def test_analysis_time(self):
if platform.system() != "Linux" or getpass.getuser() != "jenkins":
return
start_time = time.time()
file_names = [
os.path.join(os.path.dirname(__file__), "binaries",
"quick3dcoreplugin.dll"),
os.path.join(os.path.dirname(__file__), "binaries", "md5"),
os.path.join(os.path.dirname(__file__), "binaries", "ls")
]
for file_name in file_names:
temp_name = next(tempfile._get_candidate_names()) + ".bndb"
self.unpackage_file(file_name)
try:
bv = BinaryViewType.get_view_of_file(file_name)
bv.create_database(temp_name)
bv.file.close()
bv = BinaryViewType.get_view_of_file(temp_name)
bv.file.close()
finally:
if os.path.exists(file_name):
os.unlink(file_name)
if os.path.exists(temp_name):
os.unlink(temp_name)
time_s = time.time() - start_time
commit = subprocess.check_output(["git", "rev-parse", "HEAD"])[:-1]
conn = urllib.urlopen(
"https://script.google.com/macros/s/AKfycbxrZtlgLaWt3l95_7RyH9ceDdFIBm0VaR6jG1-4UDt6CFFCFzQ/exec?BuildID=%s&Test1=%.2f"
% (commit, time_s))
def get_bininfo(bv):
if bv is None:
filename = ""
if len(sys.argv) > 1:
filename = sys.argv[1]
else:
filename = interaction.get_open_filename_input("Filename:")
if filename is None:
log.log_warn("No file specified")
sys.exit(1)
bv = BinaryViewType.get_view_of_file(filename)
log.log_to_stdout(True)
contents = "## %s ##\n" % os.path.basename(bv.file.filename)
contents += "- START: 0x%x\n\n" % bv.start
contents += "- ENTRY: 0x%x\n\n" % bv.entry_point
contents += "- ARCH: %s\n\n" % bv.arch.name
contents += "### First 10 Functions ###\n"
contents += "| Start | Name |\n"
contents += "|------:|:-------|\n"
for i in range(min(10, len(bv.functions))):
contents += "| 0x%x | %s |\n" % (bv.functions[i].start,
bv.functions[i].symbol.full_name)
contents += "### First 10 Strings ###\n"
contents += "| Start | Length | String |\n"
contents += "|------:|-------:|:-------|\n"
for i in range(min(10, len(bv.strings))):
start = bv.strings[i].start
length = bv.strings[i].length
string = bv.read(start, length)
contents += "| 0x%x |%d | %s |\n" % (start, length, string)
return contents
def get_bininfo(bv):
if bv is None:
filename = ""
if len(sys.argv) > 1:
filename = sys.argv[1]
else:
filename = interaction.get_open_filename_input("Filename:")
if filename is None:
log.log_warn("No file specified")
sys.exit(1)
bv = BinaryViewType.get_view_of_file(filename)
log.redirect_output_to_log()
log.log_to_stdout(True)
contents = "## %s ##\n" % bv.file.filename
contents += "- START: 0x%x\n\n" % bv.start
contents += "- ENTRY: 0x%x\n\n" % bv.entry_point
contents += "- ARCH: %s\n\n" % bv.arch.name
contents += "### First 10 Functions ###\n"
contents += "| Start | Name |\n"
contents += "|------:|:-------|\n"
for i in xrange(min(10, len(bv.functions))):
contents += "| 0x%x | %s |\n" % (bv.functions[i].start, bv.functions[i].symbol.full_name)
contents += "### First 10 Strings ###\n"
contents += "| Start | Length | String |\n"
contents += "|------:|-------:|:-------|\n"
for i in xrange(min(10, len(bv.strings))):
start = bv.strings[i].start
length = bv.strings[i].length
string = bv.read(start, length)
contents += "| 0x%x |%d | %s |\n" % (start, length, string)
return contents
def __init__(self, filename: str = None, debug_root: str = None, debug_file: str = None, binary_view = None):
if filename is None and binary_view is None:
raise Exception('Must specify either a filename or binary view.')
