コード例 #1
0
ファイル: module_interface.py プロジェクト: killbug2004/oxide 
def analyzeCall(oid, features, address, block_address, insns, line):
    system_calls = api.get_field("map_calls", [oid], "system_calls")
    internal_calls = api.get_field("map_calls", [oid], "internal_functions")
    call = convert_rva_offset(oid, line["addr"])
    previousCalls = [instr for instr in insns if instr["addr"] < line["addr"] and instr["mnem"] == "call"]
    lastCall = 0
    if previousCalls:
        lastCall = max(previousCalls, key=lambda x: x["addr"])["addr"]
    variables = [
        set(
            [
                (
                    instr["s_ops"][0]["data"]
                    if type(instr["s_ops"][0]["data"]) is not dict
                    else instr["s_ops"][0]["data"]["base"]
                )
                for instr in insns
                if "s_ops" in instr
                and instr["addr"] < line["addr"]
                and instr["addr"] > lastCall
                and instr["group"] == "load"
            ]
        )
    ]
    if call in system_calls:
        features[block_address]["functions"].append({system_calls[call]: variables})
        for callType, funcs in callTypes.iteritems():
            if system_calls[call].lower() in funcs:
                features[address].update({callType: True})
    elif call in internal_calls:
        features[block_address]["functions"].append({internal_calls[call]: variables})
    if line["d_op"]["data"] == address:
        features[block_address].update({"recursion": True})
コード例 #2
0
ファイル: graphs.py プロジェクト: killbug2004/oxide 
def graph_stats(args, opts):
    """ Plugin: Prints a set of statistics about the call and control flow graphs
        Syntax: graph_stats <oid_1> <oid_2> ... <oid_n>
    """
    valid, invalid = api.valid_oids(args)
    if not valid:
        raise ShellSyntaxError("No valid oids found")
    args = api.expand_oids(valid)

    for o in args:
        cg = api.get_field("call_graph", o, "graph")
        if not cg:
            continue
        size = len(cg.nodes())
        in_histo = build_freq_histo(cg.in_degree())
        out_histo = build_freq_histo(cg.out_degree())
        cfgs = api.retrieve("cfg", o)
        size_dict = {i: cfgs[i].size() for i in cfgs if cfgs[i]}
        size_histo = build_freq_histo(size_dict)
        bbs = 0
        for s in size_histo:
            bbs += s * size_histo[s]
        name = api.get_field("file_meta", o, "names").pop()
        print "-----------------"
        print " Graph stats for ", name
        print
        print " Functions = ", size
        print " Basic Blocks = ", bbs
        print " Call graph in-degree: "
        pretty_print_dicts(in_histo)
        print " Call graph out-degree: "
        pretty_print_dicts(out_histo)
        print " CFG sizes: "
        pretty_print_dicts(size_histo)
    return []
コード例 #3
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def import_table(args, opts):
    """ 
        Displays the import table
        Syntax: import_table <oid> 
    """
    args, invalid = api.valid_oids(args)
    args = api.expand_oids(args)
    if not args:
        if current_file:
            args = [current_file]
        else:
            raise ShellSyntaxError("Must provide an oid")

    for oid in args:
        print "  - Import Table for %s %s " % (name(oid), oid)

        header = api.get_field("object_header", [oid], "header")
        if not header:
            print "  --------------------------"
            print "   <EMPTY HEADER>" 
            print "  --------------------------"
            continue
    
        src_type = api.get_field("src_type", oid, "type")
        if src_type == "PE":
            pe_import_table(header, opts)
        elif src_type == "ELF":
            elf_import_table(header, opts)
        elif src_type == "MACHO":
            macho_import_table(header, opts)
        else:
            print "  - Source type %s is unsupported" % (src_type)
コード例 #4
0
def process(oid, opts):
    logger.debug("process()")
    src_type = api.retrieve("src_type", oid)
    source = src_type["source"]
    header_oid = oid
    if source != "files":
        return False
    file_data = api.get_field(source, oid, "data")
    header = api.get_field("object_header", [header_oid], "header")
    
