def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(10)
lp_application_name = arguments_array[0]
lp_command_line = arguments_array[1]
lp_process_attributes = arguments_array[2]
lp_thread_attributes = arguments_array[3]
b_inherit_handles = arguments_array[4]
dw_creation_flags = arguments_array[5]
lp_environment = arguments_array[7]
lp_current_directory = arguments_array[8]
lp_startup_info = arguments_array[9]
lp_process_information = arguments_array[10]
application_name = None
if lp_application_name != 0x0:
application_name_bytes = vivisect_engine.read_memory(
lp_parameter, CreateProcessA.DEFAULT_READ_SIZE)
application_name = MemoryDataInterpreter.bytearray_to_uncicode_string(
application_name_bytes)
command_line = None
if lp_command_line != 0x0:
command_line_bytes = vivisect_engine.read_memory(
lp_command_line, CreateProcessA.DEFAULT_READ_SIZE)
command_line = MemoryDataInterpreter.bytearray_to_uncicode_string(
command_line_bytes)
current_directory = None
if lp_current_directory != 0x0:
current_directory_bytes = vivisect_engine.read_memory(
lp_current_directory, CreateProcessA.DEFAULT_READ_SIZE)
current_directory = MemoryDataInterpreter.bytearray_to_uncicode_string(
current_directory_bytes)
startup_info_bytes = None
if lp_startup_info != 0x0:
startup_info_bytes = vivisect_engine.read_memory(
startup_info_bytes, CreateProcessA.DEFAULT_READ_SIZE)
process_information_bytes = None
if lp_process_information != 0x0:
process_information_bytes = vivisect_engine.read_memory(
lp_process_information, CreateProcessA.DEFAULT_READ_SIZE)
return [
application_name, command_line,
hex(lp_process_attributes),
hex(lp_thread_attributes),
hex(b_inherit_handles),
hex(dw_creation_flags),
hex(lp_environment), current_directory, startup_info_bytes,
process_information_bytes
]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(6)
code_page = arguments_array[0]
dw_flags = arguments_array[1]
lp_multibyte_str = arguments_array[2]
cb_multi_byte = arguments_array[3]
lp_wide_char_str = arguments_array[4]
cc_wide_char = arguments_array[5]
source_bytes = None
destination_bytes = None
if lp_multibyte_str != 0x0:
source_bytes = vivisect_engine.read_memory(lp_multibyte_str,
cb_multi_byte)
source_bytes = MemoryDataInterpreter.bytearray_to_ascii_string(
source_bytes)
if lp_wide_char_str != 0x0:
destination_bytes = vivisect_engine.read_memory(
lp_wide_char_str, cc_wide_char)
#destination_bytes = MemoryDataInterpreter.bytearray_to_ascii_string(destination_bytes) #We don't do this because there may be garbage there. I will return a cast to string.
