def __init__(self, title, isMatchedProcs, matchedProcsCache, procId=None, deflt=1): if isMatchedProcs: Choose2.__init__(self, title, [['RVA', 10 | Choose2.CHCOL_HEX], ['Name', 30 | Choose2.CHCOL_PLAIN], ['Binary hash', 30 | Choose2.CHCOL_PLAIN]], Choose2.CH_MULTI) else: Choose2.__init__(self, title, [ ['Address', 10 | Choose2.CHCOL_HEX], ['Name', 30 | Choose2.CHCOL_PLAIN], ], Choose2.CH_MULTI) self.openedFileHash = VBIDAHelper.SHA1File(VBIDAHelper.getFilePath()) self.n = 0 self.icon = 41 self.deflt = deflt self.isMatchedProcs = isMatchedProcs self.procId = procId self.matchedProcsCache = matchedProcsCache self.populateItems() self.addCommand()
def highlightMatchedProcs(self): matchedProcs = self.matchedProcsCache.readAll() prefix = '[%s]\n[!] Matched Procedures: \n' % self.ui.editHighlightCaption.toPlainText() if len(matchedProcs) > 0: for proc in matchedProcs: procStr = '' rva = proc.split('/')[1] ea = VBIDAHelper.addressFromRVA(int(rva, 16)) matched = self.matchedProcsCache.read(proc) for m in matched: mbinary, mrva = m['proc_id'].split('/') procStr += 'Procedure: %s, Binary: %s, RVA: %s\n'%( m['procName'], mbinary, mrva) cmt = prefix + procStr cmt = cmt.encode('ascii','ignore') VBIDAHelper.setFunctionComment(ea, cmt) css = self.ui.btnHighlightColorChooser.styleSheet() start = css.find('rgb') if start != -1: start += 4 end = css.find(')') t = css[start : end] rgb = map(str, t.split(',')) rgb = map(str.strip, rgb) rgb = map(int, rgb) VBIDAHelper.setFunctionColor(ea, rgb[2], rgb[1], rgb[0]) self.notifyStatus({ 'statuscode': 0, 'message': '%s procedures has been highlighted'%len(matchedProcs) })
def openMatchedProcsChooser(self, rvaStr): rva = int(rvaStr, 16) c = VBFunctionChooser( 'Address %s matched procedures' % hex(VBIDAHelper.addressFromRVA(rva)), True, self.matchedProcsCache, self.openedFileHash + '/' + rvaStr, rva) c.Show()
def openMatchedProcsChooser(self, rvaStr): rva = int(rvaStr, 16) c = VBFunctionChooser( 'Address %s matched procedures' % hex(VBIDAHelper.addressFromRVA(rva)), True, self.matchedProcsCache, self.openedFileHash + '/' + rvaStr, rva ) c.Show()
def __init__(self, parent=None): super(VBMainWidget, self).__init__(parent) self.ui = Ui_frmVirusBattle() self.ui.setupUi(self) self.APIKey = None self.initCaches() self.initSignals() VBIDAHelper.addMenuItem('View/', '[VB] Matched Procs', 'Alt-Shift-V', self.menuItemMatchedProcsTriggered, self.matchedProcsCache) self.currentDir = os.path.abspath( os.path.join(os.path.realpath(__file__), os.pardir, os.pardir)) self.downloadFolder = self.currentDir + os.sep + 'download' self.openedFilePath = VBIDAHelper.getFilePath() self.openedFileHash = '' try: self.openedFileHash = VBIDAHelper.SHA1File(self.openedFilePath) except: pass if self.openedFileHash != '': self.ui.lblOpenFileHash.setText('Current file hash: %s' % self.openedFileHash) self.ui.editOtherSHA.setText(self.openedFileHash) else: self.openedFilePath = '' self.ui.lblOpenFileHash.setText('Current file could be not found.') self.loadListProfiles() self.otherInfosAvailability = { 'avscans': False, 'behaviors': False, 'pedata': False }
