Beispiel #1
0
 def load(self):
     self.find_interesting_xors()
     self._interesting_xor_table.clear()
     self._interesting_xor_table.setColumnCount(4)
     self._interesting_xor_table.setHorizontalHeaderLabels(
         ("Function", "Address", "Loop", "Disassembly"))
     self._interesting_xor_table.itemDoubleClicked.connect(self.click_row)
     self._interesting_xor_table.setRowCount(len(self._interesting_xors))
     row = 0
     for interesting_xor in self._interesting_xors:
         self._interesting_xor_table.setItem(
             row, 0,
             qt.qtablewidgetitem()(interesting_xor["func"]))
         self._interesting_xor_table.setItem(
             row, 1,
             qt.qtablewidgetitem()("0x{:08X}".format(
                 interesting_xor["addr"])))
         self._interesting_xor_table.setItem(
             row, 2,
             qt.qtablewidgetitem()(str(interesting_xor["loop"])))
         self._interesting_xor_table.setItem(
             row, 3,
             qt.qtablewidgetitem()(interesting_xor["disasm"]))
         self._interesting_xor_table.resizeRowToContents(row)
         row += 1
     self._interesting_xor_table.setSortingEnabled(True)
     self._interesting_xor_table.resizeRowsToContents()
     self._interesting_xor_table.resizeColumnsToContents()
Beispiel #2
0
 def load(self):
     self._bytestring_table.clear()
     self._bytestring_table.setColumnCount(3)
     self._bytestring_table.setHorizontalHeaderLabels(("Address", "Function", "String"))
     self._bytestring_table.itemDoubleClicked.connect(self.click_row)
     self.find_byte_strings()
     self._bytestring_table.setRowCount(len(self.byte_strings.keys()))
     row = 0
     for addr, bstr in self.byte_strings.items():
         self._bytestring_table.setItem(row, 0, qt.qtablewidgetitem()(addr))
         self._bytestring_table.setItem(row, 1, qt.qtablewidgetitem()(idaapi.get_func_name(int(addr[2:], 16))))
         self._bytestring_table.setItem(row, 2, qt.qtablewidgetitem()(bstr))
         self._bytestring_table.resizeRowToContents(row)
         row += 1
     self._bytestring_table.setSortingEnabled(True)
     self._bytestring_table.resizeRowsToContents()
     self._bytestring_table.resizeColumnsToContents()
Beispiel #3
0
 def load(self):
     self._bytestring_table.clear()
     self._bytestring_table.setColumnCount(3)
     self._bytestring_table.setHorizontalHeaderLabels(("Address", "Function", "String"))
     self._bytestring_table.itemDoubleClicked.connect(self.click_row)
     self.find_byte_strings()
     self._bytestring_table.setRowCount(len(self.byte_strings.keys()))
     row = 0
     for addr, bstr in self.byte_strings.items():
         self._bytestring_table.setItem(row, 0, qt.qtablewidgetitem()(addr))
         self._bytestring_table.setItem(row, 1, qt.qtablewidgetitem()(idaapi.get_func_name(int(addr[2:], 16))))
         self._bytestring_table.setItem(row, 2, qt.qtablewidgetitem()(bstr))
         self._bytestring_table.resizeRowToContents(row)
         row += 1
     self._bytestring_table.setSortingEnabled(True)
     self._bytestring_table.resizeRowsToContents()
     self._bytestring_table.resizeColumnsToContents()
Beispiel #4
0
 def load(self):
     self.find_interesting_xors()
     self._interesting_xor_table.clear()
     self._interesting_xor_table.setColumnCount(4)
     self._interesting_xor_table.setHorizontalHeaderLabels(("Function", "Address", "Loop", "Disassembly"))
     self._interesting_xor_table.itemDoubleClicked.connect(self.click_row)
     self._interesting_xor_table.setRowCount(len(self._interesting_xors))
     row = 0
     for interesting_xor in self._interesting_xors:
         self._interesting_xor_table.setItem(row, 0, qt.qtablewidgetitem()(interesting_xor["func"]))
         self._interesting_xor_table.setItem(row, 1, qt.qtablewidgetitem()("0x{:08X}".format(interesting_xor["addr"])))
         self._interesting_xor_table.setItem(row, 2, qt.qtablewidgetitem()(str(interesting_xor["loop"])))
         self._interesting_xor_table.setItem(row, 3, qt.qtablewidgetitem()(interesting_xor["disasm"]))
         self._interesting_xor_table.resizeRowToContents(row)
         row += 1
     self._interesting_xor_table.setSortingEnabled(True)
     self._interesting_xor_table.resizeRowsToContents()
     self._interesting_xor_table.resizeColumnsToContents()
Beispiel #5
0
    def load(self):
        self._signature_table.clear()
        self._signature_table.setHorizontalHeaderLabels(["Signature", "Information", "Severity"])
        self._signature_table.setRowCount(len(self.parent.signatures))
        row = 0
        for sig in self.parent.signatures:
            d = {}
            for x in sig["data"]: d.update(x)
            data = "\n".join(["{}: {}".format(k, v) for k, v in d.iteritems()])