    # do not disassemble under certain conditions
    if not header:
        logging.info("Not processing oid %s: unrecognized file type", oid)
        return False
    else:
        logger.info ("calling (python-based) disassemble_first_run on %s", oid)
        entries = header.get_entries()
        if not entries:
            logger.info("No entry points found for %s", oid)
            return False
        
        entry_address = entries.pop()
        functions = api.retrieve("function_extract", oid)
        if functions and entry_address in functions:
            insns = functions[entry_address]["insns"]        
        else:
            insns = disassemble_entry.disassemble_entry(file_data, header, entry_address, logger)
        data = {"type":src_type["type"], "insns":insns,
                "num_insns":len(insns), "insn_mode":header.insn_mode}
    api.store(name, oid, data, opts)
    return True
コード例 #5
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def elf_header(oid, opts):
    header = api.get_field("object_header", [oid], "header")
    src = api.source(oid)
    file_size = api.get_field("file_meta", oid, "size")
    names = api.get_names_from_oid(oid)
    print "  ELF Header for %s %s" % (name(oid), oid)
    
    if not header:
        print "   <EMPTY>" 
        print "  --------------------------"
        return

    addr_size = "32 bit"
    if header.is_64bit():
        addr_size = "64 bit"
    
    entry_string = ""
    for e in header.get_entries():
        entry_string += "%s (%s)  " % (hex(e), (e))
    
    print "  - File Size:    %s"      % (file_size)
    print "  - Addr Size:    %s"      % (addr_size)
    print "  - Image Base:   %s (%s)" % (hex(header.image_base), header.image_base)
    print "  - Image Size:   %s "     % (header.image_size) 
    print "  - Code Size:    %s "     % (header.code_size)
    print "  - Code Base:    %s (%s)" % (hex(header.code_base), header.code_base)
    print "  - Machine:      %s"      % (header.machine)
    print "  - OS Version:   %s"      % (header.os_version)
    print "  - Entry points: %s"      % (entry_string)
    print_sections(header, opts)
    elf_import_table(header, opts)
コード例 #6
0
ファイル: browser_gui.py プロジェクト: SamuelMulder/oxide 
 def build_imports_string(self, oid):        
     header = api.get_field("object_header", oid, "header")
     t = api.get_field("src_type", oid, "type")
     if not header:
         return ["N/A"]
     str_list = []
     str_list.append("Import Address Table :" )
     if not header.imports:
         str_list.append("    + No import table")
     else:
         entries = header.imports.keys()
         entries.sort()
         for entry in entries:
             if t == "MACHO":
                 str_list.append("    - Lib: " + entry)
                 names = header.imports[entry].keys()
                 names.sort()
                 for name in names:
                     value = header.imports[entry][name]["n_value"]
                     str_list.append("      - %s   :   %s (%s)" % ( name, hex(value), value))
             elif t == "ELF":
                 str_list.append("    - Lib: " + entry)
                 names = header.imports[entry].keys()
                 names.sort()
                 for name in names:
                     value = header.imports[entry][name]["value"]
                     str_list.append("      - %s   :   %s (%s)" % ( name, hex(value), value))
             elif t == "PE":
                 str_list.append("    - DLL: " + entry)
                 if header.imports[entry]["addresses"]:                
                     for imp in header.imports[entry]["addresses"]:
                         str_list.append("      - %s   :   %s"%(header.imports[entry]["addresses"][imp], imp))
     return str_list
コード例 #7
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def print_internal_functions(names):
    oid = current_file
    functions = api.retrieve("function_extract", oid)       
    if functions:
        fbreaks = get_fbreaks(functions)
        name_to_offset = {}
        for offset in functions:
            name_to_offset[functions[offset]["name"]] = offset

    system_calls = api.get_field("map_calls", oid, "system_calls")
    internal_functions = api.get_field("map_calls", oid, "internal_functions")
    if not system_calls:
        print "  No system calls found for %s %s" % (name(oid), oid)
    
    if not internal_functions:
        print "  No internal functions found for %s %s" % (name(oid), oid)
        
    function_calls = dict( system_calls.items() + internal_functions.items())
    for fn in names:
        if fn not in name_to_offset:
            print " %s not a function in %s %s" % (fn, name(oid), oid)
            continue
            
