def _showImportTrace(self, restrict=True): """ This is the GUI part of the PIN trace import functionality """ self._console_output("Importing PIN trace information from file...") # Color for the basic blocks hit during the trace col = QtGui.QColorDialog.getColor() if col.isValid(): # IDA works with BGR (annoying) ida_color = misc.pyside_to_ida_color(col.name()) else: # Probably closed the QColorDialog self._console_output( "[!] Problem getting color for trace. Aborting.") return try: imported_info_dict = self.ie.ti.import_data(ida_color) except: self._console_output("[!] Problem importing from file", err=True) self._console_output(traceback.format_exc(), err=True) return self.table.setColumnCount(5) self.table.setHorizontalHeaderLabels( ('Thread ID', 'From', 'To', 'From (name)', 'To (name)')) self.table_label.setText("Imported information from PIN trace") self.table.clearContents() self.table.setRowCount(0) # Fill with contents # TODO: This could be better in a QTree or maybe adding # a dropdown to select the thread id... idx = 0 for tid, call_list in imported_info_dict.iteritems(): self._console_output("Processing Thread ID %d" % tid) for u_ea, v_ea in call_list: self.table.insertRow(idx) tid_item = QTableWidgetItem("%d" % tid) u_item = QTableWidgetItem("%x" % u_ea) u_item.setFlags(u_item.flags() ^ QtCore.Qt.ItemIsEditable) v_item = QTableWidgetItem("%x" % v_ea) v_item.setFlags(v_item.flags() ^ QtCore.Qt.ItemIsEditable) from_item = QTableWidgetItem(misc.get_function_name(u_ea)) to_item = QTableWidgetItem(misc.get_function_name(v_ea)) self.table.setItem(idx, 0, tid_item) self.table.setItem(idx, 1, u_item) self.table.setItem(idx, 2, v_item) self.table.setItem(idx, 3, from_item) self.table.setItem(idx, 4, to_item) idx += 1
def _showImportTrace(self): """ This is the GUI part of the PIN trace import functionality """ self._console_output("Importing PIN trace information from file...") # Color for the basic blocks hit during the trace col = QtGui.QColorDialog.getColor() if col.isValid(): # IDA works with BGR (annoying) ida_color = misc.pyside_to_ida_color(col.name()) else: # Probably closed the QColorDialog self._console_output("[!] Problem getting color for trace. Aborting.") return try: imported_info_dict = self.ie.ti.import_data(ida_color) except: self._console_output("[!] Problem importing from file", err = True) self._console_output(traceback.format_exc(), err = True) return self.table.setColumnCount(5) self.table.setHorizontalHeaderLabels( ('Thread ID', 'From', 'To', 'From (name)', 'To (name)')) self.table_label.setText("Imported information from PIN trace") self.table.clearContents() self.table.setRowCount(0) # Fill with contents # TODO: This could be better in a QTree or maybe adding # a dropdown to select the thread id... idx = 0 for tid, call_list in imported_info_dict.iteritems(): self._console_output("Processing Thread ID %d" % tid) for u_ea, v_ea in call_list: self.table.insertRow(idx) tid_item = QTableWidgetItem("%d" % tid) u_item = QTableWidgetItem("%x" % u_ea) u_item.setFlags(u_item.flags() ^ QtCore.Qt.ItemIsEditable) v_item = QTableWidgetItem("%x" % v_ea) v_item.setFlags(v_item.flags() ^ QtCore.Qt.ItemIsEditable) from_item = QTableWidgetItem(misc.get_function_name(u_ea)) to_item = QTableWidgetItem(misc.get_function_name(v_ea)) self.table.setItem(idx, 0, tid_item) self.table.setItem(idx, 1, u_item) self.table.setItem(idx, 2, v_item) self.table.setItem(idx, 3, from_item) self.table.setItem(idx, 4, to_item) idx += 1