            sev = "Severity: {severity}\nConfidence: {confidence}\nWeight: {weight}".format(**sig)
            self._signature_table.setItem(row, 0, qt.qtablewidgetitem()(sig["description"]))
            self._signature_table.setItem(row, 1, qt.qtablewidgetitem()(data))
            self._signature_table.setItem(row, 2, qt.qtablewidgetitem()(sev))
            row += 1

        self._signature_table.resizeRowsToContents()
        self._signature_table.resizeColumnsToContents()
        self._signature_table.setSortingEnabled(True)
Beispiel #6
0
 def load(self):
     self._import_table.clear()
     self._import_table.setHorizontalHeaderLabels(
         ["Address", "DLL", "ProcName", "ProcAddress", "Type", "IDA Name"])
     self._import_table.itemDoubleClicked.connect(self.clickRow)
     self._import_table.setRowCount(len(self.parent.impts))
     self._import_table.setAlternatingRowColors(True)
     row = 0
     for impt in self.parent.impts:
         self._import_table.setItem(row, 0,
                                    qt.qtablewidgetitem()(impt["addr"]))
         self._import_table.setItem(row, 1,
                                    qt.qtablewidgetitem()(impt["dll"]))
         self._import_table.setItem(
             row, 2,
             qt.qtablewidgetitem()(impt["proc_name"]))
         self._import_table.setItem(
             row, 3,
             qt.qtablewidgetitem()(impt["proc_address"]))
         self._import_table.setItem(row, 4,
                                    qt.qtablewidgetitem()(impt["type"]))
         self._import_table.setItem(
             row, 5,
             qt.qtablewidgetitem()(idc.Name(int(impt["proc_address"], 16))))
         self._import_table.resizeRowToContents(row)
         row += 1
     self._import_table.setSortingEnabled(True)
Beispiel #7
0
 def load(self):
     for cat in sorted(list(self.parent.call_categories)):
         self._checkbox_map[cat] = qt.qcheckbox()(cat.capitalize())
     for cat in sorted(self._checkbox_map.keys()):
         cb = self._checkbox_map[cat]
         cb.setCheckState(qt.qtcore().Qt.Checked)
         cb.clicked.connect(self.filterCallData)
         self._checkbox_layout.addWidget(cb)
     self._call_table.clear()
     self._call_table.setHorizontalHeaderLabels(
         ["Category", "Caller", "Parent  Caller", "API", "Return", "Args"])
     header = self._call_table.horizontalHeader()
     header.setStretchLastSection(True)
     if self.parent.cuckoo_version.startswith(("1.3", "2.0")):
         self._call_table.itemDoubleClicked.connect(self.clickRow)
     self._call_table.setRowCount(len(self.parent.calls))
     row = 0
     for call in self.parent.calls:
         arg_str = "\r\n".join([
             "{}: {}".format(k,
                             unicode(v)[:80].encode("unicode-escape"))
             for k, v in call["arguments"].items()
         ])
         bg_color = self._COLOR_MAP.get(call.get("category", ""),
                                        qt.qcolor()(0xff, 0xff, 0xff))
         self._call_table.setItem(
             row, 0,
             qt.qtablewidgetitem()(call.get("category", "")))
         self._call_table.item(row, 0).setBackground(bg_color)
         call_addr = ""
         if self.parent.cuckoo_version.startswith("1.3"):
             call_addr = idc.PrevHead(int(call["caller"], 16))
             call_addr = call.get(
                 "caller", "0x00000000"
             ) if call_addr == idc.BADADDR else "0x{:08x}".format(call_addr)
         # cuckoo 2.0 stores call stack in "stack", but only enabled in DEBUG
         if self.parent.cuckoo_version.startswith(
                 "2.0") and call["stacktrace"]:
             call_addr = call["stacktrace"][-1].split(" @ ")[-1]
         ret = call["return"] if "return" in call else str(
             call["return_value"])
         self._call_table.setItem(row, 1, qt.qtablewidgetitem()(call_addr))
         self._call_table.item(row, 1).setBackground(bg_color)
         self._call_table.setItem(
             row, 2,
             qt.qtablewidgetitem()(call.get("parentcaller", "")))
         self._call_table.item(row, 2).setBackground(bg_color)
         self._call_table.setItem(row, 3,
                                  qt.qtablewidgetitem()(call["api"]))
         self._call_table.item(row, 3).setBackground(bg_color)
         self._call_table.setItem(row, 4, qt.qtablewidgetitem()(ret))
         self._call_table.item(row, 4).setBackground(bg_color)
         self._call_table.setItem(row, 5, qt.qtablewidgetitem()(arg_str))
         self._call_table.item(row, 5).setBackground(bg_color)
         row += 1
     self._call_table.resizeRowsToContents()
     self._call_table.resizeColumnsToContents()
     self._call_table.setSortingEnabled(True)
Beispiel #8
0
    def load(self):
