def build_options(self): """Generate analysis options. @return: options dict. """ options = {} options["id"] = self.task.id options["ip"] = self.machine.resultserver_ip options["port"] = self.machine.resultserver_port options["category"] = self.task.category options["target"] = self.task.target options["package"] = self.task.package options["options"] = self.task.options options["enforce_timeout"] = self.task.enforce_timeout options["clock"] = self.task.clock options["terminate_processes"] = self.cfg.cuckoo.terminate_processes if not self.task.timeout or self.task.timeout == 0: options["timeout"] = self.cfg.timeouts.default else: options["timeout"] = self.task.timeout if self.task.category == "file": options["file_name"] = File(self.task.target).get_name() options["file_type"] = File(self.task.target).get_type() # if it's a PE file, collect export information to use in more smartly determining the right # package to use options["exports"] = "" if HAVE_PEFILE and ("PE32" in options["file_type"] or "MS-DOS executable" in options["file_type"]): try: pe = pefile.PE(self.task.target) if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"): exports = [] for exported_symbol in pe.DIRECTORY_ENTRY_EXPORT.symbols: try: if not exported_symbol.name: continue if isinstance(exported_symbol.name, bytes): exports.append( re.sub(b"[^A-Za-z0-9_?@-]", b"", exported_symbol.name).decode( "utf-8")) else: exports.append( re.sub("[^A-Za-z0-9_?@-]", "", exported_symbol.name)) except Exception as e: log.error(e, exc_info=True) options["exports"] = ",".join(exports) except Exception as e: log.error("PE type not recognised") log.error(e, exc_info=True) # options from auxiliar.conf for plugin in self.aux_cfg.auxiliar_modules.keys(): options[plugin] = self.aux_cfg.auxiliar_modules[plugin] return options
def build_options(self): """Generate analysis options. @return: options dict. """ options = {} options["id"] = self.task.id options["ip"] = self.machine.resultserver_ip options["port"] = self.machine.resultserver_port options["category"] = self.task.category options["target"] = self.task.target options["package"] = self.task.package options["options"] = self.task.options options["enforce_timeout"] = self.task.enforce_timeout options["clock"] = self.task.clock options["terminate_processes"] = self.cfg.cuckoo.terminate_processes if not self.task.timeout or self.task.timeout == 0: options["timeout"] = self.cfg.timeouts.default else: options["timeout"] = self.task.timeout if self.task.category == "file": options["file_name"] = File(self.task.target).get_name() options["file_type"] = File(self.task.target).get_type() # if it's a PE file, collect export information to use in more smartly determining the right # package to use options["exports"] = "" if HAVE_PEFILE and ("PE32" in options["file_type"] or "MS-DOS executable" in options["file_type"]): try: pe = pefile.PE(self.task.target) if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"): exports = [] for exported_symbol in pe.DIRECTORY_ENTRY_EXPORT.symbols: exports.append( re.sub(br'[^A-Za-z0-9_?@-]', '', exported_symbol.name)) options["exports"] = ",".join(exports) except Exception as e: log.error(e, exc_info=True) # options from auxiliar.conf options["curtain"] = self.aux_cfg.curtain.enabled options["sysmon"] = self.aux_cfg.sysmon.enabled options["procmon"] = self.aux_cfg.procmon.enabled return options
def fix_section_permission(path): if not HAVE_PEFILE: log.info("[-] Missed dependency pefile") return try: if not IsPEImage: return pe = pefile.PE(path) if not pe: return for id in range(len(pe.sections)): if pe.sections[id].Name.rstrip("\0") == ".rdata" and hex(pe.sections[id].Characteristics)[:3] == "0x4": pe.sections[id].Characteristics += pefile.SECTION_CHARACTERISTICS["IMAGE_SCN_MEM_WRITE"] pe.write(filename=path) pe.close() except Exception as e: log.info(e)