def build_options(self):
"""Generate analysis options.
@return: options dict.
"""
options = {}
options["id"] = self.task.id
options["ip"] = self.machine.resultserver_ip
options["port"] = self.machine.resultserver_port
options["category"] = self.task.category
options["target"] = self.task.target
options["package"] = self.task.package
options["options"] = self.task.options
options["enforce_timeout"] = self.task.enforce_timeout
options["clock"] = self.task.clock
options["terminate_processes"] = self.cfg.cuckoo.terminate_processes
if not self.task.timeout or self.task.timeout == 0:
options["timeout"] = self.cfg.timeouts.default
else:
options["timeout"] = self.task.timeout
if self.task.category == "file":
options["file_name"] = File(self.task.target).get_name()
options["file_type"] = File(self.task.target).get_type()
# if it's a PE file, collect export information to use in more smartly determining the right
# package to use
options["exports"] = ""
if HAVE_PEFILE and ("PE32" in options["file_type"] or
"MS-DOS executable" in options["file_type"]):
try:
pe = pefile.PE(self.task.target)
if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"):
exports = []
for exported_symbol in pe.DIRECTORY_ENTRY_EXPORT.symbols:
try:
if not exported_symbol.name:
continue
if isinstance(exported_symbol.name, bytes):
exports.append(
re.sub(b"[^A-Za-z0-9_?@-]", b"",
exported_symbol.name).decode(
"utf-8"))
else:
exports.append(
re.sub("[^A-Za-z0-9_?@-]", "",
exported_symbol.name))
except Exception as e:
log.error(e, exc_info=True)
options["exports"] = ",".join(exports)
except Exception as e:
log.error("PE type not recognised")
log.error(e, exc_info=True)
# options from auxiliar.conf
for plugin in self.aux_cfg.auxiliar_modules.keys():
options[plugin] = self.aux_cfg.auxiliar_modules[plugin]
return options
def build_options(self):
"""Generate analysis options.
@return: options dict.
"""
options = {}
options["id"] = self.task.id
options["ip"] = self.machine.resultserver_ip
options["port"] = self.machine.resultserver_port
options["category"] = self.task.category
options["target"] = self.task.target
options["package"] = self.task.package
options["options"] = self.task.options
options["enforce_timeout"] = self.task.enforce_timeout
options["clock"] = self.task.clock
options["terminate_processes"] = self.cfg.cuckoo.terminate_processes
if not self.task.timeout or self.task.timeout == 0:
options["timeout"] = self.cfg.timeouts.default
else:
options["timeout"] = self.task.timeout
if self.task.category == "file":
options["file_name"] = File(self.task.target).get_name()
options["file_type"] = File(self.task.target).get_type()
# if it's a PE file, collect export information to use in more smartly determining the right
# package to use
options["exports"] = ""
if HAVE_PEFILE and ("PE32" in options["file_type"] or
"MS-DOS executable" in options["file_type"]):
try:
pe = pefile.PE(self.task.target)
if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"):
exports = []
for exported_symbol in pe.DIRECTORY_ENTRY_EXPORT.symbols:
exports.append(
re.sub(br'[^A-Za-z0-9_?@-]', '',
exported_symbol.name))
options["exports"] = ",".join(exports)
except Exception as e:
log.error(e, exc_info=True)
# options from auxiliar.conf
options["curtain"] = self.aux_cfg.curtain.enabled
options["sysmon"] = self.aux_cfg.sysmon.enabled
options["procmon"] = self.aux_cfg.procmon.enabled
return options
def fix_section_permission(path):
if not HAVE_PEFILE:
log.info("[-] Missed dependency pefile")
return
try:
if not IsPEImage:
return
pe = pefile.PE(path)
if not pe:
return
for id in range(len(pe.sections)):
if pe.sections[id].Name.rstrip("\0") == ".rdata" and hex(pe.sections[id].Characteristics)[:3] == "0x4":
pe.sections[id].Characteristics += pefile.SECTION_CHARACTERISTICS["IMAGE_SCN_MEM_WRITE"]
pe.write(filename=path)
pe.close()
except Exception as e:
log.info(e)
