def __init__(self, dbstore, params, parent=None):
QtWidgets.QDialog.__init__(self, parent)
try:
self.logger = jayutils.getLogger('ShellcodeWidget')
self.logger.debug('Hello debug')
self.dbstore = dbstore
self.params = params
self.configData = {}
self.ui = Ui_ShellcodeChooser()
self.ui.setupUi(self)
self.ui.list_hashNames.setSelectionMode(
QtWidgets.QAbstractItemView.ExtendedSelection)
self.ui.list_hashNames.currentTextChanged.connect(
self.handleTextChange)
self.ui.buttonBox.accepted.connect(self.storeStateAccepted)
self.ui.buttonBox.rejected.connect(self.reject)
self.custom_accepted.connect(self.accept)
self.ui.cb_dwordArray.stateChanged.connect(
self.handleDwordCheckboxChange)
self.ui.cb_XORSeed.stateChanged.connect(
self.handleXORSeedCheckboxChange)
self.initData()
except Exception as err:
self.logger.exception('Error during init: %s', str(err))
def main():
#jayutils.configLogger(__name__, logging.DEBUG)
jayutils.configLogger(__name__, logging.INFO)
logger = jayutils.getLogger('')
logger.debug('Starting up in main')
#name = idc.AskStr('CreateThread', 'Enter function to find args for')
#argNum = idc.AskLong(6)
filePath = jayutils.getInputFilepath()
if filePath is None:
self.logger.info('No input file provided. Stopping')
return
vw = jayutils.loadWorkspace(filePath)
logger.debug('Loaded workspace')
tracker = ArgTracker(vw)
import idautils
funcEa = idc.LocByName('CreateThread')
if funcEa == idc.BADADDR:
logger.info('CreateThread not found. Returning now')
return
for xref in idautils.XrefsTo(funcEa):
argsList = tracker.getPushArgs(xref.frm, 6)
for argDict in argsList:
print '-'*60
pc, value = argDict[3]
print '0x%08x: 0x%08x: 0x%08x' % (xref.frm, pc, value)
def main():
#jayutils.configLogger(__name__, logging.DEBUG)
jayutils.configLogger(__name__, logging.INFO)
logger = jayutils.getLogger('')
logger.debug('Starting up in main')
#name = idc.AskStr('CreateThread', 'Enter function to find args for')
#argNum = idc.AskLong(6)
filePath = jayutils.getInputFilepath()
if filePath is None:
self.logger.info('No input file provided. Stopping')
return
vw = jayutils.loadWorkspace(filePath)
logger.debug('Loaded workspace')
tracker = ArgTracker(vw)
import idautils
funcEa = idc.get_name_ea_simple('CreateThread')
if funcEa == idc.BADADDR:
logger.info('CreateThread not found. Returning now')
return
for xref in idautils.XrefsTo(funcEa):
argsList = tracker.getPushArgs(xref.frm, 6)
for argDict in argsList:
print '-' * 60
pc, value = argDict[3]
print '0x%08x: 0x%08x: 0x%08x' % (xref.frm, pc, value)
def main(doAllFuncs=True):
#doAllFuncs=False
#jayutils.configLogger('', logging.DEBUG)
jayutils.configLogger('', logging.INFO)
logger = jayutils.getLogger('stackstrings')
logger.debug('Starting up now')
filePath = jayutils.getInputFilepath()
if filePath is None:
self.logger.info('No input file provided. Stopping')
return
vw = jayutils.loadWorkspace(filePath)
ea = idc.ScreenEA()
res = idc.AskYN(0, 'Use basic-block local aggregator')
if res == -1:
print 'User canceled'
return
uselocalagg = (res == 1)
ranges = getFuncRanges(ea, doAllFuncs)
for funcStart, funcEnd in ranges:
try:
logger.debug('Starting on function: 0x%x', funcStart)
stringList = runStrings(vw, funcStart, uselocalagg)
for node, string in stringList:
if isLikelyFalsePositiveString(string):
#if it's very likely a FP, skip annotating
continue
print '0x%08x: %s' % (node[0], string)
#print '0x%08x: 0x%08x: %s %s' % (node[0], node[1], binascii.hexlify(string), string)
