def _analyze_elf(self, file_object): elf_dict = {} try: parsed_binary = lief.parse(file_object.file_path) binary_json_dict = json.loads( lief.to_json_from_abstract(parsed_binary)) if parsed_binary.exported_functions: binary_json_dict['exported_functions'] = normalize_lief_items( parsed_binary.exported_functions) if parsed_binary.imported_functions: binary_json_dict['imported_functions'] = normalize_lief_items( parsed_binary.imported_functions) if parsed_binary.libraries: binary_json_dict['libraries'] = normalize_lief_items( parsed_binary.libraries) modinfo_data = self.filter_modinfo(parsed_binary) if modinfo_data: elf_dict['modinfo'] = modinfo_data except (AttributeError, TypeError, lief.bad_file): logging.error(f'Bad file for lief/elf analysis {file_object.uid}.', exc_info=True) return elf_dict self.get_final_analysis_dict(binary_json_dict, elf_dict) self._convert_address_values_to_hex(elf_dict) return elf_dict, parsed_binary
def main(): parser = argparse.ArgumentParser() parser.add_argument('binary', help='A binary') args = parser.parse_args() binary = lief.parse(args.binary) json_data = json.loads(lief.to_json_from_abstract(binary)) print(json.dumps(json_data, sort_keys=True, indent=4))
def _analyze_elf(self, file_object): elf_dict = {} try: parsed_binary = lief.parse(file_object.file_path) binary_json_dict = json.loads(lief.to_json_from_abstract(parsed_binary)) if parsed_binary.exported_functions: binary_json_dict['exported_functions'] = normalize_lief_items(parsed_binary.exported_functions) if parsed_binary.imported_functions: binary_json_dict['imported_functions'] = normalize_lief_items(parsed_binary.imported_functions) if parsed_binary.libraries: binary_json_dict['libraries'] = normalize_lief_items(parsed_binary.libraries) except (TypeError, lief.bad_file) as error: logging.error('Bad file for lief/elf analysis {}. {}'.format(file_object.get_uid(), error)) return elf_dict self.get_final_analysis_dict(binary_json_dict, elf_dict) return elf_dict, parsed_binary
async def scan(self, payload: Payload, request: Request) -> WorkerResponse: """ Scan a payload using LIEF """ filename = payload.results.payload_meta.extra_data.get( 'filename', payload.results.payload_id) try: binary = lief.parse(raw=payload.content, name=filename) except lief.exception as err: raise StoqPluginException(f'Unable to parse payload: {err}') if binary is None: raise StoqPluginException('The file type isn\'t supported by LIEF') if self.abstract == True: results = lief.to_json_from_abstract(binary.abstract) else: results = lief.to_json(binary) return WorkerResponse(json.loads(results))