def initLayout(self):
call_table_layout = qt.qvboxlayout()()
filter_layout = qt.qhboxlayout()()
markup_layout = qt.qhboxlayout()()
markup_layout.setAlignment(qt.qtcore().Qt.AlignLeft)
markup_layout.addWidget(qt.qlabel()("Choose Color: "))
markup_layout.addWidget(self._color_button)
markup_layout.addWidget(qt.qlabel()("Choose Function Color: "))
markup_layout.addWidget(self._func_color_button)
markup_layout.addWidget(qt.qlabel()("\t\t\tMarkup: "))
markup_category_button = qt.qpushbutton()("Selected")
markup_category_button.clicked.connect(self.markupCategories)
markup_all_button = qt.qpushbutton()("All")
markup_all_button.clicked.connect(self.markupAll)
markup_remove_button = qt.qpushbutton()("Remove")
markup_remove_button.clicked.connect(self.removeAllMarkup)
markup_layout.addWidget(markup_category_button)
markup_layout.addWidget(markup_all_button)
markup_layout.addWidget(markup_remove_button)
call_table_layout.addLayout(markup_layout)
self._checkbox_layout = qt.qhboxlayout()()
self._checkbox_layout.setAlignment(qt.qtcore().Qt.AlignLeft)
self._checkbox_layout.addWidget(qt.qlabel()("Categories: "))
call_table_layout.addLayout(self._checkbox_layout)
self._filter_box = qt.qlineedit()()
self._filter_box.setMaxLength(80)
_filter_button = qt.qpushbutton()("Filter")
_filter_button.clicked.connect(self.filterCallData)
filter_layout.setAlignment(qt.qtcore().Qt.AlignLeft)
filter_layout.addWidget(qt.qlabel()("Select: "))
b_all = qt.qpushbutton()("All")
width = b_all.fontMetrics().boundingRect("All").width() + 9
b_all.setMaximumWidth(width)
b_all.clicked.connect(self.selectAll)
b_none = qt.qpushbutton()("None")
width = b_all.fontMetrics().boundingRect("None").width() + 9
b_none.setMaximumWidth(width)
b_none.clicked.connect(self.selectNone)
filter_layout.addWidget(b_all)
filter_layout.addWidget(b_none)
filter_layout.addWidget(qt.qlabel()("Filter Calls: "))
filter_layout.addWidget(self._filter_box)
filter_layout.addWidget(_filter_button)
call_table_layout.addLayout(filter_layout)
call_table_layout.addWidget(self._call_table)
self.setLayout(call_table_layout)
def initLayout(self):
call_table_layout = qt.qvboxlayout()()
filter_layout = qt.qhboxlayout()()
markup_layout = qt.qhboxlayout()()
markup_layout.setAlignment(qt.qtcore().Qt.AlignLeft)
markup_layout.addWidget(qt.qlabel()("Choose Color: "))
markup_layout.addWidget(self._color_button)
markup_layout.addWidget(qt.qlabel()("Choose Function Color: "))
markup_layout.addWidget(self._func_color_button)
markup_layout.addWidget(qt.qlabel()("\t\t\tMarkup: "))
markup_category_button = qt.qpushbutton()("Selected")
markup_category_button.clicked.connect(self.markupCategories)
markup_all_button = qt.qpushbutton()("All")
markup_all_button.clicked.connect(self.markupAll)
markup_remove_button = qt.qpushbutton()("Remove")
markup_remove_button.clicked.connect(self.removeAllMarkup)
markup_layout.addWidget(markup_category_button)
markup_layout.addWidget(markup_all_button)
markup_layout.addWidget(markup_remove_button)
call_table_layout.addLayout(markup_layout)
self._checkbox_layout = qt.qhboxlayout()()
self._checkbox_layout.setAlignment(qt.qtcore().Qt.AlignLeft)
self._checkbox_layout.addWidget(qt.qlabel()("Categories: "))
call_table_layout.addLayout(self._checkbox_layout)
self._filter_box = qt.qlineedit()()
self._filter_box.setMaxLength(80)
_filter_button = qt.qpushbutton()("Filter")
_filter_button.clicked.connect(self.filterCallData)
filter_layout.setAlignment(qt.qtcore().Qt.AlignLeft)
filter_layout.addWidget(qt.qlabel()("Select: "))
b_all = qt.qpushbutton()("All")
width = b_all.fontMetrics().boundingRect("All").width() + 9
b_all.setMaximumWidth(width)
b_all.clicked.connect(self.selectAll)
b_none = qt.qpushbutton()("None")
width = b_all.fontMetrics().boundingRect("None").width() + 9
b_none.setMaximumWidth(width)
b_none.clicked.connect(self.selectNone)
filter_layout.addWidget(b_all)
filter_layout.addWidget(b_none)
filter_layout.addWidget(qt.qlabel()("Filter Calls: "))
filter_layout.addWidget(self._filter_box)
filter_layout.addWidget(_filter_button)