        print " Function %s for %s %s" % (fn, name(oid), oid)
        print "  -------------------------------------"
        print_disassembly(oid, functions[name_to_offset[fn]]['insns'], function_calls, fbreaks, start=0, stop=0, height=32)
        print "  -------------------------------------"
コード例 #8
0
ファイル: default.py プロジェクト: SamuelMulder/oxide 
def name_filter(args, opts):
    """ 
        Use without args to find files with that name, use with args to filter
        Syntax: name_filter %<oid> --name=<file_name>
    """
    if not "name" in opts:
        raise ShellSyntaxError("name_filter requires a --name=<file_name> option")
    
    oids = []
    valid, invalid = api.valid_oids(args)
    valid = api.expand_oids(valid)
    name = opts["name"]
    terms = name.split("*")
    
    if not args:
        if len(terms) == 1:
            return api.get_oids_with_name(opts["name"]).keys()
        else:
            valid = api.retrieve_all_keys("file_meta")
            
    if len(terms) == 1:
        for oid in valid:
            names = api.get_field("file_meta", oid, "names")
            if names and opts["name"] in names:
                oids.append(oid)
    else:
        for oid in valid:
            names = api.get_field("file_meta", oid, "names")
            if names:
                for name in names:
                    if name.startswith(terms[0]) and name.endswith(terms[1]):
                        oids.append(oid)
    return oids
コード例 #9
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def disassembly(args, opts):
    """ 
        Displays the disassembly for a file
        Syntax: disassembly <oid> [--slice=<beg>:<end>]
    """
    args, invalid = api.valid_oids(args)
    args = api.expand_oids(args)
    if not args:
        if current_file:
            args = [current_file]
        else:
            raise ShellSyntaxError("Must provide an oid")
    
    start = stop = 0
    height = default_height
    if "slice" in opts:
        start, stop = get_slice(opts)
    
    if "height" in opts:
        try:
            width = int(opts["height"])
        except ValueError:
            raise ShellSyntaxError("Invalid height")
    mod_opts = {}
    if "module" in opts:
        mod_opts["module"] = opts["module"]
    for oid in args:
        disasm = api.get_field("disassembly", [oid], "insns", mod_opts)
        #comments = api.get_field("disassembly", [oid], "comments", mod_opts)
        functions = api.retrieve("function_extract", oid)
        if not functions:
            print "  No functions found for %s %s" % (name(oid), oid)
            continue
        fbreaks = get_fbreaks(functions)
        system_calls = api.get_field("map_calls", oid, "system_calls")
        internal_functions = api.get_field("map_calls", oid, "internal_functions")
        function_calls = dict()
        if system_calls is None:
            print "  System calls could not be determined for %s %s" % (name(oid), oid)
        else:
            function_calls.update(system_calls.items())
            
        if internal_functions is None:
            print "  Internal functions could not be determined for %s %s" % (name(oid), oid)
        else:
            function_calls.update(internal_functions.items())

        if disasm:
            print "  Disassembly for %s %s" % (name(oid), oid)
            print "  -------------------------------------"
            print_disassembly(oid, disasm, function_calls, fbreaks, start, stop, height)
            print "  -------------------------------------"
        else:
            print "  %s could not be disassembled." % name(oid)
コード例 #10
0
ファイル: default.py プロジェクト: SamuelMulder/oxide 
def export_files(oids, opts):
    base_name = "export"
    if "name" in opts and opts["name"]:
        base_name = opts["name"]

    for oid in oids:
        data = api.get_field("files", oid, "data")
        if not data:
            print "Not able to process %s" % oid
            continue
        name = api.get_field("file_meta", oid, "names").pop()
        name = base_name + "_" + name 
        write_file(name, data)
コード例 #11
0
ファイル: relationships.py プロジェクト: SamuelMulder/oxide 
def print_relationships():
    no_relationships = True
    for e in family:
        if not family[e]:
            continue
        no_relationships = False
        name = api.get_field("file_meta", e, "names").pop()
        kid_names = []
        for kid in family[e]:
            kid_names.append(api.get_field("file_meta", kid, "names").pop())
        print "   -", name, "->", ", ".join(kid_names)
    if no_relationships:
        print "   < NONE >"
    print
コード例 #12
0
def process(oid, opts):
    logger.debug("process()")
    src_type = api.get_field("src_type", oid, "type")
    if src_type != "DEX":
        return False
    src = api.source(oid)
    data = api.get_field(src, oid, "data")
    if not data: 
        logger.debug("Not able to process %s",oid)
        return False
    result = parse_dex(data, oid)
    if result:
        api.store(name, oid, result, opts)
        return True
    return False
コード例 #13
0
ファイル: default.py プロジェクト: SamuelMulder/oxide 
def export_tar_zip(oids, opts, type):
    name = "export"
    if "name" in opts:
        name = opts["name"] and opts["name"]
        
