def req_modcheck(self, hash):
md5, pdb = hash.get('md5'), hash.get('pdb')
remote = None
if md5:
rs_log("modcheck idb (md5)")
local = rs_decode(
binascii.hexlify(idaapi.retrieve_input_file_md5())).upper()
remote = (''.join(md5.split())).upper()
elif pdb:
rs_log("modcheck idb (pdb guid)")
msg = rs_decode(base64.b64decode(pdb))
local = DbgDirHlpr.read_rsds_guid()
remote = DbgDirHlpr.parse_itoldyouso_output(msg)
rs_log(" -> remote: <%s>" % remote)
rs_log(" -> local : <%s>" % local)
if remote == '0':
output = '[!] warning, no Debug Directory'
elif local == remote:
output = '[+] module successfully matched'
else:
output = '[!] warning, modules mismatch'
rs_log(output)
self.notice_broker("cmd", "\"cmd\":\"%s\"" % output)
return
def req_cmd(self, hash):
msg_b64, offset, base = hash['msg'], hash['offset'], hash['base']
msg = rs_decode(base64.b64decode(msg_b64))
ea = self.rebase(base, offset)
if not ea:
return
rs_log("cmd output added at 0x%x" % ea)
self.append_cmt(ea, str(msg))
def req_bps_get(self, hash):
rs_log('[-] reload .bpcmds')
node = idaapi.netnode(rsconfig.NETNODE_INDEX)
if not node:
rs_log('[-] failed to open netnode store')
self.notice_broker("cmd", "\"cmd\":\"no blob\"")
return
node.create(rsconfig.NETNODE_STORE)
blob = rs_decode(node.getblob(0, str(chr(1))))
if not blob:
rs_log(' -> no blob')
self.notice_broker('cmd', "\"cmd\":\" -> reloading .bpcmds: no blob\"")
return
self.notice_broker('cmd', "\"cmd\":\"%s\"" % blob)
return
def cb_broker_on_out(self):
# readAllStandardOutput() returns QByteArray
buffer = rs_decode(self.readAllStandardOutput().data())
batch = buffer.split('\n')
for req in batch:
self.worker.parse_exec(req.strip())
