def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
This function will be triggered whenever
the script is loaded for the first time,
either with the import_module command,
or when loaded at startup.
'''
#We keep a callback manager as a global var.
# --> To access it from any function.
# --> Necessary to call cm.clean() from clean() function
global cm
global pyrebox_print
#Initialize printer function (global var), that we can use to print
#text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
#Initialize the callback manager, and register a couple of named
#callbacks.
cm = CallbackManager(module_hdl)
new_proc_cb = cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
remove_proc_cb = cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl,printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
new_proc_cb = cm.add_callback(CallbackManager.CREATEPROC_CB,new_proc,name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
global cm
global pyrebox_print
from plugins.guest_agent import guest_agent
pyrebox_print = printer
cm = CallbackManager(module_hdl)
guest_agent.copy_file("/home/marc/sdcard/zoo/gen/sample.exe",
"C:\\ProgramData\\malo.exe")
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
guest_agent.execute_file("C:\\ProgramData\\malo.exe")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.MEM_READ_CB, my_function, name="mem_read")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl,printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.OPCODE_RANGE_CB,opcode_range,name="opcode",start_opcode=0x90,end_opcode=0x90)
pyrebox_print("[*] Initialized callbacks")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl,printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB,my_function,name="block_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] In order to perform the test, start monitoring some process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
'''
global cm
global pyrebox_print
# debug var
global num_ins
global logger
global process_is_created
logger = logging.getLogger('funcap')
hdlr = logging.FileHandler('funcap.log')
formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
hdlr.setFormatter(formatter)
logger.addHandler(hdlr)
# Set level log
level = 0
if level == 0:
logger.setLevel(logging.INFO)
elif level == 1:
logger.setLevel(logging.WARNING)
elif level == 2:
logger.setLevel(logging.ERROR)
elif level == 3:
logger.setLevel(logging.CRITICAL)
else:
logger.setLevel(logging.WARNING)
num_ins = 0
process_is_created = 0
# Init symbols
# api.get_symbol_list()
# Initialize printer function
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
#Initialize the callback manager
cm = CallbackManager(module_hdl)
##
# Callback for CALL opcode
##
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
cm.add_callback(CallbackManager.OPCODE_RANGE_CB,
funcap,
start_opcode=0xFF,
end_opcode=0xFF)
cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
do_set_target(TARGET)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.INSN_END_CB, my_function, name="insn_end")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
'''
global cm
global pyrebox_print
# Initialize printer function
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager
cm = CallbackManager(module_hdl)
# Register a process creation callback
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.TLB_EXEC_CB, tlb_exec, name="tlb_exec")
cm.add_callback(CallbackManager.CONTEXTCHANGE_CB, context_change, name="context_change")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.INSN_BEGIN_CB, insn_begin, name="insn_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] In order to run the rest, open calc.exe and monitor the process.")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.BLOCK_END_CB, my_function, name="block_end")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl, printer):
'''
Initialize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
from plugins.guest_agent import guest_agent
from mw_monitor2.generic_unpacker import register_memory_dump_callback
global cm
global pyrebox_print
pyrebox_print = printer
try:
# Initialize process creation callback
pyrebox_print("[*] Initializing callbacks")
# Add memory dump callback
register_memory_dump_callback(memory_dump_callback)
cm = CallbackManager(module_hdl, new_style=True)
pyrebox_print("[*] Initialized callbacks")
except Exception as e:
import traceback
traceback.print_exc()
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
global cm
global pyrebox_print
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.KEYSTROKE_CB, my_function, name="keystroke")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Just type stuff on the guest")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB, my_function, name="block_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] In order to perform the test, start monitoring some process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CONTEXTCHANGE_CB,
context_change,
name="context_change")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.KEYSTROKE_CB,
my_function,
name="keystroke")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Just type stuff on the guest")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.NIC_SEND_CB, my_function_send, name="send")
cm.add_callback(CallbackManager.NIC_REC_CB, my_function_receive, name="receive")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
global target_procname
from api import CallbackManager
from plugins.guest_agent import guest_agent
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.INSN_BEGIN_CB,
insn_begin,
name="insn_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print(
"[!] In order to run the rest, open calc.exe and monitor the process."
