Ejemplos de in_mem_decrypt en Python

Ejemplo n.º 1

Archivo: engine.py Proyecto: reanimat0r/zelos

    def _first_parse(self, module_path, random_file_name=False):
        """ Function to parse an executable """

        if random_file_name:
            self.original_file_name = module_path
            original_file_name = module_path
            # To ensure we don't get any issues with the size of the
            # file name, we copy the file and rename it 'target'
            fd, temp_path = mkstemp(dir=".", suffix=".xex")
            os.close(fd)
            temp_filename = os.path.basename(temp_path)
            copyfile(module_path, temp_filename)
            module_path = temp_filename
            self.hook_manager.register_close_hook(
                functools.partial(os.remove, temp_filename))
            self.logger.debug(f"Setting random file name for "
                              f"{original_file_name} : {module_path}")

        self.logger.verbose("Parse Main Module")

        with open(module_path, "rb") as f:
            file_data = bytearray(f.read())
        if file_data.startswith(b"ZENC"):
            file_data = util.in_mem_decrypt(file_data)

        return self._parse_file_data(module_path, file_data)

Ejemplo n.º 2

    def _first_parse(self, module_path):
        """ Function to parse an executable """
        self.logger.verbose("Parse Main Module")

        with open(module_path, "rb") as f:
            file_data = bytearray(f.read())
        if file_data.startswith(b"ZENC"):
            file_data = util.in_mem_decrypt(file_data)

        return self._parse_file_data(module_path, file_data)