def __init__(self,
title,
isMatchedProcs,
matchedProcsCache,
procId=None,
deflt=1):
if isMatchedProcs:
Choose2.__init__(self, title,
[['RVA', 10 | Choose2.CHCOL_HEX],
['Name', 30 | Choose2.CHCOL_PLAIN],
['Binary hash', 30 | Choose2.CHCOL_PLAIN]],
Choose2.CH_MULTI)
else:
Choose2.__init__(self, title, [
['Address', 10 | Choose2.CHCOL_HEX],
['Name', 30 | Choose2.CHCOL_PLAIN],
], Choose2.CH_MULTI)
self.openedFileHash = VBIDAHelper.SHA1File(VBIDAHelper.getFilePath())
self.n = 0
self.icon = 41
self.deflt = deflt
self.isMatchedProcs = isMatchedProcs
self.procId = procId
self.matchedProcsCache = matchedProcsCache
self.populateItems()
self.addCommand()
def highlightMatchedProcs(self):
matchedProcs = self.matchedProcsCache.readAll()
prefix = '[%s]\n[!] Matched Procedures: \n' % self.ui.editHighlightCaption.toPlainText()
if len(matchedProcs) > 0:
for proc in matchedProcs:
procStr = ''
rva = proc.split('/')[1]
ea = VBIDAHelper.addressFromRVA(int(rva, 16))
matched = self.matchedProcsCache.read(proc)
for m in matched:
mbinary, mrva = m['proc_id'].split('/')
procStr += 'Procedure: %s, Binary: %s, RVA: %s\n'%(
m['procName'], mbinary, mrva)
cmt = prefix + procStr
cmt = cmt.encode('ascii','ignore')
VBIDAHelper.setFunctionComment(ea, cmt)
css = self.ui.btnHighlightColorChooser.styleSheet()
start = css.find('rgb')
if start != -1:
start += 4
end = css.find(')')
t = css[start : end]
rgb = map(str, t.split(','))
rgb = map(str.strip, rgb)
rgb = map(int, rgb)
VBIDAHelper.setFunctionColor(ea, rgb[2], rgb[1], rgb[0])
self.notifyStatus({
'statuscode': 0,
'message': '%s procedures has been highlighted'%len(matchedProcs)
})
def openMatchedProcsChooser(self, rvaStr):
rva = int(rvaStr, 16)
c = VBFunctionChooser(
'Address %s matched procedures' %
hex(VBIDAHelper.addressFromRVA(rva)), True, self.matchedProcsCache,
self.openedFileHash + '/' + rvaStr, rva)
c.Show()
def openMatchedProcsChooser(self, rvaStr):
rva = int(rvaStr, 16)
c = VBFunctionChooser(
'Address %s matched procedures' % hex(VBIDAHelper.addressFromRVA(rva)),
True,
self.matchedProcsCache,
self.openedFileHash + '/' + rvaStr,
rva
)
c.Show()
def __init__(self, parent=None):
super(VBMainWidget, self).__init__(parent)
self.ui = Ui_frmVirusBattle()
self.ui.setupUi(self)
self.APIKey = None
self.initCaches()
self.initSignals()
VBIDAHelper.addMenuItem('View/', '[VB] Matched Procs', 'Alt-Shift-V',
self.menuItemMatchedProcsTriggered,
self.matchedProcsCache)
self.currentDir = os.path.abspath(
os.path.join(os.path.realpath(__file__), os.pardir, os.pardir))
self.downloadFolder = self.currentDir + os.sep + 'download'
self.openedFilePath = VBIDAHelper.getFilePath()
self.openedFileHash = ''
try:
self.openedFileHash = VBIDAHelper.SHA1File(self.openedFilePath)
except:
pass
if self.openedFileHash != '':
self.ui.lblOpenFileHash.setText('Current file hash: %s' %
self.openedFileHash)
self.ui.editOtherSHA.setText(self.openedFileHash)
else:
self.openedFilePath = ''
self.ui.lblOpenFileHash.setText('Current file could be not found.')