)
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB,
block_begin,
name="block_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print(
"[!] In order to run the test, start calc.exe and monitor it\n")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
global cm
global pyrebox_print
global sample_to_upload
global upload_path
global sample_name
from plugins.guest_agent import guest_agent
pyrebox_print = printer
cm = CallbackManager(module_hdl)
# Push the sample from de host to de guest
guest_agent.copy_file(sample_to_upload, upload_path + sample_name)
# Create a Callback for every new process create to catch de sample when executed
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_process_created,
name="vmi_new_proc")
# Run the sample uploaded to the VM
guest_agent.execute_file(upload_path + sample_name)
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.MEM_WRITE_CB, mem_write, name="mem_write")
#Add a bpw_memrange trigger to the callback, that will limit
#the address range for which the callback will be triggered
cm.add_trigger("mem_write", "triggers/trigger_bpw_memrange.so")
cm.set_trigger_var("mem_write", "begin", 0x0)
cm.set_trigger_var("mem_write", "end", 0x80000000)
cm.set_trigger_var("mem_write", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks\n")
def initialize_callbacks(module_hdl, printer):
'''
Initialize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
from plugins.guest_agent import guest_agent
from mw_monitor2.interproc import interproc_data
global cm
global pyrebox_print
global UNPACKER_LOG_PATH
global UNPACKER_DUMP_PATH
global interproc_data
pyrebox_print = printer
# Set configuration values
try:
f = open(os.environ["GENERIC_UNPACKER_CONF_PATH"], "r")
conf_data = json.load(f)
f.close()
UNPACKER_LOG_PATH = conf_data.get("unpacker_log_path", None)
UNPACKER_DUMP_PATH = conf_data.get("unpacker_dump_path", None)
if UNPACKER_LOG_PATH is None or UNPACKER_DUMP_PATH is None:
raise ValueError(
"The json configuration file is not well-formed: fields missing?"
)
except Exception as e:
pyrebox_print(
"Could not read or correctly process the configuration file: %s" %
str(e))
return
try:
# Initialize log
init_log()
# Initialize process creation callback
pyrebox_print("[*] Initializing callbacks")
interproc_data.register_entry_point_callback(module_entry_point)
interproc_data.register_file_read_callback(file_read)
interproc_data.register_file_write_callback(file_write)
interproc_data.register_remote_memory_read_callback(memory_read)
interproc_data.register_remote_memory_write_callback(memory_write)
interproc_data.register_section_map_callback(section_map)
interproc_data.register_section_unmap_callback(section_unmap)
cm = CallbackManager(module_hdl, new_style=True)
pyrebox_print("[*] Initialized callbacks")
except Exception as e:
import traceback
traceback.print_exc()
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
cm.add_callback(CallbackManager.MEM_WRITE_CB, mem_write, name="mem_write")
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB, block_exec, name="block_begin")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.MEM_WRITE_CB, mem_write, name="mem_write")
# Add a bpw_memrange trigger to the callback, that will limit
# the address range for which the callback will be triggered
cm.add_trigger("mem_write", "triggers/trigger_bpw_memrange.so")
cm.set_trigger_var("mem_write", "begin", 0x0)
cm.set_trigger_var("mem_write", "end", 0x80000000)
cm.set_trigger_var("mem_write", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks\n")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
This function will be triggered whenever
the script is loaded for the first time,
either with the import_module command,
or when loaded at startup.
'''
# We keep a callback manager as a global var.
# --> To access it from any function.
# --> Necessary to call cm.clean() from clean() function
global cm
global pyrebox_print
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
cm.add_callback(CallbackManager.REMOVEPROC_CB, remove_proc, name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
'''
global cm
global pyrebox_print
# Initialize printer function
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager
cm = CallbackManager(module_hdl)
# TODO: Register some callback
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initialize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
from plugins.guest_agent import guest_agent
from autorun.autorun import register_autorun_create_proc_callback
global interproc_config
global cm
global pyrebox_print
pyrebox_print = printer
# Set configuration values
try:
pyrebox_print("[*] Reading configuration file")
#Read AutoRun configuration file (json)
f = open(os.environ["MWMONITOR_INTERPROC_CONF_PATH"], "r")
conf = json.load(f)
f.close()
interproc_config.interproc_bin_log = conf.get("bin_log", False)
interproc_config.interproc_text_log = conf.get("text_log", False)
interproc_config.interproc_basic_stats = conf.get("basic_stats", False)
interproc_config.interproc_text_log_name = conf.get("text_log_path", "interproc.log")
interproc_config.interproc_basic_stats_name = conf.get("basic_stats_path", "basic_stats")
interproc_config.interproc_bin_log_name = conf.get("bin_log_path", "interproc.bin")
interproc_config.interproc_text_log_handle = open(interproc_config.interproc_text_log_name, "w")
except Exception as e:
pyrebox_print("Could not read or correctly process the configuration file: %s" % str(e))
return
try:
cm = CallbackManager(module_hdl, new_style = True)
# Initialize process creation callback
pyrebox_print("[*] Initializing callbacks")
register_autorun_create_proc_callback(interproc_start_monitoring_process)
pyrebox_print("[*] Initialized callbacks")
except Exception as e:
import traceback
traceback.print_exc()
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.NIC_SEND_CB, my_function_send, name="send")
cm.add_callback(CallbackManager.NIC_REC_CB,
my_function_receive,
name="receive")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
This function will be triggered whenever
the script is loaded for the first time,
either with the import_module command,
or when loaded at startup.
