Python idautils.GetInputFileMD5() Examples
The following are 9
code examples of idautils.GetInputFileMD5().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idautils
, or try the search function
.
.
Example #1
| Source Project: idawilli Author: williballenthin File: yara_fn.py License: Apache License 2.0 | 5 votes |
|
def format_rules(fva, rules):
'''
given the address of a function, and the byte signatures for basic blocks in
the function, format a complete YARA rule that matches all of the
basic block signatures.
'''
name = idc.get_func_name(fva)
# some characters aren't valid for YARA rule names
safe_name = name
BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?'
for c in BAD_CHARS:
safe_name = safe_name.replace(c, '')
md5 = idautils.GetInputFileMD5().hex()
ret = []
ret.append(f'rule a_{md5}_{safe_name}')
ret.append(' meta:')
ret.append(f' sample_md5 = "{md5}"')
ret.append(f' function_address = "0x{fva}"')
ret.append(f' function_name = "{name}"')
ret.append(' strings:')
for rule in rules:
formatted_rule = ' '.join(rule.masked_bytes)
ret.append(f' {rule.name} = {{{formatted_rule}}}')
ret.append(' condition:')
ret.append(' all of them')
ret.append('}')
return '\n'.join(ret)
Example #2
| Source Project: GhIDA Author: Cisco-Talos File: ghida.py License: Apache License 2.0 | 5 votes |
|
def load_configuration():
"""
"""
global GHIDA_CONF
global DECOMPILED_CACHE
global COMMENTS_CACHE
# Loading the plugin configuration
print("GhIDA:: [DEBUG] Reading GhIDA configuration")
GHIDA_CONF = gl.GhidaConfiguration()
print("GHIDA_CONF.load_save_cached_code",
GHIDA_CONF.load_save_cached_code)
print("GHIDA_CONF.load_save_cached_comments",
GHIDA_CONF.load_save_cached_comments)
md5 = idautils.GetInputFileMD5()
# Initalize the cache (and load cached objects)
DECOMPILED_CACHE = gl.DecompiledCache(
file_id=md5,
use_cache=GHIDA_CONF.load_save_cached_code)
COMMENTS_CACHE = gl.CommentsCache(
file_id=md5,
use_cache=GHIDA_CONF.load_save_cached_comments)
return
# ------------------------------------------------------------
# HANDLERS FOR THE POP-UP MENU IN DECOMP VIEW
# ------------------------------------------------------------
Example #3
| Source Project: GhIDA Author: Cisco-Talos File: lib.py License: Apache License 2.0 | 5 votes |
|
def create_random_filename():
global GLOBAL_FILENAME
if not GLOBAL_FILENAME:
letters = [random.choice(string.ascii_letters) for i in range(5)]
random_string = ''.join(letters)
GLOBAL_FILENAME = "%s_%s" % (idautils.GetInputFileMD5(), random_string)
return GLOBAL_FILENAME
Example #4
| Source Project: ida_haru Author: TakahiroHaruyama File: yara_fn.py License: Apache License 2.0 | 5 votes |
|
def format_rules(fva, rules):
'''
given the address of a function, and the byte signatures for basic blocks in
the function, format a complete YARA rule that matches all of the
basic block signatures.
'''
name = GetFunctionName(fva)
if not rules:
logging.info('no rules for {}'.format(name))
return None
# some characters aren't valid for YARA rule names
safe_name = name
BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?'
for c in BAD_CHARS:
safe_name = safe_name.replace(c, '')
md5 = idautils.GetInputFileMD5()
ret = []
ret.append('rule a_{hash:s}_{name:s} {{'.format(
hash=md5,
name=safe_name))
ret.append(' meta:')
ret.append(' sample_md5 = "{md5:s}"'.format(md5=md5))
ret.append(' function_address = "0x{fva:x}"'.format(fva=fva))
ret.append(' function_name = "{name:s}"'.format(name=name))
ret.append(' strings:')
for rule in rules:
formatted_rule = ' '.join(rule.masked_bytes).rstrip('?? ')
ret.append(' {name:s} = {{ {hex:s} }}'.format(
name=rule.name,
hex=formatted_rule))
ret.append(' condition:')
ret.append(' all of them')
ret.append('}')
return '\n'.join(ret)
Example #5
| Source Project: DIE Author: ynvb File: DIEDb.py License: MIT License | 5 votes |
|
def load_db(self, file_name=None):
"""
Load DB from file and DeSeralize
@param file_name: DB filename
@return: True on success otherwise False
"""
if file_name is None:
file_name = self.get_default_db_filename()
if not os.path.exists(file_name):
raise IOError("DIE DB file not found")
in_file = open(file_name, 'rb')
db_tables = pickle.load(in_file)
# Validate db MD5
db_md5 = db_tables[0].md5
if db_md5 != idautils.GetInputFileMD5():
raise DbFileMismatch("Db File is different then currently analyzed file")
self.run_info = db_tables[0]
self.functions = db_tables[1]
self.function_args = db_tables[2]
self.function_contexts = db_tables[3]
self.threads = db_tables[4]
self.dbg_values = db_tables[5]
self.parsed_values = db_tables[6]
self.excluded_bp_ea = db_tables[7]
self.excluded_funcNames_part = db_tables[8]
self.excluded_funcNames = db_tables[9]
self.excluded_modules = db_tables[10]
return True
#############################################################################
# Singleton
#############################################################################
Example #6
| Source Project: mkYARA Author: fox-it File: mkyara_plugin.py License: GNU General Public License v3.0 | 5 votes |
|
def get_input_file_hash():
return idautils.GetInputFileMD5()
Example #7
| Source Project: python-idb Author: williballenthin File: yara_fn.py License: Apache License 2.0 | 5 votes |
|
def format_rules(fva, rules):
"""
given the address of a function, and the byte signatures for basic blocks in
the function, format a complete YARA rule that matches all of the
basic block signatures.
