Python idautils.GetInputFileMD5() Examples
The following are 9
code examples of idautils.GetInputFileMD5().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idautils
, or try the search function
.
Example #1
Source File: yara_fn.py From idawilli with Apache License 2.0 | 5 votes |
def format_rules(fva, rules): ''' given the address of a function, and the byte signatures for basic blocks in the function, format a complete YARA rule that matches all of the basic block signatures. ''' name = idc.get_func_name(fva) # some characters aren't valid for YARA rule names safe_name = name BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?' for c in BAD_CHARS: safe_name = safe_name.replace(c, '') md5 = idautils.GetInputFileMD5().hex() ret = [] ret.append(f'rule a_{md5}_{safe_name}') ret.append(' meta:') ret.append(f' sample_md5 = "{md5}"') ret.append(f' function_address = "0x{fva}"') ret.append(f' function_name = "{name}"') ret.append(' strings:') for rule in rules: formatted_rule = ' '.join(rule.masked_bytes) ret.append(f' {rule.name} = {{{formatted_rule}}}') ret.append(' condition:') ret.append(' all of them') ret.append('}') return '\n'.join(ret)
Example #2
Source File: ghida.py From GhIDA with Apache License 2.0 | 5 votes |
def load_configuration(): """ """ global GHIDA_CONF global DECOMPILED_CACHE global COMMENTS_CACHE # Loading the plugin configuration print("GhIDA:: [DEBUG] Reading GhIDA configuration") GHIDA_CONF = gl.GhidaConfiguration() print("GHIDA_CONF.load_save_cached_code", GHIDA_CONF.load_save_cached_code) print("GHIDA_CONF.load_save_cached_comments", GHIDA_CONF.load_save_cached_comments) md5 = idautils.GetInputFileMD5() # Initalize the cache (and load cached objects) DECOMPILED_CACHE = gl.DecompiledCache( file_id=md5, use_cache=GHIDA_CONF.load_save_cached_code) COMMENTS_CACHE = gl.CommentsCache( file_id=md5, use_cache=GHIDA_CONF.load_save_cached_comments) return # ------------------------------------------------------------ # HANDLERS FOR THE POP-UP MENU IN DECOMP VIEW # ------------------------------------------------------------
Example #3
Source File: lib.py From GhIDA with Apache License 2.0 | 5 votes |
def create_random_filename(): global GLOBAL_FILENAME if not GLOBAL_FILENAME: letters = [random.choice(string.ascii_letters) for i in range(5)] random_string = ''.join(letters) GLOBAL_FILENAME = "%s_%s" % (idautils.GetInputFileMD5(), random_string) return GLOBAL_FILENAME
Example #4
Source File: yara_fn.py From ida_haru with Apache License 2.0 | 5 votes |
def format_rules(fva, rules): ''' given the address of a function, and the byte signatures for basic blocks in the function, format a complete YARA rule that matches all of the basic block signatures. ''' name = GetFunctionName(fva) if not rules: logging.info('no rules for {}'.format(name)) return None # some characters aren't valid for YARA rule names safe_name = name BAD_CHARS = '@ /\\!@#$%^&*()[]{};:\'",./<>?' for c in BAD_CHARS: safe_name = safe_name.replace(c, '') md5 = idautils.GetInputFileMD5() ret = [] ret.append('rule a_{hash:s}_{name:s} {{'.format( hash=md5, name=safe_name)) ret.append(' meta:') ret.append(' sample_md5 = "{md5:s}"'.format(md5=md5)) ret.append(' function_address = "0x{fva:x}"'.format(fva=fva)) ret.append(' function_name = "{name:s}"'.format(name=name)) ret.append(' strings:') for rule in rules: formatted_rule = ' '.join(rule.masked_bytes).rstrip('?? ') ret.append(' {name:s} = {{ {hex:s} }}'.format( name=rule.name, hex=formatted_rule)) ret.append(' condition:') ret.append(' all of them') ret.append('}') return '\n'.join(ret)
Example #5
Source File: DIEDb.py From DIE with MIT License | 5 votes |
