def process(self, data):
pcapkit = self._pcapkit
logging.getLogger('pcapkit').disabled = True
merge = self.args.merge
with VirtualFileSystem() as fs:
vf = VirtualFile(fs, data, 'pcap')
extraction = pcapkit.extract(
fin=vf.path, engine='scapy', store=False, nofile=True, extension=False, tcp=True, strict=True)
tcp: list = list(extraction.reassembly.tcp)
count, convo = 0, None
src_buffer = MemoryFile()
dst_buffer = MemoryFile()
for stream in tcp:
this_convo = Conversation.FromID(stream.id)
if this_convo != convo:
if count and merge:
if src_buffer.tell():
yield self.labelled(src_buffer.getvalue(), **convo.src_to_dst())
src_buffer.truncate(0)
if dst_buffer.tell():
yield self.labelled(dst_buffer.getvalue(), **convo.dst_to_src())
dst_buffer.truncate(0)
count = count + 1
convo = this_convo
for packet in stream.packets:
if not merge:
yield self.labelled(packet.data, **this_convo.src_to_dst(), stream=count)
elif this_convo.src == convo.src:
src_buffer.write(packet.data)
elif this_convo.dst == convo.src:
dst_buffer.write(packet.data)
else:
raise RuntimeError(F'direction of packet {convo!s} in conversation {count} is unknown')
def test_mmap(self):
import mmap
with VirtualFileSystem() as vfs:
buffer = b'finest refinery'
vf = VirtualFile(vfs, buffer)
mapping = mmap.mmap(open(vf, 'rb').fileno(), 0)
mapping.seek(7)
self.assertEqual(mapping.read(), B'refinery')
self.assertEqual(mapping[:6], b'finest')
def test_read_and_write(self):
with VirtualFileSystem() as vfs:
vf1 = VirtualFile(vfs)
with open(vf1, 'wb') as stream:
stream.write(b'test')
self.assertEqual(vf1.data, b'test')
with open(vf1, 'rb') as stream:
self.assertEqual(stream.read(), b'test')
with open(vf1, 'wb') as stream:
stream.write(b'refined')
with open(vf1, 'rb') as stream:
self.assertEqual(stream.read(), b'refined')
def process(self, data):
class args:
disasmOnly = True
verbose = False
with io.StringIO() as output:
with VirtualFileSystem() as vfs:
vf = vfs.new(data)
self._pcodedmp.processFile(vf, args, output)
code = output.getvalue()
if not self.args.raw:
from refinery.lib.thirdparty.pcode2code import Parser
parser = Parser(code)
parser.parseInput()
parser.processInput(False)
code = parser.getOutput()
code = re.sub('^(Sub|Function)', r'\n\1', code, flags=re.MULTILINE)
return code.encode(self.codec)
def process(self, data: bytearray):
with VirtualFileSystem() as vfs:
result = self._process_file(
file=vfs.new(data),
noninteractive=True,
return_deobfuscated=True,
extract_only=self.args.extract_only,
silent=True,
sort_formulas=self.args.sort_formulas,
defined_names=False,
with_ms_excel=self.args.with_ms_excel,
start_with_shell=False,
day=self.args.day,
output_formula_format=self.args.output_formula_format,
extract_formula_format=self.args.extract_formula_format,
no_indent=self.args.no_indent,
start_point=self.args.start_point,
password=self.args.password,
output_level=self.args.output_level,
timeout=self.args.timeout,
)
return '\n'.join(result).encode(self.codec)
def process(self, data):
with VirtualFileSystem() as vfs:
raw = self.args.raw
with self._evtx(vfs.new(data)) as log:
for record in log.records():
yield record.data() if raw else record.xml().encode(self.codec)
def test_io_open(self):
import io
with VirtualFileSystem() as vfs:
vf = VirtualFile(vfs, B'test')
self.assertEqual(io.open(vf, 'rb').read(), B'test')
def test_stat(self):
import os
with VirtualFileSystem() as vfs:
buffer = self.generate_random_buffer(2012)
vf = VirtualFile(vfs, buffer)
self.assertEqual(os.stat(vf).st_size, 2012)
def test_normal_open(self):
with VirtualFileSystem() as vfs:
vf = VirtualFile(vfs, B'test')
self.assertEqual(open(vf, 'rb').read(), B'test')
def test_codecs_open(self):
import codecs
with VirtualFileSystem() as vfs:
vf = VirtualFile(vfs, 'test'.encode('utf-16le'))
self.assertEqual(
codecs.open(vf, 'r', encoding='utf-16le').read(), 'test')