def test_as_text_sc():
def f(filename):
return open("tests/files/plain/%s" % filename, "rb").read()
assert f("1.bin.txt") == as_text(f("1.bin"))
assert f("2.bin.txt") == as_text(f("2.bin"))
assert f("3.bin.txt") == as_text(f("3.bin"))
def test_as_text_cld_jmpinf():
assert as_text("\xfc\xeb\xfe") == (
"bbl_0x0000:\n"
" 0x0000: cld\n"
"bbl_0x0001:\n"
" 0x0001: jmp 1\n"
)
def push_shellcode(self, sc):
filepath = self.write_extracted("bin", sc)
if not filepath:
return
# This file contains a plaintext representation of the shellcode.
open("%s.txt" % filepath, "wb").write(egghatch.as_text(sc))
yara_matches = File(filepath).get_yara("shellcode")
self.items.append({
"category": "shellcode",
"raw": filepath,
"shellcode": "%s.txt" % filepath,
"yara": yara_matches,
})
for match in yara_matches:
match = YaraMatch(match, "shellcode")
self.handle_yara(filepath, match)
def push_shellcode(self, sc):
filepath = self.write_extracted("bin", sc)
if not filepath:
return
# This file contains a plaintext representation of the shellcode.
open("%s.txt" % filepath, "wb").write(egghatch.as_text(sc))
yara_matches = File(filepath).get_yara("shellcode")
self.items.append({
"category": "shellcode",
"raw": filepath,
"shellcode": "%s.txt" % filepath,
"yara": yara_matches,
})
for match in yara_matches:
match = YaraMatch(match, "shellcode")
self.handle_yara(filepath, match)