本文整理汇总了Python中lib.core.config.Config类的典型用法代码示例。如果您正苦于以下问题:Python Config类的具体用法?Python Config怎么用?Python Config使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Config类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: prepare
def prepare(self):
"""Prepare env for analysis."""
# Create the folders used for storing the results.
create_folders()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
if self.config.get("clock", None):
# Set virtual machine clock.
clock = datetime.datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
os.system("date -s \"{0}\"".format(clock.strftime("%y-%m-%d %H:%M:%S")))
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(tempfile.gettempdir(), self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target示例2: prepare
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
os.system("echo:|date {0}".format(thedate))
os.system("echo:|time {0}".format(thetime))
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
SERVICES_PID = self.pid_from_process_name("services.exe")
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config.get_options())
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target示例3: STAP
class STAP(Auxiliary):
"""system-wide syscall trace with stap."""
priority = -10 # low prio to wrap tightly around the analysis
def __init__(self):
self.config = Config(cfg="analysis.conf")
self.proc = None
def start(self):
# helper function locating the stap module
def has_stap(p):
only_stap = [fn for fn in os.listdir(p) if fn.startswith("stap_") and fn.endswith(".ko")]
if only_stap: return os.path.join(p, only_stap[0])
return False
path_cfg = self.config.get("analyzer_stap_path", None)
if path_cfg and os.path.exists(path_cfg):
path = path_cfg
elif os.path.exists("/root/.cuckoo") and has_stap("/root/.cuckoo"):
path = has_stap("/root/.cuckoo")
else:
log.warning("Could not find STAP LKM, aborting systemtap analysis.")
return False
stap_start = time.time()
self.proc = subprocess.Popen([
"staprun", "-vv",
"-x", str(os.getpid()),
"-o", "stap.log",
path,
], stderr=subprocess.PIPE)
while "systemtap_module_init() returned 0" not in self.proc.stderr.readline():
pass
stap_stop = time.time()
log.info("STAP aux module startup took %.2f seconds" % (stap_stop - stap_start))
return True
@staticmethod
def _upload_file(local, remote):
if os.path.exists(local):
nf = NetlogFile(remote)
with open(local, "rb") as f:
for chunk in f:
nf.sock.sendall(chunk) # dirty direct send, no reconnecting
nf.close()
def stop(self):
try:
r = self.proc.poll()
log.debug("stap subprocess retval %r", r)
self.proc.kill()
except Exception as e:
log.warning("Exception killing stap: %s", e)
self._upload_file("stap.log", "logs/all.stap")示例4: prepare
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
global HIDE_PIDS
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# randomize cuckoomon DLL and loader executable names
copy("dll\\cuckoomon.dll", CUCKOOMON32_NAME)
copy("dll\\cuckoomon_x64.dll", CUCKOOMON64_NAME)
copy("bin\\loader.exe", LOADER32_NAME)
copy("bin\\loader_x64.exe", LOADER64_NAME)
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
systime = SYSTEMTIME()
systime.wYear = clock.year
systime.wMonth = clock.month
systime.wDay = clock.day
systime.wHour = clock.hour
systime.wMinute = clock.minute
systime.wSecond = clock.second
systime.wMilliseconds = 0
KERNEL32.SetSystemTime(byref(systime))
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
svcpid = self.pids_from_process_name_list(["services.exe"])
if svcpid:
SERVICES_PID = svcpid[0]
protected_procname_list = [
"vmwareuser.exe",
"vmwareservice.exe",
"vboxservice.exe",
"vboxtray.exe",
"sandboxiedcomlaunch.exe",
"sandboxierpcss.exe",
"procmon.exe",
"regmon.exe",
"filemon.exe",
"wireshark.exe",
"netmon.exe",
"prl_tools_service.exe",
"prl_tools.exe",
"prl_cc.exe",
"sharedintapp.exe",
"vmtoolsd.exe",
"vmsrvc.exe",
"python.exe",
"perl.exe",
]
HIDE_PIDS = set(self.pids_from_process_name_list(protected_procname_list))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config)
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target示例5: __init__
def __init__(self):
self.config = Config(cfg="analysis.conf")
self.pids_reported = set()示例6: LKM
class LKM(Auxiliary):
"""helper LKM for sleep skipping etc"""
def __init__(self):
self.config = Config(cfg="analysis.conf")
self.pids_reported = set()
def start(self):
# highest priority: if the vm config specifies the path
if self.config.get("analyzer_lkm_path", None) and os.path.exists(self.config.get("analyzer_lkm_path")):
path = self.config.get("analyzer_lkm_path")
# next: if the analyzer was uploaded with a module for our platform
elif os.path.exists(os.path.join(platform.machine(), "probelkm.ko")):
path = os.path.join(platform.machine(), "probelkm.ko")
# next: default path inside the machine
elif os.path.exists("/root/.cuckoo/probelkm.ko"):
path = "/root/.cuckoo/probelkm.ko"