call_table_layout.addLayout(filter_layout)
call_table_layout.addWidget(self._call_table)
self.setLayout(call_table_layout)
def load(self):
for cat in sorted(list(self.parent.call_categories)):
self._checkbox_map[cat] = qt.qcheckbox()(cat.capitalize())
for cat in sorted(self._checkbox_map.keys()):
cb = self._checkbox_map[cat]
cb.setCheckState(qt.qtcore().Qt.Checked)
cb.clicked.connect(self.filterCallData)
self._checkbox_layout.addWidget(cb)
self._call_table.clear()
self._call_table.setHorizontalHeaderLabels(
["Category", "Caller", "Parent Caller", "API", "Return", "Args"])
header = self._call_table.horizontalHeader()
header.setStretchLastSection(True)
if self.parent.cuckoo_version.startswith(("1.3", "2.0")):
self._call_table.itemDoubleClicked.connect(self.clickRow)
self._call_table.setRowCount(len(self.parent.calls))
row = 0
for call in self.parent.calls:
arg_str = "\r\n".join([
"{}: {}".format(k,
unicode(v)[:80].encode("unicode-escape"))
for k, v in call["arguments"].items()
])
bg_color = self._COLOR_MAP.get(call.get("category", ""),
qt.qcolor()(0xff, 0xff, 0xff))
self._call_table.setItem(
row, 0,
qt.qtablewidgetitem()(call.get("category", "")))
self._call_table.item(row, 0).setBackground(bg_color)
call_addr = ""
if self.parent.cuckoo_version.startswith("1.3"):
call_addr = idc.PrevHead(int(call["caller"], 16))
call_addr = call.get(
"caller", "0x00000000"
) if call_addr == idc.BADADDR else "0x{:08x}".format(call_addr)
# cuckoo 2.0 stores call stack in "stack", but only enabled in DEBUG
if self.parent.cuckoo_version.startswith(
"2.0") and call["stacktrace"]:
call_addr = call["stacktrace"][-1].split(" @ ")[-1]
ret = call["return"] if "return" in call else str(
call["return_value"])
self._call_table.setItem(row, 1, qt.qtablewidgetitem()(call_addr))
self._call_table.item(row, 1).setBackground(bg_color)
self._call_table.setItem(
row, 2,
qt.qtablewidgetitem()(call.get("parentcaller", "")))
self._call_table.item(row, 2).setBackground(bg_color)
self._call_table.setItem(row, 3,
qt.qtablewidgetitem()(call["api"]))
self._call_table.item(row, 3).setBackground(bg_color)
self._call_table.setItem(row, 4, qt.qtablewidgetitem()(ret))
self._call_table.item(row, 4).setBackground(bg_color)
self._call_table.setItem(row, 5, qt.qtablewidgetitem()(arg_str))
self._call_table.item(row, 5).setBackground(bg_color)
row += 1
self._call_table.resizeRowsToContents()
self._call_table.resizeColumnsToContents()
self._call_table.setSortingEnabled(True)
def setupTableContextMenu(self):
self._call_table.setContextMenuPolicy(qt.qtcore().Qt.ActionsContextMenu)
copyAction = qt.qaction()(self._call_table)
copyAction.setText("Copy Cell Value")
copyAction.triggered.connect(self.copyToClipboard)
self._call_table.addAction(copyAction)
markupAction = qt.qaction()(self._call_table)
markupAction.setText("Add Markup to Selected Call")
markupAction.triggered.connect(self.markUpItem)
self._call_table.addAction(markupAction)
unMarkupAction = qt.qaction()(self._call_table)
unMarkupAction.setText("Remove Markup from Selected Call")
unMarkupAction.triggered.connect(self.unMarkUpItem)
self._call_table.addAction(unMarkupAction)
log.debug("Creating Calls Tab")
def setupTableContextMenu(self):
self._call_table.setContextMenuPolicy(qt.qtcore().Qt.ActionsContextMenu)
copyAction = qt.qaction()(self._call_table)
copyAction.setText("Copy Cell Value")
copyAction.triggered.connect(self.copyToClipboard)
self._call_table.addAction(copyAction)
markupAction = qt.qaction()(self._call_table)
markupAction.setText("Add Markup to Selected Call")
markupAction.triggered.connect(self.markUpItem)
self._call_table.addAction(markupAction)
unMarkupAction = qt.qaction()(self._call_table)
unMarkupAction.setText("Remove Markup from Selected Call")
unMarkupAction.triggered.connect(self.unMarkUpItem)
self._call_table.addAction(unMarkupAction)
log.debug("Creating Calls Tab")
def initVars(self):
self._import_table = qt.qtablewidget()()
self._import_table.setEditTriggers(qt.qabstractitemview().NoEditTriggers)
