Example #1
0
    def _showImportTrace(self, restrict=True):
        """
        This is the GUI part of the PIN trace import functionality
        """
        self._console_output("Importing PIN trace information from file...")

        # Color for the basic blocks hit during the trace
        col = QtGui.QColorDialog.getColor()
        if col.isValid():
            # IDA works with BGR (annoying)
            ida_color = misc.pyside_to_ida_color(col.name())

        else:
            # Probably closed the QColorDialog
            self._console_output(
                "[!] Problem getting color for trace. Aborting.")
            return

        try:
            imported_info_dict = self.ie.ti.import_data(ida_color)

        except:
            self._console_output("[!] Problem importing from file", err=True)
            self._console_output(traceback.format_exc(), err=True)
            return

        self.table.setColumnCount(5)
        self.table.setHorizontalHeaderLabels(
            ('Thread ID', 'From', 'To', 'From (name)', 'To (name)'))
        self.table_label.setText("Imported information from PIN trace")
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        # TODO: This could be better in a QTree or maybe adding
        # a dropdown to select the thread id...
        idx = 0
        for tid, call_list in imported_info_dict.iteritems():
            self._console_output("Processing Thread ID %d" % tid)

            for u_ea, v_ea in call_list:

                self.table.insertRow(idx)
                tid_item = QTableWidgetItem("%d" % tid)
                u_item = QTableWidgetItem("%x" % u_ea)
                u_item.setFlags(u_item.flags() ^ QtCore.Qt.ItemIsEditable)
                v_item = QTableWidgetItem("%x" % v_ea)
                v_item.setFlags(v_item.flags() ^ QtCore.Qt.ItemIsEditable)
                from_item = QTableWidgetItem(misc.get_function_name(u_ea))
                to_item = QTableWidgetItem(misc.get_function_name(v_ea))

                self.table.setItem(idx, 0, tid_item)
                self.table.setItem(idx, 1, u_item)
                self.table.setItem(idx, 2, v_item)
                self.table.setItem(idx, 3, from_item)
                self.table.setItem(idx, 4, to_item)

                idx += 1
Example #2
0
    def _showImportTrace(self):
        """
        This is the GUI part of the PIN trace import functionality
        """
        self._console_output("Importing PIN trace information from file...")

        # Color for the basic blocks hit during the trace
        col = QtGui.QColorDialog.getColor()
        if col.isValid():
            # IDA works with BGR (annoying)
            ida_color = misc.pyside_to_ida_color(col.name())

        else:
            # Probably closed the QColorDialog
            self._console_output("[!] Problem getting color for trace. Aborting.")
            return

        try:
            imported_info_dict = self.ie.ti.import_data(ida_color)

        except:
            self._console_output("[!] Problem importing from file", err = True)
            self._console_output(traceback.format_exc(), err = True)
            return

        self.table.setColumnCount(5)
        self.table.setHorizontalHeaderLabels(
            ('Thread ID', 'From', 'To', 'From (name)', 'To (name)'))
        self.table_label.setText("Imported information from PIN trace")
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        # TODO: This could be better in a QTree or maybe adding
        # a dropdown to select the thread id...
        idx = 0
        for tid, call_list in imported_info_dict.iteritems():
            self._console_output("Processing Thread ID %d" % tid)

            for u_ea, v_ea in call_list:

                self.table.insertRow(idx)
                tid_item = QTableWidgetItem("%d" % tid)
                u_item = QTableWidgetItem("%x" % u_ea)
                u_item.setFlags(u_item.flags() ^ QtCore.Qt.ItemIsEditable)
                v_item = QTableWidgetItem("%x" % v_ea)
                v_item.setFlags(v_item.flags() ^ QtCore.Qt.ItemIsEditable)
                from_item = QTableWidgetItem(misc.get_function_name(u_ea))
                to_item = QTableWidgetItem(misc.get_function_name(v_ea))

                self.table.setItem(idx, 0, tid_item)
                self.table.setItem(idx, 1, u_item)
                self.table.setItem(idx, 2, v_item)
                self.table.setItem(idx, 3, from_item)
                self.table.setItem(idx, 4, to_item)

                idx += 1
Example #3
0
    def _showConnectedIO(self):
        """
        Shows a list of functions dealing with IO and
        connected to the current function
        """
        self._console_output("Calculating file & network IO...")
        io_list = self.ba.input_to_function()

        if not io_list:
            self._console_output("[!] No (obvious) IO connecting to this function", err = True)
            return

        self.table.setColumnCount(2)
        self.table.setHorizontalHeaderLabels(("Caller", "Name"))

        self.table_label.setText("Connected IO")
        self.table.clearContents()
        self.table.setRowCount(0)

        for idx, caller in enumerate(io_list):
            self.table.insertRow(idx)

            addr_item = QTableWidgetItem("%08x" % caller)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            name_item = QTableWidgetItem("%s" % misc.get_function_name(caller))

