def main(filename): pyew = CPyew() thread = threading.Thread(target=pyew.thread_UpdateComment) thread.start() if os.getenv("PYEW_DEBUG"): pyew.debug = True else: pyew.debug = False pyew.loadFile(filename, "rb") if pyew.format in ["PE", "ELF"]: saveAndCompareInDatabase(pyew) pyew.offset = 0 print pyew.hexdump(pyew.buf, pyew.hexcolumns) oldpyew = None cmd = "" last_cmd = "" pyew.previousoffset = [] # Add global object's references for easier usage pe = pyew.pe elf = pyew.elf # Set AutoCompletion setupAutoCompletion(pyew) # Check if there is runme.py file if os.path.exists('runme.py'): f = open('runme.py', 'r') commands = f.readlines() f.close() while 1: try: last_cmd = cmd if len(pyew.previousoffset) > 0: if pyew.previousoffset[len(pyew.previousoffset)-1] != pyew.offset: pyew.previousoffset.append(pyew.offset) else: pyew.previousoffset.append(pyew.offset) va = None if pyew.virtual: va = pyew.getVirtualAddressFromOffset(pyew.offset) if va: prompt = "[0x%08x:0x%08x]> " % (pyew.offset, va) else: prompt = "[0x%08x]> " % pyew.offset try: cmd = commands[0].rstrip() commands.pop(0) except: cmd = raw_input(prompt) if cmd in ["", "b"] and (last_cmd in ["b", "x", "c", "d", "dump", "hexdump", "u", "p", "r", "buf"] or last_cmd.isdigit()): if cmd == "b": tmp = pyew.previousoffset.pop() if len(pyew.previousoffset) > 0: tmp = pyew.previousoffset[len(pyew.previousoffset)-1] else: tmp = 0 pyew.offset = tmp pyew.lastasmoffset = tmp pyew.seek(tmp) if last_cmd.isdigit(): last_cmd = "c" elif cmd == "b" and last_cmd == "b": if len(pyew.previousoffset) < 2: continue tmp = pyew.previousoffset.pop() tmp = pyew.previousoffset[len(pyew.previousoffset)-1] pyew.seek(tmp) continue elif last_cmd in ["c", "u"] or last_cmd.isdigit(): pyew.offset = pyew.lastasmoffset pyew.seek(pyew.offset) if last_cmd.isdigit(): last_cmd = "c" else: pyew.offset = pyew.offset+pyew.bsize pyew.seek(pyew.offset) cmd = last_cmd except EOFError: break except KeyboardInterrupt: break try: if cmd.strip(" ") == "": continue if cmd.lower() in ["exit", "quit", "q"]: break elif cmd.lower() in ["a", "anal"]: pyew.findFunctions(pyew.processor) print elif cmd.lower() in ["x", "d", "dump", "hexdump"]: print pyew.hexdump(pyew.buf, pyew.hexcolumns, baseoffset=pyew.offset) elif cmd.split(" ")[0] in ["s", "seek"]: data = cmd.split(" ") if len(data) > 1: if data[1].lower() in ["ep", "entrypoint"]: if pyew.ep: pyew.offset = pyew.ep else: pyew.names.has_key(data[1].lower()) if data[1].lower()[0] in ["+", "-"]: pyew.offset += int(data[1]) elif data[1].lower().startswith("0x"): pyew.offset = int(data[1], 16) elif data[1] in pyew.names.values(): for x in pyew.names: if pyew.names[x] == data[1]: pyew.offset = x break else: pyew.offset = int(data[1]) pyew.seek(pyew.offset) elif cmd.split(" ")[0] in ["label"]: data = cmd.split(" ") if len(data) > 2: if data[1].isdigit(): pyew.customizeComment[int(data[1])] = data[2] elif data[1][:2].lower() =="0x": try: pyew.customizeComment[int(data[1],16)] = data[2] except: print "Error" elif cmd.lower().split(" ")[0] in ["c", "u"]: data = cmd.lower().split(" ") if len(data) > 1: if not data[1].startswith("/"): type = int(data[1]) dis = pyew.disassemble(pyew.buf, pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=pyew.offset) print dis else: cmd = data[1:] if len(cmd) > 1: ret = pyew.dosearch(pyew.f, cmd[0][1:2], cmd[1], cols=60, doprint=False, offset=pyew.offset) else: ret = pyew.dosearch(pyew.f, cmd[0][1:2], "", cols=60, doprint=False, offset=pyew.offset) for x in ret: dis = pyew.disassemble(x.values()[0], pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=x.keys()[0]) print