATURE_TYPE_CKOLDREC = 17,
	SIGNATURE_TYPE_KVIR32 = 32,
	SIGNATURE_TYPE_POLYVIR32 = 33,
	SIGNATURE_TYPE_NSCRIPT_NORMAL = 39,
	SIGNATURE_TYPE_NSCRIPT_SP = 40,
	SIGNATURE_TYPE_NSCRIPT_BRUTE = 41,
	SIGNATURE_TYPE_NSCRIPT_CURE = 44,
	SIGNATURE_TYPE_TITANFLT = 48,
	SIGNATURE_TYPE_PEFILE_CURE = 61,
	SIGNATURE_TYPE_MAC_CURE = 62,
	SIGNATURE_TYPE_SIGTREE = 64,
	SIGNATURE_TYPE_SIGTREE_EXT = 65,
	SIGNATURE_TYPE_MACRO_PCODE = 66,
	SIGNATURE_TYPE_MACRO_SOURCE = 67,
	SIGNATURE_TYPE_BOOT = 68,
	SIGNATURE_TYPE_CLEANSCRIPT = 73,
	SIGNATURE_TYPE_TARGET_SCRIPT = 74,
	SIGNATURE_TYPE_CKSIMPLEREC = 80,
	SIGNATURE_TYPE_PATTMATCH = 81,
	SIGNATURE_TYPE_RPFROUTINE = 83,
	SIGNATURE_TYPE_NID = 85,
	SIGNATURE_TYPE_GENSFX = 86,
	SIGNATURE_TYPE_UNPLIB = 87,
	SIGNATURE_TYPE_DEFAULTS = 88,
	SIGNATURE_TYPE_DBVAR = 91,
	SIGNATURE_TYPE_THREAT_BEGIN = 92,
	SIGNATURE_TYPE_THREAT_END = 93,
	SIGNATURE_TYPE_FILENAME = 94,
	SIGNATURE_TYPE_FILEPATH = 95,
	SIGNATURE_TYPE_FOLDERNAME = 96,
	SIGNATURE_TYPE_PEHSTR = 97,
	SIGNATURE_TYPE_LOCALHASH = 98,
	SIGNATURE_TYPE_REGKEY = 99,
	SIGNATURE_TYPE_HOSTSENTRY = 100,
	SIGNATURE_TYPE_STATIC = 103,
	SIGNATURE_TYPE_LATENT_THREAT = 105,
	SIGNATURE_TYPE_REMOVAL_POLICY = 106,
	SIGNATURE_TYPE_WVT_EXCEPTION = 107,
	SIGNATURE_TYPE_REVOKED_CERTIFICATE = 108,
	SIGNATURE_TYPE_TRUSTED_PUBLISHER = 112,
	SIGNATURE_TYPE_ASEP_FILEPATH = 113,
	SIGNATURE_TYPE_DELTA_BLOB = 115,
	SIGNATURE_TYPE_DELTA_BLOB_RECINFO = 116,
	SIGNATURE_TYPE_ASEP_FOLDERNAME = 117,
	SIGNATURE_TYPE_PATTMATCH_V2 = 119,
	SIGNATURE_TYPE_PEHSTR_EXT = 120,
	SIGNATURE_TYPE_VDLL_X86 = 121,
	SIGNATURE_TYPE_VERSIONCHECK = 122,
	SIGNATURE_TYPE_SAMPLE_REQUEST = 123,
	SIGNATURE_TYPE_VDLL_X64 = 124,
	SIGNATURE_TYPE_SNID = 126,
	SIGNATURE_TYPE_FOP = 127,
	SIGNATURE_TYPE_KCRCE = 128,
	SIGNATURE_TYPE_VFILE = 131,
	SIGNATURE_TYPE_SIGFLAGS = 132,
	SIGNATURE_TYPE_PEHSTR_EXT2 = 133,
	SIGNATURE_TYPE_PEMAIN_LOCATOR = 134,
	SIGNATURE_TYPE_PESTATIC = 135,
	SIGNATURE_TYPE_UFSP_DISABLE = 136,
	SIGNATURE_TYPE_FOPEX = 137,
	SIGNATURE_TYPE_PEPCODE = 138,
	SIGNATURE_TYPE_IL_PATTERN = 139,
	SIGNATURE_TYPE_ELFHSTR_EXT = 140,
	SIGNATURE_TYPE_MACHOHSTR_EXT = 141,
	SIGNATURE_TYPE_DOSHSTR_EXT = 142,
	SIGNATURE_TYPE_MACROHSTR_EXT = 143,
	SIGNATURE_TYPE_TARGET_SCRIPT_PCODE = 144,
	SIGNATURE_TYPE_VDLL_IA64 = 145,
	SIGNATURE_TYPE_PEBMPAT = 149,
	SIGNATURE_TYPE_AAGGREGATOR = 150,
	SIGNATURE_TYPE_SAMPLE_REQUEST_BY_NAME = 151,
	SIGNATURE_TYPE_REMOVAL_POLICY_BY_NAME = 152,
	SIGNATURE_TYPE_TUNNEL_X86 = 153,
	SIGNATURE_TYPE_TUNNEL_X64 = 154,
	SIGNATURE_TYPE_TUNNEL_IA64 = 155,
	SIGNATURE_TYPE_VDLL_ARM = 156,
	SIGNATURE_TYPE_THREAD_X86 = 157,
	SIGNATURE_TYPE_THREAD_X64 = 158,
