本文整理汇总了Python中idautils.GetInputFileMD5方法的典型用法代码示例。如果您正苦于以下问题:Python idautils.GetInputFileMD5方法的具体用法?Python idautils.GetInputFileMD5怎么用?Python idautils.GetInputFileMD5使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idautils的用法示例。
在下文中一共展示了idautils.GetInputFileMD5方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: format_rules
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def format_rules(fva, rules):
'''
given the address of a function, and the byte signatures for basic blocks in
the function, format a complete YARA rule that matches all of the
basic block signatures.
'''
name = idc.get_func_name(fva)
# some characters aren't valid for YARA rule names
safe_name = name
BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?'
for c in BAD_CHARS:
safe_name = safe_name.replace(c, '')
md5 = idautils.GetInputFileMD5().hex()
ret = []
ret.append(f'rule a_{md5}_{safe_name}')
ret.append(' meta:')
ret.append(f' sample_md5 = "{md5}"')
ret.append(f' function_address = "0x{fva}"')
ret.append(f' function_name = "{name}"')
ret.append(' strings:')
for rule in rules:
formatted_rule = ' '.join(rule.masked_bytes)
ret.append(f' {rule.name} = {{{formatted_rule}}}')
ret.append(' condition:')
ret.append(' all of them')
ret.append('}')
return '\n'.join(ret) 示例2: load_configuration
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def load_configuration():
"""
"""
global GHIDA_CONF
global DECOMPILED_CACHE
global COMMENTS_CACHE
# Loading the plugin configuration
print("GhIDA:: [DEBUG] Reading GhIDA configuration")
GHIDA_CONF = gl.GhidaConfiguration()
print("GHIDA_CONF.load_save_cached_code",
GHIDA_CONF.load_save_cached_code)
print("GHIDA_CONF.load_save_cached_comments",
GHIDA_CONF.load_save_cached_comments)
md5 = idautils.GetInputFileMD5()
# Initalize the cache (and load cached objects)
DECOMPILED_CACHE = gl.DecompiledCache(
file_id=md5,
use_cache=GHIDA_CONF.load_save_cached_code)
COMMENTS_CACHE = gl.CommentsCache(
file_id=md5,
use_cache=GHIDA_CONF.load_save_cached_comments)
return
# ------------------------------------------------------------
# HANDLERS FOR THE POP-UP MENU IN DECOMP VIEW
# ------------------------------------------------------------ 示例3: create_random_filename
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def create_random_filename():
global GLOBAL_FILENAME
if not GLOBAL_FILENAME:
letters = [random.choice(string.ascii_letters) for i in range(5)]
random_string = ''.join(letters)
GLOBAL_FILENAME = "%s_%s" % (idautils.GetInputFileMD5(), random_string)
return GLOBAL_FILENAME 示例4: format_rules
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def format_rules(fva, rules):
'''
given the address of a function, and the byte signatures for basic blocks in
the function, format a complete YARA rule that matches all of the
basic block signatures.
'''
name = GetFunctionName(fva)
if not rules:
logging.info('no rules for {}'.format(name))
return None
# some characters aren't valid for YARA rule names
safe_name = name
BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?'
for c in BAD_CHARS:
safe_name = safe_name.replace(c, '')
md5 = idautils.GetInputFileMD5()
ret = []
ret.append('rule a_{hash:s}_{name:s} {{'.format(
hash=md5,
name=safe_name))
ret.append(' meta:')
ret.append(' sample_md5 = "{md5:s}"'.format(md5=md5))
ret.append(' function_address = "0x{fva:x}"'.format(fva=fva))
ret.append(' function_name = "{name:s}"'.format(name=name))
ret.append(' strings:')
for rule in rules:
formatted_rule = ' '.join(rule.masked_bytes).rstrip('?? ')
ret.append(' {name:s} = {{ {hex:s} }}'.format(
name=rule.name,
hex=formatted_rule))
ret.append(' condition:')
ret.append(' all of them')
ret.append('}')
return '\n'.join(ret) 示例5: load_db
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def load_db(self, file_name=None):
"""
Load DB from file and DeSeralize
@param file_name: DB filename
@return: True on success otherwise False
"""
if file_name is None:
file_name = self.get_default_db_filename()
if not os.path.exists(file_name):
raise IOError("DIE DB file not found")
in_file = open(file_name, 'rb')
db_tables = pickle.load(in_file)
# Validate db MD5
db_md5 = db_tables[0].md5
if db_md5 != idautils.GetInputFileMD5():
raise DbFileMismatch("Db File is different then currently analyzed file")
self.run_info = db_tables[0]
self.functions = db_tables[1]
self.function_args = db_tables[2]
self.function_contexts = db_tables[3]
self.threads = db_tables[4]
self.dbg_values = db_tables[5]
self.parsed_values = db_tables[6]
self.excluded_bp_ea = db_tables[7]
self.excluded_funcNames_part = db_tables[8]
self.excluded_funcNames = db_tables[9]
self.excluded_modules = db_tables[10]
return True
#############################################################################
# Singleton
############################################################################# 示例6: get_input_file_hash
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def get_input_file_hash():
return idautils.GetInputFileMD5() 示例7: format_rules
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def format_rules(fva, rules):
"""
given the address of a function, and the byte signatures for basic blocks in
the function, format a complete YARA rule that matches all of the
basic block signatures.