dis else: dis = pyew.disassemble(pyew.buf, pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=pyew.offset) print dis elif cmd.isdigit() and int(cmd) < len(pyew.calls)+1 and int(cmd) > 0: pyew.offset = pyew.calls[int(cmd)-1] pyew.seek(pyew.offset) dis = pyew.disassemble(pyew.buf, pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=pyew.offset) print dis elif cmd == "buf": lines = 0 line = "" for c in pyew.buf: line += c if len(line) == pyew.hexcolumns: print repr(line) line = "" if line != "": print repr(line) elif cmd == "byte": lines = 0 line = "" for c in pyew.buf: line += "0x%x, " % ord(c) if len(line) >= pyew.hexcolumns / (1.00/4.00): print line line = "" if line != "": print "%s" % line elif cmd.lower().split(" ")[0] in ["r", "repr"]: print repr(pyew.buf) elif cmd.lower().split(" ")[0] in ["p"]: print pyew.buf elif cmd.lower() in ["settings", "options"]: pyew.showSettings() elif cmd.startswith("/"): ret = pyew.dosearch(pyew.f, cmd[1:2], cmd[3:], cols=60, offset=pyew.offset) elif cmd.lower() in ["?", "help"]: showHelp(pyew) elif cmd.lower() in ["imports"]: if pyew.format == "PE": for entry in pyew.pe.DIRECTORY_ENTRY_IMPORT: print entry.dll for imp in entry.imports: print '\t', hex(imp.address), imp.name elif pyew.format == "ELF": for x in pyew.elf.relocs: print x elif cmd.lower() in ["exports"]: if pyew.format == "PE": for exp in pyew.pe.DIRECTORY_ENTRY_EXPORT.symbols: print hex(pyew.pe.OPTIONAL_HEADER.ImageBase + exp.address), exp.name, exp.ordinal elif pyew.format == "ELF": print "Not yet implemented" elif cmd.lower() in ["sections"]: if pyew.format == "PE": for x in pyew.pe.sections: print x elif pyew.format == "ELF": for x in pyew.elf.secnames: print pyew.elf.secnames[x] elif cmd.lower() in ["elf", "pe"]: if cmd.lower() == "elf": print pyew.elf else: print pyew.pe elif cmd.lower() == "g": if cmd == "g": pyew.offset = 0 else: pyew.offset = pyew.maxsize - pyew.bsize if pyew.offset < 0: pyew.offset = pyew.maxsize - 32 pyew.seek(pyew.offset) elif cmd in ["-", "+"]: if cmd == "+": pyew.offset += pyew.bsize else: pyew.offset -= pyew.bsize pyew.seek(pyew.offset) elif pyew.plugins.has_key(cmd.split(" ")[0]): plg = cmd.split(" ") if len(plg) == 1: pyew.plugins[plg[0]](pyew) else: pyew.plugins[plg[0]](pyew, plg[1:]) elif cmd.lower().split(" ")[0] in ["md5", "sha1", "sha224", "sha256", "sha384", "sha512"]: func = eval(cmd) print "%s: %s" % (cmd, func(pyew.getBuffer()).hexdigest()) elif cmd.startswith("!"): os.system(cmd[1:]) elif cmd == "ret" and oldpyew is not None: pyew = oldpyew pyew.seek(pyew.offset) oldpyew = None elif cmd == "file": oldpyew = pyew del pyew pyew = CPyew() buf = oldpyew.getBytes(oldpyew.offset, oldpyew.maxsize) pyew.loadFromBuffer(buf, oldpyew.filename + "[embed]") elif cmd == "interact": code.interact(local=locals()) elif cmd == "edit": pyew.f.close() pyew.f = open(filename, "r+wb") pyew.seek(0) elif cmd.split(" ")[0] in ["ls"]: data = cmd.split(" ") if len(data) == 2: #print "parsing script file:", data[1] f = open('scripts/' + data[1], 'r') commands = f.readlines() f.close() else: scripts = os.listdir('scripts/') print "Scripts available:" for script in scripts: print "\t", script elif cmd.split(" ")[0] in ["wx", "wa"]: if cmd.split(" ")[0] == "wx": data = unhexlify(cmd.split(" ")[1]) else: data = cmd.split(" ")[1] pyew.f.seek(pyew.offset) pyew.f.write(data) pyew.seek(pyew.offset) else: if cmd.find("=") > -1 or cmd.startswith("print") or cmd.startswith("import "): exec(cmd) else: x = eval(cmd) if "hexdigest" in dir(x): print "%s: %s" % (cmd, x.hexdigest()) else: pprint.pprint(x) except: print "Error:", sys.exc_info()[1] if pyew.debug: raise # main loop break here! pyew.quitFlag = True thread.join()