    if type == "tar" and not name.endswith(".tar"):
        name += ".tar"
        
    if type == "zip" and not name.endswith(".zip"):
        name += ".zip"
        
    mode = "w"
    if "bz2" in opts:
        mode += ":bz2"
        name += ".bz2"
    elif "gz" in opts:
        mode += ":gz"
        name += ".gz"
    
    fname = unique_scratch_file(name)
    xo = None
    if type == "tar":
        xo = tarfile.open(fname, mode=mode)
    if type == "zip":
        xo = zipfile.ZipFile(fname, mode=mode)
        
    tmp_files = []
    names = []
    for oid in oids:
        data = api.get_field("files", oid, "data")
        if not data:
            print "Not able to process %s" % oid
            continue
            
        name = api.get_field("file_meta", oid, "names").pop()
        names.append(name)
        t = tmp_file(name, data)
        tmp_files.append(t)
        if type == "tar":
            xo.add(t)
        if type == "zip":
            xo.write(t)
        
    xo.close()
    print " - File(s) %s exported to %s" % (", ".join(names), fname)
    
    for f in tmp_files:
        os.remove(f)
コード例 #14
0
ファイル: hist_gui.py プロジェクト: SamuelMulder/oxide 
    def display_file_data(self, oid, fnames):
        meta = api.retrieve('file_meta', oid)
        size = meta['size']
        if size > 1000000000:
            formatted_size = "(%dG)" % (size / 1000000000) 
        elif size > 1000000:
            formatted_size = "(%dM)" % (size / 1000000) 
        elif size > 1000:
            formatted_size = "(%dK)" % (size / 1000)
        else:
            formatted_size = ''
        file_type = api.get_field("src_type", oid, 'type')
        file_description = "File Names: " + fnames + '\n'
        file_description += "Size: %7d %s\n" % (size, formatted_size)
        file_description +=  "File Type: " + file_type + '\n'
        file_description +=  "Oxide ID: " + oid + '\n'
        self.metadata_display.delete(index1='1.0', index2=tk.END)
        self.metadata_display.insert(index='1.0', chars=file_description)

