def show_function(show, fnspec, instrs):
if show is None or show < instrs:
return ('-' * 80)
else:
lines = []
(s, fa) = fnspec
try:
(path, filename) = UF.get_path_filename('x86-pe', s)
except UF.CHBError as e:
return str(e.wrap())
app = AP.AppAccess(path, filename)
if app.has_function(fa):
f = app.get_function(fa)
lines.append('-' * 80)
if f is None:
lines.append('Unable to find function ' + fa)
lines.append('-' * 80)
else:
try:
lines.append(f.to_string(esp=True, opcodetxt=True))
except:
print('Unable to print function ' + fa + ' for ' + s +
' (format issues probably)')
else:
lines.append('-' * 80)
lines.append('Function ' + fa + ' not found')
lines.append('-' * 80)
return '\n'.join(lines)
def collect_data(atfi, records, includes, excludes, args):
xcount = 0
fncount = 0
for atxi in records:
r = records[atxi]
if satisfies_spec(r, includes, excludes):
name = UF.mk_atsc(atfi, atxi)
if is_representative(r):
try:
(path, filename) = UF.get_path_filename('x86-pe', name)
UF.check_analysis_results(path, filename)
except UF.CHBError as e:
print('**** problem with ' + name + ': ' + str(e))
continue
fnmapfilename = UF.get_fn_map_filename(path, filename)
fnfeaturefilename = UF.get_fn_features_filename(path, filename)
if not os.path.isfile(fnfeaturefilename): continue
with open(fnfeaturefilename, 'r') as fp:
fnfeatures = json.load(fp)
if not os.path.isfile(fnmapfilename): continue
xcount += 1
fndata[name] = {}
app = AP.AppAccess(path, filename)
if len(args.printfunctions) > 0:
apps[k] = app
metrics = app.get_result_metrics()
fncount += metrics.get_function_count()
with open(fnmapfilename, 'r') as fp:
fnmap = json.load(fp)
fnstats[name] = (metrics.get_function_count(),
len(fnmap['functions']))
for fn in fnmap['functions']:
if not fn in fnfeatures: continue
fnmd5 = fnfeatures[fn]['md5']
fnrec = fndata[name][fn] = {}
fnmetrics = metrics.get_function_metrics(fn)
if fnmetrics is None:
print(name + ': Function ' + fn + ' not found')
continue
try:
fnrec['md5'] = fnmd5
fnrec['reffn'] = fnmap['functions'][fn]['reffn']
fnrec['score'] = fnmap['functions'][fn]['score']
fnrec['esp'] = fnmetrics.get_espp()
fnrec['blocks'] = fnmetrics.get_blocks()
fnrec['instrs'] = fnmetrics.get_instrs()
fnrec['unrc'] = fnmetrics.get_unresolved_calls()
if fnmetrics.has_name():
fnrec['name'] = fnmetrics.get_name()
except:
print('Problem in ' + name + ', ' + fn)
raise
return (xcount, fncount)
def call_analysis(file_info, iterations, save_asm):
(path, filename, deps) = file_info
am = AM.AnalysisManager(path, filename, deps=deps)
try:
am.analyze(iterations=iterations, save_asm=save_asm)
except subprocess.CalledProcessError as args:
print(args.output)
print(args)
md5profilename = UF.get_md5profile_filename(path, filename)
try:
app = AP.AppAccess(path, filename)
md5profile = app.get_md5_profile()
summary = app.get_result_metrics_summary()
except IOError as e:
print(e)
else:
print('Saving md5 profile and results summary')
with open(md5profilename, 'w') as fp:
json.dump(md5profile, fp, sort_keys=True, indent=4)
UF.save_results_summary(path, filename, summary)
parser.add_argument('filename', help='name of executable')
args = parser.parse_args()
return args
if __name__ == '__main__':
args = parse()
try:
(path, filename) = UF.get_path_filename('mips-elf', args.filename)
UF.check_analysis_results(path, filename)
except UF.CHBError as e:
print(str(e.wrap()))
exit(1)
app = AP.AppAccess(path, filename, mips=True)
result = []
for fn in app.functionsdata.functions:
fndata = app.functionsdata.functions[fn]
if fndata.is_by_preamble(): result.append(fndata.faddr)
dresult = {}
dresult['function-entry-points'] = result
fefilename = os.path.join(path,
filename + '_preamble_functionentrypoints.json')
with open(fefilename, 'w') as fp:
json.dump(dresult, fp)
print('Saved function entry points in file ' + fefilename)
if not UF.unpack_tar_file(path, filename):
print('*' * 80)
print('Error in unpacking tar.gz file with executable content')
print('*' * 80)
exit(1)
try:
am.analyze(iterations=args.iterations,
save_asm=args.asm,
verbose=args.verbose)
except subprocess.CalledProcessError as e:
print(e.output)
print(e.args)
exit(1)
except UF.CHBError as e:
print(str(e.wrap()))
exit(1)
md5profilename = UF.get_md5profile_filename(path, filename)
try:
app = AP.AppAccess(path, filename)
md5profile = app.get_md5_profile()
summary = app.get_result_metrics_summary()
except IOError as e:
print(e)
else:
print('Saving md5 profile and results summary')
with open(md5profilename, 'w') as fp:
json.dump(md5profile, fp, sort_keys=True, indent=4)
UF.save_results_summary(path, filename, summary)
if __name__ == '__main__':
args = parse()
try:
(path, filename,
deps) = UF.get_path_filename_deps('mips-elf', args.filename)
if not UF.check_executable(path, filename):
extract(path, filename, deps)
except UF.CHBError as e:
print(e.wrap())
exit(1)
app = AP.AppAccess(path, filename, initialize=False, mips=True)
elfheader = app.get_elf_header() # ELFHeader object
try:
print(elfheader)
except UF.CHBError as e:
print(e.wrap())
exit(1)
if args.save_section_headers:
result = {}
md5 = get_md5(os.path.join(path, filename))
result['md5'] = md5
result['section-headers'] = []
for s in elfheader.sectionheaders:
result['section-headers'].append(s.get_values())
parser.add_argument('--constants','-c',action='store_true',
help='only show values that are constant literals')
args = parser.parse_args()
return args
if __name__ == '__main__':
args = parse()
try:
(path,filename,deps) = UF.get_path_filename_deps('x86-pe',args.filename)
UF.check_analysis_results(path,filename)
except UF.CHBError as e:
print(str(e.wrap()))
exit(1)
app = AP.AppAccess(path,filename,deps=deps)
try:
(iocresults,problems) = app.get_ioc_arguments() # ioc -> role-name -> (faddr,iaddr,arg)
except UF.CHBError as e:
print(str(e.wrap()))
exit(1)
for ioc in sorted(iocresults):
print(('-' * 80) + '\n' + str(ioc) + '\n' + ('-' * 80))
for rn in sorted(iocresults[ioc]):
print(rn)
results = {}
for (faddr,iaddr,arg) in iocresults[ioc][rn]:
if args.constants:
if not arg.is_const(): continue
argval = str(arg)