def main(filename): pyew = CPyew() if os.getenv("PYEW_DEBUG"): pyew.debug=True else: pyew.debug = False pyew.loadFile(filename, "rb") if pyew.format in ["PE", "ELF"]: saveAndCompareInDatabase(pyew) pyew.offset = 0 print pyew.hexdump(pyew.buf, pyew.hexcolumns) oldpyew = None cmd = "" last_cmd = "" pyew.previousoffset = [] # Add global object's references for easier usage pe = pyew.pe elf = pyew.elf # Set AutoCompletion setupAutoCompletion(pyew) # Check if there is runme.py file if os.path.exists('runme.py'): f = open('runme.py', 'r') commands = f.readlines() f.close() while 1: try: last_cmd = cmd if len(pyew.previousoffset) > 0: if pyew.previousoffset[len(pyew.previousoffset)-1] != pyew.offset: pyew.previousoffset.append(pyew.offset) else: pyew.previousoffset.append(pyew.offset) va = None if pyew.virtual: va = pyew.getVirtualAddressFromOffset(pyew.offset) if va: prompt = "[0x%08x:0x%08x]> " % (pyew.offset, va) else: prompt = "[0x%08x]> " % pyew.offset try: cmd = commands[0].rstrip() commands.pop(0) except: cmd = raw_input(prompt) if cmd in ["", "b"] and (last_cmd in ["b", "x", "c", "d", "dump", "hexdump", "dis", "pd", "p", "r", "buf"] or last_cmd.isdigit()): if cmd == "b": tmp = pyew.previousoffset.pop() if len(pyew.previousoffset) > 0: tmp = pyew.previousoffset[len(pyew.previousoffset)-1] else: tmp = 0 pyew.offset = tmp pyew.lastasmoffset = tmp pyew.seek(tmp) if last_cmd.isdigit(): last_cmd = "c" elif cmd == "b" and last_cmd == "b": if len(pyew.previousoffset) < 2: continue tmp = pyew.previousoffset.pop() tmp = pyew.previousoffset[len(pyew.previousoffset)-1] pyew.seek(tmp) continue elif last_cmd in ["c", "d", "pd"] or last_cmd.isdigit(): pyew.offset = pyew.lastasmoffset pyew.seek(pyew.offset) if last_cmd.isdigit(): last_cmd = "c" else: pyew.offset = pyew.offset+pyew.bsize pyew.seek(pyew.offset) cmd = last_cmd except EOFError: break except KeyboardInterrupt: break try: if cmd.strip(" ") == "": continue if cmd.lower() in ["exit", "quit", "q"]: break elif cmd.lower() in ["a", "anal"]: pyew.findFunctions(pyew.processor) print elif cmd.lower() in ["x", "dump", "hexdump"]: print pyew.hexdump(pyew.buf, pyew.hexcolumns, baseoffset=pyew.offset) elif cmd.split(" ")[0] in ["s", "seek"]: data = cmd.split(" ") if len(data) > 1: if data[1].lower() in ["ep", "entrypoint"]: if pyew.ep: pyew.offset = pyew.ep else: pyew.names.has_key(data[1].lower()) if data[1].lower()[0] in ["+", "-"]: pyew.offset += int(data[1]) elif data[1].lower().startswith("0x"): pyew.offset = int(data[1], 16) elif data[1] in pyew.names.values(): for x in pyew.names: if pyew.names[x] == data[1]: pyew.offset = x break else: pyew.offset = int(data[1]) pyew.seek(pyew.offset) elif cmd.lower().split(" ")[0] in ["c", "d", "dis", "pd"]: data = cmd.lower().split(" ") if len(data) > 1: if not data[1].startswith("/"): type = int(data[1]) dis = pyew.disassemble(pyew.buf, pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=pyew.offset) print dis else: cmd = data[1:] if len(cmd) > 1: ret = pyew.dosearch(pyew.f, cmd[0][1:2], cmd[1], cols=60, doprint=False, offset=pyew.offset) else: ret = pyew.dosearch(pyew.f, cmd[0][1:2], "", cols=60, doprint=False, offset=pyew.offset) for x in ret: dis = pyew.disassemble(x.values()[0], pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=x.keys()[0]) print dis else: dis = pyew.disassemble(pyew.buf, pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=pyew.offset) print