return [
hex(code_page),
hex(dw_flags), source_bytes,
hex(cb_multi_byte), destination_bytes,
hex(cc_wide_char)
]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(1)
lp_string = arguments_array[0]
atom_name = ''
if lp_string != 0x0:
bytes = vivisect_engine.read_memory(lp_string, AddAtomA.DEFAULT_READ_SIZE)
atom_name = MemoryDataInterpreter.bytearray_to_ascii_string(bytes)
return [atom_name]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(1)
lp_module_name = arguments_array[0]
module_name = ''
if lp_module_name != 0x0:
bytes = vivisect_engine.read_memory(
lp_module_name, GetModuleHandleW.DEFAULT_READ_SIZE)
module_name = MemoryDataInterpreter.bytearray_to_unicode_string(
bytes)
return [module_name]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(3)
n_atom = arguments_array[0]
lp_buffer = arguments_array[1]
n_size = arguments_array[2]
atom_name = ''
if lp_buffer != 0x0:
bytes = vivisect_engine.read_memory(lp_buffer, n_size)
atom_name = MemoryDataInterpreter.bytearray_to_ascii_string(bytes)
return [hex(n_atom), atom_name]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(3)
lp_mutex_attributes = arguments_array[0]
b_inherit_handle = arguments_array[2]
lp_name = arguments_array[3]
mutex_name = ''
if lp_name != 0x0:
bytes = vivisect_engine.read_memory(lp_name,
OpenMutex.DEFAULT_READ_SIZE)
mutex_name = MemoryDataInterpreter.bytearray_to_ascii_string(bytes)
return [hex(lp_mutex_attributes), bool(b_inherit_handle), mutex_name]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(3)
lp_mutex_attributes = arguments_array[0]
b_initial_owner = arguments_array[1]
lp_name = arguments_array[2]
mutex_name = ''
if lp_name != 0x0:
bytes = vivisect_engine.read_memory(lp_name,
CreateMutexA.DEFAULT_READ_SIZE)
mutex_name = MemoryDataInterpreter.bytearray_to_ascii_string(bytes)
return [hex(lp_mutex_attributes), bool(b_initial_owner), mutex_name]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(2)
h_module = arguments_array[0]
l_proc_name = arguments_array[1]
function_name = ''
if l_proc_name != 0x0:
bytes = vivisect_engine.read_memory(
l_proc_name, GetProcAddress.DEFAULT_READ_SIZE)
function_name = MemoryDataInterpreter.bytearray_to_ascii_string(
bytes)
return [hex(h_module), function_name]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(2)
lpString1 = arguments_array[0]
lpString2 = arguments_array[1]
extracted_bytes1 = None
extracted_bytes2 = None
if lpString1 != 0x0 and lpString2 != 0x0:
bytes1 = vivisect_engine.read_memory(lpString1,
lstrcatA.DEFAULT_READ_SIZE)
bytes2 = vivisect_engine.read_memory(lpString2,
lstrcatA.DEFAULT_READ_SIZE)
extracted_bytes1 = MemoryDataInterpreter.bytearray_to_ascii_string(
bytes1)
extracted_bytes2 = MemoryDataInterpreter.bytearray_to_ascii_string(
bytes2)
return [
hex(lpString1),
hex(lpString2), extracted_bytes1, extracted_bytes2
]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(5)
h_key = arguments_array[0]
lp_subkey = arguments_array[1]
ul_options = arguments_array[2]
sam_desired = arguments_array[3]
phk_result = arguments_array[4]
subkey_name = ''
if lp_subkey != 0x0:
bytes = vivisect_engine.read_memory(lp_subkey, RegOpenKeyExW.DEFAULT_READ_SIZE)
subkey_name = MemoryDataInterpreter.bytearray_to_unicode_string(bytes)
return [hex(h_key), subkey_name, hex(ul_options), hex(sam_desired), hex(phk_result)]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(5)
h_process = arguments_array[0]
lp_base_address = arguments_array[1]
lp_buffer = arguments_array[2]
n_size = arguments_array[3]
lp_Number_of_bytes_written = arguments_array[4]
extracted_bytes = None
if lp_buffer != 0x0:
bytes = vivisect_engine.read_memory(lp_buffer, WriteProcessMemory.DEFAULT_READ_SIZE)
extracted_bytes = MemoryDataInterpreter.extract_bytes(bytes, n_size)
return [h_process, hex(lp_base_address), n_size, lp_Number_of_bytes_written, extracted_bytes]
def get_arguments_list(vivisect_engine):
arguments_array = vivisect_engine.get_function_arguments(5)
locale = arguments_array[0]
dw_info_type = arguments_array[1]
lp_src_str = arguments_array[2]
cch_src = arguments_array[3]
lp_char_type = arguments_array[4]
source_bytes = None
destination_bytes = None
if lp_src_str != 0x0:
source_bytes = vivisect_engine.read_memory(lp_src_str, cch_src)
source_bytes = MemoryDataInterpreter.bytearray_to_ascii_string(source_bytes)
destination_bytes = vivisect_engine.read_memory(lp_char_type, cch_src)
return [hex(locale), hex(dw_info_type), source_bytes, cch_src, destination_bytes]