self.loadListProfiles()
self.otherInfosAvailability = {
'avscans': False,
'behaviors': False,
'pedata': False
}
def highlightMatchedProcs(self):
matchedProcs = self.matchedProcsCache.readAll()
prefix = '[%s]\n[!] Matched Procedures: \n' % self.ui.editHighlightCaption.toPlainText(
)
if len(matchedProcs) > 0:
for proc in matchedProcs:
procStr = ''
rva = proc.split('/')[1]
ea = VBIDAHelper.addressFromRVA(int(rva, 16))
matched = self.matchedProcsCache.read(proc)
for m in matched:
mbinary, mrva = m['proc_id'].split('/')
procStr += 'Procedure: %s, Binary: %s, RVA: %s\n' % (
m['procName'], mbinary, mrva)
cmt = prefix + procStr
cmt = cmt.encode('ascii', 'ignore')
VBIDAHelper.setFunctionComment(ea, cmt)
css = self.ui.btnHighlightColorChooser.styleSheet()
start = css.find('rgb')
if start != -1:
start += 4
end = css.find(')')
t = css[start:end]
rgb = map(str, t.split(','))
rgb = map(str.strip, rgb)
rgb = map(int, rgb)
VBIDAHelper.setFunctionColor(ea, rgb[2], rgb[1], rgb[0])
self.notifyStatus({
'statuscode':
0,
'message':
'%s procedures has been highlighted' % len(matchedProcs)
})
def __init__(self, parent=None):
super(VBMainWidget, self).__init__(parent)
self.ui = Ui_frmVirusBattle()
self.ui.setupUi(self)
self.APIKey = None
self.initCaches()
self.initSignals()
VBIDAHelper.addMenuItem('View/', '[VB] Matched Procs', 'Alt-Shift-V',
self.menuItemMatchedProcsTriggered, self.matchedProcsCache)
self.currentDir = os.path.abspath(
os.path.join(os.path.realpath(__file__), os.pardir, os.pardir)
)
self.downloadFolder = self.currentDir + os.sep + 'download'
self.openedFilePath = VBIDAHelper.getFilePath()
self.openedFileHash = ''
try:
self.openedFileHash = VBIDAHelper.SHA1File(self.openedFilePath)
except:
pass
if self.openedFileHash != '':
self.ui.lblOpenFileHash.setText('Current file hash: %s' % self.openedFileHash)
self.ui.editOtherSHA.setText(self.openedFileHash)
else:
self.openedFilePath = ''
self.ui.lblOpenFileHash.setText('Current file could be not found.')
self.loadListProfiles()
self.otherInfosAvailability = {
'avscans': False,
'behaviors': False,
'pedata': False
}
def OnCommand(self, n, cmd):
if n >= 0:
if cmd == self.cmdMatches:
rva = VBIDAHelper.RVAFromAddress(int(self.items[n][0], 16))
rvaStr = str(hex(rva))
c = VBFunctionChooser(
'Address %s matched procedures' % self.items[n][0], True,
self.matchedProcsCache, self.openedFileHash + '/' + rvaStr,
rva)
c.Show()
elif cmd == self.cmdDissInfo:
print "This feature will be added on the next release."
else:
print "Unknown command:", cmd_id, "@", n
return 1
def populateItems(self):
self.items = []
if self.isMatchedProcs:
matchedProcs = self.matchedProcsCache.read(self.procId)
if matchedProcs is not None:
for mProcs in matchedProcs:
binHash, rva = mProcs['proc_id'].split('/')
self.items.append([rva, mProcs['procName'], binHash])
else:
self.items = [['', 'No Matched Procedure for this address', '']]
else:
procsWithSim = self.matchedProcsCache.readAll()
for proc in procsWithSim:
ea = VBIDAHelper.addressFromRVA(int(proc.split('/')[1], 16))
self.items.append([hex(ea), GetFunctionName(ea)])
def populateItems(self):
self.items = []
if self.isMatchedProcs:
matchedProcs = self.matchedProcsCache.read(self.procId)
if matchedProcs is not None:
for mProcs in matchedProcs:
binHash, rva = mProcs['proc_id'].split('/')
self.items.append([rva, mProcs['procName'], binHash])
else:
self.items = [[
'', 'No Matched Procedure for this address', ''
