Python idautils.GetInputFileMD5() Examples

The following are 9 code examples of idautils.GetInputFileMD5(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module idautils , or try the search function .
Example #1
Source File: yara_fn.py    From idawilli with Apache License 2.0 5 votes vote down vote up
def format_rules(fva, rules):
    '''
    given the address of a function, and the byte signatures for basic blocks in
     the function, format a complete YARA rule that matches all of the
     basic block signatures.
    '''
    name = idc.get_func_name(fva)

    # some characters aren't valid for YARA rule names
    safe_name = name
    BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?'
    for c in BAD_CHARS:
        safe_name = safe_name.replace(c, '')

    md5 = idautils.GetInputFileMD5().hex()
    ret = []
    ret.append(f'rule a_{md5}_{safe_name}')
    ret.append('  meta:')
    ret.append(f'    sample_md5 = "{md5}"')
    ret.append(f'    function_address = "0x{fva}"')
    ret.append(f'    function_name = "{name}"')
    ret.append('  strings:')
    for rule in rules:
        formatted_rule = ' '.join(rule.masked_bytes)
        ret.append(f'    {rule.name} = {{{formatted_rule}}}')
    ret.append('  condition:')
    ret.append('    all of them')
    ret.append('}')
    return '\n'.join(ret) 
Example #2
Source File: ghida.py    From GhIDA with Apache License 2.0 5 votes vote down vote up
def load_configuration():
    """
    """
    global GHIDA_CONF
    global DECOMPILED_CACHE
    global COMMENTS_CACHE

    # Loading the plugin configuration
    print("GhIDA:: [DEBUG] Reading GhIDA configuration")
    GHIDA_CONF = gl.GhidaConfiguration()

    print("GHIDA_CONF.load_save_cached_code",
          GHIDA_CONF.load_save_cached_code)
    print("GHIDA_CONF.load_save_cached_comments",
          GHIDA_CONF.load_save_cached_comments)

    md5 = idautils.GetInputFileMD5()

    # Initalize the cache (and load cached objects)
    DECOMPILED_CACHE = gl.DecompiledCache(
        file_id=md5,
        use_cache=GHIDA_CONF.load_save_cached_code)
    COMMENTS_CACHE = gl.CommentsCache(
        file_id=md5,
        use_cache=GHIDA_CONF.load_save_cached_comments)

    return

# ------------------------------------------------------------
#   HANDLERS FOR THE POP-UP MENU IN DECOMP VIEW
# ------------------------------------------------------------ 
Example #3
Source File: lib.py    From GhIDA with Apache License 2.0 5 votes vote down vote up
def create_random_filename():
    global GLOBAL_FILENAME

    if not GLOBAL_FILENAME:
        letters = [random.choice(string.ascii_letters) for i in range(5)]
        random_string = ''.join(letters)
        GLOBAL_FILENAME = "%s_%s" % (idautils.GetInputFileMD5(), random_string)
    return GLOBAL_FILENAME 
Example #4
Source File: yara_fn.py    From ida_haru with Apache License 2.0 5 votes vote down vote up
def format_rules(fva, rules):
    '''
    given the address of a function, and the byte signatures for basic blocks in
     the function, format a complete YARA rule that matches all of the
     basic block signatures.
    '''
    name = GetFunctionName(fva)
    if not rules:
        logging.info('no rules for {}'.format(name))
        return None

    # some characters aren't valid for YARA rule names
    safe_name = name
    BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?'
    for c in BAD_CHARS:
        safe_name = safe_name.replace(c, '')

    md5 = idautils.GetInputFileMD5()
    ret = []
    ret.append('rule a_{hash:s}_{name:s} {{'.format(
        hash=md5,
        name=safe_name))
    ret.append('  meta:')
    ret.append('    sample_md5 = "{md5:s}"'.format(md5=md5))
    ret.append('    function_address = "0x{fva:x}"'.format(fva=fva))
    ret.append('    function_name = "{name:s}"'.format(name=name))
    ret.append('  strings:')
    for rule in rules:
        formatted_rule = ' '.join(rule.masked_bytes).rstrip('?? ')
        ret.append('    {name:s} = {{ {hex:s} }}'.format(
            name=rule.name,
            hex=formatted_rule))
    ret.append('  condition:')
    ret.append('    all of them')
    ret.append('}')
    return '\n'.join(ret) 
Example #5
Source File: DIEDb.py    From DIE with MIT License 5 votes vote down vote up
def load_db(self, file_name=None):
        """
        Load DB from file and DeSeralize
        @param file_name: DB filename
        @return: True on success otherwise False
        """
        if file_name is None:
            file_name = self.get_default_db_filename()

        if not os.path.exists(file_name):
            raise IOError("DIE DB file not found")

        in_file = open(file_name, 'rb')

        db_tables = pickle.load(in_file)

