def import_upxfile(fname, parent_oid=None):
""" Given a file try to upx unpack it and import the extracted file,
return the an oid list and a newfiles list.
If parent_oid is passed tag the parent and the children.
"""
newfiles = []
if not is_upx(fname):
return [], newfiles
unpackcmd = "upx -d " + fname + " -qqq"
if int(subprocess.os.system(unpackcmd)) != 0:
print " - Not able to decompress file %s" % fname
return [], newfiles
unpacked_oid, newfile = api.import_file(fname)
if not unpacked_oid:
print " - Not able to import file %s" % fname
return [], newfiles
if newfile:
newfiles.append(unpacked_oid)
if parent_oid:
tag_append(unpacked_oid, "upx_unpacked", parent_oid)
tag_append(parent_oid, "upx_packed", unpacked_oid)
return [unpacked_oid], newfiles
def extract_osx(args, opts):
"""
Imports objects from an OSX Universal Binary
Syntax:
"""
valid, invalid = api.valid_oids(args)
if not valid:
raise ShellSyntaxError("No valid oids found")
args = api.expand_oids(valid)
for oid in args:
meta = api.retrieve("file_meta", oid)
name = meta["names"].pop()
src_type = api.retrieve("src_type", oid)
if src_type["type"] != "OSX Universal Binary":
print " - %s (%s) is not an OSX Universal binary file, skipping" % (name, oid)
continue
data = api.retrieve("files", oid)["data"]
if not data:
print " - No data for this file %s (%s) " % (name, oid)
continue
oh = api.retrieve("object_header", oid)
num = oh["header"].num_embedded
print " - Found %s files embedded in file %s (%s)" % (num, name, oid)
oids = []
newfiles = 0
for f in oh["header"].embedded:
beg = f.header_offset
end = f.file_end
print " + Extracting bytes %s:%s of file type %s" % (beg, end, f.machine)
fname = name + "_" + f.machine
fpath = os.path.join(api.scratch_dir, fname)
print " + Writing temp file to %s" % (fpath)
fd = file(fpath, 'wb')
fd.write(data[beg:end])
fd.close()
print " + Importing file %s" % (fpath)
oid, newfile = api.import_file(fpath)
oids.append(oid)
if newfile: newfiles += 1
print " + Removing temp file from the scratch directory"
os.remove(fpath)
print
print " - Extracted and imported %s files, %s were new" % (len(oids), newfiles)
# Return a list of the oids corresponding to the files extracted
return oids
def import_tarfile(fname, parent_oid=None):
""" Given a file try to untar it and import the extracted files,
return the an oid list and a newfiles list.
If parent_oid is passed tag the parent and the children.
"""
oids = []
newfiles = []
import api
if not tarfile.is_tarfile(fname):
return oids, newfiles
tf = tarfile.open(fname)
for t in tf.getmembers():
if not t.isfile(): # Skip dirs and links
continue
tar_out = os.path.join(api.scratch_dir, t.name)
try:
tf.extract(member=t, path=api.scratch_dir)
except:
print " - Not able to extract file %s from tarfile %s" % (f, fname)
continue
oid, newfile = api.import_file(tar_out)
if not oid:
print " - Not able to import file %s" % fname
os.remove(tar_out)
continue
if newfile:
newfiles.append(oid)
if parent_oid:
tag_append(oid, "untarred", [parent_oid])
os.remove(tar_out)
oids.append(oid)
if parent_oid and oids:
tag_append(parent_oid, "tarred", oids)
return oids, newfiles
def import_zipfile(fname, parent_oid=None):
""" Given a file try to unzip it and import the extracted files,
return the an oid list and a newfiles list.
If parent_oid is passed tag the parent and the children.
"""
oids = []
newfiles = []
if not zipfile.is_zipfile(fname):
return oids, newfiles
zf = zipfile.ZipFile(fname)
for f in zf.namelist():
try:
zip_out = zf.read(f)
except:
print " - Not able to extract file %s from zipfile %s" % (f, fname)
continue
zout_tmp = tmp_file(f, zip_out)
if not zout_tmp: continue
oid, newfile = api.import_file(zout_tmp)
if not oid:
print " - Not able to import file %s" % fname
os.remove(zout_tmp)
continue
if newfile:
newfiles.append(oid)
if parent_oid:
tag_append(oid, "unzipped", [parent_oid])
os.remove(zout_tmp)
oids.append(oid)
if parent_oid and oids:
tag_append(parent_oid, "zipped", oids)
return oids, newfiles