        # calculate and display the histogram
        display_option = self.file_display_type_str.get()
        if display_option ==   '              ':
            self.clear()
            return
        elif display_option == 'byte histogram':
            hist = self.get_byte_hist(oid)
        elif display_option == 'opcode histogram':
            hist = self.get_opcode_hist(oid, cutoff=20)
        self.display_hist(hist)
コード例 #15
0
ファイル: browser_gui.py プロジェクト: SamuelMulder/oxide 
 def display_file_data(self, oid, fnames):
     data_list = []
     self.file_display.delete(index1='1.0', index2=tk.END)
     meta = api.retrieve('file_meta', oid)
     size = meta['size']
     if size > 1000000000:
         formatted_size = "(%dG)" % (size / 1000000000) 
     elif size > 1000000:
         formatted_size = "(%dM)" % (size / 1000000) 
     elif size > 1000:
         formatted_size = "(%dK)" % (size / 1000)
     else:
         formatted_size = ''
     file_type = api.get_field("src_type", oid, 'type')
     file_description = "File Names: " + fnames + '\n'
     file_description += "Size: %7d %s\n" % (size, formatted_size)
     file_description +=  "File Type: " + file_type + '\n'
     file_description +=  "Oxide ID: " + oid + '\n'
     self.metadata_display.delete(index1='1.0', index2=tk.END)
     self.metadata_display.insert(index='1.0', chars=file_description)
     display_option = self.file_display_type_str.get()
     if display_option ==   'hex           ':
         data_list = self.build_hex_str(oid)
     elif display_option == 'header        ':
         data_list = self.build_header_string(oid)
     elif display_option == 'imports       ':
         data_list = self.build_imports_string(oid)
     elif display_option == 'byte histogram':
         data_list = self.build_hist_string('byte_histogram', oid)
     elif display_option == 'opcode histogram':
         data_list = self.build_hist_string('opcode_histogram', oid)
     for line in data_list:
         self.file_display.insert(index=tk.END, chars=line+ "\n")
コード例 #16
0
ファイル: module_interface.py プロジェクト: killbug2004/oxide 
def convert_rva_offset(oid, rva):
    header = api.get_field("object_header", oid, "header")
    try:
        rva = int(rva)
    except:
        raise ShellSyntaxError("Unrecognized address %s" % rva)
    return header.get_offset(rva)
コード例 #17
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def get_val(args, opts):
    """ 
        Get the value of bytes at offset, interpreted as little-endian
                Requires a default file to have been set.
                Format values are:
                    c = 1 byte char
                    b = 1 byte signed
                    B = 1 byte unsigned
                    h = 2 bytes signed
                    H = 2 bytes unsigned
                    i = 4 bytes signed
                    I = 4 bytes unsigned
                    q = 8 bytes signed
                    Q = 8 bytes unsigned
                Each character may be preceeded by an number of occurances.
                For example 4h2b is equivalent to hhhhbb
        Syntax: get_val <offset> <format_string>
    """
    if len(args) != 2:
        raise ShellSyntaxError("offset and count required")
    offset = int(args[0])
    format = args[1]
    if not current_file:
        raise ShellSyntaxError("Must set default file using re_init")
    data = api.get_field("files", current_file, "data")
    if offset > len(data):
        raise ShellSyntaxError("Offset is beyond the end of the file")
    format = "=" + format
    size = struct.calcsize(format)
    output = struct.unpack(format, data[offset:offset+size])
    for n in output:
        print n
コード例 #18
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def header(args, opts):
    """ 
        Displays header info
        Syntax: header <oid> ... [--verbose]
    """
    args, invalid = api.valid_oids(args)
    args = api.expand_oids(args)
    if not args:
        if current_file:
            args = [current_file]
        else:
            raise ShellSyntaxError("Must provide an oid")
    headers = []

    for oid in args:
        src_type = api.get_field("src_type", oid, "type")
        if src_type == "PE":
            pe_header(oid, opts)
        elif src_type == "ELF":
            elf_header(oid, opts)
        elif src_type == "MACHO":
            macho_header(oid, opts)
        elif src_type == "OSX Universal Binary":
            osx_header(oid, opts)
        else:
            print "  - Source type %s is unsupported" % (src_type)

    return []
コード例 #19
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def print_macho_header(header, oid, opts, embedded=False):
    src = api.source(oid)
    file_size = api.get_field("file_meta", oid, "size")
    names = api.get_names_from_oid(oid)
    
    indent = False
    tab = ""
    if embedded:
        indent = True
        tab = "\t"
    
    if embedded:
        print "%s  Embedded Macho-O Header for %s %s" % (tab, name(oid), oid)
    else:
        print "  Macho-O Header for %s %s" % (name(oid), oid)
        
    if not header:
        print "   <EMPTY>" 
        print "  --------------------------"
        return
    
    entry_string = ""
    for e in header.get_entries():
        entry_string += "%s (%s)  " % (hex(e), (e))
    
