本文整理汇总了Python中jarvis.core.helpers.Misc类的典型用法代码示例。如果您正苦于以下问题:Python Misc类的具体用法?Python Misc怎么用?Python Misc使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Misc类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: import_data
def import_data(self, bb_color = 0x581414):
"""
Pretty straightforward, isn't it? ;)
@return: dictionary d[tid] = [bb_ea, ...]
"""
filename = AskFile(1, "*.*", "File to import addresses from?")
# Rebase
image_base = self.get_image_base(filename)
ida_base = get_imagebase() # idaapi
delta = image_base - ida_base
if delta:
# IDA would go ahead with the rebasing process
# even if the delta is zero. This avoids it.
rebase_program(delta, MSF_FIXONCE)
# Parse basic blocks from file
trace_dict = self.file_parser(filename)
for addr_list in trace_dict.values():
for _, v_ea in addr_list:
misc.paint_basic_blocks(v_ea, bb_color)
return trace_dict示例2: _markImmCompares
def _markImmCompares(self):
"""
Marks the immediate compares within the current function
"""
self.output_window.append("Marking all immediate compares...")
self.table_label.setText("Immediate compares within current function")
INS_COLOR = 0x2020c0
self.table.setColumnCount(2)
self.table.setHorizontalHeaderLabels(("Address", "Disassembly"))
self.table.clearContents()
self.table.setRowCount(0)
idx = 0
for cmp_ea, dis in self.ba.find_imm_compares():
self.table.insertRow(idx)
addr_item = QTableWidgetItem("%x" % cmp_ea)
addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
dis_item = cw.NumQTableWidgetItem("%s" % dis)
self.table.setItem(idx, 0, addr_item)
self.table.setItem(idx, 1, dis_item)
misc.set_ins_color(cmp_ea, INS_COLOR)
idx += 1示例3: _bbTableDoubleClicked
def _bbTableDoubleClicked(self, row, col):
"""
This overrides the callback for table's double click
set in the CustomWidget object.
Apparently if there is an exception it falls back to
the original callback... Not sure why this behaviour.
NOTE: This is kind of nasty.
:return: None
"""
it = self.table.item(row, col).text()
try:
idx = int(it) # decimal
bb_path = self.ba.cache.bb_paths[idx]
col = QtGui.QColorDialog.getColor()
if col.isValid():
# IDA works with BGR (annoying)
ida_color = misc.pyside_to_ida_color(col.name())
misc.paint_basic_blocks(bb_path, ida_color)
else:
print '[x] Invalid QColor'
return
except IndexError:
# Address value (does not contain [A-F]) is interpreted as index
return
except ValueError:
# Address value (containing [A-F]) fucks up int()
return示例4: _showImportTrace
def _showImportTrace(self):
"""
This is the GUI part of the PIN trace import functionality
"""
self._console_output("Importing PIN trace information from file...")
# Color for the basic blocks hit during the trace
col = QtGui.QColorDialog.getColor()
if col.isValid():
# IDA works with BGR (annoying)
ida_color = misc.pyside_to_ida_color(col.name())
else:
# Probably closed the QColorDialog
self._console_output("[!] Problem getting color for trace. Aborting.")
return
try:
imported_info_dict = self.ie.ti.import_data(ida_color)
except:
self._console_output("[!] Problem importing from file", err = True)
self._console_output(traceback.format_exc(), err = True)
return
self.table.setColumnCount(5)
self.table.setHorizontalHeaderLabels(
('Thread ID', 'From', 'To', 'From (name)', 'To (name)'))
self.table_label.setText("Imported information from PIN trace")
self.table.clearContents()
self.table.setRowCount(0)
# Fill with contents
# TODO: This could be better in a QTree or maybe adding
# a dropdown to select the thread id...
idx = 0
for tid, call_list in imported_info_dict.iteritems():
self._console_output("Processing Thread ID %d" % tid)
for u_ea, v_ea in call_list:
self.table.insertRow(idx)
tid_item = QTableWidgetItem("%d" % tid)
u_item = QTableWidgetItem("%x" % u_ea)
u_item.setFlags(u_item.flags() ^ QtCore.Qt.ItemIsEditable)
v_item = QTableWidgetItem("%x" % v_ea)
v_item.setFlags(v_item.flags() ^ QtCore.Qt.ItemIsEditable)
from_item = QTableWidgetItem(misc.get_function_name(u_ea))
to_item = QTableWidgetItem(misc.get_function_name(v_ea))
self.table.setItem(idx, 0, tid_item)
self.table.setItem(idx, 1, u_item)
self.table.setItem(idx, 2, v_item)
self.table.setItem(idx, 3, from_item)
self.table.setItem(idx, 4, to_item)
idx += 1示例5: calls_in_function
def calls_in_function(self, unique = True):
"""
Find calls within current function
Execution transfer like jmp sub_xxx included
@return: a list of tuples [(addr, dis)]
"""
callees = []
for addr, dis in misc.iter_disasm():
if is_call_insn(addr) or misc.is_external_jmp(addr):
if dis not in callees:
callees.append((addr, dis))
return callees示例6: _showBannedFunctions
def _showBannedFunctions(self):
"""
Points to functions banned by Microsoft being used.