dis elif cmd.isdigit() and int(cmd) < len(pyew.calls)+1 and int(cmd) > 0: pyew.offset = pyew.calls[int(cmd)-1] pyew.seek(pyew.offset) dis = pyew.disassemble(pyew.buf, pyew.processor, pyew.type, pyew.lines, pyew.bsize, baseoffset=pyew.offset) print dis elif cmd == "buf": lines = 0 line = "" for c in pyew.buf: line += c if len(line) == pyew.hexcolumns: print repr(line) line = "" if line != "": print repr(line) elif cmd == "byte": lines = 0 line = "" for c in pyew.buf: line += "0x%x, " % ord(c) if len(line) >= pyew.hexcolumns / (1.00/4.00): print line line = "" if line != "": print "%s" % line elif cmd.lower().split(" ")[0] in ["r", "repr"]: print repr(pyew.buf) elif cmd.lower().split(" ")[0] in ["p"]: print pyew.buf elif cmd.lower() in ["settings", "options"]: pyew.showSettings() elif cmd.startswith("/"): ret = pyew.dosearch(pyew.f, cmd[1:2], cmd[3:], cols=60, offset=pyew.offset) elif cmd.lower() in ["?", "help"]: showHelp(pyew) elif cmd.lower() in ["imports"]: if pyew.format == "PE": for entry in pyew.pe.DIRECTORY_ENTRY_IMPORT: print entry.dll for imp in entry.imports: print '\t', hex(imp.address), imp.name elif pyew.format == "ELF": for x in pyew.elf.relocs: print x elif cmd.lower() in ["exports"]: if pyew.format == "PE": for exp in pyew.pe.DIRECTORY_ENTRY_EXPORT.symbols: print hex(pyew.pe.OPTIONAL_HEADER.ImageBase + exp.address), exp.name, exp.ordinal elif pyew.format == "ELF": print "Not yet implemented" elif cmd.lower() in ["sections"]: if pyew.format == "PE": for x in pyew.pe.sections: print x elif pyew.format == "ELF": for x in pyew.elf.secnames: print pyew.elf.secnames[x] elif cmd.lower() in ["elf", "pe"]: if cmd.lower() == "elf": print pyew.elf else: print pyew.pe elif cmd.lower() == "g": if cmd == "g": pyew.offset = 0 else: pyew.offset = pyew.maxsize - pyew.bsize if pyew.offset < 0: pyew.offset = pyew.maxsize - 32 pyew.seek(pyew.offset) elif cmd in ["-", "+"]: if cmd == "+": pyew.offset += pyew.bsize else: pyew.offset -= pyew.bsize pyew.seek(pyew.offset) elif pyew.plugins.has_key(cmd.split(" ")[0]): plg = cmd.split(" ") if len(plg) == 1: pyew.plugins[plg[0]](pyew) else: pyew.plugins[plg[0]](pyew, plg[1:]) elif cmd.lower().split(" ")[0] in ["md5", "sha1", "sha224", "sha256", "sha384", "sha512"]: func = eval(cmd) print "%s: %s" % (cmd, func(pyew.getBuffer()).hexdigest()) elif cmd.startswith("!"): os.system(cmd[1:]) elif cmd == "ret" and oldpyew is not None: pyew = oldpyew pyew.seek(pyew.offset) oldpyew = None elif cmd == "file": oldpyew = pyew del pyew pyew = CPyew() buf = oldpyew.getBytes(oldpyew.offset, oldpyew.maxsize) pyew.loadFromBuffer(buf, oldpyew.filename + "[embed]") elif cmd == "interact": code.interact(local=locals()) elif cmd == "edit": pyew.f.close() pyew.f = open(filename, "r+wb") pyew.seek(0) elif cmd.split(" ")[0] in ["ls"]: data = cmd.split(" ") if len(data) == 2: #print "parsing script file:", data[1] f = open('scripts/' + data[1], 'r') commands = f.readlines() f.close() else: scripts = os.listdir('scripts/') print "Scripts available:" for script in scripts: print "\t", script elif cmd.split(" ")[0] in ["wx", "wa"]: if cmd.split(" ")[0] == "wx": data = unhexlify(cmd.split(" ")[1]) else: data = cmd.split(" ")[1] pyew.f.seek(pyew.offset) pyew.f.write(data) pyew.seek(pyew.offset) else: if cmd.find("=") > -1 or cmd.startswith("print") or cmd.startswith("import "): exec(cmd) else: x = eval(cmd) if "hexdigest" in dir(x): print "%s: %s" % (cmd, x.hexdigest()) else: pprint.pprint(x) except: print "Error:", sys.exc_info()[1] if pyew.debug: raise