def highlightMatchedProcs(self): matchedProcs = self.matchedProcsCache.readAll() prefix = '[%s]\n[!] Matched Procedures: \n' % self.ui.editHighlightCaption.toPlainText( ) if len(matchedProcs) > 0: for proc in matchedProcs: procStr = '' rva = proc.split('/')[1] ea = VBIDAHelper.addressFromRVA(int(rva, 16)) matched = self.matchedProcsCache.read(proc) for m in matched: mbinary, mrva = m['proc_id'].split('/') procStr += 'Procedure: %s, Binary: %s, RVA: %s\n' % ( m['procName'], mbinary, mrva) cmt = prefix + procStr cmt = cmt.encode('ascii', 'ignore') VBIDAHelper.setFunctionComment(ea, cmt) css = self.ui.btnHighlightColorChooser.styleSheet() start = css.find('rgb') if start != -1: start += 4 end = css.find(')') t = css[start:end] rgb = map(str, t.split(',')) rgb = map(str.strip, rgb) rgb = map(int, rgb) VBIDAHelper.setFunctionColor(ea, rgb[2], rgb[1], rgb[0]) self.notifyStatus({ 'statuscode': 0, 'message': '%s procedures has been highlighted' % len(matchedProcs) })
def __init__(self, parent=None): super(VBMainWidget, self).__init__(parent) self.ui = Ui_frmVirusBattle() self.ui.setupUi(self) self.APIKey = None self.initCaches() self.initSignals() VBIDAHelper.addMenuItem('View/', '[VB] Matched Procs', 'Alt-Shift-V', self.menuItemMatchedProcsTriggered, self.matchedProcsCache) self.currentDir = os.path.abspath( os.path.join(os.path.realpath(__file__), os.pardir, os.pardir) ) self.downloadFolder = self.currentDir + os.sep + 'download' self.openedFilePath = VBIDAHelper.getFilePath() self.openedFileHash = '' try: self.openedFileHash = VBIDAHelper.SHA1File(self.openedFilePath) except: pass if self.openedFileHash != '': self.ui.lblOpenFileHash.setText('Current file hash: %s' % self.openedFileHash) self.ui.editOtherSHA.setText(self.openedFileHash) else: self.openedFilePath = '' self.ui.lblOpenFileHash.setText('Current file could be not found.') self.loadListProfiles() self.otherInfosAvailability = { 'avscans': False, 'behaviors': False, 'pedata': False }
def OnCommand(self, n, cmd): if n >= 0: if cmd == self.cmdMatches: rva = VBIDAHelper.RVAFromAddress(int(self.items[n][0], 16)) rvaStr = str(hex(rva)) c = VBFunctionChooser( 'Address %s matched procedures' % self.items[n][0], True, self.matchedProcsCache, self.openedFileHash + '/' + rvaStr, rva) c.Show() elif cmd == self.cmdDissInfo: print "This feature will be added on the next release." else: print "Unknown command:", cmd_id, "@", n return 1
def populateItems(self): self.items = [] if self.isMatchedProcs: matchedProcs = self.matchedProcsCache.read(self.procId) if matchedProcs is not None: for mProcs in matchedProcs: binHash, rva = mProcs['proc_id'].split('/') self.items.append([rva, mProcs['procName'], binHash]) else: self.items = [['', 'No Matched Procedure for this address', '']] else: procsWithSim = self.matchedProcsCache.readAll() for proc in procsWithSim: ea = VBIDAHelper.addressFromRVA(int(proc.split('/')[1], 16)) self.items.append([hex(ea), GetFunctionName(ea)])
def populateItems(self): self.items = [] if self.isMatchedProcs: matchedProcs = self.matchedProcsCache.read(self.procId) if matchedProcs is not None: for mProcs in matchedProcs: binHash, rva = mProcs['proc_id'].split('/') self.items.append([rva, mProcs['procName'], binHash]) else: self.items = [[ '', 'No Matched Procedure for this address', '' ]] else: procsWithSim = self.matchedProcsCache.readAll() for proc in procsWithSim: ea = VBIDAHelper.addressFromRVA(int(proc.split('/')[1], 16)) self.items.append([hex(ea), GetFunctionName(ea)])
def __init__(self, title, isMatchedProcs, matchedProcsCache, procId=None, deflt=1): if isMatchedProcs: Choose2.__init__(self, title, [ ['RVA', 10 | Choose2.CHCOL_HEX], ['Name', 30 | Choose2.CHCOL_PLAIN], ['Binary hash', 30 | Choose2.CHCOL_PLAIN] ], Choose2.CH_MULTI ) else: Choose2.__init__(self, title, [ ['Address', 10 | Choose2.CHCOL_HEX], ['Name', 30 | Choose2.CHCOL_PLAIN], ], Choose2.CH_MULTI) self.openedFileHash = VBIDAHelper.SHA1File(VBIDAHelper.getFilePath()) self.n = 0 self.icon = 41 self.deflt = deflt self.isMatchedProcs = isMatchedProcs self.procId = procId self.matchedProcsCache = matchedProcsCache self.populateItems() self.addCommand()