"""
self._console_output("Looking for banned functions...")
deep_search_f = self.config.deep_dangerous_functions
if deep_search_f:
self._console_output("Performing a deep search \
(based on function name)")
banned_refs_dict = self.vd.find_banned_functions(deep_search_f)
if not banned_refs_dict:
self._console_output("[!] No banned functions found", err = True)
return
self.tree_label.setText("Functions banned by Microsoft")
self.tree.clear()
self.tree.setHeaderLabels(("Banned function", "References", "Name"))
for f_name, refs in banned_refs_dict.iteritems():
bf_item = QTreeWidgetItem(self.tree)
bf_item.setText(0, f_name)
for ref_addr in refs:
ref_item = QTreeWidgetItem(bf_item)
ref_item.setText(1, "%x" % ref_addr)
ref_name = misc.get_function_name(ref_addr)
ref_item.setText(2, ref_name)
# Display all items expanded initially
self.tree.expandAll()示例7: _showConnectedIO
def _showConnectedIO(self):
"""
Shows a list of functions dealing with IO and
connected to the current function
"""
self._console_output("Calculating file & network IO...")
io_list = self.ba.input_to_function()
if not io_list:
self._console_output("[!] No (obvious) IO connecting to this function", err = True)
return
self.table.setColumnCount(2)
self.table.setHorizontalHeaderLabels(("Caller", "Name"))
self.table_label.setText("Connected IO")
self.table.clearContents()
self.table.setRowCount(0)
for idx, caller in enumerate(io_list):
self.table.insertRow(idx)
addr_item = QTableWidgetItem("%08x" % caller)
addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
name_item = QTableWidgetItem("%s" % misc.get_function_name(caller))
self.table.setItem(idx, 0, addr_item)
self.table.setItem(idx, 1, name_item)示例8: get_dangerous_functions
def get_dangerous_functions(self):
"""
Gets a list of functions calling
dangerous ones
@returns: a *set* of func_addr's
"""
# TODO: use a centralized list for the dangerous functions?
# TODO: this whole process must be O(mfg).
bad_funcs = set([])
dangerous_funcs = ["wcsncpy", "strcpy", "_strcpy", "_strcpy_0",
"strncpy", "_strncpy", "_strncpy_0",
"memmove", "memcpy", "_memcpy", "_memcpy_0"]
# Loop from start to end within the current segment
for func_name in dangerous_funcs:
func_addr = LocByName(func_name)
if func_addr == BADADDR:
continue
# find all code references to the function
for ref in CodeRefsTo(func_addr, True):
func_addr = misc.function_boundaries(ref)[0]
bad_funcs.add(func_addr)
return bad_funcs示例9: _showStringXrefs
def _showStringXrefs(self):
"""
Displays string references in a table
Optionally Shannon's misc.entropy as well
"""
# Retrieve some config values
show_misc_entropy = self.config.calculate_entropy
show_unique_s = self.config.display_unique_strings
self._console_output("Calculating string references...")
self.ba.calculate_strings_list()
s_ref_list = self.ba.get_string_references()
# Found any references at all?
nr_rows = len(s_ref_list)
if not nr_rows:
self._console_output("[!] No string references found", err = True)
return
if show_misc_entropy:
self.table.setColumnCount(3)
self.table.setHorizontalHeaderLabels(
("Address", "String", "Entropy"))
else:
self.table.setColumnCount(2)
self.table.setHorizontalHeaderLabels(("Address", "String"))
self.table_label.setText("String references in current function")
self.table.clearContents()
self.table.setRowCount(0)
# Fill the table
displayed_strings = []
idx = 0
for (addr, s) in s_ref_list:
if show_unique_s and s in displayed_strings:
continue
displayed_strings.append(s)
self.table.insertRow(idx)
addr_item = QTableWidgetItem("%08x" % addr)
addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
string_item = QTableWidgetItem(s.decode('utf-8'))
string_item.setFlags(string_item.flags() ^ QtCore.Qt.ItemIsEditable)
self.table.setItem(idx, 0, addr_item)
self.table.setItem(idx, 1, string_item)
if show_misc_entropy:
misc_entropy_item = cw.NumQTableWidgetItem("%.4f" % misc.entropy(s))
self.table.setItem(idx, 2, misc_entropy_item)
idx += 1示例10: __init__
def __init__(self):
print "= Loading vulnerability detection module..."
