def req_modcheck(self, hash): md5, pdb = hash.get('md5'), hash.get('pdb') remote = None if md5: rs_log("modcheck idb (md5)") local = rs_decode( binascii.hexlify(idaapi.retrieve_input_file_md5())).upper() remote = (''.join(md5.split())).upper() elif pdb: rs_log("modcheck idb (pdb guid)") msg = rs_decode(base64.b64decode(pdb)) local = DbgDirHlpr.read_rsds_guid() remote = DbgDirHlpr.parse_itoldyouso_output(msg) rs_log(" -> remote: <%s>" % remote) rs_log(" -> local : <%s>" % local) if remote == '0': output = '[!] warning, no Debug Directory' elif local == remote: output = '[+] module successfully matched' else: output = '[!] warning, modules mismatch' rs_log(output) self.notice_broker("cmd", "\"cmd\":\"%s\"" % output) return
def req_cmd(self, hash): msg_b64, offset, base = hash['msg'], hash['offset'], hash['base'] msg = rs_decode(base64.b64decode(msg_b64)) ea = self.rebase(base, offset) if not ea: return rs_log("cmd output added at 0x%x" % ea) self.append_cmt(ea, str(msg))
def req_bps_get(self, hash): rs_log('[-] reload .bpcmds') node = idaapi.netnode(rsconfig.NETNODE_INDEX) if not node: rs_log('[-] failed to open netnode store') self.notice_broker("cmd", "\"cmd\":\"no blob\"") return node.create(rsconfig.NETNODE_STORE) blob = rs_decode(node.getblob(0, str(chr(1)))) if not blob: rs_log(' -> no blob') self.notice_broker('cmd', "\"cmd\":\" -> reloading .bpcmds: no blob\"") return self.notice_broker('cmd', "\"cmd\":\"%s\"" % blob) return
def cb_broker_on_out(self): # readAllStandardOutput() returns QByteArray buffer = rs_decode(self.readAllStandardOutput().data()) batch = buffer.split('\n') for req in batch: self.worker.parse_exec(req.strip())