int main(int argc, char *argv[])
{
PE_FILE pe;
FILE *dbfile = NULL, *fp = NULL;
QWORD ep_offset, pesize;
char value[MAX_MSG];
unsigned char *pe_data;
if (argc < 2)
{
usage();
exit(1);
}
memset(&config, 0, sizeof(config));
parse_options(argc, argv); // opcoes
if ((fp = fopen(argv[argc-1], "rb")) == NULL)
EXIT_ERROR("file not found or unreadable");
pe_init(&pe, fp); // inicializa o struct pe
if (!ispe(&pe))
EXIT_ERROR("invalid PE file");
if (!pe_get_optional(&pe))
EXIT_ERROR("unable to read optional header");
if (!(ep_offset = rva2ofs(&pe, pe.entrypoint)))
EXIT_ERROR("unable to get entrypoint offset");
pesize = pe_get_size(&pe);
pe_data = (unsigned char *) xmalloc(pesize);
//if (fseek(pe.handle, ep, SEEK_SET))
//EXIT_ERROR("unable to seek to entrypoint offset");
if (!fread(pe_data, pesize, 1, pe.handle))
EXIT_ERROR("unable to read entrypoint data");
if (!loaddb(&dbfile))
fprintf(stderr, "warning: without valid database file, %s will search in generic mode only\n", PROGRAM);
// packer by signature
if (compare_signature(pe_data, ep_offset, dbfile, value));
// generic detection
else if (generic_packer(&pe, ep_offset))
snprintf(value, MAX_MSG, "generic");
else
snprintf(value, MAX_MSG, "no packer found");
free(pe_data);
output("packer", value);
if (dbfile)
fclose(dbfile);
pe_deinit(&pe);
return 0;
}
int main() {
char* word = NULL;
int size = 0;
occurance_t* occ_class = NULL;
while(strcmp(word = getWord(), "vsmisal")) {
int tmp;
if((tmp = compare_signature(occ_class, size, hash(word))) != 0)
occ_class[tmp].times++;
else {
occurance_t temp;
temp.hash = hash(word);
temp.times = 1;
occ_class = add_signature(occ_class, temp);
size++;
}
}
int tmp = 0;
for(int i = 0; i < size; i++) {
if(occ_class[i].times > tmp && occ_class[i].times != 1)
tmp = i;
}
printf("%d %ld", occ_class[tmp].times, occ_class[tmp].hash);
free(word);
free(occ_class);
return 0;
}
static bool load_asl(GArray *sdts, AcpiSdtTable *sdt)
{
AcpiSdtTable *temp;
GError *error = NULL;
GString *command_line = g_string_new(iasl);
gint fd;
gchar *out, *out_err;
gboolean ret;
int i;
fd = g_file_open_tmp("asl-XXXXXX.dsl", &sdt->asl_file, &error);
g_assert_no_error(error);
close(fd);
/* build command line */
g_string_append_printf(command_line, " -p %s ", sdt->asl_file);
if (compare_signature(sdt, "DSDT") ||
compare_signature(sdt, "SSDT")) {
for (i = 0; i < sdts->len; ++i) {
temp = &g_array_index(sdts, AcpiSdtTable, i);
if (compare_signature(temp, "DSDT") ||
compare_signature(temp, "SSDT")) {
g_string_append_printf(command_line, "-e %s ", temp->aml_file);
}
}
}
g_string_append_printf(command_line, "-d %s", sdt->aml_file);
/* pass 'out' and 'out_err' in order to be redirected */
ret = g_spawn_command_line_sync(command_line->str, &out, &out_err, NULL, &error);
g_assert_no_error(error);
if (ret) {
ret = g_file_get_contents(sdt->asl_file, (gchar **)&sdt->asl,
&sdt->asl_len, &error);
g_assert(ret);
g_assert_no_error(error);
ret = (sdt->asl_len > 0);
}
g_free(out);
g_free(out_err);
g_string_free(command_line, true);
return !ret;
}
int main(int argc, char *argv[])
{
pev_config_t config;
PEV_INITIALIZE(&config);
if (argc < 2) {
usage();
exit(EXIT_FAILURE);
}
output_set_cmdline(argc, argv);
options_t *options = parse_options(argc, argv); // opcoes
const char *path = argv[argc-1];
pe_ctx_t ctx;
pe_err_e err = pe_load_file(&ctx, path);
if (err != LIBPE_E_OK) {
pe_error_print(stderr, err);
return EXIT_FAILURE;
}
err = pe_parse(&ctx);
if (err != LIBPE_E_OK) {
pe_error_print(stderr, err);
return EXIT_FAILURE;
}
if (!pe_is_pe(&ctx))
EXIT_ERROR("not a valid PE file");
const uint64_t ep_offset = pe_rva2ofs(&ctx, ctx.pe.entrypoint);
if (ep_offset == 0)
EXIT_ERROR("unable to get entrypoint offset");
FILE *dbfile = NULL;
if (!loaddb(&dbfile, options))
fprintf(stderr, "warning: without valid database file, %s will search in generic mode only\n", PROGRAM);
char value[MAX_MSG];
// TODO(jweyrich): Create a new API to retrieve map_addr.
// TODO(jweyrich): Should we use `LIBPE_PTR_ADD(ctx->map_addr, ep_offset)` instead?
const unsigned char *pe_data = ctx.map_addr;
// packer by signature
if (compare_signature(pe_data, ep_offset, dbfile, value, sizeof(value)))
;
// generic detection
else if (generic_packer(&ctx, ep_offset))
snprintf(value, MAX_MSG, "generic");
else
snprintf(value, MAX_MSG, "no packer found");
output_open_document();
output("packer", value);
output_close_document();
if (dbfile != NULL)
fclose(dbfile);
// libera a memoria
free_options(options);
// free
err = pe_unload(&ctx);
if (err != LIBPE_E_OK) {
pe_error_print(stderr, err);
return EXIT_FAILURE;
}
PEV_FINALIZE(&config);
return EXIT_SUCCESS;
}
