def testReport(self):
disasm = Disassembler(config)
report = disasm.getDisassemblyReport(self.asprox_disassembly)
assert report["status"] == "ok"
assert report["base_addr"] == 0x8D0000
assert report["summary"]["num_instructions"] == 15706
assert report[
"sha256"] == "db8a133fed1b706608a4492079b702ded6b70369a980d2b5ae355a6adc78ef00"
def get_extractor(path: str,
format: str,
backend: str,
sigpaths: List[str],
should_save_workspace=False,
disable_progress=False) -> FeatureExtractor:
"""
raises:
UnsupportedFormatError:
"""
if backend == "smda":
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda.extractor
smda_report = None
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.extractor.SmdaFeatureExtractor(
smda_report, path)
else:
import capa.features.extractors.viv.extractor
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
if format == "auto" and path.endswith(EXTENSIONS_SHELLCODE_32):
format = "sc32"
elif format == "auto" and path.endswith(EXTENSIONS_SHELLCODE_64):
format = "sc64"
vw = get_workspace(path, format, sigpaths)
if should_save_workspace:
logger.debug("saving workspace")
try:
vw.saveWorkspace()
except IOError:
# see #168 for discussion around how to handle non-writable directories
logger.info(
"source directory is not writable, won't save intermediate workspace"
)
else:
logger.debug("CAPA_SAVE_WORKSPACE unset, not saving workspace")
return capa.features.extractors.viv.extractor.VivisectFeatureExtractor(
vw, path)
def get_extractor(
path: str, format_: str, backend: str, sigpaths: List[str], should_save_workspace=False, disable_progress=False
) -> FeatureExtractor:
"""
raises:
UnsupportedFormatError
UnsupportedArchError
UnsupportedOSError
"""
if format_ not in (FORMAT_SC32, FORMAT_SC64):
if not is_supported_format(path):
raise UnsupportedFormatError()
if not is_supported_arch(path):
raise UnsupportedArchError()
if not is_supported_os(path):
raise UnsupportedOSError()
if format_ == FORMAT_DOTNET:
import capa.features.extractors.dnfile.extractor
return capa.features.extractors.dnfile.extractor.DnfileFeatureExtractor(path)
if backend == "smda":
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda.extractor
smda_report = None
with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.extractor.SmdaFeatureExtractor(smda_report, path)
else:
import capa.features.extractors.viv.extractor
with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress):
vw = get_workspace(path, format_, sigpaths)
if should_save_workspace:
logger.debug("saving workspace")
try:
vw.saveWorkspace()
except IOError:
# see #168 for discussion around how to handle non-writable directories
logger.info("source directory is not writable, won't save intermediate workspace")
else:
logger.debug("CAPA_SAVE_WORKSPACE unset, not saving workspace")
return capa.features.extractors.viv.extractor.VivisectFeatureExtractor(vw, path)
def get_smda_extractor(path):
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda
config = SmdaConfig()
config.STORE_BUFFER = True
disasm = Disassembler(config)
report = disasm.disassembleFile(path)
return capa.features.extractors.smda.SmdaFeatureExtractor(report, path)
def setUpClass(cls):
super(SmdaIntegrationTestSuite, cls).setUpClass()
disasm = Disassembler(config)
with open(
os.path.join(config.PROJECT_ROOT, "tests",
"asprox_0x008D0000_xored"), "rb") as f_binary:
binary = f_binary.read()
decrypted = bytearray()
for index, byte in enumerate(binary):
if isinstance(byte, str):
byte = ord(byte)
decrypted.append(byte ^ (index % 256))
cls.asprox_disassembly = disasm.disassemble(bytes(decrypted), 0x8D0000)
def disassembleFile(file_path, base_addr, map_file=False):
print("now analyzing {}".format(file_path))
loader = FileLoader(file_path, map_file=map_file)
file_content = loader.getData()
disasm = Disassembler(config)
start = time.clock()
try:
disassembly = disasm.disassemble(file_content, base_addr, timeout=config.TIMEOUT)
report = disasm.getDisassemblyReport(disassembly)
report["filename"] = os.path.basename(file_path)
print(disassembly)
except Exception as exc:
print("-> an error occured (", str(exc), ").")