	SIGNATURE_TYPE_THREAD_IA64 = 159,
	SIGNATURE_TYPE_FRIENDLYFILE_SHA256 = 160,
	SIGNATURE_TYPE_FRIENDLYFILE_SHA512 = 161,
	SIGNATURE_TYPE_SHARED_THREAT = 162,
	SIGNATURE_TYPE_VDM_METADATA = 163,
	SIGNATURE_TYPE_VSTORE = 164,
	SIGNATURE_TYPE_VDLL_SYMINFO = 165,
	SIGNATURE_TYPE_IL2_PATTERN = 166,
	SIGNATURE_TYPE_BM_STATIC = 167,
	SIGNATURE_TYPE_BM_INFO = 168,
	SIGNATURE_TYPE_NDAT = 169,
	SIGNATURE_TYPE_FASTPATH_DATA = 170,
	SIGNATURE_TYPE_FASTPATH_SDN = 171,
	SIGNATURE_TYPE_DATABASE_CERT = 172,
	SIGNATURE_TYPE_SOURCE_INFO = 173,
	SIGNATURE_TYPE_HIDDEN_FILE = 174,
	SIGNATURE_TYPE_COMMON_CODE = 175,
	SIGNATURE_TYPE_VREG = 176,
	SIGNATURE_TYPE_NISBLOB = 177,
	SIGNATURE_TYPE_VFILEEX = 178,
	SIGNATURE_TYPE_SIGTREE_BM = 179,
	SIGNATURE_TYPE_VBFOP = 180,
	SIGNATURE_TYPE_VDLL_META = 181,
	SIGNATURE_TYPE_TUNNEL_ARM = 182,
	SIGNATURE_TYPE_THREAD_ARM = 183,
	SIGNATURE_TYPE_PCODEVALIDATOR = 184,
	SIGNATURE_TYPE_MSILFOP = 186,
	SIGNATURE_TYPE_KPAT = 187,
	SIGNATURE_TYPE_KPATEX = 188,
	SIGNATURE_TYPE_LUASTANDALONE = 189,
	SIGNATURE_TYPE_DEXHSTR_EXT = 190,
	SIGNATURE_TYPE_JAVAHSTR_EXT = 191,
	SIGNATURE_TYPE_MAGICCODE = 192,
	SIGNATURE_TYPE_CLEANSTORE_RULE = 193,
	SIGNATURE_TYPE_VDLL_CHECKSUM = 194,
	SIGNATURE_TYPE_THREAT_UPDATE_STATUS = 195,
	SIGNATURE_TYPE_VDLL_MSIL = 196,
	SIGNATURE_TYPE_ARHSTR_EXT = 197,
	SIGNATURE_TYPE_MSILFOPEX = 198,
	SIGNATURE_TYPE_VBFOPEX = 199,
	SIGNATURE_TYPE_FOP64 = 200,
	SIGNATURE_TYPE_FOPEX64 = 201,
	SIGNATURE_TYPE_JSINIT = 202,
	SIGNATURE_TYPE_PESTATICEX = 203,
	SIGNATURE_TYPE_KCRCEX = 204,
	SIGNATURE_TYPE_FTRIE_POS = 205,
	SIGNATURE_TYPE_NID64 = 206,
	SIGNATURE_TYPE_MACRO_PCODE64 = 207,
	SIGNATURE_TYPE_BRUTE = 208,
	SIGNATURE_TYPE_SWFHSTR_EXT = 209,
	SIGNATURE_TYPE_REWSIGS = 210,
	SIGNATURE_TYPE_AUTOITHSTR_EXT = 211,
	SIGNATURE_TYPE_INNOHSTR_EXT = 212,
	SIGNATURE_TYPE_ROOTCERTSTORE = 213,
	SIGNATURE_TYPE_EXPLICITRESOURCE = 214,
	SIGNATURE_TYPE_CMDHSTR_EXT = 215,
	SIGNATURE_TYPE_FASTPATH_TDN = 216,
	SIGNATURE_TYPE_EXPLICITRESOURCEHASH = 217,
	SIGNATURE_TYPE_FASTPATH_SDN_EX = 218,
	SIGNATURE_TYPE_BLOOM_FILTER = 219,
	SIGNATURE_TYPE_RESEARCH_TAG = 220,
	SIGNATURE_TYPE_ENVELOPE = 222,
	SIGNATURE_TYPE_REMOVAL_POLICY64 = 223,
	SIGNATURE_TYPE_REMOVAL_POLICY64_BY_NAME = 224,
	SIGNATURE_TYPE_VDLL_META_X64 = 225,
	SIGNATURE_TYPE_VDLL_META_ARM = 226,
	SIGNATURE_TYPE_VDLL_META_MSIL = 227,
	SIGNATURE_TYPE_MDBHSTR_EXT = 228,
	SIGNATURE_TYPE_SNIDEX = 229,
	SIGNATURE_TYPE_SNIDEX2 = 230,
	SIGNATURE_TYPE_AAGGREGATOREX = 231,
	SIGNATURE_TYPE_PUA_APPMAP = 232,
	SIGNATURE_TYPE_PROPERTY_BAG = 233,
	SIGNATURE_TYPE_DMGHSTR_EXT = 234,
	SIGNATURE_TYPE_DATABASE_CATALOG = 235,


