# Layered Resolver Pipeline (ELF/PE Feature Extraction)

## Module
Scanner

## Status
IMPLEMENTED

## Description
Binary analysis with call graph extraction for ELF/PE formats and patch verification orchestration.

## Implementation Details
- **Binary Call Graph Extraction**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryCallGraphExtractor.cs` - `BinaryCallGraphExtractor` extracts call graphs from ELF/PE binaries
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryEntrypointClassifier.cs` - Classifies binary entrypoints (main, DllMain, init/fini)
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/FunctionBoundaryDetector.cs` - Detects function boundaries in binary code
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/DwarfDebugReader.cs` - Reads DWARF debug information from ELF binaries
- **Disassembly**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/X86Disassembler.cs` - x86/x64 disassembly for call graph extraction
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/Arm64Disassembler.cs` - ARM64 disassembly support
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/DirectCallExtractor.cs` - Extracts direct call targets from disassembled code
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/BinaryTextSectionReader.cs` - Reads .text sections from binaries
- **Binary Analysis**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryDynamicLoadDetector.cs` - Detects dlopen/LoadLibrary dynamic loading patterns
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryStringLiteralScanner.cs` - Scans string literals for library references
- **Patch Verification**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/PatchVerificationOrchestrator.cs` - `PatchVerificationOrchestrator` coordinates patch verification steps
  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/IPatchVerificationOrchestrator.cs` - Interface for orchestrator
  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationResult.cs` - Verification result with status and evidence
  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationEvidence.cs` - Evidence collected during verification
  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/IPatchSignatureStore.cs` - Interface for patch signature storage
  - `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/InMemoryPatchSignatureStore.cs` - In-memory patch signature store

## E2E Test Plan
- [ ] Scan a container image containing ELF binaries and verify call graph extraction produces function nodes and call edges
- [ ] Scan a container with PE (Windows) binaries and verify PE-specific features (DllMain, exports) are extracted
- [ ] Verify DWARF debug information is used to enrich function names when available
- [ ] Verify dynamic loading patterns (dlopen/LoadLibrary) are detected and reported
- [ ] Verify patch verification orchestrator validates that a claimed patch is present in the binary
- [ ] Verify patch signature store records and retrieves known patch signatures for comparison