def dump_file(self, filepath):
"""Dump a file to the host."""
if not os.path.isfile(filepath):
log.warning("File at path \"%r\" does not exist, skip.", filepath)
return False
# Check whether we've already dumped this file - in that case skip it.
try:
sha256 = hash_file(hashlib.sha256, filepath)
if sha256 in self.dumped:
return
except IOError as e:
log.info("Error dumping file from path \"%s\": %s", filepath, e)
return
filename = "%s_%s" % (sha256[:16], os.path.basename(filepath))
upload_path = os.path.join("files", filename)
try:
upload_to_host(
# If available use the original filepath, the one that is
# not lowercased.
self.files_orig.get(filepath.lower(), filepath),
upload_path,
self.files.get(filepath.lower(), []))
self.dumped.append(sha256)
except (IOError, socket.error) as e:
log.error("Unable to upload dropped file at path \"%s\": %s",
filepath, e)
def dump_file(file_path):
"""Create a copy of the given file path."""
duplicate = False
try:
if os.path.exists(file_path):
sha256 = hash_file(hashlib.sha256, file_path)
if sha256 in DUMPED_LIST:
# The file was already dumped, just upload the alternate name for it.
duplicate = True
else:
log.warning("File at path \"%s\" does not exist, skip.",
file_path.encode("utf-8", "replace"))
return
except IOError as e:
log.warning("Unable to access file at path \"%s\": %s", file_path.encode("utf-8", "replace"), e)
return
if os.path.isdir(file_path):
return
file_name = os.path.basename(file_path)
if duplicate:
idx = DUMPED_LIST.index(sha256)
upload_path = UPLOADPATH_LIST[idx]
else:
upload_path = os.path.join("files",
str(random.randint(100000000, 9999999999)),
file_name.encode("utf-8", "replace"))
try:
upload_to_host(file_path, upload_path, duplicate)
if not duplicate:
DUMPED_LIST.append(sha256)
UPLOADPATH_LIST.append(upload_path)
except (IOError, socket.error) as e:
log.error("Unable to upload dropped file at path \"%s\": %s",
file_path.encode("utf-8", "replace"), e)
def dump_file(self, filepath):
"""Dump a file to the host."""
if not os.path.isfile(filepath):
log.warning("File at path \"%r\" does not exist, skip.", filepath)
return False
# Check whether we've already dumped this file - in that case skip it.
try:
sha256 = hash_file(hashlib.sha256, filepath)
if sha256 in self.dumped:
return
except IOError as e:
log.info("Error dumping file from path \"%s\": %s", filepath, e)
return
filename = "%s_%s" % (sha256[:16], os.path.basename(filepath))
upload_path = os.path.join("files", filename)
try:
upload_to_host(
# If available use the original filepath, the one that is
# not lowercased.
self.files_orig.get(filepath.lower(), filepath),
upload_path, self.files.get(filepath.lower(), [])
)
self.dumped.append(sha256)
except (IOError, socket.error) as e:
log.error(
"Unable to upload dropped file at path \"%s\": %s",
filepath, e
)
def dump_file(file_path):
"""Create a copy of the given file path."""
duplicate = False
try:
if os.path.exists(file_path):
sha256 = hash_file(hashlib.sha256, file_path)
if sha256 in DUMPED_LIST:
# The file was already dumped, just upload the alternate name for it.
duplicate = True
else:
log.warning("File at path \"%s\" does not exist, skip.",
file_path.encode("utf-8", "replace"))
return
except IOError as e:
log.warning("Unable to access file at path \"%s\": %s", file_path.encode("utf-8", "replace"), e)
return
if os.path.isdir(file_path):
return
file_name = os.path.basename(file_path)
if duplicate:
idx = DUMPED_LIST.index(sha256)
upload_path = UPLOADPATH_LIST[idx]
else:
upload_path = os.path.join("files", sha256)
try:
upload_to_host(file_path, upload_path, duplicate)
if not duplicate:
DUMPED_LIST.append(sha256)
UPLOADPATH_LIST.append(upload_path)
except (IOError, socket.error) as e:
log.error("Unable to upload dropped file at path \"%s\": %s",
file_path.encode("utf-8", "replace"), e)
def _upload_file(self, filepath):
if not path.isfile(filepath):
self.log.info("Path \"%s\" does not exist.", filepath)
return
analyzerpath = getcwd()
resultpath = PATHS["root"]
if (filepath.startswith(analyzerpath)
or filepath.startswith(resultpath)):
self.log.debug("Skip upload %s", filepath)
return
# Check whether we've already dumped this file - in that case skip it
try:
hashsum = hash_file(sha256, filepath)
if sha256 in self.uploaded_hashes:
return
except IOError as e:
self.log.info("Error dumping file from path \"%s\": %s", filepath,
e)
return
filename = "%s_%s" % (hashsum[:16], path.basename(filepath))
upload_path = path.join("files", filename)
try:
upload_to_host(filepath, upload_path)
self.uploaded_hashes.append(hashsum)
except IOError as e:
self.log.error("Unable to upload dropped file at path \"%s\": %s",
filepath, e)
def dump_file(file_path):
"""Create a copy of the given file path."""