# next: generic module uploaded with the analyzer (single arch setup maybe?)
elif os.path.exists("probelkm.ko"):
path = "probelkm.ko"
else:
log.warning("Could not find probelkm :(")
return False
os.system("insmod %s trace_descendants=1 target_pid=%u" % (path, os.getpid()))
return True
def get_pids(self):
new = []
fd = open("/var/log/kern.log")
for line in fd:
if not "[probelkm]" in line: continue
pos1 = line.find("forked to ")
pos2 = line.find("@", pos1+10)
if pos1 == -1 or pos2 == -1: continue
forked_pid = int(line[pos1+10:pos2])
if forked_pid in self.pids_reported:
continue
self.pids_reported.add(forked_pid)
new.append(forked_pid)
return new
def stop(self):
# i guess we don't need to unload at all
#os.system("rmmod probelkm")
# now upload the logfile
nf = NetlogFile("logs/all.lkm")
fd = open("/var/log/kern.log")
for line in fd:
if not "[probelkm]" in line: continue
nf.sock.sendall(line) # dirty direct send, no reconnecting
fd.close()
nf.close()示例7: prepare
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
os.system("echo:|date {0}".format(clock.strftime("%m-%d-%y")))
os.system("echo:|time {0}".format(clock.strftime("%H:%M:%S")))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
# tasklist sometimes fails under high-load (http://support.microsoft.com/kb/2732840)
# We can retry a few times to hopefully work around failures
retries = 4
while retries > 0:
stdin, stdout, stderr = os.popen3("tasklist /V /FI \"IMAGENAME eq services.exe\"")
s = stdout.read()
err = stderr.read()
if 'services.exe' not in s:
log.warning('tasklist failed with error "%s"' % (err))
else:
# it worked
break
retries -= 1
if 'services.exe' not in s:
# All attempts failed
log.error('Unable to retreive services.exe PID')
SERVICES_PID = None
else:
servidx = s.index("services.exe")
servstr = s[servidx + 12:].strip()
SERVICES_PID = int(servstr[:servstr.index(' ')], 10)
log.debug('services.exe PID is %s' % (SERVICES_PID))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer()
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target示例8: __init__
class Analyzer:
"""Cuckoo Windows Analyzer.
This class handles the initialization and execution of the analysis
procedure, including handling of the pipe server, the auxiliary modules and
the analysis packages.
"""
PIPE_SERVER_COUNT = 4
def __init__(self):
self.pipes = [None]*self.PIPE_SERVER_COUNT
self.config = None
self.target = None
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
os.system("echo:|date {0}".format(clock.strftime("%m-%d-%y")))
os.system("echo:|time {0}".format(clock.strftime("%H:%M:%S")))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
# tasklist sometimes fails under high-load (http://support.microsoft.com/kb/2732840)
# We can retry a few times to hopefully work around failures
retries = 4
while retries > 0:
stdin, stdout, stderr = os.popen3("tasklist /V /FI \"IMAGENAME eq services.exe\"")
s = stdout.read()
err = stderr.read()
if 'services.exe' not in s:
log.warning('tasklist failed with error "%s"' % (err))
else:
# it worked
break
retries -= 1
if 'services.exe' not in s:
# All attempts failed
log.error('Unable to retreive services.exe PID')
SERVICES_PID = None
else:
servidx = s.index("services.exe")
servstr = s[servidx + 12:].strip()
SERVICES_PID = int(servstr[:servstr.index(' ')], 10)
log.debug('services.exe PID is %s' % (SERVICES_PID))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer()
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def complete(self):
"""End analysis."""