'''
# We keep a callback manager as a global var.
# --> To access it from any function.
# --> Necessary to call cm.clean() from clean() function
global cm
global pyrebox_print
from plugins.guest_agent import guest_agent
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
filename = None
with open("filename", "rb") as f:
filename = f.readlines()
guest_agent.copy_file(filename.strip(),
"C:\\Users\\Windows7\\Desktop\\filename.exe")
guest_agent.execute_file("C:\\Users\\Windows7\\Desktop\\filename.exe")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.INSN_BEGIN_CB,
insn_begin,
name="insn_begin")
# Add a trigger so that the callback is only triggered
# for a certain range of addresses
cm.add_trigger("insn_begin", "triggers/trigger_bp_memrange.so")
cm.set_trigger_var("insn_begin", "begin", 0x100218f)
cm.set_trigger_var("insn_begin", "end", 0x1002190)
cm.set_trigger_var("insn_begin", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.INSN_BEGIN_CB, insn_begin, name="insn_begin")
# Add a trigger so that the callback is only triggered
# for a certain range of addresses
cm.add_trigger("insn_begin", "triggers/trigger_bp_memrange.so")
cm.set_trigger_var("insn_begin", "begin", 0x100218f)
cm.set_trigger_var("insn_begin", "end", 0x1002190)
cm.set_trigger_var("insn_begin", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initialize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
from plugins.guest_agent import guest_agent
global cm
global pyrebox_print
global target_procname
global autorun_module_handle
autorun_module_handle = module_hdl
pyrebox_print = printer
pyrebox_print("[*] Reading configuration file")
#Read AutoRun configuration file (json)
f = open(os.environ["AUTORUN_CONF_PATH"], "r")
conf = json.load(f)
f.close()
kws = [
"container_path", "main_executable_file", "extract_path", "temp_path",
"preserve_filenames"
]
for k in kws:
if k not in conf:
pyrebox_print(
"The configuration file does not contain the necessary keywords"
)
return
# Initialize process creation callback
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
# Copy target file to guest, and execute it
pyrebox_print("Copying host file to guest, using agent...")
temp_dnames = []
if "container_path" in conf and tarfile.is_tarfile(conf["container_path"]):
# For each file in the tar file, extract to a temporary file,
# and copy to the VM with the appropriate file name.
extracted_files = {}
tar = tarfile.open(conf["container_path"], "r:gz")
# Get file names inside the tar file
for tarinfo in tar:
extracted_files[tarinfo.name] = None
# Extract each file into a temporary file
for fname in extracted_files.keys():
temp_dname = tempfile.mkdtemp(dir=conf["temp_path"])
temp_dnames.append(temp_dname)
tar.extract(fname, path=temp_dname)
extracted_files[fname] = os.path.join(temp_dname, fname)
tar.close()
# Copy files to the VM
for fname, temp_fname in extracted_files.iteritems():
# Copy the specified file to C:\\temp.exe in the guest
if conf["preserve_filenames"]:
guest_agent.copy_file(temp_fname, conf["extract_path"] + fname)
else:
guest_agent.copy_file(temp_fname,
conf["extract_path"] + "file.exe")
conf["main_executable_file"] = "file.exe"
# Execute the file. We set a callback to signal this script that
# the files have already been copied and can be deleted
f = functools.partial(files_copied_callback, temp_dnames)
guest_agent.execute_file(conf["extract_path"] +
conf["main_executable_file"],
callback=f)
