def load(self): self.find_interesting_xors() self._interesting_xor_table.clear() self._interesting_xor_table.setColumnCount(4) self._interesting_xor_table.setHorizontalHeaderLabels( ("Function", "Address", "Loop", "Disassembly")) self._interesting_xor_table.itemDoubleClicked.connect(self.click_row) self._interesting_xor_table.setRowCount(len(self._interesting_xors)) row = 0 for interesting_xor in self._interesting_xors: self._interesting_xor_table.setItem( row, 0, qt.qtablewidgetitem()(interesting_xor["func"])) self._interesting_xor_table.setItem( row, 1, qt.qtablewidgetitem()("0x{:08X}".format( interesting_xor["addr"]))) self._interesting_xor_table.setItem( row, 2, qt.qtablewidgetitem()(str(interesting_xor["loop"]))) self._interesting_xor_table.setItem( row, 3, qt.qtablewidgetitem()(interesting_xor["disasm"])) self._interesting_xor_table.resizeRowToContents(row) row += 1 self._interesting_xor_table.setSortingEnabled(True) self._interesting_xor_table.resizeRowsToContents() self._interesting_xor_table.resizeColumnsToContents()
def load(self): self._bytestring_table.clear() self._bytestring_table.setColumnCount(3) self._bytestring_table.setHorizontalHeaderLabels(("Address", "Function", "String")) self._bytestring_table.itemDoubleClicked.connect(self.click_row) self.find_byte_strings() self._bytestring_table.setRowCount(len(self.byte_strings.keys())) row = 0 for addr, bstr in self.byte_strings.items(): self._bytestring_table.setItem(row, 0, qt.qtablewidgetitem()(addr)) self._bytestring_table.setItem(row, 1, qt.qtablewidgetitem()(idaapi.get_func_name(int(addr[2:], 16)))) self._bytestring_table.setItem(row, 2, qt.qtablewidgetitem()(bstr)) self._bytestring_table.resizeRowToContents(row) row += 1 self._bytestring_table.setSortingEnabled(True) self._bytestring_table.resizeRowsToContents() self._bytestring_table.resizeColumnsToContents()
def load(self): self.find_interesting_xors() self._interesting_xor_table.clear() self._interesting_xor_table.setColumnCount(4) self._interesting_xor_table.setHorizontalHeaderLabels(("Function", "Address", "Loop", "Disassembly")) self._interesting_xor_table.itemDoubleClicked.connect(self.click_row) self._interesting_xor_table.setRowCount(len(self._interesting_xors)) row = 0 for interesting_xor in self._interesting_xors: self._interesting_xor_table.setItem(row, 0, qt.qtablewidgetitem()(interesting_xor["func"])) self._interesting_xor_table.setItem(row, 1, qt.qtablewidgetitem()("0x{:08X}".format(interesting_xor["addr"]))) self._interesting_xor_table.setItem(row, 2, qt.qtablewidgetitem()(str(interesting_xor["loop"]))) self._interesting_xor_table.setItem(row, 3, qt.qtablewidgetitem()(interesting_xor["disasm"])) self._interesting_xor_table.resizeRowToContents(row) row += 1 self._interesting_xor_table.setSortingEnabled(True) self._interesting_xor_table.resizeRowsToContents() self._interesting_xor_table.resizeColumnsToContents()
def load(self): self._signature_table.clear() self._signature_table.setHorizontalHeaderLabels(["Signature", "Information", "Severity"]) self._signature_table.setRowCount(len(self.parent.signatures)) row = 0 for sig in self.parent.signatures: d = {} for x in sig["data"]: d.update(x) data = "\n".join(["{}: {}".format(k, v) for k, v in d.iteritems()]) sev = "Severity: {severity}\nConfidence: {confidence}\nWeight: {weight}".format(**sig) self._signature_table.setItem(row, 0, qt.qtablewidgetitem()(sig["description"])) self._signature_table.setItem(row, 1, qt.qtablewidgetitem()(data)) self._signature_table.setItem(row, 2, qt.qtablewidgetitem()(sev)) row += 1 self._signature_table.resizeRowsToContents() self._signature_table.resizeColumnsToContents() self._signature_table.setSortingEnabled(True)
