void ConfigureTool(){
Config *config = Config::getInstance();
config->INTER_WRITESET_ANALYSIS_ENABLE = KnobInterWriteSetAnalysis.Value();
config->ANTIEVASION_MODE = KnobAntiEvasion.Value();
config->ANTIEVASION_MODE_INS_PATCHING = KnobAntiEvasionINSpatcher.Value();
config->ANTIEVASION_MODE_SREAD = KnobAntiEvasionSuspiciousRead.Value();
config->ANTIEVASION_MODE_SWRITE = KnobAntiEvasionSuspiciousWrite.Value();
config->UNPACKING_MODE = KnobUnpacking.Value();
config->ADVANCED_IAT_FIX = KnobAdvancedIATFixing.Value();
config->POLYMORPHIC_CODE_PATCH = KnobPolymorphicCodePatch.Value();
config->NULLIFY_UNK_IAT_ENTRY = KnobNullyfyUnknownIATEntry.Value();
if(KnobInterWriteSetAnalysis.Value() > 1 && KnobInterWriteSetAnalysis.Value() <= Config::MAX_JUMP_INTER_WRITE_SET_ANALYSIS ){
config->WRITEINTERVAL_MAX_NUMBER_JMP = KnobInterWriteSetAnalysis.Value();
}
else{
MYWARN("Invalid number of jumps to track, se to default value: 2\n");
config->WRITEINTERVAL_MAX_NUMBER_JMP = 2; // default value is 2 if we have invalid value
}
}
UINT32 InitFunctionCall::run(ADDRINT curEip,WriteInterval wi){
string idap_res_file = Config::getInstance()->getCurrentDetectedListPath();
string dumpFile = Config::getInstance()->getCurrentDumpFilePath();
if(!existFile(dumpFile)){
MYERRORE("Dump file hasn't been created");
return -1;
}
launchIdaScript(Config::IDA_PATH, Config::IDAP_BAD_IMPORTS_CHECKER, Config::BAD_IMPORTS_LIST, idap_res_file, dumpFile);
//Read the result of IdaPython script
FILE *fd = fopen(idap_res_file.c_str(),"r");
UINT32 file_size = getFileSize(fd);
char * init_func_detected = (char *)malloc(file_size);
fread(init_func_detected,file_size,1,fd);
fclose(fd);
MYWARN("Found init functions %s\n",init_func_detected);
return 0;
}