def req_modcheck(self, hash):
md5, pdb = hash.get('md5'), hash.get('pdb')
remote = None
if md5:
rs_log("modcheck idb (md5)")
local = rs_decode(
binascii.hexlify(idaapi.retrieve_input_file_md5())).upper()
remote = (''.join(md5.split())).upper()
elif pdb:
rs_log("modcheck idb (pdb guid)")
msg = rs_decode(base64.b64decode(pdb))
local = DbgDirHlpr.read_rsds_guid()
remote = DbgDirHlpr.parse_itoldyouso_output(msg)
rs_log(" -> remote: <%s>" % remote)
rs_log(" -> local : <%s>" % local)
if remote == '0':
output = '[!] warning, no Debug Directory'
elif local == remote:
output = '[+] module successfully matched'
else:
output = '[!] warning, modules mismatch'
rs_log(output)
self.notice_broker("cmd", "\"cmd\":\"%s\"" % output)
return
def GetInputFileMD5():
"""
Return the MD5 hash of the input binary file
@return: MD5 string or None on error
"""
ua = idaapi.uchar_array(16)
if idaapi.retrieve_input_file_md5(ua.cast()):
md5str = ""
for i in range(16):
md5str += "%02x" % ua[i]
return md5str
else:
return None