def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
This function will be triggered whenever
the script is loaded for the first time,
either with the import_module command,
or when loaded at startup.
'''
# We keep a callback manager as a global var.
# --> To access it from any function.
# --> Necessary to call cm.clean() from clean() function
global cm
global pyrebox_print
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
cm.add_callback(CallbackManager.BLOCK_END_CB, block_exec, name="block_end")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
global cm
global pyrebox_print
from plugins.guest_agent import guest_agent
pyrebox_print = printer
cm = CallbackManager(module_hdl)
guest_agent.copy_file("/home/marc/sdcard/zoo/gen/sample.exe",
"C:\\ProgramData\\malo.exe")
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
guest_agent.execute_file("C:\\ProgramData\\malo.exe")
def initialize_callbacks(module_hdl,printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.TLB_EXEC_CB,tlb_exec,name="tlb_exec")
cm.add_callback(CallbackManager.CONTEXTCHANGE_CB,context_change,name="context_change")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.MEM_READ_CB, my_function, name="mem_read")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl,printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB,my_function,name="block_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] In order to perform the test, start monitoring some process")
def initialize_callbacks(module_hdl,printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.OPCODE_RANGE_CB,opcode_range,name="opcode",start_opcode=0x90,end_opcode=0x90)
pyrebox_print("[*] Initialized callbacks")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.TLB_EXEC_CB, tlb_exec, name="tlb_exec")
cm.add_callback(CallbackManager.CONTEXTCHANGE_CB, context_change, name="context_change")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
global cm
global pyrebox_print
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.KEYSTROKE_CB, my_function, name="keystroke")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Just type stuff on the guest")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB, my_function, name="block_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] In order to perform the test, start monitoring some process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.BLOCK_END_CB, my_function, name="block_end")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
'''
global cm
global pyrebox_print
# Initialize printer function
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager
cm = CallbackManager(module_hdl)
# Register a process creation callback
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.INSN_BEGIN_CB, insn_begin, name="insn_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] In order to run the rest, open calc.exe and monitor the process.")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.INSN_END_CB, my_function, name="insn_end")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.NIC_SEND_CB, my_function_send, name="send")
cm.add_callback(CallbackManager.NIC_REC_CB,
my_function_receive,
name="receive")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.NIC_SEND_CB, my_function_send, name="send")
cm.add_callback(CallbackManager.NIC_REC_CB, my_function_receive, name="receive")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.KEYSTROKE_CB,
my_function,
name="keystroke")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Just type stuff on the guest")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print("[!] Test: Open calc.exe and monitor the process")
def initialize_callbacks(module_hdl,printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,my_createproc,name="createproc")
cm.add_trigger("createproc","triggers/trigger_getset_var_example.so")
cm.set_trigger_var("createproc","var1",0)
cm.set_trigger_var("createproc","var2",100)
cm.set_trigger_var("createproc","var3","Hello world")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
global target_procname
from api import CallbackManager
from plugins.guest_agent import guest_agent
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, my_createproc, name="createproc")
cm.add_trigger("createproc", "triggers/trigger_getset_var_example.so")
cm.set_trigger_var("createproc", "var1", 0)
cm.set_trigger_var("createproc", "var2", 100)
cm.set_trigger_var("createproc", "var3", "Hello world")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.INSN_BEGIN_CB,
insn_begin,
name="insn_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print(
"[!] In order to run the rest, open calc.exe and monitor the process."
)
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
#Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
from api import CallbackManager
# Initialize printer
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB,
block_begin,
name="block_begin")
pyrebox_print("[*] Initialized callbacks\n")
pyrebox_print(
"[!] In order to run the test, start calc.exe and monitor it\n")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
global cm
global pyrebox_print
global sample_to_upload
global upload_path
global sample_name
from plugins.guest_agent import guest_agent
pyrebox_print = printer
cm = CallbackManager(module_hdl)
# Push the sample from de host to de guest
guest_agent.copy_file(sample_to_upload, upload_path + sample_name)
# Create a Callback for every new process create to catch de sample when executed
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_process_created,
name="vmi_new_proc")
# Run the sample uploaded to the VM
guest_agent.execute_file(upload_path + sample_name)
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.MEM_WRITE_CB, mem_write, name="mem_write")
# Add a bpw_memrange trigger to the callback, that will limit
# the address range for which the callback will be triggered
cm.add_trigger("mem_write", "triggers/trigger_bpw_memrange.so")
cm.set_trigger_var("mem_write", "begin", 0x0)
cm.set_trigger_var("mem_write", "end", 0x80000000)
cm.set_trigger_var("mem_write", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks\n")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks\n")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.MEM_WRITE_CB, mem_write, name="mem_write")
#Add a bpw_memrange trigger to the callback, that will limit
#the address range for which the callback will be triggered
cm.add_trigger("mem_write", "triggers/trigger_bpw_memrange.so")
cm.set_trigger_var("mem_write", "begin", 0x0)
cm.set_trigger_var("mem_write", "end", 0x80000000)
cm.set_trigger_var("mem_write", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks\n")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.INSN_BEGIN_CB, insn_begin, name="insn_begin")
# Add a trigger so that the callback is only triggered
# for a certain range of addresses
cm.add_trigger("insn_begin", "triggers/trigger_bp_memrange.so")
cm.set_trigger_var("insn_begin", "begin", 0x100218f)
cm.set_trigger_var("insn_begin", "end", 0x1002190)
cm.set_trigger_var("insn_begin", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
'''
global cm
global pyrebox_print
# debug var
global num_ins
global logger
global process_is_created
logger = logging.getLogger('funcap')
hdlr = logging.FileHandler('funcap.log')
formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
hdlr.setFormatter(formatter)
logger.addHandler(hdlr)
# Set level log
level = 0
if level == 0:
logger.setLevel(logging.INFO)
elif level == 1:
logger.setLevel(logging.WARNING)
elif level == 2:
logger.setLevel(logging.ERROR)
elif level == 3:
logger.setLevel(logging.CRITICAL)
else:
logger.setLevel(logging.WARNING)
num_ins = 0
process_is_created = 0
# Init symbols
# api.get_symbol_list()
# Initialize printer function
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
#Initialize the callback manager
cm = CallbackManager(module_hdl)
##
# Callback for CALL opcode
##
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
cm.add_callback(CallbackManager.OPCODE_RANGE_CB,
funcap,
start_opcode=0xFF,
end_opcode=0xFF)
cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
do_set_target(TARGET)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.INSN_BEGIN_CB,
insn_begin,
name="insn_begin")
# Add a trigger so that the callback is only triggered
# for a certain range of addresses
cm.add_trigger("insn_begin", "triggers/trigger_bp_memrange.so")
cm.set_trigger_var("insn_begin", "begin", 0x100218f)
cm.set_trigger_var("insn_begin", "end", 0x1002190)
cm.set_trigger_var("insn_begin", "pgd", 0xFFFFFFFF)
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
This function will be triggered whenever
the script is loaded for the first time,
either with the import_module command,
or when loaded at startup.