# Stop the Pipe Servers.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x].stop()
# Dump all the notified files.
dump_files()
#.........这里部分代码省略.........
示例9: parse_config
def parse_config(self, config_name="analysis.conf"):
self.config = Config(cfg=config_name)示例10: prepare
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
global HIDE_PIDS
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# randomize cuckoomon DLL and loader executable names
copy("dll\\cuckoomon.dll", CUCKOOMON32_NAME)
copy("dll\\cuckoomon_x64.dll", CUCKOOMON64_NAME)
copy("bin\\loader.exe", LOADER32_NAME)
copy("bin\\loader_x64.exe", LOADER64_NAME)
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
os.system("echo:|date {0}".format(thedate))
os.system("echo:|time {0}".format(thetime))
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
svcpid = self.pids_from_process_name_list(["services.exe"])
if svcpid:
SERVICES_PID = svcpid[0]
protected_procname_list = [
"vmwareuser.exe",
"vmwareservice.exe",
"vboxservice.exe",
"vboxtray.exe",
"sandboxiedcomlaunch.exe",
"sandboxierpcss.exe",
"procmon.exe",
"regmon.exe",
"filemon.exe",
"wireshark.exe",
"netmon.exe",
"prl_tools_service.exe",
"prl_tools.exe",
"prl_cc.exe",
"sharedintapp.exe",
"vmtoolsd.exe",
"vmsrvc.exe",
"python.exe",
"perl.exe",
]
HIDE_PIDS = set(self.pids_from_process_name_list(protected_procname_list))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config)
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target示例11: __init__
class Analyzer:
"""Cuckoo Linux Analyzer.
This class handles the initialization and execution of the analysis
procedure, including the auxiliary modules and the analysis packages.
"""
def __init__(self):
self.config = None
self.target = None
def prepare(self):
"""Prepare env for analysis."""
# Create the folders used for storing the results.
create_folders()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
if self.config.get("clock", None):
# Set virtual machine clock.
clock = datetime.datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
os.system("date -s \"{0}\"".format(clock.strftime("%y-%m-%d %H:%M:%S")))
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(tempfile.gettempdir(), self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def complete(self):
"""End analysis."""
# Dump all the notified files.
dump_files()
# Hell yeah.
log.info("Analysis completed.")
def run(self):
"""Run analysis.
@return: operation status.
"""
self.prepare()
log.debug("Starting analyzer from: %s", os.getcwd())
log.debug("Storing results at: %s", PATHS["root"])
# If no analysis package was specified at submission, we try to select
# one automatically.
if not self.config.package:
log.debug("No analysis package specified, trying to detect "
"it automagically.")
if self.config.category == "file":
package = "generic"
else:
package = "wget"
# If we weren't able to automatically determine the proper package,
# we need to abort the analysis.
if not package:
raise CuckooError("No valid package available for file "
"type: {0}".format(self.config.file_type))
log.info("Automatically selected analysis package \"%s\"", package)
# Otherwise just select the specified package.
else:
package = self.config.package
# Generate the package path.
package_name = "modules.packages.%s" % package
# Try to import the analysis package.
try:
__import__(package_name, globals(), locals(), ["dummy"], -1)
# If it fails, we need to abort the analysis.
except ImportError:
raise CuckooError("Unable to import package \"{0}\", does "
"not exist.".format(package_name))
# Initialize the package parent abstract.
Package()
# Enumerate the abstract subclasses.
try:
package_class = Package.__subclasses__()[0]
except IndexError as e:
raise CuckooError("Unable to select package class "
"(package={0}): {1}".format(package_name, e))
# Initialize the analysis package.
pack = package_class(self.config.get_options())
#.........这里部分代码省略.........