]]
else:
procsWithSim = self.matchedProcsCache.readAll()
for proc in procsWithSim:
ea = VBIDAHelper.addressFromRVA(int(proc.split('/')[1], 16))
self.items.append([hex(ea), GetFunctionName(ea)])
def __init__(self, title, isMatchedProcs, matchedProcsCache, procId=None, deflt=1):
if isMatchedProcs:
Choose2.__init__(self, title,
[
['RVA', 10 | Choose2.CHCOL_HEX],
['Name', 30 | Choose2.CHCOL_PLAIN],
['Binary hash', 30 | Choose2.CHCOL_PLAIN]
], Choose2.CH_MULTI )
else:
Choose2.__init__(self, title,
[
['Address', 10 | Choose2.CHCOL_HEX],
['Name', 30 | Choose2.CHCOL_PLAIN],
], Choose2.CH_MULTI)
self.openedFileHash = VBIDAHelper.SHA1File(VBIDAHelper.getFilePath())
self.n = 0
self.icon = 41
self.deflt = deflt
self.isMatchedProcs = isMatchedProcs
self.procId = procId
self.matchedProcsCache = matchedProcsCache
self.populateItems()
self.addCommand()
def buttonClicked(self):
sender = self.sender()
btnName = sender.objectName()[3:]
if btnName == 'Register':
self.registerButtonClicked()
elif btnName == 'SaveProfile':
self.saveProfileButtonClicked()
elif btnName == 'RemoveProfile':
self.removeProfileButtonClicked()
elif btnName == 'ReloadBinaries':
self.queryAll()
elif btnName == 'RefreshBinary':
self.reprocess(self.ui.listBins.currentItem().text())
elif btnName == 'DownloadBinary':
if self.ui.listBins.currentItem() is not None:
self.download(self.ui.listBins.currentItem().text(), False)
elif btnName == 'DownloadChildBinary':
if self.ui.listChildren.currentItem() is not None:
self.download(self.ui.listChildren.currentItem().text(), True)
elif btnName == 'ReloadSimilarBins':
self.reloadSimilarBinsClicked()
elif btnName == 'DownloadMatchedBin':
hash = self.ui.listMatchedBins.currentItem().text()
if hash != '':
self.download(hash, False)
elif btnName == 'ReloadMatchedProcs':
self.ReloadMatchedProcsClicked()
elif btnName == 'HighlightColorChooser':
color = QtGui.QColorDialog.getColor()
css = 'background-color: rgb(%s, %s, %s);'%(
str(color.red()), str(color.green()), str(color.blue()))
self.ui.btnHighlightColorChooser.setStyleSheet(css)
elif btnName == 'RemoveHighlights':
funcs = VBIDAHelper.getFunctions()
for func in funcs:
VBIDAHelper.delFunctionComment(func)
VBIDAHelper.setFunctionColor(func, 0xff, 0xff, 0xff)
self.notifyStatus({
'statuscode': 0,
'message': 'Highlights has been removed'
})
elif btnName == 'HighlightAllProcs':
self.highlightMatchedProcs()
elif btnName == 'ShowProcsWithSim':
c = VBFunctionChooser("Procedures with Matches", False, self.matchedProcsCache)
c.Show()
elif btnName == 'ShowMatchedProcs':
if self.ui.listProcsWithSim.currentItem() is not None:
rvaStr = self.ui.listProcsWithSim.currentItem().text()
self.openMatchedProcsChooser(rvaStr)
else:
self.notifyStatus({
'statuscode': 1,
'message': 'No procedure has been selected'
})
elif btnName == 'MatchedLeftProcMoreInfo':
print "This feature will be added on the next release."
# if self.ui.listProcsWithSim.currentItem() is not None:
# rva = self.ui.listProcsWithSim.currentItem().text()
# hash = self.openedFileHash
# # dissViewer = VBDisassemblyViewer(self.juiciesCache.read(hash)[rva])
# # print dissViewer.Show()
# else:
# self.notifyStatus({
# 'statuscode': 1,
# 'message': 'No procedure has been selected'
# })
# disassemblyInfo = self.juiciesCache.read(self.openedFileHash)[rva]
elif btnName == 'MatchedRightProcMoreInfo':
print "This feature will be added on the next release."