def load(self): self._import_table.clear() self._import_table.setHorizontalHeaderLabels( ["Address", "DLL", "ProcName", "ProcAddress", "Type", "IDA Name"]) self._import_table.itemDoubleClicked.connect(self.clickRow) self._import_table.setRowCount(len(self.parent.impts)) self._import_table.setAlternatingRowColors(True) row = 0 for impt in self.parent.impts: self._import_table.setItem(row, 0, qt.qtablewidgetitem()(impt["addr"])) self._import_table.setItem(row, 1, qt.qtablewidgetitem()(impt["dll"])) self._import_table.setItem( row, 2, qt.qtablewidgetitem()(impt["proc_name"])) self._import_table.setItem( row, 3, qt.qtablewidgetitem()(impt["proc_address"])) self._import_table.setItem(row, 4, qt.qtablewidgetitem()(impt["type"])) self._import_table.setItem( row, 5, qt.qtablewidgetitem()(idc.Name(int(impt["proc_address"], 16)))) self._import_table.resizeRowToContents(row) row += 1 self._import_table.setSortingEnabled(True)
def load(self): for cat in sorted(list(self.parent.call_categories)): self._checkbox_map[cat] = qt.qcheckbox()(cat.capitalize()) for cat in sorted(self._checkbox_map.keys()): cb = self._checkbox_map[cat] cb.setCheckState(qt.qtcore().Qt.Checked) cb.clicked.connect(self.filterCallData) self._checkbox_layout.addWidget(cb) self._call_table.clear() self._call_table.setHorizontalHeaderLabels( ["Category", "Caller", "Parent Caller", "API", "Return", "Args"]) header = self._call_table.horizontalHeader() header.setStretchLastSection(True) if self.parent.cuckoo_version.startswith(("1.3", "2.0")): self._call_table.itemDoubleClicked.connect(self.clickRow) self._call_table.setRowCount(len(self.parent.calls)) row = 0 for call in self.parent.calls: arg_str = "\r\n".join([ "{}: {}".format(k, unicode(v)[:80].encode("unicode-escape")) for k, v in call["arguments"].items() ]) bg_color = self._COLOR_MAP.get(call.get("category", ""), qt.qcolor()(0xff, 0xff, 0xff)) self._call_table.setItem( row, 0, qt.qtablewidgetitem()(call.get("category", ""))) self._call_table.item(row, 0).setBackground(bg_color) call_addr = "" if self.parent.cuckoo_version.startswith("1.3"): call_addr = idc.PrevHead(int(call["caller"], 16)) call_addr = call.get( "caller", "0x00000000" ) if call_addr == idc.BADADDR else "0x{:08x}".format(call_addr) # cuckoo 2.0 stores call stack in "stack", but only enabled in DEBUG if self.parent.cuckoo_version.startswith( "2.0") and call["stacktrace"]: call_addr = call["stacktrace"][-1].split(" @ ")[-1] ret = call["return"] if "return" in call else str( call["return_value"]) self._call_table.setItem(row, 1, qt.qtablewidgetitem()(call_addr)) self._call_table.item(row, 1).setBackground(bg_color) self._call_table.setItem( row, 2, qt.qtablewidgetitem()(call.get("parentcaller", ""))) self._call_table.item(row, 2).setBackground(bg_color) self._call_table.setItem(row, 3, qt.qtablewidgetitem()(call["api"])) self._call_table.item(row, 3).setBackground(bg_color) self._call_table.setItem(row, 4, qt.qtablewidgetitem()(ret)) self._call_table.item(row, 4).setBackground(bg_color) self._call_table.setItem(row, 5, qt.qtablewidgetitem()(arg_str)) self._call_table.item(row, 5).setBackground(bg_color) row += 1 self._call_table.resizeRowsToContents() self._call_table.resizeColumnsToContents() self._call_table.setSortingEnabled(True)