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, name_item)
Example #4
0
    def _showBannedFunctions(self):
        """
        Points to functions banned by Microsoft being used.
        """
        self._console_output("Looking for banned functions...")

        deep_search_f = self.config.deep_dangerous_functions

        if deep_search_f:
            self._console_output("Performing a deep search \
                (based on function name)")

        banned_refs_dict = self.vd.find_banned_functions(deep_search_f)

        if not banned_refs_dict:
            self._console_output("[!] No banned functions found", err = True)
            return

        self.tree_label.setText("Functions banned by Microsoft")
        self.tree.clear()
        self.tree.setHeaderLabels(("Banned function", "References", "Name"))

        for f_name, refs in banned_refs_dict.iteritems():
            bf_item = QTreeWidgetItem(self.tree)
            bf_item.setText(0, f_name)

            for ref_addr in refs:
                ref_item = QTreeWidgetItem(bf_item)
                ref_item.setText(1, "%x" % ref_addr)
                ref_name = misc.get_function_name(ref_addr)
                ref_item.setText(2, ref_name)

        # Display all items expanded initially
        self.tree.expandAll()
Example #5
0
    def _showConnectedIO(self):
        """
        Shows a list of functions dealing with IO and
        connected to the current function
        """
        self._console_output("Calculating file & network IO...")
        io_list = self.ba.input_to_function()

        if not io_list:
            self._console_output("[!] No (obvious) IO connecting \
                to this function", err = True)
            return

        self.table.setColumnCount(2)
        self.table.setHorizontalHeaderLabels(("Caller", "Name"))

        self.table_label.setText("Connected IO")
        self.table.clearContents()
        self.table.setRowCount(0)

        for idx, caller in enumerate(io_list):
            self.table.insertRow(idx)

            addr_item = QTableWidgetItem("%08x" % caller)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            name_item = QTableWidgetItem("%s" % misc.get_function_name(caller))

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, name_item)
Example #6
0
    def _showBannedFunctions(self):
        """
        Points to functions banned by Microsoft being used.
        """
        self._console_output("Looking for banned functions...")

        deep_search_f = self.config.deep_dangerous_functions

        if deep_search_f:
            self._console_output("Performing a deep search (based on function name)")

        banned_refs_dict = self.vd.find_banned_functions(deep_search_f)

        if not banned_refs_dict:
            self._console_output("[!] No banned functions found", err = True)
            return

        self.tree_label.setText("Functions banned by Microsoft")
        self.tree.clear()
        self.tree.setHeaderLabels(("Banned function", "References", "Name"))

        for f_name, refs in banned_refs_dict.iteritems():
            bf_item = QTreeWidgetItem(self.tree)
            bf_item.setText(0, f_name)

            for ref_addr in refs:
                ref_item = QTreeWidgetItem(bf_item)
                ref_item.setText(1, "%x" %ref_addr)
                ref_name = misc.get_function_name(ref_addr)
                ref_item.setText(2, ref_name)

        # Display all items expanded initially
        self.tree.expandAll()
Example #7
0
    def _showDangerousConnections(self):
        """
        Shows connections graphs between functions calling IO
        and the ones calling dangerous APIs
        """
        self._console_output("Calculating dangerous connections...")
        try:
            conn_graphs = self.ba.get_all_dangerous_connections()
        except Exception as e:
            print "[!] Error in get_all_dangerous_connections()", e
            return

        if not conn_graphs:
            self._console_output("[!] No (obvious) dangerous connections",
                                 err=True)
            return

        self.table.setColumnCount(5)
        self.table.setHorizontalHeaderLabels(
            ("IO Caller", "Dangerous Functions", "Shortest Path Length", "u",
             "v"))

        self.table_label.setText("Dangerous Connections")
        self.table.clearContents()
        self.table.setRowCount(0)

        for idx, c in enumerate(conn_graphs):
            self.table.insertRow(idx)