try:
if os.path.exists(file_path):
sha256 = hash_file(hashlib.sha256, file_path)
if sha256 in DUMPED_LIST:
# The file was already dumped, just skip.
return
else:
log.warning('File at path "%s" does not exist, skip.', file_path)
return
except IOError as e:
log.warning('Unable to access file at path "%s": %s', file_path, e)
return
# 32k is the maximum length for a filename
path = create_unicode_buffer(32 * 1024)
name = c_wchar_p()
KERNEL32.GetFullPathNameW(unicode(file_path), 32 * 1024, path, byref(name))
file_path = path.value
# Check if the path has a valid file name, otherwise it's a directory
# and we should abort the dump.
if name.value:
# Should be able to extract Alternate Data Streams names too.
file_name = name.value[name.value.find(":") + 1 :]
else:
return
upload_path = os.path.join("files", str(random.randint(100000000, 9999999999)), file_name)
try:
upload_to_host(file_path, upload_path)
DUMPED_LIST.append(sha256)
except (IOError, socket.error) as e:
log.error('Unable to upload dropped file at path "%s": %s', file_path, e)
def dump_file(self, filepath):
# TODO evan: for now, don't dump files
return
"""Dump a file to the host."""
if not os.path.isfile(filepath):
log.warning("File at path \"%r\" does not exist, skip.", filepath)
return False
# Check whether we've already dumped this file - in that case skip it.
try:
sha256 = hash_file(hashlib.sha256, filepath)
if sha256 in self.dumped:
return
except IOError as e:
log.info("Error dumping file from path \"%s\": %s", filepath, e)
return
f = os.path.join(os.getcwd(), 'stuff', 'files')
filename = "%s_%s" % (sha256, os.path.basename(filepath))
upload_path = os.path.join(f, filename)
if not os.path.exists(f):
os.makedirs(f)
# evan: instead of uploading them, we'll just stash them in a folder and compress it
# to be sent to our server later
try:
# upload_to_host(
# # If available use the original filepath, the one that is
# # not lowercased.
# self.files_orig.get(filepath.lower(), filepath),
# upload_path, self.files.get(filepath.lower(), [])
# )
with open(filepath, 'rb') as fr:
with open(upload_path, 'wb') as fw:
for line in fr:
fw.write(line)
self.dumped.append(sha256)
except IOError as e:
log.error("Unable to upload dropped file at path \"%s\": %s",
filepath, e)
def _upload_file(self, filepath):
if not path.isfile(filepath):
return
# Check whether we've already dumped this file - in that case skip it
try:
hashsum = hash_file(sha256, filepath)
if sha256 in self.uploaded_hashes:
return
except IOError as e:
self.log.info("Error dumping file from path \"%s\": %s", filepath, e)
return
filename = "%s_%s" % (hashsum[:16], path.basename(filepath))
upload_path = path.join("files", filename)
try:
upload_to_host(filepath, upload_path)
self.uploaded_hashes.append(hashsum)
except IOError as e:
self.log.error("Unable to upload dropped file at path \"%s\": %s", filepath, e)
def _upload_file(self, filepath):
if not os.path.isfile(filepath):
return
# Check whether we've already dumped this file - in that case skip it
try:
hashsum = hash_file(hashlib.sha256, filepath)
if sha256 in self.uploaded_hashes:
return
except IOError as e:
self.log.info("Error dumping file from path \"%s\": %s", filepath, e)
return
filename = "%s_%s" % (hashsum[:16], os.path.basename(filepath))
upload_path = os.path.join("files", filename)
try:
upload_to_host(filepath, upload_path)
self.uploaded_hashes.append(hashsum)
except IOError as e:
self.log.error("Unable to upload dropped file at path \"%s\": %s", filepath, e)
def _method_name(self, event):
try:
# log.info("Got file %s %s", event.pathname, method)
if not self.do_collect:
# log.info("Not currently set to collect %s", event.pathname)
return
if event.pathname.startswith("/tmp/#"):
# log.info("skipping wierd file %s", event.pathname)
return
if not os.path.isfile(event.pathname):
# log.info("Path is a directory or does not exist, ignoring: %s", event.pathname)
return
if os.path.basename(event.pathname) == "stap.log":
return
for x in range(0, 1):
try:
# log.info("trying to collect file %s", event.pathname)
sha256 = hash_file(hashlib.sha256, event.pathname)
filename = "%s_%s" % (sha256[:16],
os.path.basename(event.pathname))
if filename in self.uploadedHashes:
# log.info("already collected file %s", event.pathname)
return
upload_path = os.path.join("files", filename)
upload_to_host(event.pathname, upload_path)
self.uploadedHashes.append(filename)
return
except Exception as e:
log.info('Error dumping file from path "%s": %s',
event.pathname, e)
# log.info("retrying %s", event.pathname)
time.sleep(1)
except Exception as e:
log.error("Exception processing event %s", e)
def dump_file(file_path):
"""Create a copy of the given file path and send it to the host."""