# stop_agent() does not only kill the agent, but it also
# disables the agent plugin. Invalid opcodes
# are not treated as agent commands any more, so this call
# improves transparency.
guest_agent.stop_agent()
# Set target proc name:
target_procname = conf["main_executable_file"]
pyrebox_print("Waiting for process %s to start\n" % target_procname)
pyrebox_print("Module loaded: %d" % module_hdl)
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, my_createproc, name="createproc")
cm.add_trigger("createproc", "triggers/trigger_getset_var_example.so")
cm.set_trigger_var("createproc", "var1", 0)
cm.set_trigger_var("createproc", "var2", 100)
cm.set_trigger_var("createproc", "var3", "Hello world")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initialize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
from plugins.guest_agent import guest_agent
from mw_monitor2.interproc import interproc_data
from deviare_db_parser import set_db_path
global cm
global pyrebox_print
global APITRACER_BIN_LOG_PATH
global APITRACER_TEXT_LOG_PATH
global APITRACER_RULES
global APITRACER_LIGHT_MODE
global APITRACER_DATABASE32
global APITRACER_DATABASE64
global APITRACER_ANTI_STOLEN
global APITRACER_ENABLE_JMP
global APITRACER_ENABLE_RET
global interproc_data
pyrebox_print = printer
# Set configuration values
try:
f = open(os.environ["MWMONITOR_APITRACER_CONF_PATH"], "r")
conf_data = json.load(f)
f.close()
APITRACER_BIN_LOG_PATH = conf_data.get("bin_log_path", None)
APITRACER_TEXT_LOG_PATH = conf_data.get("text_log_path", None)
APITRACER_RULES = conf_data.get("rules", [])
# Validate the rules
if "policy" not in APITRACER_RULES:
raise Exception("Invalid rules configuration: no policy specified")
if APITRACER_RULES["policy"] != "accept" and APITRACER_RULES[
"policy"] != "reject":
raise Exception(
"Invalid rules configuration: policy must be 'reject' or 'accept'"
)
if "rules" not in APITRACER_RULES or not isinstance(
APITRACER_RULES["rules"], list):
raise Exception("Invalid rules configuration: no rules group")
for ru in APITRACER_RULES["rules"]:
if not isinstance(ru, dict):
raise Exception(
"Invalid rules configuration: each rule must be a dictionary"
)
if "action" not in ru or "mod" not in ru or "fun" not in ru:
raise Exception(
"Invalid rules configuration: each rule must contain the keywords: action, mod, and fun"
)
if not (isinstance(ru["action"], str)
or isinstance(ru["action"], unicode)):
raise Exception(
"Invalid rules configuration: action keyword must be str or unicode"
)
if not (isinstance(ru["mod"], str)
or isinstance(ru["mod"], unicode)):
raise Exception(
"Invalid rules configuration: mod keyword must be str or unicode"
)
if not (isinstance(ru["fun"], str)
or isinstance(ru["fun"], unicode)):
raise Exception(
"Invalid rules configuration: fun keyword must be str or unicode"
)
for kw in ru:
if kw not in ["action", "mod", "fun", "from_mod"]:
raise Exception(
"Invalid rules configuration: Invalid keyword: %s" %
kw)
if ru["action"] != "accept" and ru["action"] != "reject":
raise Exception(
"Rule action must be either 'accept' or 'reject'")
APITRACER_LIGHT_MODE = conf_data.get("light_mode", True)
if not "database_path_32" in conf_data:
raise Exception(
"Database path ('database_path_32') not properly specified")
if not "database_path_64" in conf_data:
raise Exception(
"Database path ('database_path_64') not properly specified")
APITRACER_DATABASE32 = conf_data.get("database_path_32", None)
set_db_path(APITRACER_DATABASE32, 32)
APITRACER_DATABASE64 = conf_data.get("database_path_64", None)
set_db_path(APITRACER_DATABASE64, 64)
# Tracing engine configuration
if "anti_stolen_bytes" in conf_data:
APITRACER_ANTI_STOLEN = conf_data["anti_stolen_bytes"]
else:
APITRACER_ANTI_STOLEN = False
if "enable_jmp_tracing" in conf_data:
APITRACER_ENABLE_JMP = conf_data["enable_jmp_tracing"]
else:
APITRACER_ENABLE_JMP = False
if "enable_ret_tracing" in conf_data:
APITRACER_ENABLE_RET = conf_data["enable_ret_tracing"]
else:
APITRACER_ENABLE_RET = False
if APITRACER_BIN_LOG_PATH is None or APITRACER_TEXT_LOG_PATH is None:
raise ValueError(
"The json configuration file is not well-formed: fields missing?"
)
except Exception as e:
pyrebox_print(
"Could not read or correctly process the configuration file: %s" %
str(e))
return
try:
# Initialize process creation callback
pyrebox_print("[*] Initializing callbacks")
interproc_data.register_entry_point_callback(module_entry_point)
interproc_data.register_load_module_callback(module_load)
cm = CallbackManager(module_hdl, new_style=True)
pyrebox_print("[*] Initialized callbacks")
except Exception as e:
traceback.print_exc()
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,
my_createproc,
name="createproc")
cm.add_trigger("createproc", "triggers/trigger_getset_var_example.so")
cm.set_trigger_var("createproc", "var1", 0)
cm.set_trigger_var("createproc", "var2", 100)
cm.set_trigger_var("createproc", "var3", "Hello world")
pyrebox_print("[*] Initialized callbacks")