Example #1
0
    def output_file(self, outdir, data):
        """Place the data into a file."""
        log = logging.getLogger('Mastiff.Plugins.' + self.name)

        try:
            out_file = open(outdir + os.sep + "metadata.txt",'w')
            out_file.write('PDF Metadata\n\n')
            for key in data.keys():
                out_file.write('{0:25}\t{1}\n'.format(key, printable_str(data[key])) )
        except IOError, err:
            log.error('Write error: %s', err)
            return False
Example #2
0
    def output_file_quick(self, outdir, pe):
        """Output short, useful information on file."""

        log = logging.getLogger('Mastiff.Plugins.' + self.name + '.quick')        

        try:
            outfile = open(outdir + os.sep + 'peinfo-quick.txt', 'w')
            outfile.write('PE Header Information\n\n')
            outfile.write('Quick Info:\n\n')
            try:
                outfile.write('TimeDateStamp: %s\n' % time.asctime(time.gmtime(pe.FILE_HEADER.TimeDateStamp)))
            except ValueError:
                outfile.write('TimeDataStamp: Invalid Time %x\n' % (pe.FILE_HEADER.TimeDateStamp))
            outfile.write('Subsystem: %s\n' % pefile.SUBSYSTEM_TYPE[pe.OPTIONAL_HEADER.Subsystem])

            outfile.write(self._dump_section_headers(pe))

            # any parsing warnings (often related to packers
            outfile.write('\nParser Warnings:\n')
            for warning in pe.get_warnings():
                outfile.write('- ' + warning + '\n')

            # file info - thx to Ero Carrera for sample code
            # http://blog.dkbza.org/2007/02/pefile-parsing-version-information-from.html
            outfile.write('\nFile Information:\n')
            if hasattr(pe, "FileInfo"):
                for fileinfo in pe.FileInfo:
                    if fileinfo.Key == 'StringFileInfo':
                        for string_entry in fileinfo.StringTable:
                            for entry in string_entry.entries.items():
                                outfile.write("{0:20}:\t{1:40}\n".format(printable_str(entry[0]), \
                                                            printable_str(entry[1])))
                    if fileinfo.Key == 'VarFileInfo':
                        for var in fileinfo.Var:
                            outfile.write("{0:20}:\t{1:40}\n".format(printable_str(var.entry.items()[0][0]),
                                                                     printable_str(var.entry.items()[0][1])))
            else:
                outfile.write('No file information present.\n')

            # imports
            outfile.write('\nImports:\n')
            if hasattr(pe, "DIRECTORY_ENTRY_IMPORT"):
                outfile.write('{0:20}\t{1:30}\t{2:10}\n'.format('DLL', 'API', 'Address'))
                outfile.write('-'*70 + '\n')
                for entry in pe.DIRECTORY_ENTRY_IMPORT:
                    for imp in entry.imports:
                        outfile.write('{0:20}\t{1:30}\t{2:10}\n'.format(entry.dll, imp.name, hex(imp.address)))
            else:
                outfile.write('No imports.\n')

            # exports
            outfile.write('\nExports:\n')
            if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"):
                outfile.write('{0:20}\t{1:10}\t{2:10}\n'.format('Name', 'Address', 'Ordinal'))
                outfile.write('-'*50 + '\n')
                for exp in pe.DIRECTORY_ENTRY_EXPORT.symbols:
                    outfile.write('{0:20}\t{1:10}\t{2:10}\n'.format(exp.name, \
                                                                hex(pe.OPTIONAL_HEADER.ImageBase + exp.address),\
                                                                exp.ordinal))
            else:
                outfile.write('No Exports.\n')


            outfile.close()
        except IOError, err:
            log.error('Cannot write to peinfo.txt: %s' % err)
            return False
Example #3
0
    def output_file_quick(self, outdir, pe):
        """Output short, useful information on file."""

        log = logging.getLogger('Mastiff.Plugins.' + self.name + '.quick')

        try:
            outfile = open(outdir + os.sep + 'peinfo-quick.txt', 'w')
            outfile.write('PE Header Information\n\n')
            outfile.write('Quick Info:\n\n')
            try:
                outfile.write(
                    'TimeDateStamp: %s\n' %
                    time.asctime(time.gmtime(pe.FILE_HEADER.TimeDateStamp)))
            except ValueError:
                outfile.write('TimeDataStamp: Invalid Time %x\n' %
                              (pe.FILE_HEADER.TimeDateStamp))
            outfile.write('Subsystem: %s\n' %
                          pefile.SUBSYSTEM_TYPE[pe.OPTIONAL_HEADER.Subsystem])

            outfile.write(self._dump_section_headers(pe))

            # any parsing warnings (often related to packers
            outfile.write('\nParser Warnings:\n')
            for warning in pe.get_warnings():
                outfile.write('- ' + warning + '\n')

            # file info - thx to Ero Carrera for sample code
            # http://blog.dkbza.org/2007/02/pefile-parsing-version-information-from.html
            outfile.write('\nFile Information:\n')
            if hasattr(pe, "FileInfo"):
                for fileinfo in pe.FileInfo:
                    if fileinfo.Key == 'StringFileInfo':
                        for string_entry in fileinfo.StringTable:
                            for entry in string_entry.entries.items():
                                outfile.write("{0:20}:\t{1:40}\n".format(printable_str(entry[0]), \
                                                            printable_str(entry[1])))
                    if fileinfo.Key == 'VarFileInfo':
                        try:
                            for var in fileinfo.Var:
                                outfile.write("{0:20}:\t{1:40}\n".format(
                                    printable_str(var.entry.items()[0][0]),
                                    printable_str(var.entry.items()[0][1])))
                        except:
                            # there are times when a VarFileInfo structure may be present, but empty
                            pass
            else:
                outfile.write('No file information present.\n')

            # imports
            outfile.write('\nImports:\n')
            if hasattr(pe, "DIRECTORY_ENTRY_IMPORT"):
                outfile.write('{0:20}\t{1:30}\t{2:10}\n'.format(
                    'DLL', 'API', 'Address'))
                outfile.write('-' * 70 + '\n')
                for entry in pe.DIRECTORY_ENTRY_IMPORT:
                    for imp in entry.imports:
                        outfile.write('{0:20}\t{1:30}\t{2:10}\n'.format(
                            entry.dll, imp.name, hex(imp.address)))
            else:
                outfile.write('No imports.\n')

            # exports
            outfile.write('\nExports:\n')
            if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"):
                outfile.write('{0:20}\t{1:10}\t{2:10}\n'.format(
                    'Name', 'Address', 'Ordinal'))
                outfile.write('-' * 50 + '\n')
                for exp in pe.DIRECTORY_ENTRY_EXPORT.symbols:
                    outfile.write('{0:20}\t{1:10}\t{2:10}\n'.format(exp.name, \
                                                                hex(pe.OPTIONAL_HEADER.ImageBase + exp.address),\
                                                                exp.ordinal))
            else:
                outfile.write('No Exports.\n')

            outfile.close()
        except IOError, err:
            log.error('Cannot write to peinfo.txt: %s' % err)
            return False