def _showConnectedIO(self): """ Shows a list of functions dealing with IO and connected to the current function """ self._console_output("Calculating file & network IO...") io_list = self.ba.input_to_function() if not io_list: self._console_output("[!] No (obvious) IO connecting to this function", err = True) return self.table.setColumnCount(2) self.table.setHorizontalHeaderLabels(("Caller", "Name")) self.table_label.setText("Connected IO") self.table.clearContents() self.table.setRowCount(0) for idx, caller in enumerate(io_list): self.table.insertRow(idx) addr_item = QTableWidgetItem("%08x" % caller) addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) name_item = QTableWidgetItem("%s" % misc.get_function_name(caller)) self.table.setItem(idx, 0, addr_item) self.table.setItem(idx, 1, name_item)
def _showBannedFunctions(self): """ Points to functions banned by Microsoft being used. """ self._console_output("Looking for banned functions...") deep_search_f = self.config.deep_dangerous_functions if deep_search_f: self._console_output("Performing a deep search \ (based on function name)") banned_refs_dict = self.vd.find_banned_functions(deep_search_f) if not banned_refs_dict: self._console_output("[!] No banned functions found", err = True) return self.tree_label.setText("Functions banned by Microsoft") self.tree.clear() self.tree.setHeaderLabels(("Banned function", "References", "Name")) for f_name, refs in banned_refs_dict.iteritems(): bf_item = QTreeWidgetItem(self.tree) bf_item.setText(0, f_name) for ref_addr in refs: ref_item = QTreeWidgetItem(bf_item) ref_item.setText(1, "%x" % ref_addr) ref_name = misc.get_function_name(ref_addr) ref_item.setText(2, ref_name) # Display all items expanded initially self.tree.expandAll()
def _showConnectedIO(self): """ Shows a list of functions dealing with IO and connected to the current function """ self._console_output("Calculating file & network IO...") io_list = self.ba.input_to_function() if not io_list: self._console_output("[!] No (obvious) IO connecting \ to this function", err = True) return self.table.setColumnCount(2) self.table.setHorizontalHeaderLabels(("Caller", "Name")) self.table_label.setText("Connected IO") self.table.clearContents() self.table.setRowCount(0) for idx, caller in enumerate(io_list): self.table.insertRow(idx) addr_item = QTableWidgetItem("%08x" % caller) addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) name_item = QTableWidgetItem("%s" % misc.get_function_name(caller)) self.table.setItem(idx, 0, addr_item) self.table.setItem(idx, 1, name_item)
def _showBannedFunctions(self): """ Points to functions banned by Microsoft being used. """ self._console_output("Looking for banned functions...") deep_search_f = self.config.deep_dangerous_functions if deep_search_f: self._console_output("Performing a deep search (based on function name)") banned_refs_dict = self.vd.find_banned_functions(deep_search_f) if not banned_refs_dict: self._console_output("[!] No banned functions found", err = True) return self.tree_label.setText("Functions banned by Microsoft") self.tree.clear() self.tree.setHeaderLabels(("Banned function", "References", "Name")) for f_name, refs in banned_refs_dict.iteritems(): bf_item = QTreeWidgetItem(self.tree) bf_item.setText(0, f_name) for ref_addr in refs: ref_item = QTreeWidgetItem(bf_item) ref_item.setText(1, "%x" %ref_addr) ref_name = misc.get_function_name(ref_addr) ref_item.setText(2, ref_name) # Display all items expanded initially self.tree.expandAll()
