def sym(comp_id, hash, file, lib, os, fmt_append_zero, fmt_str_type, fmt_to_lower, fmt_to_upper): logger = Logger("CLI") if file: hashes = read_source_file(file) else: hashes = hash if not hashes: logger.log_normal("Nothing to resolve") return r = None if os == "win": r = Resolver.for_win() elif os == "linux": r = Resolver.for_linux() else: logger.log_error("Invalid OS type (%s)" % os) return libs = lib if not libs: libs = r.libs sf = StringFmt(append_zero=fmt_append_zero, char_sz=1 if fmt_str_type == "acs" else 2, to_lower=fmt_to_lower, to_upper=fmt_to_upper) try: resolved_symbols = r.find_symbol(comp_id, hashes, libs, fmt=sf) except ComparatorNotFound as ex: logger.log_error("Finding error: %s" % ex.message) return if not resolved_symbols: logger.log_normal("Nothing found") return if not view_results(resolved_symbols, PRINT_TYPE_SYM): logger.log_error("Print results failed")
class Resolver: def __init__(self, lib_loader, comparators_loader): self._ll = lib_loader self._cl = comparators_loader self._logger = Logger("R") @classmethod def for_win(cls): c = ComparatorLoader() wl = WinLibLoader() return cls(wl, c) @classmethod def for_linux(cls): c = ComparatorLoader() ll = LinuxLibLoader() return cls(ll, c) @property def comparators(self): return self._cl.comparators @property def libs(self): return self._ll.libs def find_symbol(self, cid, hs, libs, fmt=StringFmt()): resolved = [] for h in hs: is_hash_found = False for l_name in libs: self._logger.log_normal("Check hash %s inside lib %s" % (phex(h), l_name)) for name, sym_name in self._ll.lib_symbols(l_name): s = fmt.format(sym_name) if not s: continue if self._cl.call(cid, s, h, dll_name=l_name, is_api_search=True): resolved.append((sym_name, h, l_name)) is_hash_found = True break if is_hash_found: break return resolved def find_lib(self, cid, hs, fmt=StringFmt()): resolved = [] for h in hs: for l_name in self.libs: s = fmt.format(l_name) if not s: continue if self._cl.call(cid, s, h, dll_name=l_name, is_api_search=False): resolved.append((l_name, h)) break return resolved