if binary_view is None:
self.binary_view = BinaryViewType.get_view_of_file(filename, update_analysis=False)
else:
self.binary_view = binary_view
assert(self.binary_view is not None)
self.module = Module()
self.mapping = BinjaMap(self.binary_view)
self.debug_root = debug_root
self.debug_file = debug_file
def main():
bv = BinaryViewType.get_view_of_file(sys.argv[1])
if bv is None:
print("Couldn't open %s" % sys.argv[1])
return
patch_opaque(bv)
dbname = sys.argv[1]
if not dbname.endswith(".bndb"):
dbname += ".bndb"
bv.create_database(dbname)
def get_bin_view(bv):
if bv is None:
filename = ""
if len(sys.argv) > 1:
filename = sys.argv[1]
else:
filename = interaction.get_open_filename_input("Filename:")
if filename is None:
log.log_warn("No file specified")
sys.exit(1)
bv = BinaryViewType.get_view_of_file(filename)
log.log_to_stdout(True)
return bv
def print_syscalls(fileName):
""" Print Syscall numbers for a provided file """
bv = BinaryViewType.get_view_of_file(fileName)
calling_convention = bv.platform.system_call_convention
if calling_convention is None:
print('Error: No syscall convention available for {:s}'.format(bv.platform))
return
register = calling_convention.int_arg_regs[0]
for func in bv.functions:
syscalls = (il for il in chain.from_iterable(func.low_level_il)
if il.operation == LowLevelILOperation.LLIL_SYSCALL)
for il in syscalls:
value = func.get_reg_value_at(il.address, register).value
print("System call address: {:#x} - {:d}".format(il.address, value))
def decode_strings(filename):
y_offsets = get_yara_offset(filename)
bv = BinaryViewType.get_view_of_file(filename)
bv.add_analysis_option("linearsweep")
bv.update_analysis_and_wait()
xref_funcs = get_xrefs(bv, y_offsets)
keys = get_key(bv, y_offsets)
# TODO: Need to make this work for multiple keys but not y_offset
XOR_KEY = keys[0].value.value
#for y in y_offsets:
# xor_dec(XOR_KEY, xref_funcs, y_off
xor_dec(bv, XOR_KEY, xref_funcs, y_offsets)
# TODO: Again need to have an input dir, or cmdline options
bv.save('AShldRes_new.dll')
def main():
options = GetOptions()
log("Loading the binary: {}".format(options.input_file))
bv = BinaryViewType.get_view_of_file(options.input_file)
if bv is None:
print("Could not open {}".format(options.input_file))
return False
(success, error_message) = import_pp(options.csv_file, bv,
options.output_name, options)
if not success:
print("Error:", error_message)
return
log("Writing out {}".format(options.output_name))
bv.create_database(options.output_name)
return
def main():
options = GetOptions()
if options.json_file is None or options.output_name is None:
print options.usage
return
log("Loading the binary: {}".format(options.input_file), options)
bv = BinaryViewType.get_view_of_file(options.input_file)
if bv is None:
print "Could not open {}".format(options.input_file)
return False
(success, error_message) = import_ida(options.json_file, bv, options.output_name, options)
if not success:
print "Error:", error_message
print options.usage
return
log("Writing out {}".format(options.output_name), options.verbose)
bv.create_database(options.output_name)
return
def __init__(self, filename):
self.filename = os.path.join(os.path.dirname(__file__), filename)
self.bv = BinaryViewType.get_view_of_file(self.filename)
if self.bv is None:
print("%s is not an executable format" % filename)
return
with io.BytesIO() as output:
img.save(output, format="GIF")
gif = output.getvalue()
# gif string -> base64
return base64.b64encode(gif)
#------------------------------------------------------------------------------
# main()
#------------------------------------------------------------------------------
if __name__ == '__main__':
fpath = sys.argv[1]
bv = BinaryViewType.get_view_of_file(fpath)
bv.update_analysis_and_wait()
func2span = {}
(lowest, highest) = (bv.end, bv.start)
for f in bv.functions:
span = function_span(f)
lowest = min(lowest, span[0][0])
highest = max(highest, span[-1][1])
func2span[f] = span
print('lowest addr: 0x%X' % lowest)
print('highest addr: 0x%X' % highest)
width = 2
length = 4
while length < (highest - lowest):
def __init__(self, filename, test_store):
self.filename = filename
self.bv = BinaryViewType.get_view_of_file(filename)
if self.bv is None:
print("%s is not an executable format" % filename)
return
for font_size in range(12, 1, -1):
font = ImageFont.truetype('Andale Mono', font_size)
(tw, th) = font.getsize(label)
if tw < w and th < h: break
draw.rectangle((x0, y0, x1 - 1, y1 - 1),
outline=settings['outline'],
fill=settings['fill'])
(x, y) = (x0 + w // 2 - tw // 2, y0 + h // 2 - th // 2)
draw.text((x, y), label, font=font, fill=settings['text_color'])
if __name__ == '__main__':
bv = BinaryViewType.get_view_of_file(sys.argv[1])
bv.update_analysis_and_wait()
img = Image.new('RGB', (width, width))
draw = ImageDraw.Draw(img)
seg2data = {}
for seg in bv.segments:
seg2data[seg] = {'id': str(seg), 'datum': len(seg), 'children': []}
scn2data = {}
for scn in bv.sections.values():
data = {'id': scn.name, 'datum': len(scn), 'children': []}
containing_segment = bv.get_segment_at(scn.start)
seg2data[containing_segment]['children'].append(data)
scn2data[scn] = data
def __init__(self, file):
self.bv = BinaryViewType.get_view_of_file(file, update_analysis=False)
key=lambda k: len(calldict[k]),
reverse=True)[0]
nodes_traversed = recursive_print_node(root, calldict, 0, seen)
seen.update(nodes_traversed)
root = None
if __name__ == '__main__':
STANDALONE_USAGE = 'USAGE: %s <target_file> [args]' % sys.argv[0]
if len(sys.argv) < 2:
print(STANDALONE_USAGE)
exit(0)
target_file = sys.argv[1]
remaining_args = sys.argv[2:]
print('[*] Loading BinaryView of %s' % target_file)
start_time = time.time()
bv = BinaryViewType.get_view_of_file(target_file)
duration = time.time() - start_time
print('[*] Analysis finished in %.2f seconds\n' % duration)
start_time = time.time()
calltree = get_calltree(bv, target_file, remaining_args)
duration = time.time() - start_time
print('[*] Calltree collection finished in %.2f seconds\n' % duration)
print_calltree(calltree)
print('[*] Done.')
def __init__(self, filename):
self.filename = os.path.join(os.path.dirname(__file__), filename)
self.bv = BinaryViewType.get_view_of_file(self.filename)
if self.bv is None:
print("%s is not an executable format" % filename)
return