示例12: __init__
def __init__(self):
self.config = Config(cfg="analysis.conf")
self.fallback_strace = False示例13: STAP
class STAP(Auxiliary):
"""system-wide syscall trace with stap."""
priority = -10 # low prio to wrap tightly around the analysis
def __init__(self):
self.config = Config(cfg="analysis.conf")
self.fallback_strace = False
def start(self):
# helper function locating the stap module
def has_stap(p):
only_stap = [fn for fn in os.listdir(p) if fn.startswith("stap_") and fn.endswith(".ko")]
if only_stap: return os.path.join(p, only_stap[0])
return False
# highest priority: if the vm config specifies the path
if self.config.get("analyzer_stap_path", None) and os.path.exists(self.config.get("analyzer_stap_path")):
path = self.config.get("analyzer_lkm_path")
# next: if a module was uploaded with the analyzer for our platform
elif os.path.exists(platform.machine()) and has_stap(platform.machine()):
path = has_stap(platform.machine())
# next: default path inside the machine
elif os.path.exists("/root/.cuckoo") and has_stap("/root/.cuckoo"):
path = has_stap("/root/.cuckoo")
# next: generic module uploaded with the analyzer (single arch setup maybe?)
elif has_stap("."):
path = has_stap(".")
else:
# we can't find the stap module, fallback to strace
log.warning("Could not find STAP LKM, falling back to strace.")
return self.start_strace()
stap_start = time.time()
stderrfd = open("stap.stderr", "wb")
self.proc = subprocess.Popen(["staprun", "-v", "-x", str(os.getpid()), "-o", "stap.log", path], stderr=stderrfd)
# read from stderr until the tap script is compiled
# while True:
# if not self.proc.poll() is None:
# break
# line = self.proc.stderr.readline()
# print "DBG LINE", line
# if "Pass 5: starting run." in line:
# break
time.sleep(10)
stap_stop = time.time()
log.info("STAP aux module startup took %.2f seconds" % (stap_stop - stap_start))
return True
def start_strace(self):
try: os.mkdir("strace")
except: pass # don't worry, it exists
stderrfd = open("strace/strace.stderr", "wb")
self.proc = subprocess.Popen(["strace", "-ff", "-o", "strace/straced", "-p", str(os.getpid())], stderr=stderrfd)
self.fallback_strace = True
return True
def get_pids(self):
if self.fallback_strace:
return [self.proc.pid, ]
return []
def stop(self):
try:
r = self.proc.poll()
log.debug("stap subprocess retval %r", r)
self.proc.kill()
except Exception as e:
log.warning("Exception killing stap: %s", e)
if os.path.exists("stap.log"):
# now upload the logfile
nf = NetlogFile("logs/all.stap")
fd = open("stap.log", "rb")
for chunk in fd:
nf.sock.sendall(chunk) # dirty direct send, no reconnecting
fd.close()
nf.close()
# in case we fell back to strace
if os.path.exists("strace"):
for fn in os.listdir("strace"):
# we don't need the logs from the analyzer python process itself
if fn == "straced.%u" % os.getpid(): continue
fp = os.path.join("strace", fn)
# now upload the logfile
nf = NetlogFile("logs/%s" % fn)
fd = open(fp, "rb")
for chunk in fd:
nf.sock.sendall(chunk) # dirty direct send, no reconnecting
fd.close()
nf.close()示例14: Analyzer
class Analyzer(object):
"""Cuckoo Linux Analyzer.
This class handles the initialization and execution of the analysis
procedure.
"""
def __init__(self):
self.pserver = None
self.config = None
self.target = None
def prepare(self):
"""Prepare env for analysis."""
# Create the folders used for storing the results.
create_folders()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
if self.config.get("clock", None):
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
os.system("date -s \"{0}\"".format(clock.strftime("%y-%m-%d %H:%M:%S")))
# Initialize and start the Pipe Server. This is going to be used for
# communicating with the injected and monitored processes.
self.pserver = PipeServer()
self.pserver.start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(gettempdir(), str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def complete(self):
"""End analysis."""
# Dump all the notified files
dump_files()
# We're done!
log.info("Analysis completed.")
def run(self):
"""Run analysis.
@return: operation status.