'''
# We keep a callback manager as a global var.
# --> To access it from any function.
# --> Necessary to call cm.clean() from clean() function
global cm
global pyrebox_print
from plugins.guest_agent import guest_agent
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
cm.add_callback(CallbackManager.REMOVEPROC_CB,
remove_proc,
name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
filename = None
with open("filename", "rb") as f:
filename = f.readlines()
guest_agent.copy_file(filename.strip(),
"C:\\Users\\Windows7\\Desktop\\filename.exe")
guest_agent.execute_file("C:\\Users\\Windows7\\Desktop\\filename.exe")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module.
This function will be triggered whenever
the script is loaded for the first time,
either with the import_module command,
or when loaded at startup.
'''
# We keep a callback manager as a global var.
# --> To access it from any function.
# --> Necessary to call cm.clean() from clean() function
global cm
global pyrebox_print
# Initialize printer function (global var), that we can use to print
# text that is associated to our script
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
# Initialize the callback manager, and register a couple of named
# callbacks.
cm = CallbackManager(module_hdl, new_style = True)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
cm.add_callback(CallbackManager.REMOVEPROC_CB, remove_proc, name="vmi_remove_proc")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initilize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
global cm
global pyrebox_print
pyrebox_print = printer
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl)
cm.add_callback(CallbackManager.CREATEPROC_CB, new_proc, name="vmi_new_proc")
cm.add_callback(CallbackManager.MEM_WRITE_CB, mem_write, name="mem_write")
cm.add_callback(CallbackManager.BLOCK_BEGIN_CB, block_exec, name="block_begin")
pyrebox_print("[*] Initialized callbacks")
def initialize_callbacks(module_hdl, printer):
'''
Initialize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
from plugins.guest_agent import guest_agent
global cm
global pyrebox_print
global target_procname
global autorun_module_handle
autorun_module_handle = module_hdl
pyrebox_print = printer
pyrebox_print("[*] Reading configuration file")
#Read AutoRun configuration file (json)
f = open(os.environ["AUTORUN_CONF_PATH"], "r")
conf = json.load(f)
f.close()
kws = [
"container_path", "main_executable_file", "extract_path", "temp_path",
"preserve_filenames"
]
for k in kws:
if k not in conf:
pyrebox_print(
"The configuration file does not contain the necessary keywords"
)
return
# Initialize process creation callback
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
# Copy target file to guest, and execute it
pyrebox_print("Copying host file to guest, using agent...")
temp_dnames = []
if "container_path" in conf and tarfile.is_tarfile(conf["container_path"]):
# For each file in the tar file, extract to a temporary file,
# and copy to the VM with the appropriate file name.
extracted_files = {}
tar = tarfile.open(conf["container_path"], "r:gz")
# Get file names inside the tar file
for tarinfo in tar:
extracted_files[tarinfo.name] = None
# Extract each file into a temporary file
for fname in extracted_files.keys():
temp_dname = tempfile.mkdtemp(dir=conf["temp_path"])
temp_dnames.append(temp_dname)
tar.extract(fname, path=temp_dname)
extracted_files[fname] = os.path.join(temp_dname, fname)
tar.close()
# Copy files to the VM
for fname, temp_fname in extracted_files.iteritems():
# Copy the specified file to C:\\temp.exe in the guest
if conf["preserve_filenames"]:
guest_agent.copy_file(temp_fname, conf["extract_path"] + fname)
else:
guest_agent.copy_file(temp_fname,
conf["extract_path"] + "file.exe")
conf["main_executable_file"] = "file.exe"
# Execute the file. We set a callback to signal this script that
# the files have already been copied and can be deleted
f = functools.partial(files_copied_callback, temp_dnames)
guest_agent.execute_file(conf["extract_path"] +
conf["main_executable_file"],
callback=f)
# stop_agent() does not only kill the agent, but it also
# disables the agent plugin. Invalid opcodes
# are not treated as agent commands any more, so this call
# improves transparency.
guest_agent.stop_agent()
# Set target proc name:
target_procname = conf["main_executable_file"]
pyrebox_print("Waiting for process %s to start\n" % target_procname)
pyrebox_print("Module loaded: %d" % module_hdl)