def _unpack(t):
with TemporaryDirectory() as unpack_dir:
file, unpacked_file = t
unpacked = f"{unpack_dir}/unpacked.exe"
sample = Sample(file)
event = threading.Event()
client = SimpleClient(event)
heartbeat = RepeatedTimer(120,
print,
"- still running -",
file=sys.stderr)
engine = UnpackerEngine(sample, unpacked)
engine.register_client(client)
heartbeat.start()
threading.Thread(target=engine.emu).start()
event.wait()
heartbeat.stop()
engine.stop()
assert os.path.exists(unpacked)
assert not os.path.exists(
sample.unpacker.dumper.brokenimport_dump_file)
if os.path.exists(unpacked):
return file, calc_md5(unpacked).hexdigest(), calc_md5(
unpacked_file).hexdigest()
else:
return file, '', calc_md5(unpacked_file)
def prepare_test(self, sample_path):
sample = Sample(sample_path)
unpacker, _ = get_unpacker(sample)
event = threading.Event()
client = SimpleClient(event)
heartbeat = RepeatedTimer(120, print, "- still running -", file=sys.stderr)
engine = UnpackerEngine(sample)
engine.register_client(client)
heartbeat.start()
threading.Thread(target=engine.emu).start()
event.wait()
heartbeat.stop()
engine.stop()
print(f"\n--- Emulation of {os.path.basename(sample_path)} finished ---")
def unpack_if_applicable(
self, sample: JVSample, inplace=True):
dest = sample.file + '_unipacker_'
uni_sample = None
if not sample.file_type.lower().startswith('pe'):
return [sample]
try:
with redirect_std() as unipacker_logs:
logs = None
uni_sample = Sample(
sample.file, True)
unpacker = uni_sample.unpacker.__class__.__name__.lower().replace(
'unpacker', '')
dest = dest + unpacker
if not 'default' in unpacker and not unpacker in sample.packers:
engine = UnpackerEngine(uni_sample, dest)
event = threading.Event()
client = SimpleClient(event)
engine.register_client(client)
threading.Thread(target=engine.emu).start()
event.wait()
engine.stop()
if os.path.exists(dest):
os.remove(sample.file)
sample.file_type = get_file_type(dest)
os.rename(dest, sample.file)
sample._sha256 = None
sample.add_packer(unpacker)
return [sample]
# dest = str(Path(file).with_suffix('')) + '_upx.bin'
except Exception as e:
traceback.print_exc()
print(str(e))
if os.path.exists(dest):
os.remove(dest)
finally:
# if uni_sample:
# tmp_file = uni_sample.unpacker.dumper.brokenimport_dump_file
# if os.path.exists(tmp_file):
# os.remove(tmp_file)
pass
return [sample]
def handle_sample(self, sample, dest_dir, partition_by_packer):
unpacker, _ = get_unpacker(sample)
event = threading.Event()
client = SimpleClient(event)
heartbeat = RepeatedTimer(120,
print,
"- still running -",
file=sys.stderr)
if partition_by_packer:
dest_dir = os.path.join(dest_dir, sample.unpacker.name)
os.makedirs(dest_dir, exist_ok=True)
dest_file = os.path.join(dest_dir,
f"unpacked_{os.path.basename(sample.path)}")
engine = UnpackerEngine(sample, dest_file)
engine.register_client(client)
heartbeat.start()
threading.Thread(target=engine.emu).start()
event.wait()
heartbeat.stop()
engine.stop()
print(f"\nEmulation of {os.path.basename(sample.path)} finished.\n"
f"--- Saved to {dest_file} ---\n")