            u, v, sp_len = c  # tuple unpacking
            io_item = QTableWidgetItem("%s" % misc.get_function_name(u))
            df_item = QTableWidgetItem("%s" % misc.get_function_name(v))
            sp_item = QTableWidgetItem("%d" % sp_len)
            ioa_item = QTableWidgetItem("%x" % u)
            ioa_item.setFlags(ioa_item.flags() ^ QtCore.Qt.ItemIsEditable)
            dfa_item = QTableWidgetItem("%x" % v)
            dfa_item.setFlags(dfa_item.flags() ^ QtCore.Qt.ItemIsEditable)

            self.table.setItem(idx, 0, io_item)
            self.table.setItem(idx, 1, df_item)
            self.table.setItem(idx, 2, sp_item)
            self.table.setItem(idx, 3, ioa_item)
            self.table.setItem(idx, 4, dfa_item)
Example #8
0
    def _showDangerousConnections(self):
        """
        Shows connections graphs between functions calling IO
        and the ones calling dangerous APIs
        """
        self._console_output("Calculating dangerous connections...")
        try:
            conn_graphs = self.ba.get_all_dangerous_connections()
        except Exception as e:
            print "[!] Error in get_all_dangerous_connections()", e
            return

        if not conn_graphs:
            self._console_output("[!] No (obvious) dangerous connections", err = True)
            return

        self.table.setColumnCount(5)
        self.table.setHorizontalHeaderLabels(
            ("IO Caller", "Dangerous Functions", "Shortest Path Length", "u", "v"))

        self.table_label.setText("Dangerous Connections")
        self.table.clearContents()
        self.table.setRowCount(0)

        for idx, c in enumerate(conn_graphs):
            self.table.insertRow(idx)

            u, v, sp_len = c    # tuple unpacking
            io_item = QTableWidgetItem("%s" % misc.get_function_name(u))
            df_item = QTableWidgetItem("%s" % misc.get_function_name(v))
            sp_item = QTableWidgetItem("%d" % sp_len)
            ioa_item = QTableWidgetItem("%x" % u)
            ioa_item.setFlags(ioa_item.flags() ^ QtCore.Qt.ItemIsEditable)
            dfa_item = QTableWidgetItem("%x" % v)
            dfa_item.setFlags(dfa_item.flags() ^ QtCore.Qt.ItemIsEditable)

            self.table.setItem(idx, 0, io_item)
            self.table.setItem(idx, 1, df_item)
            self.table.setItem(idx, 2, sp_item)
            self.table.setItem(idx, 3, ioa_item)
            self.table.setItem(idx, 4, dfa_item)
Example #9
0
    def _commentsInThisFunction(self):
        """
        Shows all comments within the current function
        """
        show_unique_c = self.config.display_unique_comments

        msg = "Searching comments within function '" + \
            misc.get_function_name() + "'"
        self._console_output(msg)

        comment_list = self.ba.comments_in_function()

        # Found any comment at all?
        nrows = len(comment_list)
        if not nrows:
            self._console_output("[!] No comments found", err = True)
            return

        self.table.setColumnCount(2)
        self.table_label.setText("Comments within current function")
        self.table.setHorizontalHeaderLabels(("Address", "Comments"))
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        displayed_comments = []

        idx = 0
        for (addr, comment) in comment_list:
            if show_unique_c and comment in displayed_comments:
                continue

            displayed_comments.append(comment)

            self.table.insertRow(idx)
            addr_item = QTableWidgetItem("%08x" % addr)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            comment_item = QTableWidgetItem(comment)

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, comment_item)

            idx += 1
Example #10
0
    def _commentsInThisFunction(self):
        """
        Shows all comments within the current function
        """
        show_unique_c = self.config.display_unique_comments

        msg = "Searching comments within function '" + \
            misc.get_function_name() + "'"
        self._console_output(msg)

        comment_list = self.ba.comments_in_function()

        # Found any comment at all?
        nr_rows = len(comment_list)
        if not nr_rows:
            self._console_output("[!] No comments found", err = True)
            return

        self.table.setColumnCount(2)
        self.table_label.setText("Comments within current function")
        self.table.setHorizontalHeaderLabels(("Address", "Comments"))
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        displayed_comments = []

        idx = 0
        for (addr, comment) in comment_list:
            if show_unique_c and comment in displayed_comments:
                continue

            displayed_comments.append(comment)

            self.table.insertRow(idx)
            addr_item = QTableWidgetItem("%08x" % addr)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            comment_item = QTableWidgetItem(comment)

