Compare commits

...

4 Commits

Author SHA1 Message Date
JoYo a628370365 minor logging output 2019-02-24 07:50:51 +00:00
JoYo a3ba591077 rewarding remember len,
removing redundant disassembly
2019-02-24 07:39:00 +00:00
JoYo ba8d38e56b minor fixes and formatting 2019-02-24 07:38:11 +00:00
JoYo 8d8df2ab5a log op count 2019-02-24 07:14:29 +00:00
5 changed files with 19 additions and 19 deletions

View File

@ -2,3 +2,4 @@
from .run import sins from .run import sins
from .mutation import generation, mutate from .mutation import generation, mutate
from .orm import db_config, ScrapNode from .orm import db_config, ScrapNode
from .disassemble import disasm, objdump

View File

@ -4,6 +4,7 @@ import json
capstone = Cs(CS_ARCH_X86, CS_MODE_64) capstone = Cs(CS_ARCH_X86, CS_MODE_64)
def disasm(shellcode: bytes) -> list: def disasm(shellcode: bytes) -> list:
opcodes = list() opcodes = list()
@ -12,6 +13,7 @@ def disasm(shellcode: bytes)->list:
return opcodes return opcodes
def objdump(shellcode: bytes) -> str: def objdump(shellcode: bytes) -> str:
opcodes = str() opcodes = str()

View File

@ -54,19 +54,13 @@ def generation(queue: Queue, shellcode: bytes):
queue.put(result) queue.put(result)
def growth(*, shellcode: bytes, length: int) -> bytes: def growth(*, shellcode: bytes, objdump: str) -> bytes:
if length <= len(shellcode):
return bytes(shellcode)
opcodes = disasm(shellcode)
max_op_len = 15 max_op_len = 15
if len(shellcode) > len(opcodes) * max_op_len: if len(shellcode) > objdump.count('\n') * max_op_len:
return bytes(shellcode) return bytes(shellcode)
for mnemonic, op_str in opcodes: if objdump.count('nop'):
if mnemonic == 'nop':
return bytes(shellcode) return bytes(shellcode)
shellcode = bytearray(shellcode) shellcode = bytearray(shellcode)

View File

@ -6,9 +6,6 @@ from sqlalchemy import LargeBinary, Column, ForeignKey, Integer, String, DateTim
from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import Session, relationship, backref from sqlalchemy.orm import Session, relationship, backref
from sqlalchemy.orm.collections import attribute_mapped_collection from sqlalchemy.orm.collections import attribute_mapped_collection
import json
from .disassemble import objdump
now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow()) now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow())
Base = declarative_base() Base = declarative_base()
@ -43,7 +40,6 @@ class ScrapNode(Base):
self.image = child self.image = child
self.length = len(child) self.length = len(child)
self.sha1sum self.sha1sum
self.objdump = objdump(child)
def __repr__(self): def __repr__(self):
values = { values = {

View File

@ -10,6 +10,7 @@ import logging
from .mutation import generation, mutate, seed_shell, growth from .mutation import generation, mutate, seed_shell, growth
from .orm import db_config, ScrapNode from .orm import db_config, ScrapNode
from .disassemble import objdump
def sins(): def sins():
@ -94,15 +95,21 @@ def sins():
lineage += 1 lineage += 1
continue continue
if not result: if result != len(scrap):
lineage += 1 lineage += 1
continue continue
scrap = growth(shellcode=scrap, length=result) opcodes = objdump(scrap)
ops_count = opcodes.count('\n')
logger.debug({'result': result, 'ops': ops_count})
scrap = growth(shellcode=scrap, objdump=opcodes)
parent = ScrapNode(child=scrap, parent_id=parent.id) parent = ScrapNode(child=scrap, parent_id=parent.id)
parent.objdump = opcodes
session.add(parent) session.add(parent)
session.commit() session.commit()
logger.info(f'scrap:\n{parent}') logger.info(parent)
lineage = 0 lineage = 0