report = {"status":"error", "meta": {"traceback": traceback.format_exc(exc)}, "execution_time": time.clock() - start}
return report
def setUpClass(cls):
super(SmdaIntegrationTestSuite, cls).setUpClass()
# remove the win7 library as asprox had been dumped on win_xp
config.API_COLLECTION_FILES.pop("win_7")
disasm = Disassembler(config)
with open(
os.path.join(config.PROJECT_ROOT, "tests",
"asprox_0x008D0000_xored"), "rb") as f_binary:
binary = f_binary.read()
decrypted = bytearray()
for index, byte in enumerate(binary):
if isinstance(byte, str):
byte = ord(byte)
decrypted.append(byte ^ (index % 256))
cls.asprox_disassembly = disasm.disassemble(bytes(decrypted), 0x8D0000)
def open(file): fl = FileLoader(file, True) dis = Disassembler(Config) smda._set_eng(fl,dis) return smda
def get_extractor_py3(path, format, disable_progress=False):
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda
smda_report = None
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.SmdaFeatureExtractor(
smda_report, path)
def setUpClass(cls):
super(SmdaIntegrationTestSuite, cls).setUpClass()
disasm = Disassembler(config)
# load encrypted Asprox
with open(
os.path.join(config.PROJECT_ROOT, "tests",
"asprox_0x008D0000_xored"), "rb") as f_binary:
binary = f_binary.read()
decrypted_asprox = bytearray()
for index, byte in enumerate(binary):
if isinstance(byte, str):
byte = ord(byte)
decrypted_asprox.append(byte ^ (index % 256))
cls.asprox_binary = decrypted_asprox
cls.asprox_disassembly = disasm.disassembleBuffer(
bytes(decrypted_asprox), 0x8D0000)
# load encrypted Cutwail
with open(os.path.join(config.PROJECT_ROOT, "tests", "cutwail_xored"),
"rb") as f_binary:
binary = f_binary.read()
decrypted_cutwail = bytearray()
for index, byte in enumerate(binary):
if isinstance(byte, str):
byte = ord(byte)
decrypted_cutwail.append(byte ^ (index % 256))
cls.cutwail_binary = decrypted_cutwail
# run FileLoader and disassemble as file
loader = FileLoader("/", map_file=True)
loader._loadFile(decrypted_cutwail)
file_content = loader.getData()
binary_info = BinaryInfo(file_content)
binary_info.raw_data = loader.getRawData()
binary_info.file_path = ""
binary_info.base_addr = loader.getBaseAddress()
binary_info.bitness = loader.getBitness()
binary_info.code_areas = loader.getCodeAreas()
cls.cutwail_disassembly = disasm._disassemble(binary_info)
cls.cutwail_unmapped_disassembly = disasm.disassembleUnmappedBuffer(
decrypted_cutwail)
def get_extractor_py3(path, format, backend, disable_progress=False):
if backend == "smda":
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda
smda_report = None
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.SmdaFeatureExtractor(
smda_report, path)
else:
import capa.features.extractors.viv
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
vw = get_workspace(path, format, should_save=False)
try:
vw.saveWorkspace()
except IOError:
# see #168 for discussion around how to handle non-writable directories
logger.info(
"source directory is not writable, won't save intermediate workspace"
)
return capa.features.extractors.viv.VivisectFeatureExtractor(vw, path)
def detectBackend():
backend = ""
version = ""
try:
import idaapi
import idautils
backend = "IDA"
version = idaapi.IDA_SDK_VERSION
except:
pass
return (backend, version)
if __name__ == "__main__":
BACKEND, VERSION = detectBackend()
if BACKEND == "IDA":
from smda.ida.IdaInterface import IdaInterface
ida_interface = IdaInterface()
binary = ida_interface.getBinary()
base_addr = ida_interface.getBaseAddr()
DISASSEMBLER = Disassembler(backend=BACKEND)
REPORT = DISASSEMBLER.disassembleBuffer(binary, base_addr)
output_path = ida_interface.getIdbDir()
output_filepath = output_path + "ConvertedFromIdb.smda"
with open(output_filepath, "w") as fout:
json.dump(REPORT.toDict(), fout, indent=1, sort_keys=True)
print("Output saved to: %s" % output_filepath)
else:
raise Exception("No supported backend found.")
ARGS = PARSER.parse_args()
if ARGS.input_path:
SMDA_REPORT = None
INPUT_FILENAME = ""
if os.path.isfile(ARGS.input_path):
# optionally create and set up a config, e.g. when using ApiScout profiles for WinAPI import usage discovery
config = SmdaConfig()
config.API_COLLECTION_FILES = {
"win_7":
os.sep.join([
config.PROJECT_ROOT, "data",
"apiscout_win7_prof-n_sp1.json"
])
}
DISASSEMBLER = Disassembler(config)
print("now analyzing {}".format(ARGS.input_path))
INPUT_FILENAME = os.path.basename(ARGS.input_path)
if ARGS.parse_header:
SMDA_REPORT = DISASSEMBLER.disassembleFile(
ARGS.input_path, pdb_path=ARGS.pdb_path)
else:
BUFFER = readFileContent(ARGS.input_path)
BASE_ADDR = parseBaseAddrFromArgs(ARGS)
SMDA_REPORT = DISASSEMBLER.disassembleBuffer(BUFFER, BASE_ADDR)
SMDA_REPORT.filename = os.path.basename(ARGS.input_path)
print(SMDA_REPORT)
if SMDA_REPORT and os.path.isdir(ARGS.output_path):
with open(ARGS.output_path + os.sep + INPUT_FILENAME + ".smda",
"w") as fout:
json.dump(SMDA_REPORT.toDict(), fout, indent=1, sort_keys=True)
from smda.Disassembler import Disassembler
LOGGER = logging.getLogger(__name__)
def detectBackend():
backend = ""
version = ""
try:
import idaapi
import idc
import idautils
backend = "IDA"
version = idaapi.IDA_SDK_VERSION
except:
pass
return (backend, version)
if __name__ == "__main__":
BACKEND, VERSION = detectBackend()
if BACKEND == "IDA":
DISASSEMBLER = Disassembler(config, backend=BACKEND)
REPORT = DISASSEMBLER.disassembleBuffer(None, None)
output_path = idc.get_idb_path()
with open(output_path + ".smda", "wb") as fout:
json.dump(REPORT, fout, indent=1, sort_keys=True)
LOGGER.info("Output saved to: %s.smda", output_path)
else:
raise Exception("No supported backend found.")