better logging for disasssembler
parent
857063da34
commit
91cf527253
|
@ -4,10 +4,18 @@ import json
|
||||||
|
|
||||||
capstone = Cs(CS_ARCH_X86, CS_MODE_64)
|
capstone = Cs(CS_ARCH_X86, CS_MODE_64)
|
||||||
|
|
||||||
def disasm(shellcode: bytes)->str:
|
def disasm(shellcode: bytes)->list:
|
||||||
opcodes = list()
|
opcodes = list()
|
||||||
|
|
||||||
for opcode in capstone.disasm(shellcode, 0):
|
for opcode in capstone.disasm(shellcode, 0):
|
||||||
opcodes.append([opcode.mnemonic, opcode.op_str])
|
opcodes.append([opcode.mnemonic, opcode.op_str])
|
||||||
|
|
||||||
return opcodes
|
return opcodes
|
||||||
|
|
||||||
|
def objdump(shellcode: bytes)->str:
|
||||||
|
opcodes = str()
|
||||||
|
|
||||||
|
for opcode in capstone.disasm(shellcode, 0):
|
||||||
|
opcodes += f'{opcode.mnemonic} {opcode.op_str}'
|
||||||
|
|
||||||
|
return opcodes
|
||||||
|
|
|
@ -8,7 +8,7 @@ from sqlalchemy.orm import Session, relationship, backref
|
||||||
from sqlalchemy.orm.collections import attribute_mapped_collection
|
from sqlalchemy.orm.collections import attribute_mapped_collection
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from .disassemble import disasm
|
from .disassemble import objdump
|
||||||
|
|
||||||
now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow())
|
now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow())
|
||||||
Base = declarative_base()
|
Base = declarative_base()
|
||||||
|
@ -29,7 +29,7 @@ class ScrapNode(Base):
|
||||||
mtime = Column(DateTime, onupdate=datetime.utcnow)
|
mtime = Column(DateTime, onupdate=datetime.utcnow)
|
||||||
parent_id = Column(Integer, ForeignKey(id))
|
parent_id = Column(Integer, ForeignKey(id))
|
||||||
checksum = Column(String)
|
checksum = Column(String)
|
||||||
disasm = Column(String)
|
objdump = Column(String)
|
||||||
image = Column(LargeBinary)
|
image = Column(LargeBinary)
|
||||||
|
|
||||||
children = relationship(
|
children = relationship(
|
||||||
|
@ -43,18 +43,17 @@ class ScrapNode(Base):
|
||||||
self.image = child
|
self.image = child
|
||||||
self.length = len(child)
|
self.length = len(child)
|
||||||
self.sha1sum
|
self.sha1sum
|
||||||
self.disasm = str(disasm(child))
|
self.objdump = objdump(child)
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
values = {
|
values = {
|
||||||
'checksum': self.checksum,
|
'checksum': self.checksum,
|
||||||
'length': self.length,
|
'length': self.length,
|
||||||
'disasm': self.disasm,
|
|
||||||
'parent_id': self.parent_id,
|
'parent_id': self.parent_id,
|
||||||
'id': self.id,
|
'id': self.id,
|
||||||
}
|
}
|
||||||
|
|
||||||
return json.dumps(values, indent=1)
|
return f'{values}\n{self.objdump}'
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def sha1sum(self):
|
def sha1sum(self):
|
||||||
|
|
Loading…
Reference in New Issue