def load(self): self._signature_table.clear() self._signature_table.setHorizontalHeaderLabels( ["Signature", "Information", "Severity"]) self._signature_table.setRowCount(len(self.parent.signatures)) row = 0 for sig in self.parent.signatures: d = {} for x in sig.get("data", []): d.update(x) for x in sig.get("marks", []): d.update(x) data = "\n".join(["{}: {}".format(k, v) for k, v in d.iteritems()]) sev = "Severity: {severity}".format(**sig) self._signature_table.setItem( row, 0, qt.qtablewidgetitem()(sig["description"])) self._signature_table.setItem(row, 1, qt.qtablewidgetitem()(data)) self._signature_table.setItem(row, 2, qt.qtablewidgetitem()(sev)) row += 1 self._signature_table.resizeRowsToContents() self._signature_table.resizeColumnsToContents() self._signature_table.setSortingEnabled(True)
def load(self): self._import_table.clear() self._import_table.setHorizontalHeaderLabels(["Address", "DLL", "ProcName", "ProcAddress", "Type", "IDA Name"]) self._import_table.itemDoubleClicked.connect(self.clickRow) self._import_table.setRowCount(len(self.parent.impts)) self._import_table.setAlternatingRowColors(True) row = 0 for impt in self.parent.impts: self._import_table.setItem(row, 0, qt.qtablewidgetitem()(impt["addr"])) self._import_table.setItem(row, 1, qt.qtablewidgetitem()(impt["dll"])) self._import_table.setItem(row, 2, qt.qtablewidgetitem()(impt["proc_name"])) self._import_table.setItem(row, 3, qt.qtablewidgetitem()(impt["proc_address"])) self._import_table.setItem(row, 4, qt.qtablewidgetitem()(impt["type"])) self._import_table.setItem(row, 5, qt.qtablewidgetitem()(idc.Name(int(impt["proc_address"], 16)))) self._import_table.resizeRowToContents(row) row += 1 self._import_table.setSortingEnabled(True)
def load(self): for cat in sorted(list(self.parent.call_categories)): self._checkbox_map[cat] = qt.qcheckbox()(cat.capitalize()) for cat in sorted(self._checkbox_map.keys()): cb = self._checkbox_map[cat] cb.setCheckState(qt.qtcore().Qt.Checked) cb.clicked.connect(self.filterCallData) self._checkbox_layout.addWidget(cb) self._call_table.clear() self._call_table.setHorizontalHeaderLabels(["Category","Caller","Parent Caller","API","Return","Args"]) header = self._call_table.horizontalHeader() header.setStretchLastSection(True) if self.parent.cuckoo_version.startswith(("1.3", "2.0")): self._call_table.itemDoubleClicked.connect(self.clickRow) self._call_table.setRowCount(len(self.parent.calls)) row = 0 for call in self.parent.calls: arg_str = "\r\n".join(["{}: {}".format(k, unicode(v)[:80].encode("unicode-escape")) for k, v in call["arguments"].items()]) bg_color = self._COLOR_MAP.get(call.get("category", ""), qt.qcolor()(0xff, 0xff, 0xff)) self._call_table.setItem(row, 0, qt.qtablewidgetitem()(call.get("category", ""))) self._call_table.item(row, 0).setBackground(bg_color) call_addr = "" if self.parent.cuckoo_version.startswith("1.3"): call_addr = idc.PrevHead(int(call["caller"],16)) call_addr = call.get("caller", "0x00000000") if call_addr == idc.BADADDR else "0x{:08x}".format(call_addr) # cuckoo 2.0 stores call stack in "stack", but only enabled in DEBUG if self.parent.cuckoo_version.startswith("2.0") and call["stacktrace"]: call_addr = call["stacktrace"][-1].split(" @ ")[-1] ret = call["return"] if "return" in call else str(call["return_value"]) self._call_table.setItem(row, 1, qt.qtablewidgetitem()(call_addr)) self._call_table.item(row, 1).setBackground(bg_color) self._call_table.setItem(row, 2, qt.qtablewidgetitem()(call.get("parentcaller", ""))) self._call_table.item(row, 2).setBackground(bg_color) self._call_table.setItem(row, 3, qt.qtablewidgetitem()(call["api"])) self._call_table.item(row, 3).setBackground(bg_color) self._call_table.setItem(row, 4, qt.qtablewidgetitem()(ret)) self._call_table.item(row, 4).setBackground(bg_color) self._call_table.setItem(row, 5, qt.qtablewidgetitem()(arg_str)) self._call_table.item(row, 5).setBackground(bg_color) row += 1 self._call_table.resizeRowsToContents() self._call_table.resizeColumnsToContents() self._call_table.setSortingEnabled(True)