def main(args):
logging.basicConfig()
# debug
if args.debug:
logger.setLevel(logging.DEBUG)
if not args.output_path:
logger.error("Please specify a filename to save the filters to.")
sys.exit(0)
# for now, process local directory
if args.dir_path:
logger.info("Analyzing all analyses in directory %s" % (args.dir_path))
# Disk
disk_filter = DiskFilter()
for analysis_dir in os.listdir(args.dir_path):
path = os.path.join(args.dir_path, analysis_dir)
logger.info("Disk Filter: Analyzing %s" % path)
diff = None
if not args.rerun and os.path.exists(
os.path.join(path, 'disk_diff.txt')):
diff = pickle.load(
open(os.path.join(path, 'disk_diff.txt'), 'rb'))
else:
dcap_uri = os.path.join(path, "dcap")
disk_analysis = DiskAnalysis(dcap_uri, args.machine_type,
args.disk_img)
diff = disk_analysis.run()
pickle.dump(diff,
open(os.path.join(path, 'disk_diff.txt'), 'wb'))
if not diff:
logger.error(
"Error processing disk analysis for %s . . . skipping!" %
path)
continue
disk_filter.add_analysis(diff)
# adjust filter
if not args.noadjust:
disk_filter.adjust_filter(9)
# write filter to disk
f = open(args.output_path + '.disk', 'w')
f.write(pprint.pformat(disk_filter.occurrences_dict))
f.close()
def csv_mbr(self):
"""Extract MBR and BootLoader"""
informations = DiskAnalysis(self.output_dir)
partition = Partitions(self.output_dir, self.logger)
disk = Disks()
operatingSystem = OperatingSystem()
envVar = EnvironmentVariable()
mbr = Mbr(self.output_dir)
informations.os = operatingSystem.os_information(
informations.currentMachine)
informations.listDisks = disk.get_disk_information(
informations.currentMachine)
self.logger.info('MBR Extracting')
for d in informations.listDisks:
informations.mbrDisk = mbr.mbr_parsing(d.deviceID)
mbr.boot_loader_disassembly()
for p in informations.mbrDisk.partitions:
if p.state == "ACTIVE":
vbr = Vbr(d.deviceID, p.sector_offset, self.output_dir)
self.logger.info('VBR Extracting')
vbr.extract_vbr()
vbr.vbrDisassembly()
self.logger.info('BootLoader Extracting')
informations.envVarList = os.environ
informations.listPartitions = partition.partition_information(
informations.currentMachine)
informations.save_informations()
def main(args):
logging.basicConfig()
# debug
if args.debug:
logger.setLevel(logging.DEBUG)
if not args.output_path:
logger.error("Please specify a filename to save the filters to.")
sys.exit(0)
# for now, process local directory
if args.dir_path:
logger.info("Analyzing all analyses in directory %s" % (args.dir_path))
# Disk
disk_filter = DiskFilter()
for analysis_dir in os.listdir(args.dir_path):
path = os.path.join(args.dir_path, analysis_dir)
logger.info("Disk Filter: Analyzing %s" % path)
diff = None
if not args.rerun and os.path.exists(os.path.join(path, 'disk_diff.txt')):
diff = pickle.load(open(os.path.join(path, 'disk_diff.txt'), 'rb'))
else:
dcap_uri = os.path.join(path, "dcap")
disk_analysis = DiskAnalysis(dcap_uri, args.machine_type, args.disk_img)
diff = disk_analysis.run()
pickle.dump(diff, open(os.path.join(path, 'disk_diff.txt'), 'wb'))
if not diff:
logger.error("Error processing disk analysis for %s . . . skipping!" % path)
continue
disk_filter.add_analysis(diff)
# adjust filter
if not args.noadjust:
disk_filter.adjust_filter(9)
# write filter to disk
f = open(args.output_path+'.disk', 'w')
f.write(pprint.pformat(disk_filter.occurrences_dict))
f.close()
def csv_mbr(self):
''' Extract MBR and BootLoader '''
informations = DiskAnalysis(self.output_dir)
partition = Partitions(self.output_dir,self.logger)
disk = Disks()
operatingSystem = OperatingSystem()