try:
if os.path.exists(file_path):
sha256 = hash_file(hashlib.sha256, file_path)
if sha256 in DUMPED_LIST:
# The file was already dumped
# Cuckoo normally just skips the file, I have chosen not to
#return
log.warning(
"File at path \"%s\" has a hash that is a duplicate of another dumped file.",
file_path)
else:
log.warning("File at path \"%s\" does not exist, skip.", file_path)
return
except IOError as e:
log.warning("Unable to access file at path \"%s\": %s", file_path, e)
return
log.info("File path is %s and file size is %d.", file_path,
os.stat(file_path).st_size)
#choose the correct folder
if "logs" in file_path:
upload_path = os.path.join("logs", os.path.basename(file_path))
elif "drop" in file_path:
upload_path = os.path.join("files", os.path.basename(file_path))
else:
upload_path = os.path.join("files",
str(random.randint(100000000, 9999999999)),
os.path.basename(file_path))
log.info("Upload path is %s.", upload_path)
#send file to host
try:
upload_to_host(file_path, upload_path)
DUMPED_LIST.append(sha256)
except (IOError, socket.error) as e:
log.error("Unable to upload dropped file at path \"%s\": %s",
file_path, e)
def dump_file(file_path):
"""Create a copy of the give file path."""
try:
if os.path.exists(file_path):
sha256 = hash_file(hashlib.sha256, file_path)
if sha256 in DUMPED_LIST:
# The file was already dumped, just skip.
return
else:
log.warning("File at path \"%s\" does not exist, skip.",
file_path)
return
except IOError as e:
log.warning("Unable to access file at path \"%s\": %s", file_path, e)
return
# 32k is the maximum length for a filename
path = create_unicode_buffer(32 * 1024)
name = c_wchar_p()
KERNEL32.GetFullPathNameW(unicode(file_path), 32 * 1024, path, byref(name))
file_path = path.value
# Check if the path has a valid file name, otherwise it's a directory
# and we should abort the dump.
if name.value:
# Should be able to extract Alternate Data Streams names too.
file_name = name.value[name.value.find(":")+1:]
else:
return
upload_path = os.path.join("files",
str(random.randint(100000000, 9999999999)),
file_name)
try:
upload_to_host(file_path, upload_path)
DUMPED_LIST.append(sha256)
except (IOError, socket.error) as e:
log.error("Unable to upload dropped file at path \"%s\": %s",
file_path, e)
def dump_file(self, filepath):
"""Dump a file to the host."""
if not os.path.isfile(filepath):
log.warning('File at path "%s" does not exist, skip.', filepath)
return False
# Check whether we've already dumped this file - in that case skip it.
try:
sha256 = hash_file(hashlib.sha256, filepath)
if sha256 in self.dumped:
return
except IOError as e:
log.info('Error dumping file from path "%s": %s', filepath, e)
return
filename = "%s_%s" % (sha256[:16], os.path.basename(filepath))
upload_path = os.path.join("files", filename)
try:
upload_to_host(filepath, upload_path)
self.dumped.append(sha256)
except (IOError, socket.error) as e:
log.error('Unable to upload dropped file at path "%s": %s', filepath, e)