idc.MakeComm(node[0], string.strip())
except Exception, err:
logger.exception('Error during parse: %s', str(err))
def runStrings(vw, ea, uselocalagg=True):
'''
Returns a list of (write log entry, decoded strings)
where the write log is the tuple (pc, va, bytes)
for the instruction that wrote the first byte of the string
'''
emu = vw.getEmulator(True, True)
#modify the stack base for the emulator - smaller mask & frame size
# wasn't working for funcs with large locals frame size
emu.stack_map_mask = e_bits.sign_extend(0xfff00000, 4, vw.psize)
emu.stack_map_base = e_bits.sign_extend(0xbfb00000, 4, vw.psize)
emu.stack_pointer = emu.stack_map_base + 16*4096
emu.runFunction(ea, maxhit=1, maxloop=1)
logger = jayutils.getLogger('stack_graph')
if uselocalagg:
#logger.info('Using local agg')
stringList = []
jayutils.path_bfs(emu.path, stack_track_visitor, vw=vw, emu=emu, logger=logger, res=stringList )
return stringList
else:
#logger.info('Using global agg')
agg = StringAccumulator()
jayutils.path_bfs(emu.path, stack_track_visitor, vw=vw, emu=emu, logger=logger, agg=agg )
return agg.stringDict.values()
def main(doAllFuncs=True):
#doAllFuncs=False
#jayutils.configLogger('', logging.DEBUG)
jayutils.configLogger('', logging.INFO)
logger = jayutils.getLogger('stackstrings')
logger.debug('Starting up now')
filePath = jayutils.getInputFilepath()
if filePath is None:
self.logger.info('No input file provided. Stopping')
return
vw = jayutils.loadWorkspace(filePath)
ea = idc.ScreenEA()
res = idc.AskYN(0, 'Use basic-block local aggregator')
if res == -1:
print 'User canceled'
return
uselocalagg = (res == 1)
ranges = getFuncRanges(ea, doAllFuncs)
for funcStart, funcEnd in ranges:
try:
logger.debug('Starting on function: 0x%x', funcStart)
stringList = runStrings(vw, funcStart, uselocalagg)
for node, string in stringList:
if isLikelyFalsePositiveString(string):
#if it's very likely a FP, skip annotating
continue
print '0x%08x: %s' % (node[0], string)
#print '0x%08x: 0x%08x: %s %s' % (node[0], node[1], binascii.hexlify(string), string)
idc.MakeComm(node[0], string.strip())
except Exception, err:
logger.exception('Error during parse: %s', str(err))
def __init__(self, vw, maxIters=1000):
self.logger = jayutils.getLogger('argracker.ArgTracker')
self.logger.debug('Starting up here')
self.vw = vw
self.lastFunc = 0
self.va_write_map = None
self.codesize = jayutils.getx86CodeSize()
self.ptrsize = self.codesize / 8
self.queue = []
self.maxIters = maxIters
def __init__(self, vw, maxIters=1000):
self.logger = jayutils.getLogger('argracker.ArgTracker')
self.logger.debug('Starting up here')
self.vw = vw
self.lastFunc = 0
self.va_write_map = None
self.codesize = jayutils.getx86CodeSize()
self.ptrsize = self.codesize/8
self.queue = []
self.maxIters = maxIters
def __init__(self, parent=None):
QtWidgets.QDialog.__init__(self, parent)
try:
self.logger = jayutils.getLogger('StructTyperWidget')
self.logger.debug('StructTyperWidget starting up')
self.ui = Ui_Dialog()
self.ui.setupUi(self)
self.ui.lineEdit.setText(g_DefaultPrefixRegexp)
self.ui.checkBox.setChecked(Qt.Unchecked)
except Exception, err:
self.logger.exception('Error during init: %s', str(err))
def __init__(self, parent=None):
QtGui.QDialog.__init__(self, parent)
try:
self.logger = jayutils.getLogger('StructTyperWidget')
self.logger.debug('StructTyperWidget starting up')
self.ui=Ui_Dialog()
self.ui.setupUi(self)
self.ui.lineEdit.setText(g_DefaultPrefixRegexp)