    print "%s  - File Size:    %s" % (tab, file_size) # FIXME get embedded file size
    print "%s  - Addr Size:    %s" % (tab, header.insn_mode)
    print "%s  - Magic:        %s" % (tab, header.magic)
    print "%s  - Big Endian:   %s" % (tab, header.big_endian)
    print "%s  - Machine:      %s" % (tab, header.machine)
    print "%s  - UUID:         %s" % (tab, header.uuid)
    print "%s  - Entry points: %s"   % (tab, entry_string)
    print_sections(header, opts, indent)
    macho_import_table(header, opts)
コード例 #20
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def function_view(args, opts):
    """ 
        Display the named function
        Syntax: function [<function_name>]
        Note: re_init must be set
    """ 
    if not current_file:
        raise ShellSyntaxError("Must set a file. Run re_init <oid>")
    oid = current_file
    function_names = args
    if not function_names:
        internal_functions = api.get_field("map_calls", oid, "internal_functions")
        if internal_functions is None:
            print "  No internal functions found for %s %s" % (name(oid), oid)
            return
        else:
            names = list(set(internal_functions.values()))
            names.sort()
            print "  Internal functions calls for %s %s" % (name(oid), oid)
            print "  -------------------------------------"
            for n, f in enumerate(names):
                print "  %s.  %s" % (n, f)
            print "  -------------------------------------"
            res = raw_input("  Select the number of the function to view: ")
            if not res.isdigit() or int(res) > len(names):
                print "  - %s is not a valid selection"
                return
            
            function_names = [names[int(res)]]
コード例 #21
0
def add_translations(f, callback):

    join_words = lambda cs: (words() ^ 'n'
                             | where(tag_is_not('ignored'))
                             | join(cs, f_note_pk, f_note_fk))

    checked_cards = lambda: cards() ^ 'c' | where(is_checked(
    ), deck_is('unsorted'), is_not_suspended())

    new_cards = lambda: checked_cards() | where(is_recent())

    data = execute(db(), join_words(new_cards()) | select('n.id', '@flds'))
    (nids, fss) = zip(*data) or ([], [])
    ws = map(lambda flds: splitFields(flds)[api.get_field('word', 'Words')],
             fss)

    map(
        lambda (nid, tr): api.upd_note(nid, {'Translation': tr}, []
                                       if len(tr) > 0 else ['ignored']),
        zip(nids, dmap(f, ws, callback, conf.feedback_time)))

    execute(
        db(),
        cards() ^ 'c2' | where(tmpl_is('word', 'filtered'))
        | join(join_words(new_cards()), '@nid', 'n.id')
        | update(set_deck('filtered'), set_recent(), set_learning())
        | with_pk('@id'))

    execute(db(), checked_cards() | update(set_suspended()))
コード例 #22
0
def process(oid, opts):
    logger.debug("process()")
    
    insns = api.get_field("disassembly", oid, "insns")

    if insns == None:
        return False

    offsets = insns.keys()
    offsets.sort()
    count = 0
    start_offset = 0
    nop_run = {}
    for offset in offsets:
        if insns[offset]["mnem"] == "nop":
            if count == 0:
                start_offset = offset            
            count += 1
        else:
            if count > 0:
                nop_run[start_offset] = count
                count = 0
                start_offset = 0

    if count > 0:
        nop_run[start_offset] = count
            
    api.store(name, oid, nop_run, opts)
    return True
コード例 #23
0
def process(oid, opts):
    logger.debug("process()")
    disasm = api.get_field("disassembly", [oid], "insns") 
    if disasm == None: 
        return False
    opcodes = get_opcodes(disasm)
    api.store(name, oid, {"opcodes":opcodes}, opts)
    return True
コード例 #24
0
def process(oid, opts):
    logger.debug("process()")
    src_type = api.get_field("src_type", oid, "type")
    if src_type != "PE":
        return False
    file_meta = api.retrieve('pe_parse', oid)
    if not file_meta: 
        logger.debug("Not able to process %s",oid)
	return False
    data = api.get_field("files", oid, "data")
    if not data:
        return False
    result = detect_packer(file_meta, data)
    if result:
        api.store(name, oid, result, opts)
        return True
    return False
コード例 #25
0
ファイル: default.py プロジェクト: SamuelMulder/oxide 
def summarize(args, opts):
    """ 
        Gives a summary of a set of files, including types, extensions, etc.  If no argument
                is passed, gives a summary for the entire datastore (may be very slow).
        Syntax: summarize %<oid>
    """
    valid, invalid = api.valid_oids(args)
    valid = set(api.expand_oids(valid))
    types = defaultdict(int)
    extensions = defaultdict(int)
    sizes = [0,0,0,0,0,0]

    if not args:
        valid = set(api.retrieve_all_keys("file_meta"))
            
