def main(pe_fn, new_pe_fn, json_dir, dump_count, redirects_fn, debug):
if debug:
Logger.enable()
Logger.set_level(lief.LOGGING_LEVEL.DEBUG)
# DEBUG = True
verbose_print("opening existing pe: file={}".format(pe_fn))
with open(pe_fn, 'rb') as fd:
pe_bytes = list(fd.read())
binary = lief.parse(pe_bytes)
impscan_obj, ldr_fn, oep = parse_impscan_json(json_dir, dump_count)
if not len(impscan_obj.raw):
verbose_print("warning: zero import functions found")
sys.exit(1337)
imports_to_add = reconstruct_imports(ldr_fn, redirects_fn, impscan_obj)
verbose_print(f"found {len(imports_to_add)} libraries with "
f"{sum([len(v) for k,v in imports_to_add.items()])}"
" new import functions")
fix_oep(binary, oep)
virtual_size = get_virtual_memory_size(binary)
padded_virtual_size = align(virtual_size)
fix_sections(binary.sections, padded_virtual_size)
restore_section_data(binary, pe_bytes)
fix_image_size(binary, padded_virtual_size)
fix_section_mem_protections(binary)
fix_checksum(binary)
fix_dll_characteristics(binary)
add_new_imports(binary, imports_to_add)
binary = build_imports(binary)
remove_iat_dir(binary)
patch_iat(binary, impscan_obj)
save_build(binary, new_pe_fn)
sys.exit(0)
import unittest
import lief
import tempfile
import logging
import os
from subprocess import Popen
import subprocess
import stat
import re
import sys
from unittest import TestCase
from utils import get_sample
from lief import Logger
Logger.set_level(lief.LOGGING_LEVEL.WARNING)
CURRENT_DIRECTORY = os.path.dirname(os.path.abspath(__file__))
def run_program(path, args=None):
# Make sure the program had exec permission
st = os.stat(path)
os.chmod(path, st.st_mode | stat.S_IEXEC)
prog_args = path if not args else [path] + args
p = Popen(prog_args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
stdout, _ = p.communicate()
stdout = stdout.decode("utf8")
return stdout
# Description
# -----------
# Print information about an ELF binary
import lief
from lief import ELF
import sys
import os
import traceback
import textwrap
from lief import Logger
Logger.set_level(lief.LOGGING_LEVEL.FATAL)
from optparse import OptionParser
terminal_rows, terminal_columns = 100, 100
try:
terminal_rows, terminal_columns = os.popen('stty size', 'r').read().split()
except ValueError:
pass
terminal_columns = int(terminal_columns)
terminal_rows = int(terminal_rows)
class exceptions_handler(object):
func = None
#!/usr/bin/env python
import unittest
import logging
import os
import sys
import stat
import re
import subprocess
import tempfile
import shutil
import lief
from lief import Logger
Logger.set_level(lief.LOGGING_LEVEL.INFO)
from subprocess import Popen
from unittest import TestCase
from utils import get_sample
CURRENT_DIRECTORY = os.path.dirname(os.path.abspath(__file__))
STUB = lief.parse(os.path.join(CURRENT_DIRECTORY, "hello_lief.bin"))
LIBADD_C = """\
#include <stdlib.h>
#include <stdio.h>
int add(int a, int b);
int add(int a, int b) {
printf("%d + %d = %d\\n", a, b, a + b);
return a + b;
}
# -*- coding: utf-8 -*-
import sys
from io import BytesIO
from . import FileObject, PEObject, ELFObject, MachOObject
from ..exceptions import MISPObjectException
import logging
from typing import Optional
logger = logging.getLogger('pymisp')
try:
import lief # type: ignore
from lief import Logger # type: ignore
Logger.disable()
HAS_LIEF = True
except ImportError:
HAS_LIEF = False
class FileTypeNotImplemented(MISPObjectException):
pass
def make_pe_objects(lief_parsed: lief.Binary, misp_file: FileObject, standalone: bool=True, default_attributes_parameters: dict={}):
pe_object = PEObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(pe_object.uuid, 'includes', 'PE indicators')
pe_sections = []
for s in pe_object.sections:
pe_sections.append(s)
#!/usr/bin/env python
import unittest
import lief
import logging
import pprint
import json
import os
from lief import Logger
Logger.set_level(lief.LOGGING_LEVEL.DEBUG)
#Logger.set_level(lief.LOGGING_LEVEL.DEBUG)
from unittest import TestCase
from utils import get_sample
CURRENT_DIR = os.path.abspath(os.path.dirname(__file__))
class TestVDEX(TestCase):
def setUp(self):
self.logger = logging.getLogger(__name__)
def test_vdex06(self):
telecom = lief.VDEX.parse(
get_sample('VDEX/VDEX_06_AArch64_Telecom.vdex'))
# 1 Dex File registred
self.assertEqual(len(telecom.dex_files), 1)
dex_file = telecom.dex_files[0]
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
from . import FileObject, PEObject, ELFObject, MachOObject
from ..exceptions import MISPObjectException
import logging
logger = logging.getLogger('pymisp')
try:
import lief
from lief import Logger
Logger.disable()
HAS_LIEF = True
except ImportError:
HAS_LIEF = False
class FileTypeNotImplemented(MISPObjectException):
pass
def make_pe_objects(lief_parsed, misp_file, standalone=True, default_attributes_parameters={}):
pe_object = PEObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(pe_object.uuid, 'included-in', 'PE indicators')
pe_sections = []
for s in pe_object.sections:
pe_sections.append(s)
return misp_file, pe_object, pe_sections
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Description
# -----------
# Print information about a PE file
import lief
from lief import PE
from lief.PE import oid_to_string
from lief import Logger
Logger.set_level(lief.LOGGING_LEVEL.GLOBAL)
from optparse import OptionParser
import sys
import traceback
class exceptions_handler(object):
func = None
def __init__(self, exceptions, on_except_callback=None):
self.exceptions = exceptions
self.on_except_callback = on_except_callback
def __call__(self, *args, **kwargs):
if self.func is None:
self.func = args[0]
return self
try:
return self.func(*args, **kwargs)
# -*- coding: utf-8 -*-
# Description
# -----------
# Print information about an ELF binary
import lief
from lief import ELF
import sys
import os
import traceback
import textwrap
from lief import Logger
Logger.set_level(lief.LOGGING_LEVEL.ERROR)
from optparse import OptionParser
terminal_rows, terminal_columns = 100, 100
try:
terminal_rows, terminal_columns = os.popen('stty size', 'r').read().split()
except ValueError:
pass
terminal_columns = int(terminal_columns)
terminal_rows = int(terminal_rows)
class exceptions_handler(object):
func = None