def buttonClicked(self): sender = self.sender() btnName = sender.objectName()[3:] if btnName == 'Register': self.registerButtonClicked() elif btnName == 'SaveProfile': self.saveProfileButtonClicked() elif btnName == 'RemoveProfile': self.removeProfileButtonClicked() elif btnName == 'ReloadBinaries': self.queryAll() elif btnName == 'RefreshBinary': self.reprocess(self.ui.listBins.currentItem().text()) elif btnName == 'DownloadBinary': if self.ui.listBins.currentItem() is not None: self.download(self.ui.listBins.currentItem().text(), False) elif btnName == 'DownloadChildBinary': if self.ui.listChildren.currentItem() is not None: self.download(self.ui.listChildren.currentItem().text(), True) elif btnName == 'ReloadSimilarBins': self.reloadSimilarBinsClicked() elif btnName == 'DownloadMatchedBin': hash = self.ui.listMatchedBins.currentItem().text() if hash != '': self.download(hash, False) elif btnName == 'ReloadMatchedProcs': self.ReloadMatchedProcsClicked() elif btnName == 'HighlightColorChooser': color = QtGui.QColorDialog.getColor() css = 'background-color: rgb(%s, %s, %s);'%( str(color.red()), str(color.green()), str(color.blue())) self.ui.btnHighlightColorChooser.setStyleSheet(css) elif btnName == 'RemoveHighlights': funcs = VBIDAHelper.getFunctions() for func in funcs: VBIDAHelper.delFunctionComment(func) VBIDAHelper.setFunctionColor(func, 0xff, 0xff, 0xff) self.notifyStatus({ 'statuscode': 0, 'message': 'Highlights has been removed' }) elif btnName == 'HighlightAllProcs': self.highlightMatchedProcs() elif btnName == 'ShowProcsWithSim': c = VBFunctionChooser("Procedures with Matches", False, self.matchedProcsCache) c.Show() elif btnName == 'ShowMatchedProcs': if self.ui.listProcsWithSim.currentItem() is not None: rvaStr = self.ui.listProcsWithSim.currentItem().text() self.openMatchedProcsChooser(rvaStr) else: self.notifyStatus({ 'statuscode': 1, 'message': 'No procedure has been selected' }) elif btnName == 'MatchedLeftProcMoreInfo': print "This feature will be added on the next release." # if self.ui.listProcsWithSim.currentItem() is not None: # rva = self.ui.listProcsWithSim.currentItem().text() # hash = self.openedFileHash # # dissViewer = VBDisassemblyViewer(self.juiciesCache.read(hash)[rva]) # # print dissViewer.Show() # else: # self.notifyStatus({ # 'statuscode': 1, # 'message': 'No procedure has been selected' # }) # disassemblyInfo = self.juiciesCache.read(self.openedFileHash)[rva] elif btnName == 'MatchedRightProcMoreInfo': print "This feature will be added on the next release." elif btnName == 'ShowChild': childHash = self.ui.editChildHash.text() childSName = self.ui.editChildServiceName.text() self.showChildView(childHash, childSName) elif btnName == 'ShowBinOther': if self.ui.listBins.currentItem() is not None: hash = self.ui.listBins.currentItem().text() self.ui.editOtherSHA.setText(hash) self.ui.toolBox.setCurrentIndex(2) elif btnName == 'ReloadOther': tabIndex = self.ui.tabWidgetOther.currentIndex() if tabIndex == 0: self.otherInfosAvailability['avscans'] = False elif tabIndex == 1: self.otherInfosAvailability['behaviors'] = False elif tabIndex == 2: self.otherInfosAvailability['pedata'] = False self.tabWidgetOtherChanged(tabIndex) else: self.status('idle', 'black')