        self._signature_table.clear()
        self._signature_table.setHorizontalHeaderLabels(
            ["Signature", "Information", "Severity"])
        self._signature_table.setRowCount(len(self.parent.signatures))
        row = 0
        for sig in self.parent.signatures:
            d = {}
            for x in sig.get("data", []):
                d.update(x)
            for x in sig.get("marks", []):
                d.update(x)
            data = "\n".join(["{}: {}".format(k, v) for k, v in d.iteritems()])
            sev = "Severity: {severity}".format(**sig)
            self._signature_table.setItem(
                row, 0,
                qt.qtablewidgetitem()(sig["description"]))
            self._signature_table.setItem(row, 1, qt.qtablewidgetitem()(data))
            self._signature_table.setItem(row, 2, qt.qtablewidgetitem()(sev))
            row += 1

        self._signature_table.resizeRowsToContents()
        self._signature_table.resizeColumnsToContents()
        self._signature_table.setSortingEnabled(True)
Beispiel #9
0
 def load(self):
     self._import_table.clear()
     self._import_table.setHorizontalHeaderLabels(["Address", "DLL", "ProcName", "ProcAddress", "Type", "IDA Name"])
     self._import_table.itemDoubleClicked.connect(self.clickRow)
     self._import_table.setRowCount(len(self.parent.impts))
     self._import_table.setAlternatingRowColors(True)
     row = 0
     for impt in self.parent.impts:
         self._import_table.setItem(row, 0, qt.qtablewidgetitem()(impt["addr"]))
         self._import_table.setItem(row, 1, qt.qtablewidgetitem()(impt["dll"]))
         self._import_table.setItem(row, 2, qt.qtablewidgetitem()(impt["proc_name"]))
         self._import_table.setItem(row, 3, qt.qtablewidgetitem()(impt["proc_address"]))
         self._import_table.setItem(row, 4, qt.qtablewidgetitem()(impt["type"]))
         self._import_table.setItem(row, 5, qt.qtablewidgetitem()(idc.Name(int(impt["proc_address"], 16))))
         self._import_table.resizeRowToContents(row)
         row += 1
     self._import_table.setSortingEnabled(True)
Beispiel #10
0
 def load(self):
     for cat in sorted(list(self.parent.call_categories)):
         self._checkbox_map[cat] = qt.qcheckbox()(cat.capitalize())
     for cat in sorted(self._checkbox_map.keys()):
         cb = self._checkbox_map[cat]
         cb.setCheckState(qt.qtcore().Qt.Checked)
         cb.clicked.connect(self.filterCallData)
         self._checkbox_layout.addWidget(cb)
     self._call_table.clear()
     self._call_table.setHorizontalHeaderLabels(["Category","Caller","Parent  Caller","API","Return","Args"])
     header = self._call_table.horizontalHeader()
     header.setStretchLastSection(True)
     if self.parent.cuckoo_version.startswith(("1.3", "2.0")):
         self._call_table.itemDoubleClicked.connect(self.clickRow)
     self._call_table.setRowCount(len(self.parent.calls))
     row = 0
     for call in self.parent.calls:
         arg_str = "\r\n".join(["{}: {}".format(k, unicode(v)[:80].encode("unicode-escape")) for k, v in call["arguments"].items()])
         bg_color = self._COLOR_MAP.get(call.get("category", ""), qt.qcolor()(0xff, 0xff, 0xff))
         self._call_table.setItem(row, 0, qt.qtablewidgetitem()(call.get("category", "")))
         self._call_table.item(row, 0).setBackground(bg_color)
         call_addr = ""
         if self.parent.cuckoo_version.startswith("1.3"):
             call_addr = idc.PrevHead(int(call["caller"],16))
             call_addr = call.get("caller", "0x00000000") if call_addr == idc.BADADDR else "0x{:08x}".format(call_addr)
         # cuckoo 2.0 stores call stack in "stack", but only enabled in DEBUG
         if self.parent.cuckoo_version.startswith("2.0") and call["stacktrace"]:
             call_addr = call["stacktrace"][-1].split(" @ ")[-1]
         ret = call["return"] if "return" in call else str(call["return_value"])
         self._call_table.setItem(row, 1, qt.qtablewidgetitem()(call_addr))
         self._call_table.item(row, 1).setBackground(bg_color)
         self._call_table.setItem(row, 2, qt.qtablewidgetitem()(call.get("parentcaller", "")))
         self._call_table.item(row, 2).setBackground(bg_color)
         self._call_table.setItem(row, 3, qt.qtablewidgetitem()(call["api"]))
         self._call_table.item(row, 3).setBackground(bg_color)
         self._call_table.setItem(row, 4, qt.qtablewidgetitem()(ret))
         self._call_table.item(row, 4).setBackground(bg_color)
         self._call_table.setItem(row, 5, qt.qtablewidgetitem()(arg_str))
         self._call_table.item(row, 5).setBackground(bg_color)
         row += 1
     self._call_table.resizeRowsToContents()
     self._call_table.resizeColumnsToContents()
     self._call_table.setSortingEnabled(True)