self.ui.checkBox.setChecked(Qt.CheckState.Unchecked)
except Exception, err:
self.logger.exception('Error during init: %s', str(err))
def __init__(self, parent=None):
QtGui.QDialog.__init__(self, parent)
try:
self.logger = jayutils.getLogger('ApplyCalleeTypeWidget')
self.tinfo = None
self.inputType = self.USER_TYPE
self.logger.debug('ApplyCalleeTypeWidge starting up')
self.ui = Ui_ApplyCalleeDialog()
self.ui.setupUi(self)
self.ui.te_userTypeText.setTabChangesFocus(True)
self.ui.pb_useStandardType.clicked.connect(self.onStandardPress)
self.ui.pb_useLocalType.clicked.connect(self.onLocalPress)
except Exception, err:
self.logger.exception('Error during init: %s', str(err))
def __init__(self, parent=None):
QtWidgets.QDialog.__init__(self, parent)
try:
self.logger = jayutils.getLogger('ApplyCalleeTypeWidget')
self.tinfo = None
self.inputType = self.USER_TYPE
self.logger.debug('ApplyCalleeTypeWidge starting up')
self.ui = Ui_ApplyCalleeDialog()
self.ui.setupUi(self)
self.ui.te_userTypeText.setTabChangesFocus(True)
self.ui.pb_useStandardType.clicked.connect(self.onStandardPress)
self.ui.pb_useLocalType.clicked.connect(self.onLocalPress)
except Exception, err:
self.logger.exception('Error during init: %s', str(err))
def __init__(self, dbstore, params, parent=None):
QtWidgets.QDialog.__init__(self, parent)
try:
self.logger = jayutils.getLogger('ShellcodeWidget')
self.logger.debug('Hello debug')
self.dbstore = dbstore
self.params = params
self.configData = {}
self.ui=Ui_ShellcodeChooser()
self.ui.setupUi(self)
self.ui.list_hashNames.setSelectionMode(QtWidgets.QAbstractItemView.ExtendedSelection)
self.ui.list_hashNames.currentTextChanged.connect(self.handleTextChange)
self.ui.buttonBox.accepted.connect(self.storeStateAccepted)
self.ui.buttonBox.rejected.connect(self.reject)
self.custom_accepted.connect(self.accept)
self.ui.cb_dwordArray.stateChanged.connect(self.handleDwordCheckboxChange)
self.initData()
except Exception, err:
self.logger.exception('Error during init: %s', str(err))
def __init__(self):
self.params = SearchParams()
self.logger = jayutils.getLogger('SearchLauncher')
def __init__(self, dbstore, params):
self.logger = jayutils.getLogger('ShellcodeHashSearcher')
self.dbstore = dbstore
self.params = params
self.hits = []
def __init__(self):
self.params = SearchParams()
self.logger = jayutils.getLogger('SearchLauncher')
def __init__(self):
self.logger = jayutils.getLogger('StringAccumulator')
self.stringDict = {}
self.stackDict = {}
self.buffReuseDetected = False
def __init__(self, regs):
viv_imp_monitor.EmulationMonitor.__init__(self)
self.logger = jayutils.getLogger('argracker.RegMonitor')
self.regs = regs[:]
self.reg_map = {}
def __init__(self):
self.logger = jayutils.getLogger('ApplyCalleeType')
def __init__(self):
self.logger = jayutils.getLogger('SearchLauncher')
def __init__(self, regs):
viv_imp_monitor.EmulationMonitor.__init__(self)
self.logger = jayutils.getLogger('argracker.RegMonitor')
self.regs = regs[:]
self.reg_map = {}
def __init__(self, dbstore, params):
self.logger = jayutils.getLogger('ShellcodeHashSearcher')
self.dbstore = dbstore
self.params = params
self.hits = []
def __init__(self):
self.logger = jayutils.getLogger('ApplyCalleeType')
def __init__(self):
self.logger = jayutils.getLogger('SearchLauncher')
def __init__(self):
self.logger = jayutils.getLogger('StringAccumulator')
self.stringDict = {}
self.stackDict = {}
self.buffReuseDetected = False