"""
self.prepare()
log.debug("Starting analyzer from: %s", os.getcwd())
log.debug("Storing results at: %s", PATHS["root"])
log.debug("Target is: %s", self.target)
# If the analysis target is a file, we choose the package according
# to the file format.
if self.config.category == "file":
if ".bash" in self.config.file_name:
arguments = ["/bin/bash", self.target]
elif ".sh" in self.config.file_name:
arguments = ["/bin/sh", self.target]
elif ".pl" in self.config.file_name:
arguments = ["/bin/perl", self.target]
else:
arguments = [self.target, '']
os.system("chmod +x " + str(self.target))
if self.config.options:
if len(arguments) < 2:
arguments.pop()
arguments.append(self.config.options)
else:
raise CuckooError("No browser support yet")
# Start file system tracer thread
fstrace = FilesystemTracer()
fstrace.start()
# Start system call tracer thread
proctrace = SyscallTracer(arguments)
proctrace.start()
if self.config.enforce_timeout:
log.info("Enabled timeout enforce, running for the full timeout.")
time_counter = 0
while True:
time_counter += 1
if time_counter == int(self.config.timeout):
log.info("Analysis timeout hit, terminating analysis.")
break
#.........这里部分代码省略.........
示例15: inject
def inject(self, dll=None, interest=None, nosleepskip=False):
"""Cuckoo DLL injection.
@param dll: Cuckoo DLL path.
@param interest: path to file of interest, handed to cuckoomon config
@param apc: APC use.
"""
global LOGSERVER_POOL
if not self.pid:
return False
thread_id = 0
if self.thread_id:
thread_id = self.thread_id
if not self.is_alive():
log.warning("The process with pid %s is not alive, "
"injection aborted", self.pid)
return False
is_64bit = self.is_64bit()
if not dll:
if is_64bit:
dll = CUCKOOMON64_NAME
else:
dll = CUCKOOMON32_NAME
else:
os.path.join("dll", dll)
dll = os.path.join(os.getcwd(), dll)
if not dll or not os.path.exists(dll):
log.warning("No valid DLL specified to be injected in process "
"with pid %d, injection aborted.", self.pid)
return False
if thread_id or self.suspended:
log.debug("Using QueueUserAPC injection.")
else:
log.debug("Using CreateRemoteThread injection.")
config_path = "C:\\%s.ini" % self.pid
with open(config_path, "w") as config:
cfg = Config("analysis.conf")
cfgoptions = cfg.get_options()
# start the logserver for this monitored process
logserver_path = LOGSERVER_PREFIX + str(self.pid)
if logserver_path not in LOGSERVER_POOL:
LOGSERVER_POOL[logserver_path] = LogServer(cfg.ip, cfg.port, logserver_path)
Process.process_num += 1
firstproc = Process.process_num == 1
config.write("host-ip={0}\n".format(cfg.ip))
config.write("host-port={0}\n".format(cfg.port))
config.write("pipe={0}\n".format(PIPE))
config.write("logserver={0}\n".format(logserver_path))
config.write("results={0}\n".format(PATHS["root"]))
config.write("analyzer={0}\n".format(os.getcwd()))
config.write("first-process={0}\n".format("1" if firstproc else "0"))
config.write("startup-time={0}\n".format(Process.startup_time))
config.write("file-of-interest={0}\n".format(interest))
config.write("shutdown-mutex={0}\n".format(SHUTDOWN_MUTEX))
config.write("terminate-event={0}{1}\n".format(TERMINATE_EVENT, self.pid))
if nosleepskip or ("force-sleepskip" not in cfgoptions and len(interest) > 2 and interest[1] != ':' and interest[0] != '\\' and Process.process_num <= 2):
config.write("force-sleepskip=0\n")
if "norefer" not in cfgoptions and "referrer" not in cfgoptions:
config.write("referrer={0}\n".format(get_referrer_url(interest)))
simple_optnames = [
"force-sleepskip",
"full-logs",
"force-flush",
"no-stealth",
"buffer-max",
"large-buffer-max",
"serial",
"sysvol_ctimelow",
"sysvol_ctimehigh",
"sys32_ctimelow",
"sys32_ctimehigh",
"debug",
"disable_hook_content",
"hook-type",
"exclude-apis",
"exclude-dlls",
"referrer",
]
for optname in simple_optnames:
if optname in cfgoptions:
config.write("{0}={1}\n".format(optname, cfgoptions[optname]))
orig_bin_name = ""
bit_str = ""
if is_64bit:
orig_bin_name = LOADER64_NAME
#.........这里部分代码省略.........