envVar = EnvironmentVariable()
mbr = Mbr(self.output_dir)
informations.os = operatingSystem.os_informations(informations.currentMachine)
informations.listDisks = disk.getDiskInformations(informations.currentMachine)
self.logger.info('MBR Extracting')
for d in informations.listDisks:
informations.mbrDisk = mbr.mbr_parsing(d.deviceID)
mbr.bootLoaderDisassembly()
self.logger.info('BootLoader Extracting')
informations.envVarList = os.environ
informations.listPartitions = partition.partitionInformations(informations.currentMachine)
informations.saveInformations()
def csv_mbr(self):
"""Extract MBR and BootLoader"""
informations = DiskAnalysis(self.output_dir)
partition = Partitions(self.output_dir, self.logger)
disk = Disks()
operatingSystem = OperatingSystem()
envVar = EnvironmentVariable()
mbr = Mbr(self.output_dir)
informations.os = operatingSystem.os_information(informations.currentMachine)
informations.listDisks = disk.get_disk_information(informations.currentMachine)
self.logger.info('MBR Extracting')
for d in informations.listDisks:
informations.mbrDisk = mbr.mbr_parsing(d.deviceID)
mbr.boot_loader_disassembly()
self.logger.info('BootLoader Extracting')
informations.envVarList = os.environ
informations.listPartitions = partition.partition_information(informations.currentMachine)
informations.save_informations()
def main(args):
logging.basicConfig()
# debug
if args.debug:
logger.setLevel(logging.DEBUG)
if not args.output_path:
logger.error("Please specify a filename to save the filters to.")
sys.exit(0)
# for now, process local directory
if args.dir_path:
logger.info("Analyzing all analyses in directory %s" % (args.dir_path))
# Memory
mem_filter = MemoryFilter()
for analysis_dir in os.listdir(args.dir_path):
path = os.path.join(args.dir_path, analysis_dir)
logger.info("Memory Filter: Analyzing %s" % path)
diff = None
# TODO add option to redo analysis even if this file exists
if os.path.exists(os.path.join(path, 'mem_diff.txt')):
diff = pickle.load(open(os.path.join(path, 'mem_diff.txt'), 'rb'))
else:
clean_disk_uri = os.path.join(path, "sut_memory_clean.mfd")
dirty_memory_uri = os.path.join(path, "sut_memory_dirty.mfd")
memory_analysis = MemoryAnalysis(clean_disk_uri, dirty_memory_uri, args.profile)
diff = memory_analysis.run()
pickle.dump(diff, open(os.path.join(path, 'mem_diff.txt'), 'wb'))
if not diff:
logger.error("Error processing memory analysis for %s . . . skipping!" % path)
continue
mem_filter.add_analysis(diff)
# adjust the filter
mem_filter.adjust_filter(5)
# write filter to disk
# pprint.pprint(mem_filter.occurrences_dict)
f = open(args.output_path+'.mem', 'w')
f.write(pprint.pformat(mem_filter.occurrences_dict))
f.close()
# Disk
disk_filter = DiskFilter()
for analysis_dir in os.listdir(args.dir_path):
path = os.path.join(args.dir_path, analysis_dir)
logger.info("Disk Filter: Analyzing %s" % path)
diff = None
# TODO add option to redo analysis even if this file exists
if os.path.exists(os.path.join(path, 'disk_diff.txt')):
diff = pickle.load(open(os.path.join(path, 'disk_diff.txt'), 'rb'))
else:
dcap_uri = os.path.join(path, "dcap")
disk_analysis = DiskAnalysis(dcap_uri, args.machine_type, args.disk_img)
diff = disk_analysis.run()
pickle.dump(diff, open(os.path.join(path, 'disk_diff.txt'), 'wb'))
if not diff:
logger.error("Error processing disk analysis for %s . . . skipping!" % path)
continue
disk_filter.add_analysis(diff)
# adjust filter
disk_filter.adjust_filter(5)
# write filter to disk
f = open(args.output_path+'.disk', 'w')
f.write(pprint.pformat(disk_filter.occurrences_dict))
f.close()