elif btnName == 'ShowChild':
childHash = self.ui.editChildHash.text()
childSName = self.ui.editChildServiceName.text()
self.showChildView(childHash, childSName)
elif btnName == 'ShowBinOther':
if self.ui.listBins.currentItem() is not None:
hash = self.ui.listBins.currentItem().text()
self.ui.editOtherSHA.setText(hash)
self.ui.toolBox.setCurrentIndex(2)
elif btnName == 'ReloadOther':
tabIndex = self.ui.tabWidgetOther.currentIndex()
if tabIndex == 0:
self.otherInfosAvailability['avscans'] = False
elif tabIndex == 1:
self.otherInfosAvailability['behaviors'] = False
elif tabIndex == 2:
self.otherInfosAvailability['pedata'] = False
self.tabWidgetOtherChanged(tabIndex)
else:
self.status('idle', 'black')
def menuItemMatchedProcsTriggered(*args):
rvaStr = str(VBIDAHelper.currentFunctionRVA())
args[0].openMatchedProcsChooser(rvaStr)
def buttonClicked(self):
sender = self.sender()
btnName = sender.objectName()[3:]
if btnName == 'Register':
self.registerButtonClicked()
elif btnName == 'SaveProfile':
self.saveProfileButtonClicked()
elif btnName == 'RemoveProfile':
self.removeProfileButtonClicked()
elif btnName == 'ReloadBinaries':
self.queryAll()
elif btnName == 'RefreshBinary':
self.reprocess(self.ui.listBins.currentItem().text())
elif btnName == 'DownloadBinary':
if self.ui.listBins.currentItem() is not None:
self.download(self.ui.listBins.currentItem().text(), False)
elif btnName == 'DownloadChildBinary':
if self.ui.listChildren.currentItem() is not None:
self.download(self.ui.listChildren.currentItem().text(), True)
elif btnName == 'ReloadSimilarBins':
self.reloadSimilarBinsClicked()
elif btnName == 'DownloadMatchedBin':
hash = self.ui.listMatchedBins.currentItem().text()
if hash != '':
self.download(hash, False)
elif btnName == 'ReloadMatchedProcs':
self.ReloadMatchedProcsClicked()
elif btnName == 'HighlightColorChooser':
color = QtGui.QColorDialog.getColor()
css = 'background-color: rgb(%s, %s, %s);' % (str(
color.red()), str(color.green()), str(color.blue()))
self.ui.btnHighlightColorChooser.setStyleSheet(css)
elif btnName == 'RemoveHighlights':
funcs = VBIDAHelper.getFunctions()
for func in funcs:
VBIDAHelper.delFunctionComment(func)
VBIDAHelper.setFunctionColor(func, 0xff, 0xff, 0xff)
self.notifyStatus({
'statuscode': 0,
'message': 'Highlights has been removed'
})
elif btnName == 'HighlightAllProcs':
self.highlightMatchedProcs()
elif btnName == 'ShowProcsWithSim':
c = VBFunctionChooser("Procedures with Matches", False,
self.matchedProcsCache)
c.Show()
elif btnName == 'ShowMatchedProcs':
if self.ui.listProcsWithSim.currentItem() is not None:
rvaStr = self.ui.listProcsWithSim.currentItem().text()
self.openMatchedProcsChooser(rvaStr)
else:
self.notifyStatus({
'statuscode': 1,
'message': 'No procedure has been selected'
})
elif btnName == 'MatchedLeftProcMoreInfo':
print "This feature will be added on the next release."
# if self.ui.listProcsWithSim.currentItem() is not None:
# rva = self.ui.listProcsWithSim.currentItem().text()
# hash = self.openedFileHash
# # dissViewer = VBDisassemblyViewer(self.juiciesCache.read(hash)[rva])
# # print dissViewer.Show()
# else:
# self.notifyStatus({
# 'statuscode': 1,
# 'message': 'No procedure has been selected'
# })
# disassemblyInfo = self.juiciesCache.read(self.openedFileHash)[rva]
elif btnName == 'MatchedRightProcMoreInfo':
print "This feature will be added on the next release."
elif btnName == 'ShowChild':
childHash = self.ui.editChildHash.text()
childSName = self.ui.editChildServiceName.text()
self.showChildView(childHash, childSName)
elif btnName == 'ShowBinOther':
if self.ui.listBins.currentItem() is not None:
hash = self.ui.listBins.currentItem().text()
self.ui.editOtherSHA.setText(hash)
self.ui.toolBox.setCurrentIndex(2)
elif btnName == 'ReloadOther':
tabIndex = self.ui.tabWidgetOther.currentIndex()
if tabIndex == 0:
self.otherInfosAvailability['avscans'] = False
elif tabIndex == 1:
self.otherInfosAvailability['behaviors'] = False
elif tabIndex == 2:
self.otherInfosAvailability['pedata'] = False
self.tabWidgetOtherChanged(tabIndex)
else:
self.status('idle', 'black')
def menuItemMatchedProcsTriggered(*args):
rvaStr = str(VBIDAHelper.currentFunctionRVA())
args[0].openMatchedProcsChooser(rvaStr)