"""
name = idc.GetFunctionName(fva)
# some characters aren't valid for YARA rule names
safe_name = name
BAD_CHARS = "@ /\\!@#$%^&*()[]{};:'\",./<>?"
for c in BAD_CHARS:
safe_name = safe_name.replace(c, "")
md5 = idautils.GetInputFileMD5()
ret = []
ret.append("rule a_%s_%s {" % (md5, safe_name))
ret.append(" meta:")
ret.append(' sample_md5 = "%s"' % (md5))
ret.append(' function_address = "0x%x"' % (fva))
ret.append(' function_name = "%s"' % (name))
ret.append(" strings:")
for rule in rules:
formatted_rule = " ".join(rule.masked_bytes)
ret.append(" %s = { %s }" % (rule.name, formatted_rule))
ret.append(" condition:")
ret.append(" all of them")
ret.append("}")
return "\n".join(ret) 示例8: ghidraaas_checkin
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def ghidraaas_checkin(bin_file_path, filename, ghidra_server_url):
"""
Upload the .bytes files in ghidraaas.
One time only (until IDA is restarted...)
"""
idaapi.show_wait_box("Connecting to Ghidraaas. Sending bytes file...")
try:
md5_hash = idautils.GetInputFileMD5()
queue = Queue.Queue()
my_args = (bin_file_path, filename, ghidra_server_url, md5_hash, queue)
t1 = threading.Thread(target=ghidraaas_checkin_thread,
args=my_args)
t1.start()
counter = 0
stop = False
while not stop:
time.sleep(SLEEP_LENGTH)
counter += 1
# User terminated action
if idaapi.user_cancelled():
stop = True
print("GhIDA:: [!] Check-in interrupted.")
continue
# Reached TIIMEOUT
if counter > COUNTER_MAX:
stop = True
print("GhIDA:: [!] Timeout reached.")
continue
# Thread terminated
if not t1.isAlive():
stop = True
print("GhIDA:: [DEBUG] Thread terminated.")
continue
print("GhIDA:: [DEBUG] Joining check-in thread.")
t1.join(0)
q_result = queue.get_nowait()
print("GhIDA:: [DEBUG] Thread joined. Got queue result.")
idaapi.hide_wait_box()
return q_result
except Exception:
idaapi.hide_wait_box()
print("GhIDA:: [!] Check-in error.")
idaapi.warning("GhIDA check-in error")
return False 示例9: ghidraaas_checkout
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import GetInputFileMD5 [as 别名]
def ghidraaas_checkout(ghidra_server_url):
"""
That's all. Remove .bytes file from Ghidraaas server.
"""
if not GLOBAL_CHECKIN:
return
idaapi.show_wait_box(
"Connecting to Ghidraaas. Removing temporary files...")
try:
md5_hash = idautils.GetInputFileMD5()
aargs = (md5_hash, ghidra_server_url)
t1 = threading.Thread(target=ghidraaas_checkout_thread,
args=aargs)
t1.start()
counter = 0
stop = False
while not stop:
time.sleep(SLEEP_LENGTH)
counter += 1
if idaapi.user_cancelled():
print("GhIDA:: [!] Check-out interrupted.")
stop = True
continue
if counter > COUNTER_MAX:
print("GhIDA:: [!] Timeout reached.")
stop = True
continue
if not t1.isAlive():
stop = True
print("GhIDA:: [DEBUG] Thread terminated.")
continue
print("GhIDA:: [DEBUG] Joining check-out thread.")
t1.join(0)
print("GhIDA:: [DEBUG] Thread joined")
idaapi.hide_wait_box()
return
except Exception:
idaapi.hide_wait_box()
print("GhIDA:: [!] Check-out error")
idaapi.warning("GhIDA check-out error")
return