def print_disassembly(oid, disasm, comments, f_breaks, start, stop, height=default_height): if not disasm: return if isinstance(disasm, dict): keys = disasm.keys() keys.sort() h=1 if not stop: stop = disasm[keys[-1]]["addr"] for k in keys: addr = disasm[k]["addr"] if addr < start or addr > stop: continue if addr in f_breaks: for m in f_breaks[addr]: print "******** ", m, " ********" print hex(addr), " : ", instruction_to_string(disasm[k]), if comments and k in comments: print " : ", comments[k] else: print if not h % height: # Only show <height> lines at a time if raw_input().strip().lower().startswith("q"): break h+=1 elif isinstance(disasm, list): h = 1 for insn in disasm: addr = insn["addr"] offset = convert_rva_offset(oid, addr) if (not stop or ( addr >= start and addr <= stop)) and insn: print hex(addr), " : ", instruction_to_string(insn), if comments and offset in comments: print " : ", comments[offset] else: print if not h % height: # Only show <height> lines at a time if raw_input().strip().lower().startswith("q"): break h+=1
def add_labels(y, n, labels, disassm, color=False): l = [] s = "" if disassm: for i in xrange(y,n): if i in disassm: l.append(instruction_to_string(disassm[i])) if l and color: s = " | " + myshell.colorize(" : ".join(l), "magenta") elif l: s = " | " + " : ".join(l) l = [] for label in labels: # List of dictionaries l.extend([l.append(label[i]) for i in xrange(y,n) if i in labels]) if l: s += " # " + ", ".join(l) return s
def create_display_strings(self, oid): data = api.get_field('files', oid, 'data') self.offsets = [] self.lengths = {} self.features = defaultdict(str) self.hex_strs = {} self.ascii_strs = {} self.auto_annotations = {} self.user_comments = {} self.header = api.get_field('object_header', oid, 'header') instructions = api.get_field('disassembly', oid, 'insns') if instructions: self.offsets.extend(instructions.keys()) for offset, instruction in instructions.items(): instruction_string = re_lib.instruction_to_string(instruction) if len(self.features[offset]) > 0: self.features[offset] += ' :: %s' % instruction_string else: self.features[offset] = instruction_string length = instruction['len'] self.lengths[offset] = length current_offset = offset while length > 8: self.lengths[current_offset] = 8 current_offset +=8 self.offsets.append(current_offset) self.features[current_offset] = ' "" ' length -= 8 self.lengths[current_offset] = length header_fields = api.get_field('pe_parse', oid, 'offsets') if header_fields: self.offsets.extend(header_fields.keys()) for offset, field in header_fields.items(): field_lengths = [] field_strings = [] if isinstance(field, list): for element in field: field_lengths.append(element['len']) field_strings.append(element['string']) else: field_lengths.append(field['len']) field_strings.append(field['string']) field_length = min(field_lengths) field_string = ' :: '.join(field_strings) if len(self.features[offset]) > 0: self.features[offset] += ' :: %s' % field_string else: self.features[offset] = field_string self.lengths[offset] = field_length current_offset = offset while field_length > 8: self.lengths[current_offset] = 8 current_offset +=8 self.offsets.append(current_offset) self.features[current_offset] += ' "" ' field_length -= 8 self.lengths[current_offset] = field_length # add an offset and feature for end-of-file self.offsets.append(len(data)) self.features[len(data)] += " EOF" self.lengths[len(data)] = 0 # consolidate and sort the offset list self.offsets = list(set(self.offsets)) self.offsets.sort() # add offsets and empty features for sections without any other feature index = 0 new_offsets = [] for offset in self.offsets: while offset > index: if offset - index > 8: self.lengths[index] = 8 else: self.lengths[index] = offset - index self.features[index] = '' new_offsets.append(index) index += self.lengths[index] index = offset + self.lengths[offset] self.offsets.extend(new_offsets) # consolidate and sort the offset list self.offsets = list(set(self.offsets)) self.offsets.sort() # add basic auto generated features call_map = api.retrieve('map_calls', oid) functions = api.retrieve('function_extract', oid) function_offsets = {} if functions: for f in functions: function_offsets[self.header.get_offset(functions[f]['start'])] = "**** %s ****"%functions[f]['name'] # create hex and ascii strings for each offset previous_offset = 0 for offset in self.offsets: length = self.lengths[offset] self.hex_strs[offset] = self.build_hex_str(data[offset:offset+length]) self.ascii_strs[offset] = self.build_ascii_str(data[offset:offset+length]) if call_map and offset in call_map['internal_functions']: self.auto_annotations[offset] = call_map['internal_functions'][offset] elif call_map and offset in call_map['system_calls']: self.auto_annotations[offset] = call_map['system_calls'][offset] elif offset in function_offsets: self.auto_annotations[offset] = function_offsets[offset] else: self.auto_annotations[offset] = "" self.user_comments[offset] = ""