self._import_table.setRowCount(0)
self._import_table.setColumnCount(6)
self._import_table.setHorizontalHeaderLabels(["Address", "DLL", "ProcName", "ProcAddress", "Type", "IDA Name"])
self._import_table.setContextMenuPolicy(qt.qtcore().Qt.ActionsContextMenu)
copyAction = qt.qaction()(self._import_table)
copyAction.setText("Copy Cell Value")
copyAction.triggered.connect(self.copyToClipboard)
self._import_table.addAction(copyAction)
renameAction = qt.qaction()(self._import_table)
renameAction.setText("Rename DWORDs to Proc Name")
renameAction.triggered.connect(self.renameDword)
self._import_table.addAction(renameAction)
self.clipboard = qt.qclipboard()
def initVars(self):
self._import_table = qt.qtablewidget()()
self._import_table.setEditTriggers(qt.qabstractitemview().NoEditTriggers)
self._import_table.setRowCount(0)
self._import_table.setColumnCount(6)
self._import_table.setHorizontalHeaderLabels(["Address","DLL","ProcName","ProcAddress","Type","IDA Name"])
self._import_table.setContextMenuPolicy(qt.qtcore().Qt.ActionsContextMenu)
copyAction = qt.qaction()(self._import_table)
copyAction.setText("Copy Cell Value")
copyAction.triggered.connect(self.copyToClipboard)
self._import_table.addAction(copyAction)
renameAction = qt.qaction()(self._import_table)
renameAction.setText("Rename DWORDs to Proc Name")
renameAction.triggered.connect(self.renameDword)
self._import_table.addAction(renameAction)
self.clipboard = qt.qclipboard()
def load(self):
for cat in sorted(list(self.parent.call_categories)):
self._checkbox_map[cat] = qt.qcheckbox()(cat.capitalize())
for cat in sorted(self._checkbox_map.keys()):
cb = self._checkbox_map[cat]
cb.setCheckState(qt.qtcore().Qt.Checked)
cb.clicked.connect(self.filterCallData)
self._checkbox_layout.addWidget(cb)
self._call_table.clear()
self._call_table.setHorizontalHeaderLabels(["Category","Caller","Parent Caller","API","Return","Args"])
header = self._call_table.horizontalHeader()
header.setStretchLastSection(True)
if self.parent.cuckoo_version.startswith(("1.3", "2.0")):
self._call_table.itemDoubleClicked.connect(self.clickRow)
self._call_table.setRowCount(len(self.parent.calls))
row = 0
for call in self.parent.calls:
arg_str = "\r\n".join(["{}: {}".format(k, unicode(v)[:80].encode("unicode-escape")) for k, v in call["arguments"].items()])
bg_color = self._COLOR_MAP.get(call.get("category", ""), qt.qcolor()(0xff, 0xff, 0xff))
self._call_table.setItem(row, 0, qt.qtablewidgetitem()(call.get("category", "")))
self._call_table.item(row, 0).setBackground(bg_color)
call_addr = ""
if self.parent.cuckoo_version.startswith("1.3"):
call_addr = idc.PrevHead(int(call["caller"],16))
call_addr = call.get("caller", "0x00000000") if call_addr == idc.BADADDR else "0x{:08x}".format(call_addr)
# cuckoo 2.0 stores call stack in "stack", but only enabled in DEBUG
if self.parent.cuckoo_version.startswith("2.0") and call["stacktrace"]:
call_addr = call["stacktrace"][-1].split(" @ ")[-1]
ret = call["return"] if "return" in call else str(call["return_value"])
self._call_table.setItem(row, 1, qt.qtablewidgetitem()(call_addr))
self._call_table.item(row, 1).setBackground(bg_color)
self._call_table.setItem(row, 2, qt.qtablewidgetitem()(call.get("parentcaller", "")))
self._call_table.item(row, 2).setBackground(bg_color)
self._call_table.setItem(row, 3, qt.qtablewidgetitem()(call["api"]))
self._call_table.item(row, 3).setBackground(bg_color)
self._call_table.setItem(row, 4, qt.qtablewidgetitem()(ret))
self._call_table.item(row, 4).setBackground(bg_color)
self._call_table.setItem(row, 5, qt.qtablewidgetitem()(arg_str))
self._call_table.item(row, 5).setBackground(bg_color)
row += 1
self._call_table.resizeRowsToContents()
self._call_table.resizeColumnsToContents()
self._call_table.setSortingEnabled(True)
def selectNone(self):
for cat, cb in self._checkbox_map.iteritems():
cb.setCheckState(qt.qtcore().Qt.Unchecked)
self.filterCallData()
def selectNone(self):
for cat, cb in self._checkbox_map.iteritems():
cb.setCheckState(qt.qtcore().Qt.Unchecked)
self.filterCallData()