    for oid in valid:
        meta = api.retrieve("file_meta", oid)
        names = meta["names"]
        if names:
            for name in names:
                parts = name.split(".")
                if len(parts) > 1:
                    extensions[parts[-1]] += 1
                else:
                    extensions["None"] += 1
        t = api.get_field("src_type", oid, "type")
        if t: types[t] += 1
        size = meta["size"]
        if size < 1024: sizes[0] += 1
        elif size < 10*1024: sizes[1] += 1
        elif size < 100*1024: sizes[2] += 1
        elif size < 1024*1024: sizes[3] += 1
        elif size < 10*1024*1024: sizes[4] += 1
        else: sizes[5] += 1

    print "\nTotal files in set: ", len(valid)

    print "\nExtensions (files with multiple names counted more than once):"
    exts = extensions.keys()
    exts = sorted(exts, key=lambda val: extensions[val], reverse=True)
    for e in exts:
        print "  ", e, "   \t\t  :\t\t  ", extensions[e]
    print "\nTypes:"
    ts = types.keys()
    ts = sorted(ts, key=lambda val: types[val], reverse=True)
    for t in ts:
        print "  ", t, "   \t\t  :\t\t  ", types[t]

    print "\nSizes: "
    print "   Under 1k   :", sizes[0]
    print "   1k - 10k   :", sizes[1]
    print "   10k - 100k :", sizes[2]
    print "   100k - 1MB :", sizes[3]
    print "   1MB - 10MB :", sizes[4]
    print "   over 10 MB :", sizes[5]

    return None
コード例 #26
0
def process(oid, opts):
    logger.debug("process()")
    functions = api.retrieve("function_extract", oid)
    if not functions:
		return False
    
    header = api.get_field("object_header", oid, "header")
    if not header:
		return False

    data = api.get_field(api.source(oid), oid, "data")
    if not data:
        return False
    
    g = build_basic_blocks(functions, header, data)
    
    api.store(name, oid, g, opts)
    return True
コード例 #27
0
def process(oid, opts):
    logger.debug("Processing oid %s", oid)
    src_type = api.get_field("src_type", oid, "type")
    if src_type != "ELF":
        return False
    header = api.retrieve("elf_parse", oid)
    if not header:
        return False
    api.store(name, oid, {"header":elf_repr(header)}, opts)
    return True
コード例 #28
0
ファイル: re_tools.py プロジェクト: SamuelMulder/oxide 
def osx_header(oid, opts):
    header = api.get_field("object_header", [oid], "header")
    src = api.source(oid)
    file_size = api.get_field("file_meta", oid, "size")
    names = api.get_names_from_oid(oid)
    print "  OSX Universal Header for %s %s" % (name(oid), oid)
    if not header:
        print "   <EMPTY>" 
        print "  --------------------------"
        return
    
    print "  - File Size:      %s" % (file_size)
    print "  - Magic:          %s" % (header.magic)
    print "  - Big Endian:     %s" % (header.big_endian)
    print "  - Embedded Files: %s" % (header.num_embedded)
    for header in header.embedded:
        print "  -------------------------------------"
        print_macho_header(header, oid, opts, embedded=True)
        print "  -------------------------------------"
        print
コード例 #29
0
def process(oid, opts):
    logger.debug("process()")
    src_type = api.get_field("src_type", oid, "type")
    if src_type != "PE":
        return False
        
    header = api.retrieve("pe_parse", oid)
    if not header:
        return False
    api.store(name, oid, {"header":pe_repr(header)}, opts)
    return True
コード例 #30
0
def mapper(oid, opts, jobid=False):
    logger.debug("mapper()")
    src = api.source(oid)
    if api.exists(name, oid, opts):
        return oid
    data = api.get_field(src, oid, "data")
    if not data:
        return None
    out_histo = build_histo(data)
    api.store(name, oid, out_histo, opts)
    return oid
コード例 #31
0
def mapper(oid, opts, jobid=False):
    logger.debug("mapper()")
    src = api.source(oid)
    if api.documentation(src)["set"]:
        return None
    if api.exists(name, oid, opts):
        return oid
    opcodes = api.get_field("opcodes", oid, "opcodes")
    if not opcodes: return None
    out_histo = build_histo(opcodes)
    api.store(name, oid, out_histo, opts)
    return oid