	proc handler() {.noconv.} =
	raise newException(EKeyboardInterrupt, "Keyboard Interrupt")


	proc is_readable(input: char): bool =
	if ord(input) >= 32 and ord(input) <= 126:
	return true
	return false


	proc enum_field_name(value: uint8): string =
	for field_name in items(SigTypes):
	if value == uint8(field_name):
	return $field_name

	return "ERR_UNKNOWN_TYPE_" & $value


	proc str_escape(input: string): seq[string] =
	result.add("")

	for input_char in input:
	var
	converted_char = ""
	char_readable = true

	# Check if input_char is a readable character (ascii)
	if is_readable(input_char):
	converted_char = $input_char
	else:
	converted_char = "\\x" & toHex($input_char)
	char_readable = false

	# We concat character to the last element of seq if:
	# 1. Current char is readable
	# 2. Last element of seq is readable
	if char_readable and not result[^1].startsWith("\\"):
	result[^1] &= converted_char
	elif result[0] == "":
	# Replace element by current element
	result[0] = converted_char
	else:
	# Previous char wasn't readable, do not concat
	result.add(converted_char)


	proc read_db() =
	setControlCHook(handler)
	var
	fsig = newFileStream(db_name, fmRead)
	header: SigHeader
	sig_len: uint
	sig_type_name: string

	try:
	while not atEnd(fsig):
	# Read header
	discard fsig.readData(addr(header), sizeof(header))
	# size_low \| size_high << 8
	sig_len = bitor(uint(header.size_low), rotateLeftBits(uint(header.size_high), 8))
	sig_type_name = enum_field_name(header.sig_type)

	if header.sig_type == uint(SIGNATURE_TYPE_THREAT_BEGIN):
	echo "===================Threat BEGIN==================="

	echo "SigType: ", sig_type_name
	echo "s_low: ", header.size_low, " s_high: ", header.size_high, " len: ", sig_len

	# Read header and map values completed. Start reading signature value
	fsig.setPosition(fsig.getPosition() + 1)
	var sig_value = fsig.readStr(int(sig_len))
	echo "Value: ", sig_value.str_escape()

	if header.sig_type == uint(SIGNATURE_TYPE_THREAT_END):
	echo "-------------------Threat END---------------------\n"
	else:
	echo ""

	except CatchableError:
	return
	finally:
	fsig.close()


	read_db()