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, comment_item)

            idx += 1
Example #11
0
    def _callsInThisFunction(self):
        """
        Shows all calls within the current function
        """
        msg = "Calls within function '" + misc.get_function_name()
        self._console_output(msg)

        show_unique_calls = self.config.display_unique_calls
        callee_list = self.ba.calls_in_function()

        nrows = len(callee_list)
        if not nrows:
            self._console_output("[!] No calls found", err = True)
            return

        self.table_label.setText("Calls within current function")
        self.table.setColumnCount(2)
        self.table.setHorizontalHeaderLabels(("Address", "Callee"))
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        shown_calls = []

        idx = 0
        for (addr, callee) in callee_list:

            if show_unique_calls and callee in shown_calls:
                continue

            shown_calls.append(callee)

            self.table.insertRow(idx)
            addr_item = QTableWidgetItem("%08x" % addr)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            callee_item =  QTableWidgetItem(callee)
            callee_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, callee_item)

            idx += 1
Example #12
0
    def _callsInThisFunction(self):
        """
        Shows all calls within the current function
        """
        msg = "Calls within function '" + misc.get_function_name()
        self._console_output(msg)

        show_unique_calls = self.config.display_unique_calls
        callee_list = self.ba.calls_in_function()

        nrows = len(callee_list)
        if not nrows:
            self._console_output("[!] No calls found", err = True)
            return

        self.table_label.setText("Calls within current function")
        self.table.setColumnCount(2)
        self.table.setHorizontalHeaderLabels(("Address", "Callee"))
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        shown_calls = []

        idx = 0
        for (addr, callee) in callee_list:

            if show_unique_calls and callee in shown_calls:
                continue

            shown_calls.append(callee)

            self.table.insertRow(idx)
            addr_item = QTableWidgetItem("%08x" % addr)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            callee_item = QTableWidgetItem(callee)
            callee_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, callee_item)

            idx += 1
Example #13
0
    def _showIntegerIssues(self):
        """
        This is the GUI part of the integer issues functionality
        """
        self._console_output("Looking for integer issues (comparisons)")

        try:
            integer_issues_ins = self.ii.search_integer_issues()

        except NotImplementedError:
            self._console_output("[!] x86_64 not implemented yet", err = True)
            return

        # Is there any integer issues at all?
        nrows = len(integer_issues_ins)
        if not nrows:
            self._console_output("[-] No integer issues found.")
            return

        self.table.setColumnCount(3)
        self.table_label.setText("Possible integer issues")
        self.table.setHorizontalHeaderLabels(
            ('Address', 'Function name', 'Notes'))
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        for idx, ins_ea in enumerate(integer_issues_ins):

            self.table.insertRow(idx)
            addr_item = QTableWidgetItem("%x" % ins_ea)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            name_item = QTableWidgetItem(misc.get_function_name(ins_ea))
            mnem_item = QTableWidgetItem("")  # placeholder

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, name_item)
            self.table.setItem(idx, 2, mnem_item)
Example #14
0
    def _showIntegerIssues(self):
        """
        This is the GUI part of the integer issues functionality
        """
        self._console_output("Looking for integer issues (comparisons)")

        try:
            integer_issues_ins = self.ii.search_integer_issues()

        except NotImplementedError:
            self._console_output("[!] x86_64 not implemented yet", err=True)
            return

        # Is there any integer issues at all?
        nrows = len(integer_issues_ins)
        if not nrows:
            self._console_output("[-] No integer issues found.")
            return

        self.table.setColumnCount(3)
        self.table_label.setText("Possible integer issues")
        self.table.setHorizontalHeaderLabels(
            ('Address', 'Function name', 'Notes'))
        self.table.clearContents()
        self.table.setRowCount(0)

        # Fill with contents
        for idx, ins_ea in enumerate(integer_issues_ins):

            self.table.insertRow(idx)
            addr_item = QTableWidgetItem("%x" % ins_ea)
            addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
            name_item = QTableWidgetItem(misc.get_function_name(ins_ea))
            mnem_item = QTableWidgetItem("")  # placeholder

            self.table.setItem(idx, 0, addr_item)
            self.table.setItem(idx, 1, name_item)
            self.table.setItem(idx, 2, mnem_item)