def menuItemMatchedProcsTriggered(*args): rvaStr = str(VBIDAHelper.currentFunctionRVA()) args[0].openMatchedProcsChooser(rvaStr)
def buttonClicked(self): sender = self.sender() btnName = sender.objectName()[3:] if btnName == 'Register': self.registerButtonClicked() elif btnName == 'SaveProfile': self.saveProfileButtonClicked() elif btnName == 'RemoveProfile': self.removeProfileButtonClicked() elif btnName == 'ReloadBinaries': self.queryAll() elif btnName == 'RefreshBinary': self.reprocess(self.ui.listBins.currentItem().text()) elif btnName == 'DownloadBinary': if self.ui.listBins.currentItem() is not None: self.download(self.ui.listBins.currentItem().text(), False) elif btnName == 'DownloadChildBinary': if self.ui.listChildren.currentItem() is not None: self.download(self.ui.listChildren.currentItem().text(), True) elif btnName == 'ReloadSimilarBins': self.reloadSimilarBinsClicked() elif btnName == 'DownloadMatchedBin': hash = self.ui.listMatchedBins.currentItem().text() if hash != '': self.download(hash, False) elif btnName == 'ReloadMatchedProcs': self.ReloadMatchedProcsClicked() elif btnName == 'HighlightColorChooser': color = QtGui.QColorDialog.getColor() css = 'background-color: rgb(%s, %s, %s);' % (str( color.red()), str(color.green()), str(color.blue())) self.ui.btnHighlightColorChooser.setStyleSheet(css) elif btnName == 'RemoveHighlights': funcs = VBIDAHelper.getFunctions() for func in funcs: VBIDAHelper.delFunctionComment(func) VBIDAHelper.setFunctionColor(func, 0xff, 0xff, 0xff) self.notifyStatus({ 'statuscode': 0, 'message': 'Highlights has been removed' }) elif btnName == 'HighlightAllProcs': self.highlightMatchedProcs() elif btnName == 'ShowProcsWithSim': c = VBFunctionChooser("Procedures with Matches", False, self.matchedProcsCache) c.Show() elif btnName == 'ShowMatchedProcs': if self.ui.listProcsWithSim.currentItem() is not None: rvaStr = self.ui.listProcsWithSim.currentItem().text() self.openMatchedProcsChooser(rvaStr) else: self.notifyStatus({ 'statuscode': 1, 'message': 'No procedure has been selected' }) elif btnName == 'MatchedLeftProcMoreInfo': print "This feature will be added on the next release." # if self.ui.listProcsWithSim.currentItem() is not None: # rva = self.ui.listProcsWithSim.currentItem().text() # hash = self.openedFileHash # # dissViewer = VBDisassemblyViewer(self.juiciesCache.read(hash)[rva]) # # print dissViewer.Show() # else: # self.notifyStatus({ # 'statuscode': 1, # 'message': 'No procedure has been selected' # }) # disassemblyInfo = self.juiciesCache.read(self.openedFileHash)[rva] elif btnName == 'MatchedRightProcMoreInfo': print "This feature will be added on the next release." elif btnName == 'ShowChild': childHash = self.ui.editChildHash.text() childSName = self.ui.editChildServiceName.text() self.showChildView(childHash, childSName) elif btnName == 'ShowBinOther': if self.ui.listBins.currentItem() is not None: hash = self.ui.listBins.currentItem().text() self.ui.editOtherSHA.setText(hash) self.ui.toolBox.setCurrentIndex(2) elif btnName == 'ReloadOther': tabIndex = self.ui.tabWidgetOther.currentIndex() if tabIndex == 0: self.otherInfosAvailability['avscans'] = False elif tabIndex == 1: self.otherInfosAvailability['behaviors'] = False elif tabIndex == 2: self.otherInfosAvailability['pedata'] = False self.tabWidgetOtherChanged(tabIndex) else: self.status('idle', 'black')