"""
name = idc.GetFunctionName(fva)
# some characters aren't valid for YARA rule names
safe_name = name
BAD_CHARS = "@ /\\!@#$%^&*()[]{};:'\",./<>?"
for c in BAD_CHARS:
safe_name = safe_name.replace(c, "")
md5 = idautils.GetInputFileMD5()
ret = []
ret.append("rule a_%s_%s {" % (md5, safe_name))
ret.append(" meta:")
ret.append(' sample_md5 = "%s"' % (md5))
ret.append(' function_address = "0x%x"' % (fva))
ret.append(' function_name = "%s"' % (name))
ret.append(" strings:")
for rule in rules:
formatted_rule = " ".join(rule.masked_bytes)
ret.append(" %s = { %s }" % (rule.name, formatted_rule))
ret.append(" condition:")
ret.append(" all of them")
ret.append("}")
return "\n".join(ret)
Example #8
| Source Project: GhIDA Author: Cisco-Talos File: lib.py License: Apache License 2.0 | 4 votes |
|
def ghidraaas_checkin(bin_file_path, filename, ghidra_server_url):
"""
Upload the .bytes files in ghidraaas.
One time only (until IDA is restarted...)
"""
idaapi.show_wait_box("Connecting to Ghidraaas. Sending bytes file...")
try:
md5_hash = idautils.GetInputFileMD5()
queue = Queue.Queue()
my_args = (bin_file_path, filename, ghidra_server_url, md5_hash, queue)
t1 = threading.Thread(target=ghidraaas_checkin_thread,
args=my_args)
t1.start()
counter = 0
stop = False
while not stop:
time.sleep(SLEEP_LENGTH)
counter += 1
# User terminated action
if idaapi.user_cancelled():
stop = True
print("GhIDA:: [!] Check-in interrupted.")
continue
# Reached TIIMEOUT
if counter > COUNTER_MAX:
stop = True
print("GhIDA:: [!] Timeout reached.")
continue
# Thread terminated
if not t1.isAlive():
stop = True
print("GhIDA:: [DEBUG] Thread terminated.")
continue
print("GhIDA:: [DEBUG] Joining check-in thread.")
t1.join(0)
q_result = queue.get_nowait()
print("GhIDA:: [DEBUG] Thread joined. Got queue result.")
idaapi.hide_wait_box()
return q_result
except Exception:
idaapi.hide_wait_box()
print("GhIDA:: [!] Check-in error.")
idaapi.warning("GhIDA check-in error")
return False
Example #9
| Source Project: GhIDA Author: Cisco-Talos File: lib.py License: Apache License 2.0 | 4 votes |
|
def ghidraaas_checkout(ghidra_server_url):
"""
That's all. Remove .bytes file from Ghidraaas server.
"""
if not GLOBAL_CHECKIN:
return
idaapi.show_wait_box(
"Connecting to Ghidraaas. Removing temporary files...")
try:
md5_hash = idautils.GetInputFileMD5()
aargs = (md5_hash, ghidra_server_url)
t1 = threading.Thread(target=ghidraaas_checkout_thread,
args=aargs)
t1.start()
counter = 0
stop = False
while not stop:
time.sleep(SLEEP_LENGTH)
counter += 1
if idaapi.user_cancelled():
print("GhIDA:: [!] Check-out interrupted.")
stop = True
continue
if counter > COUNTER_MAX:
print("GhIDA:: [!] Timeout reached.")
stop = True
continue
if not t1.isAlive():
stop = True
print("GhIDA:: [DEBUG] Thread terminated.")
continue
print("GhIDA:: [DEBUG] Joining check-out thread.")
t1.join(0)
print("GhIDA:: [DEBUG] Thread joined")
idaapi.hide_wait_box()
return
except Exception:
idaapi.hide_wait_box()
print("GhIDA:: [!] Check-out error")
idaapi.warning("GhIDA check-out error")
return