# Since this is pretty demanded information
# let's calculate it here
self.im = misc.importManager()
self.ii = IntegerIssues()
self.cache = VulnDetectionCache()示例11: __init__
def __init__(self):
"""
A bunch of more or less useful binary analysis
routines. Not necessarily related to security stuff.
"""
self.name = "BinaryAnalysis"
self.im = misc.importManager()
self.cache = BinaryAnalysisCache()
self.config = JConfig()
print "= Loading binary analysis module..."示例12: _showDangerousConnections
def _showDangerousConnections(self):
"""
Shows connections graphs between functions calling IO
and the ones calling dangerous APIs
"""
self._console_output("Calculating dangerous connections...")
try:
conn_graphs = self.ba.get_all_dangerous_connections()
except Exception as e:
print "[!] Error in get_all_dangerous_connections()", e
return
if not conn_graphs:
self._console_output("[!] No (obvious) dangerous connections", err = True)
return
self.table.setColumnCount(5)
self.table.setHorizontalHeaderLabels(
("IO Caller", "Dangerous Functions", "Shortest Path Length", "u", "v"))
self.table_label.setText("Dangerous Connections")
self.table.clearContents()
self.table.setRowCount(0)
for idx, c in enumerate(conn_graphs):
self.table.insertRow(idx)
u, v, sp_len = c # tuple unpacking
io_item = QTableWidgetItem("%s" % misc.get_function_name(u))
df_item = QTableWidgetItem("%s" % misc.get_function_name(v))
sp_item = QTableWidgetItem("%d" % sp_len)
ioa_item = QTableWidgetItem("%x" % u)
ioa_item.setFlags(ioa_item.flags() ^ QtCore.Qt.ItemIsEditable)
dfa_item = QTableWidgetItem("%x" % v)
dfa_item.setFlags(dfa_item.flags() ^ QtCore.Qt.ItemIsEditable)
self.table.setItem(idx, 0, io_item)
self.table.setItem(idx, 1, df_item)
self.table.setItem(idx, 2, sp_item)
self.table.setItem(idx, 3, ioa_item)
self.table.setItem(idx, 4, dfa_item)示例13: find_imm_compares
def find_imm_compares(self):
"""
Find all immediate compares in the current function.
Very useful when debugging parsers, for example.
@return: list of tuples [(address, disassembly),...]
"""
cmp_addr = []
for addr, dis in misc.iter_disasm():
if "cmp" in dis:
if GetOpType(addr, 1) == o_imm: # 5: immediate value
cmp_addr.append((addr, dis))
return cmp_addr示例14: comments_in_function
def comments_in_function(self):
"""
Searches the current function for IDA generated annotations
Useful when dealing with large functions doing lots of logging
@return: a list of tuples [(addr, comment)]
"""
comments = []
for addr, dis in misc.iter_disasm():
comm = Comment(addr)
# Comment returns None if no comment
if comm:
comments.append((addr, comm))
return comments示例15: _showAllFunctions
def _showAllFunctions(self):
"""
Populates the functions list.
From this it is possible to select endpoints to
create a ConnectGraph for example
"""
self._console_output("Displaying all known functions...")
current_ea, _ = misc.function_boundaries()
func_list = self.ba.get_all_functions()
if not func_list:
return
self.table.setColumnCount(2)
self.table.setHorizontalHeaderLabels(("Address", "Name"))
self.table_label.setText("Functions in current binary")
self.table.clearContents()
self.table.setRowCount(0)
# Current table index
c_idx = 0
for idx, (f_ea, f_name) in enumerate(func_list):
self.table.insertRow(idx)
addr_item = QTableWidgetItem("%08x" % f_ea)
addr_item.setFlags(addr_item.flags() ^ QtCore.Qt.ItemIsEditable)
name_item = QTableWidgetItem("%s" % f_name)
if f_ea == current_ea:
current_ea_item = addr_item
c_idx = idx
self.table.setItem(idx, 0, addr_item)
self.table.setItem(idx, 1, name_item)
# Conveniently scroll to the current EA
self.table.scrollToItem(
#current_ea_item,
self.table.item(c_idx, 0),
QtGui.QAbstractItemView.PositionAtTop
)