Esempio n. 1
0
def sym(comp_id, hash, file, lib, os, fmt_append_zero, fmt_str_type,
        fmt_to_lower, fmt_to_upper):
    logger = Logger("CLI")

    if file:
        hashes = read_source_file(file)
    else:
        hashes = hash

    if not hashes:
        logger.log_normal("Nothing to resolve")
        return

    r = None
    if os == "win":
        r = Resolver.for_win()
    elif os == "linux":
        r = Resolver.for_linux()
    else:
        logger.log_error("Invalid OS type (%s)" % os)
        return

    libs = lib
    if not libs:
        libs = r.libs

    sf = StringFmt(append_zero=fmt_append_zero,
                   char_sz=1 if fmt_str_type == "acs" else 2,
                   to_lower=fmt_to_lower,
                   to_upper=fmt_to_upper)
    try:
        resolved_symbols = r.find_symbol(comp_id, hashes, libs, fmt=sf)
    except ComparatorNotFound as ex:
        logger.log_error("Finding error: %s" % ex.message)
        return

    if not resolved_symbols:
        logger.log_normal("Nothing found")
        return

    if not view_results(resolved_symbols, PRINT_TYPE_SYM):
        logger.log_error("Print results failed")
Esempio n. 2
0
class Resolver:
    def __init__(self, lib_loader, comparators_loader):
        self._ll = lib_loader
        self._cl = comparators_loader
        self._logger = Logger("R")

    @classmethod
    def for_win(cls):
        c = ComparatorLoader()
        wl = WinLibLoader()
        return cls(wl, c)

    @classmethod
    def for_linux(cls):
        c = ComparatorLoader()
        ll = LinuxLibLoader()
        return cls(ll, c)

    @property
    def comparators(self):
        return self._cl.comparators

    @property
    def libs(self):
        return self._ll.libs

    def find_symbol(self, cid, hs, libs, fmt=StringFmt()):
        resolved = []
        for h in hs:
            is_hash_found = False

            for l_name in libs:
                self._logger.log_normal("Check hash %s inside lib %s" % (phex(h), l_name))
                for name, sym_name in self._ll.lib_symbols(l_name):
                    s = fmt.format(sym_name)

                    if not s:
                        continue

                    if self._cl.call(cid, s, h, dll_name=l_name, is_api_search=True):
                        resolved.append((sym_name, h, l_name))
                        is_hash_found = True
                        break

                if is_hash_found:
                    break

        return resolved

    def find_lib(self, cid, hs, fmt=StringFmt()):
        resolved = []
        for h in hs:
            for l_name in self.libs:
                s = fmt.format(l_name)

                if not s:
                    continue

                if self._cl.call(cid, s, h, dll_name=l_name, is_api_search=False):
                    resolved.append((l_name, h))
                    break

        return resolved