def _showDangerousConnections(self): """ Shows connections graphs between functions calling IO and the ones calling dangerous APIs """ self._console_output("Calculating dangerous connections...") try: conn_graphs = self.ba.get_all_dangerous_connections() except Exception as e: print "[!] Error in get_all_dangerous_connections()", e return if not conn_graphs: self._console_output("[!] No (obvious) dangerous connections", err=True) return self.table.setColumnCount(5) self.table.setHorizontalHeaderLabels( ("IO Caller", "Dangerous Functions", "Shortest Path Length", "u", "v")) self.table_label.setText("Dangerous Connections") self.table.clearContents() self.table.setRowCount(0) for idx, c in enumerate(conn_graphs): self.table.insertRow(idx) u, v, sp_len = c # tuple unpacking io_item = QTableWidgetItem("%s" % misc.get_function_name(u)) df_item = QTableWidgetItem("%s" % misc.get_function_name(v)) sp_item = QTableWidgetItem("%d" % sp_len) ioa_item = QTableWidgetItem("%x" % u) ioa_item.setFlags(ioa_item.flags() ^ QtCore.Qt.ItemIsEditable) dfa_item = QTableWidgetItem("%x" % v) dfa_item.setFlags(dfa_item.flags() ^ QtCore.Qt.ItemIsEditable) self.table.setItem(idx, 0, io_item) self.table.setItem(idx, 1, df_item) self.table.setItem(idx, 2, sp_item) self.table.setItem(idx, 3, ioa_item) self.table.setItem(idx, 4, dfa_item)
def _showDangerousConnections(self): """ Shows connections graphs between functions calling IO and the ones calling dangerous APIs """ self._console_output("Calculating dangerous connections...") try: conn_graphs = self.ba.get_all_dangerous_connections() except Exception as e: print "[!] Error in get_all_dangerous_connections()", e return if not conn_graphs: self._console_output("[!] No (obvious) dangerous connections", err = True) return self.table.setColumnCount(5) self.table.setHorizontalHeaderLabels( ("IO Caller", "Dangerous Functions", "Shortest Path Length", "u", "v")) self.table_label.setText("Dangerous Connections") self.table.clearContents() self.table.setRowCount(0) for idx, c in enumerate(conn_graphs): self.table.insertRow(idx) u, v, sp_len = c # tuple unpacking io_item = QTableWidgetItem("%s" % misc.get_function_name(u)) df_item = QTableWidgetItem("%s" % misc.get_function_name(v)) sp_item = QTableWidgetItem("%d" % sp_len) ioa_item = QTableWidgetItem("%x" % u) ioa_item.setFlags(ioa_item.flags() ^ QtCore.Qt.ItemIsEditable) dfa_item = QTableWidgetItem("%x" % v) dfa_item.setFlags(dfa_item.flags() ^ QtCore.Qt.ItemIsEditable) self.table.setItem(idx, 0, io_item) self.table.setItem(idx, 1, df_item) self.table.setItem(idx, 2, sp_item) self.table.setItem(idx, 3, ioa_item) self.table.setItem(idx, 4, dfa_item)
def _commentsInThisFunction(self): """ Shows all comments within the current function """ show_unique_c = self.config.display_unique_comments msg = "Searching comments within function '" + \ misc.get_function_name() + "'" self._console_output(msg) comment_list = self.ba.comments_in_function() # Found any comment at all? nrows = len(comment_list) if not nrows: self._console_output("[!] No comments found", err = True) return self.table.setColumnCount(2) self.table_label.setText("Comments within current function") self.table.setHorizontalHeaderLabels(("Address", "Comments")) self.table.clearContents() self.table.setRowCount(0) # Fill with contents displayed_comments = [] idx = 0 for (addr, comment) in comment_list: if show_unique_c and comment in displayed_comments: continue displayed_comments.append(comment) self.table.insertRow(idx) addr_item = QTableWidgetItem("%08x" % addr) addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) comment_item = QTableWidgetItem(comment) self.table.setItem(idx, 0, addr_item) self.table.setItem(idx, 1, comment_item) idx += 1
def _commentsInThisFunction(self): """ Shows all comments within the current function """ show_unique_c = self.config.display_unique_comments msg = "Searching comments within function '" + \ misc.get_function_name() + "'" self._console_output(msg) comment_list = self.ba.comments_in_function() # Found any comment at all? nr_rows = len(comment_list) if not nr_rows: self._console_output("[!] No comments found", err = True) return self.table.setColumnCount(2) self.table_label.setText("Comments within current function") self.table.setHorizontalHeaderLabels(("Address", "Comments")) self.table.clearContents() self.table.setRowCount(0) # Fill with contents displayed_comments = [] idx = 0 for (addr, comment) in comment_list: if show_unique_c and comment in displayed_comments: continue displayed_comments.append(comment) self.table.insertRow(idx) addr_item = QTableWidgetItem("%08x" % addr) addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) comment_item = QTableWidgetItem(comment) self.table.setItem(idx, 0, addr_item) self.table.setItem(idx, 1, comment_item) idx += 1
