def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_privilege("SeDebugPrivilege")
grant_privilege("SeLoadDriverPrivilege")
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
if not os.path.exists('analysis.conf'):
log.error('analysis.conf does not exist')
sys.exit(1)
self.config = Config(cfg="analysis.conf")
# Pass the configuration through to the Process class.
Process.set_config(self.config)
#TODO evan - reset if you want to change the clock
# Set virtual machine clock.
# set_clock(datetime.datetime.strptime(
# self.config.clock, "%Y%m%dT%H:%M:%S"
# ))
# Set the default DLL to be used for this analysis.
self.default_dll = self.config.options.get("dll")
# If a pipe name has not set, then generate a random one.
if "pipe" in self.config.options:
self.config.pipe = "\\??\\PIPE\\%s" % self.config.options["pipe"]
else:
self.config.pipe = "\\??\\PIPE\\%s" % random_string(16, 32)
# Generate a random name for the logging pipe server.
self.config.logpipe = "\\??\\PIPE\\%s" % random_string(16, 32)
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(PipeDispatcher,
self.config.pipe,
message=True,
dispatcher=CommandPipeHandler(self))
self.command_pipe.daemon = True
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
destination = self.config.ip, self.config.port
self.log_pipe_server = PipeServer(PipeForwarder,
self.config.logpipe,
destination=destination)
self.log_pipe_server.daemon = True
self.log_pipe_server.start()
def prepare(self):
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
for privilege in ("SeDebugPrivilege", "SeLoadDriverPrivilege"):
if not grant_privilege(privilege):
log.error("Failed to grant '%s' privilege")
# Set the system's date and time to given values
set_clock(datetime.datetime.strptime(
self.config.clock, "%Y%m%dT%H:%M:%S"
))
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(
PipeDispatcher, self.config.pipe, message=True,
dispatcher=CommandPipeHandler(self)
)
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
self.log_pipe = PipeServer(
PipeForwarder, self.config.logpipe,
destination=(self.config.ip, self.config.port)
)
self.log_pipe.start()
self.msgclient.connect()
if not self.msgclient.connected:
return False
self.msgclient.start()
return True
def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_privilege("SeDebugPrivilege")
grant_privilege("SeLoadDriverPrivilege")
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Pass the configuration through to the Process class.
Process.set_config(self.config)
# Set virtual machine clock.
set_clock(
datetime.datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S"))
# Set the default DLL to be used for this analysis.
self.default_dll = self.config.options.get("dll")
# If a pipe name has not set, then generate a random one.
self.config.pipe = self.get_pipe_path(
self.config.options.get("pipe", random_string(16, 32)))
# Generate a random name for the logging pipe server.
self.config.logpipe = self.get_pipe_path(random_string(16, 32))
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(PipeDispatcher,
self.config.pipe,
message=True,
dispatcher=CommandPipeHandler(self))
self.command_pipe.daemon = True
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
destination = self.config.ip, self.config.port
self.log_pipe_server = PipeServer(PipeForwarder,
self.config.logpipe,
destination=destination)
self.log_pipe_server.daemon = True
self.log_pipe_server.start()
# We update the target according to its category. If it's a file, then
# we store the target path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"],
self.config.file_name)
elif self.config.category == "archive":
zip_path = os.path.join(os.environ["TEMP"], self.config.file_name)
zipfile.ZipFile(zip_path).extractall(os.environ["TEMP"])
self.target = os.path.join(os.environ["TEMP"],
self.config.options["filename"])
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_privilege("SeDebugPrivilege")
grant_privilege("SeLoadDriverPrivilege")
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Pass the configuration through to the Process class.
Process.set_config(self.config)
# Set virtual machine clock.
set_clock(datetime.datetime.strptime(
self.config.clock, "%Y%m%dT%H:%M:%S"
))
# Set the default DLL to be used for this analysis.
self.default_dll = self.config.options.get("dll")
# If a pipe name has not set, then generate a random one.
self.config.pipe = self.get_pipe_path(
self.config.options.get("pipe", random_string(16, 32))
)
# Generate a random name for the logging pipe server.
self.config.logpipe = self.get_pipe_path(random_string(16, 32))
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(
PipeDispatcher, self.config.pipe, message=True,
dispatcher=CommandPipeHandler(self)
)
self.command_pipe.daemon = True
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
destination = self.config.ip, self.config.port
self.log_pipe_server = PipeServer(
PipeForwarder, self.config.logpipe, destination=destination
)
self.log_pipe_server.daemon = True
self.log_pipe_server.start()
# We update the target according to its category. If it's a file, then
# we store the target path.
if self.config.category == "file":
self.target = os.path.join(
os.environ["TEMP"], self.config.file_name
)
elif self.config.category == "archive":
zip_path = os.path.join(os.environ["TEMP"], self.config.file_name)
zipfile.ZipFile(zip_path).extractall(os.environ["TEMP"])
self.target = os.path.join(
os.environ["TEMP"], self.config.options["filename"]
)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target