def load_db(self, file_name=None): """ Load DB from file and DeSeralize @param file_name: DB filename @return: True on success otherwise False """ if file_name is None: file_name = self.get_default_db_filename() if not os.path.exists(file_name): raise IOError("DIE DB file not found") in_file = open(file_name, 'rb') db_tables = pickle.load(in_file) # Validate db MD5 db_md5 = db_tables[0].md5 if db_md5 != idautils.GetInputFileMD5(): raise DbFileMismatch("Db File is different then currently analyzed file") self.run_info = db_tables[0] self.functions = db_tables[1] self.function_args = db_tables[2] self.function_contexts = db_tables[3] self.threads = db_tables[4] self.dbg_values = db_tables[5] self.parsed_values = db_tables[6] self.excluded_bp_ea = db_tables[7] self.excluded_funcNames_part = db_tables[8] self.excluded_funcNames = db_tables[9] self.excluded_modules = db_tables[10] return True ############################################################################# # Singleton #############################################################################
Example #6
Source File: mkyara_plugin.py From mkYARA with GNU General Public License v3.0 | 5 votes |
def get_input_file_hash(): return idautils.GetInputFileMD5()
Example #7
Source File: yara_fn.py From python-idb with Apache License 2.0 | 5 votes |
def format_rules(fva, rules): """ given the address of a function, and the byte signatures for basic blocks in the function, format a complete YARA rule that matches all of the basic block signatures. """ name = idc.GetFunctionName(fva) # some characters aren't valid for YARA rule names safe_name = name BAD_CHARS = "@ /\\!@#$%^&*()[]{};:'\",./<>?" for c in BAD_CHARS: safe_name = safe_name.replace(c, "") md5 = idautils.GetInputFileMD5() ret = [] ret.append("rule a_%s_%s {" % (md5, safe_name)) ret.append(" meta:") ret.append(' sample_md5 = "%s"' % (md5)) ret.append(' function_address = "0x%x"' % (fva)) ret.append(' function_name = "%s"' % (name)) ret.append(" strings:") for rule in rules: formatted_rule = " ".join(rule.masked_bytes) ret.append(" %s = { %s }" % (rule.name, formatted_rule)) ret.append(" condition:") ret.append(" all of them") ret.append("}") return "\n".join(ret)
Example #8
Source File: lib.py From GhIDA with Apache License 2.0 | 4 votes |
def ghidraaas_checkin(bin_file_path, filename, ghidra_server_url): """ Upload the .bytes files in ghidraaas. One time only (until IDA is restarted...) """ idaapi.show_wait_box("Connecting to Ghidraaas. Sending bytes file...") try: md5_hash = idautils.GetInputFileMD5() queue = Queue.Queue() my_args = (bin_file_path, filename, ghidra_server_url, md5_hash, queue) t1 = threading.Thread(target=ghidraaas_checkin_thread, args=my_args) t1.start() counter = 0 stop = False while not stop: time.sleep(SLEEP_LENGTH) counter += 1 # User terminated action if idaapi.user_cancelled(): stop = True print("GhIDA:: [!] Check-in interrupted.") continue # Reached TIIMEOUT if counter > COUNTER_MAX: stop = True print("GhIDA:: [!] Timeout reached.") continue # Thread terminated if not t1.isAlive(): stop = True print("GhIDA:: [DEBUG] Thread terminated.") continue print("GhIDA:: [DEBUG] Joining check-in thread.") t1.join(0) q_result = queue.get_nowait() print("GhIDA:: [DEBUG] Thread joined. Got queue result.") idaapi.hide_wait_box() return q_result except Exception: idaapi.hide_wait_box() print("GhIDA:: [!] Check-in error.") idaapi.warning("GhIDA check-in error") return False
Example #9
Source File: lib.py From GhIDA with Apache License 2.0 | 4 votes |
def ghidraaas_checkout(ghidra_server_url): """ That's all. Remove .bytes file from Ghidraaas server. """ if not GLOBAL_CHECKIN: return idaapi.show_wait_box( "Connecting to Ghidraaas. Removing temporary files...") try: md5_hash = idautils.GetInputFileMD5() aargs = (md5_hash, ghidra_server_url) t1 = threading.Thread(target=ghidraaas_checkout_thread, args=aargs) t1.start() counter = 0 stop = False while not stop: time.sleep(SLEEP_LENGTH) counter += 1 if idaapi.user_cancelled(): print("GhIDA:: [!] Check-out interrupted.") stop = True continue if counter > COUNTER_MAX: print("GhIDA:: [!] Timeout reached.") stop = True continue if not t1.isAlive(): stop = True print("GhIDA:: [DEBUG] Thread terminated.") continue print("GhIDA:: [DEBUG] Joining check-out thread.") t1.join(0) print("GhIDA:: [DEBUG] Thread joined") idaapi.hide_wait_box() return except Exception: idaapi.hide_wait_box() print("GhIDA:: [!] Check-out error") idaapi.warning("GhIDA check-out error") return