        # Validate db MD5
        db_md5 = db_tables[0].md5
        if db_md5 != idautils.GetInputFileMD5():
            raise DbFileMismatch("Db File is different then currently analyzed file")

        self.run_info = db_tables[0]
        self.functions = db_tables[1]
        self.function_args = db_tables[2]
        self.function_contexts = db_tables[3]
        self.threads = db_tables[4]
        self.dbg_values = db_tables[5]
        self.parsed_values = db_tables[6]
        self.excluded_bp_ea = db_tables[7]
        self.excluded_funcNames_part = db_tables[8]
        self.excluded_funcNames = db_tables[9]
        self.excluded_modules = db_tables[10]

        return True


#############################################################################
# Singleton
############################################################################# 
Example #6
Source File: mkyara_plugin.py    From mkYARA with GNU General Public License v3.0 5 votes vote down vote up
def get_input_file_hash():
    return idautils.GetInputFileMD5() 
Example #7
Source File: yara_fn.py    From python-idb with Apache License 2.0 5 votes vote down vote up
def format_rules(fva, rules):
    """
    given the address of a function, and the byte signatures for basic blocks in
     the function, format a complete YARA rule that matches all of the
     basic block signatures.
    """
    name = idc.GetFunctionName(fva)

    # some characters aren't valid for YARA rule names
    safe_name = name
    BAD_CHARS = "@ /\\!@#$%^&*()[]{};:'\",./<>?"
    for c in BAD_CHARS:
        safe_name = safe_name.replace(c, "")

    md5 = idautils.GetInputFileMD5()
    ret = []
    ret.append("rule a_%s_%s {" % (md5, safe_name))
    ret.append("  meta:")
    ret.append('    sample_md5 = "%s"' % (md5))
    ret.append('    function_address = "0x%x"' % (fva))
    ret.append('    function_name = "%s"' % (name))
    ret.append("  strings:")
    for rule in rules:
        formatted_rule = " ".join(rule.masked_bytes)
        ret.append("    %s = { %s }" % (rule.name, formatted_rule))
    ret.append("  condition:")
    ret.append("    all of them")
    ret.append("}")
    return "\n".join(ret) 
Example #8
Source File: lib.py    From GhIDA with Apache License 2.0 4 votes vote down vote up
def ghidraaas_checkin(bin_file_path, filename, ghidra_server_url):
    """
    Upload the .bytes files in ghidraaas.
    One time only (until IDA is restarted...)
    """
    idaapi.show_wait_box("Connecting to Ghidraaas. Sending bytes file...")
    try:
        md5_hash = idautils.GetInputFileMD5()
        queue = Queue.Queue()

        my_args = (bin_file_path, filename, ghidra_server_url, md5_hash, queue)
        t1 = threading.Thread(target=ghidraaas_checkin_thread,
                              args=my_args)
        t1.start()

        counter = 0
        stop = False

        while not stop:
            time.sleep(SLEEP_LENGTH)
            counter += 1

            # User terminated action
            if idaapi.user_cancelled():
                stop = True
                print("GhIDA:: [!] Check-in interrupted.")
                continue

            # Reached TIIMEOUT
            if counter > COUNTER_MAX:
                stop = True
                print("GhIDA:: [!] Timeout reached.")
                continue

            # Thread terminated
            if not t1.isAlive():
                stop = True
                print("GhIDA:: [DEBUG] Thread terminated.")
                continue

        print("GhIDA:: [DEBUG] Joining check-in thread.")
        t1.join(0)
        q_result = queue.get_nowait()
        print("GhIDA:: [DEBUG] Thread joined. Got queue result.")
        idaapi.hide_wait_box()
        return q_result

    except Exception:
        idaapi.hide_wait_box()
        print("GhIDA:: [!] Check-in error.")
        idaapi.warning("GhIDA check-in error")
        return False 
Example #9
Source File: lib.py    From GhIDA with Apache License 2.0 4 votes vote down vote up
def ghidraaas_checkout(ghidra_server_url):
    """
    That's all. Remove .bytes file from Ghidraaas server.
    """
    if not GLOBAL_CHECKIN:
        return

    idaapi.show_wait_box(
        "Connecting to Ghidraaas. Removing temporary files...")
    try:
        md5_hash = idautils.GetInputFileMD5()
        aargs = (md5_hash, ghidra_server_url)

        t1 = threading.Thread(target=ghidraaas_checkout_thread,
                              args=aargs)
        t1.start()

        counter = 0
        stop = False

        while not stop:
            time.sleep(SLEEP_LENGTH)
            counter += 1

            if idaapi.user_cancelled():
                print("GhIDA:: [!] Check-out interrupted.")
                stop = True
                continue

            if counter > COUNTER_MAX:
                print("GhIDA:: [!] Timeout reached.")
                stop = True
                continue

            if not t1.isAlive():
                stop = True
                print("GhIDA:: [DEBUG] Thread terminated.")
                continue

        print("GhIDA:: [DEBUG] Joining check-out thread.")
        t1.join(0)
        print("GhIDA:: [DEBUG] Thread joined")
        idaapi.hide_wait_box()
        return

    except Exception:
        idaapi.hide_wait_box()
        print("GhIDA:: [!] Check-out error")
        idaapi.warning("GhIDA check-out error")
        return