def Main(): cgiEnv = lib_common.ScriptEnvironment() # "NtOpenObjectAuditAlarm%40C%3A\windows\system32\ntdll.dll" # Filename is optional. # The symbol is already demangled. symbol_nam = cgiEnv.m_entity_id_dict["Name"] fil_nam = cgiEnv.m_entity_id_dict["File"] logging.debug("symbol=%s fil_nam=%s", symbol_nam, fil_nam) grph = cgiEnv.GetGraph() sym_node = lib_uris.gUriGen.SymbolUri(symbol_nam, fil_nam) if fil_nam: fil_node = lib_uris.gUriGen.FileUri( fil_nam ) grph.add((fil_node, pc.property_symbol_defined, sym_node)) vers_str = lib_win32.VersionString(fil_nam) grph.add((fil_node, pc.property_information, lib_util.NodeLiteral(vers_str))) sym = FindPESymbol(fil_nam, symbol_nam) if sym is not None: # Non-breaking space: A0 10100000   doc_txt = getattr(sym, "__doc__") # This string is filled with spaces and CR which are translated into " ". doc_txt = re.sub(r'\s+', ' ', doc_txt).strip() grph.add((sym_node, pc.property_information,lib_util.NodeLiteral(doc_txt))) # Possible values are "name","offset","ordinal","forwarder" try: fwrd = getattr(sym, "forwarder") grph.add((sym_node, lib_common.MakeProp("Forwarder"), lib_util.NodeLiteral(fwrd))) except: pass try: fwrd = getattr(sym,"ordinal") grph.add((sym_node, lib_common.MakeProp("Ordinal"), lib_util.NodeLiteral(fwrd))) except: pass ful_nam, lst_args = lib_symbol.SymToArgs(symbol_nam) if lst_args: for arg in lst_args: # TODO: Order of arguments must not be changed. arg_node = lib_uris.gUriGen.ClassUri(arg, fil_nam) grph.add((sym_node, pc.property_argument, arg_node)) cgiEnv.OutCgiRdf("LAYOUT_RECT", [pc.property_argument])
def RecursiveDepends(self, filNam, maxLevel): # sys.stderr.write( "filNam=%s maxLevel=%d\n"%(filNam,maxLevel)) rootNode = lib_common.gUriGen.FileUri(filNam) versStr = lib_win32.VersionString(filNam) self.grph.add((rootNode, pc.property_information, lib_common.NodeLiteral(versStr))) if maxLevel == 0: return rootNode # TODO: Consider a cache for this value. Beware of case for filNam. pe = pefile.PE(filNam) try: for entry in pe.DIRECTORY_ENTRY_IMPORT: if lib_util.is_py3: entry_dll = entry.dll.encode('utf-8') else: entry_dll = entry.dll # sys.stderr.write( "entry.dll=%s\n"%entry_dll) # sys.stderr.write("entry=%s\n"%str(entry.struct)) dllPath = lib_shared_lib_path.FindPathFromSharedLibraryName( entry_dll) if dllPath: subNode = self.RecursiveDepends(dllPath, maxLevel - 1) self.grph.add( (rootNode, pc.property_library_depends, subNode)) for imp in entry.imports: # sys.stderr.write("\t%s %s\n"% (hex(imp.address), imp.name) ) if imp.name is not None: symNode = lib_uris.gUriGen.SymbolUri( imp.name, dllPath) self.grph.add( (subNode, pc.property_symbol_declared, symNode)) break except AttributeError: # sys.stderr.write("EXCEPTION\n") pass return rootNode
def RecursiveDepends(self, filNam, maxLevel): filNamLower = filNam.lower() if filNamLower in self.cache_dll_to_imports: # We already have seen this file name. rootNode = self.cache_dll_to_imports[filNamLower] else: #sys.stderr.write("filNam=%s\n"%filNam) rootNode = lib_common.gUriGen.FileUri(filNam) versStr = lib_win32.VersionString(filNam) self.grph.add((rootNode, pc.property_information, lib_common.NodeLiteral(versStr))) self.cache_dll_to_imports[filNamLower] = rootNode if maxLevel == 0: return rootNode pe = pefile.PE(filNam) try: for entry in pe.DIRECTORY_ENTRY_IMPORT: if sys.version_info >= (3, ): entry_dll = entry.dll.encode('utf-8') else: entry_dll = entry.dll # sys.stderr.write("entry.dll=%s\n"%entry.dll) # sys.stderr.write("entry=%s\n"%str(entry.struct)) for aDir in self.dirs_norm: # sys.stderr.write("aDir=%s entry_dll=%s\n"%(aDir,entry_dll)) dllPath = os.path.join(aDir, entry_dll) if os.path.exists(dllPath): subNode = self.RecursiveDepends( dllPath, maxLevel - 1) self.grph.add( (rootNode, pc.property_library_depends, subNode)) break except AttributeError: pass return rootNode
def recursive_depends(self, fil_nam, max_level): fil_nam_lower = fil_nam.lower() if fil_nam_lower in self.cache_dll_to_imports: # We already have seen this file name. root_node = self.cache_dll_to_imports[fil_nam_lower] else: root_node = lib_uris.gUriGen.FileUri(fil_nam) vers_str = lib_win32.VersionString(fil_nam) self.grph.add((root_node, pc.property_information, lib_util.NodeLiteral(vers_str))) self.cache_dll_to_imports[fil_nam_lower] = root_node if max_level == 0: return root_node pe = pefile.PE(fil_nam) try: for entry in pe.DIRECTORY_ENTRY_IMPORT: if lib_util.is_py3: entry_dll = entry.dll.encode('utf-8') else: entry_dll = entry.dll for a_dir in self.dirs_norm: dll_path = os.path.join(a_dir, entry_dll) if os.path.exists(dll_path): sub_node = self.recursive_depends( dll_path, max_level - 1) self.grph.add( (root_node, pc.property_library_depends, sub_node)) break except AttributeError: pass return root_node