def _callsInThisFunction(self): """ Shows all calls within the current function """ msg = "Calls within function '" + misc.get_function_name() self._console_output(msg) show_unique_calls = self.config.display_unique_calls callee_list = self.ba.calls_in_function() nrows = len(callee_list) if not nrows: self._console_output("[!] No calls found", err = True) return self.table_label.setText("Calls within current function") self.table.setColumnCount(2) self.table.setHorizontalHeaderLabels(("Address", "Callee")) self.table.clearContents() self.table.setRowCount(0) # Fill with contents shown_calls = [] idx = 0 for (addr, callee) in callee_list: if show_unique_calls and callee in shown_calls: continue shown_calls.append(callee) self.table.insertRow(idx) addr_item = QTableWidgetItem("%08x" % addr) addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) callee_item = QTableWidgetItem(callee) callee_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) self.table.setItem(idx, 0, addr_item) self.table.setItem(idx, 1, callee_item) idx += 1
def _showIntegerIssues(self): """ This is the GUI part of the integer issues functionality """ self._console_output("Looking for integer issues (comparisons)") try: integer_issues_ins = self.ii.search_integer_issues() except NotImplementedError: self._console_output("[!] x86_64 not implemented yet", err = True) return # Is there any integer issues at all? nrows = len(integer_issues_ins) if not nrows: self._console_output("[-] No integer issues found.") return self.table.setColumnCount(3) self.table_label.setText("Possible integer issues") self.table.setHorizontalHeaderLabels( ('Address', 'Function name', 'Notes')) self.table.clearContents() self.table.setRowCount(0) # Fill with contents for idx, ins_ea in enumerate(integer_issues_ins): self.table.insertRow(idx) addr_item = QTableWidgetItem("%x" % ins_ea) addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) name_item = QTableWidgetItem(misc.get_function_name(ins_ea)) mnem_item = QTableWidgetItem("") # placeholder self.table.setItem(idx, 0, addr_item) self.table.setItem(idx, 1, name_item) self.table.setItem(idx, 2, mnem_item)
def _showIntegerIssues(self): """ This is the GUI part of the integer issues functionality """ self._console_output("Looking for integer issues (comparisons)") try: integer_issues_ins = self.ii.search_integer_issues() except NotImplementedError: self._console_output("[!] x86_64 not implemented yet", err=True) return # Is there any integer issues at all? nrows = len(integer_issues_ins) if not nrows: self._console_output("[-] No integer issues found.") return self.table.setColumnCount(3) self.table_label.setText("Possible integer issues") self.table.setHorizontalHeaderLabels( ('Address', 'Function name', 'Notes')) self.table.clearContents() self.table.setRowCount(0) # Fill with contents for idx, ins_ea in enumerate(integer_issues_ins): self.table.insertRow(idx) addr_item = QTableWidgetItem("%x" % ins_ea) addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable) name_item = QTableWidgetItem(misc.get_function_name(ins_ea)) mnem_item = QTableWidgetItem("") # placeholder self.table.setItem(idx, 0, addr_item) self.table.setItem(idx, 1, name_item) self.table.setItem(idx, 2, mnem_item)