def _run_module(q, cfg, target, logger, argv):
se = Speakeasy(config=cfg, logger=logger, argv=argv)
module = se.load_module(data=target)
se.run_module(module, all_entrypoints=True)
report = se.get_report()
q.put(report)
def emulate_binary(
q,
exit_event,
fpath,
cfg,
argv,
do_raw,
arch="",
drop_path="",
dump_path="",
raw_offset=0x0,
emulate_children=False,
entrypoints=None
):
"""
Setup the binary for emulation
"""
logger = get_logger()
if entrypoints is None:
entrypoints = []
try:
report = None
se = Speakeasy(config=cfg, logger=logger, argv=argv, exit_event=exit_event)
data = open(fpath, "rb").read()
if do_raw:
arch = arch.lower()
if arch == "x86":
arch = e_arch.ARCH_X86
elif arch in ("x64", "amd64"):
arch = e_arch.ARCH_AMD64
else:
raise Exception("Unsupported architecture: %s" % arch)
sc_addr = se.load_shellcode(fpath, arch, data=data)
se.run_shellcode(sc_addr, offset=raw_offset or 0)
else:
module = se.load_module(data=data)
[
se.add_api_hook(value[0], "*", key, value[1])
for key, value in FAST_HOOKS.items()
]
se.run_module(
module, all_entrypoints=True if not entrypoints else False, emulate_children=emulate_children, entrypoints=entrypoints
)
finally:
report = se.get_json_report()
q.put(report)
with open("/tmp/report", "w+") as f:
json.dump(report, f, indent=5)
# If a memory dump was requested, do it now
if dump_path:
data = se.create_memdump_archive()
logger.info("* Saving memory dump archive to %s" % (dump_path))
with open(dump_path, "wb") as f:
f.write(data)
if drop_path:
data = se.create_file_archive()
if data:
logger.info("* Saving dropped files archive to %s" % (drop_path))
with open(drop_path, "wb") as f:
f.write(data)
else:
logger.info("* No dropped files found")
def emulate_binary(q,
exit_event,
fpath,
cfg,
argv,
do_raw,
arch='',
drop_path='',
dump_path='',
raw_offset=0x0):
"""
Setup the binary for emulation
"""
logger = get_logger()
try:
report = None
se = Speakeasy(config=cfg,
logger=logger,
argv=argv,
exit_event=exit_event)
if do_raw:
arch = arch.lower()
if arch == 'x86':
arch = e_arch.ARCH_X86
elif arch in ('x64', 'amd64'):
arch = e_arch.ARCH_AMD64
else:
raise Exception('Unsupported architecture: %s' % arch)
sc_addr = se.load_shellcode(fpath, arch)
se.run_shellcode(sc_addr, offset=raw_offset or 0)
else:
module = se.load_module(fpath)
se.run_module(module, all_entrypoints=True)
finally:
report = se.get_json_report()
q.put(report)
# If a memory dump was requested, do it now
if dump_path:
data = se.create_memdump_archive()
logger.info('* Saving memory dump archive to %s' % (dump_path))
with open(dump_path, 'wb') as f:
f.write(data)
if drop_path:
data = se.create_file_archive()
if data:
logger.info('* Saving dropped files archive to %s' %
(drop_path))
with open(drop_path, 'wb') as f:
f.write(data)
else:
logger.info('* No dropped files found')