added flow_hash creation in matching.py

Carbonara-Project · Dec 14, 2017 · 9800728 · 9800728
1 parent 2b6c10a
commit 9800728
Show file tree

Hide file tree

Showing 5 changed files with 177 additions and 152 deletions.
diff --git a/guanciale/__init__.py b/guanciale/__init__.py
@@ -147,21 +147,14 @@ def addProc(self, name, asm, raw, insns_list, ops, offset, callconv, flow):
                 "raw": base64.b64encode(raw),
                 "asm": asm,
                 "callconv": callconv,
-                "apicalls": [],
+                "apicalls": handler.api,
                 "arch": self.arch.name
             }
         }
 
-        for api in handler.api:
-            proc["proc_desc"]["apicalls"].append({"name": api})
 
-        proc["proc_desc"]["hash1"] = handler.api_hash.encode("hex")
-        proc["proc_desc"]["hash2"] = handler.internals_hash.encode("hex")
-        proc["proc_desc"]["hash3"] = handler.jumps_flow_hash.encode("hex")
-        proc["proc_desc"]["hash4"] = handler.flow_hash.encode("hex")
-        proc["proc_desc"]["hash5"] = handler.consts_hash.encode("hex")
-        proc["proc_desc"]["hash6"] = handler.vex_code_hash.encode("hex")
-        proc["proc_desc"]["hash7"] = hashlib.md5(str(ops)).digest().encode("hex")
+        proc["proc_desc"]["flow_hash"] = handler.flowhash.encode("hex")
+        proc["proc_desc"]["vex_hash"] = handler.vexhash.encode("hex")
         proc["proc_desc"]["full_hash"] = hashlib.md5(raw).hexdigest()
         self.data["procs"].append(proc)
 
@@ -438,9 +431,9 @@ def _IDAProTask(self, filename):
             idascript.replace(os.path.sep, "\\")
 
         if file_ext == '.idb':
-            process = subprocess.Popen('"'+ config.idacmd + '" -A -S"' + idascript + dumpname +'" ' + filename, shell=True)
+            process = subprocess.Popen(config.idacmd + ' -A -S"' + idascript + dumpname +'" "' + filename + '"', shell=True)
         elif file_ext == '.i64':
-            process = subprocess.Popen('"'+ config.ida64cmd + '" -A -S"' + idascript + dumpname +'" ' + filename, shell=True)
+            process = subprocess.Popen(config.ida64cmd + ' -A -S"' + idascript + dumpname +'" "' + filename + '"', shell=True)
         else:
             raise RuntimeError('file not supported')
         process.wait()
@@ -505,6 +498,7 @@ def _IDAProTask(self, filename):
 
                     self.addProc(fcn_name, asm, fcn_bytes, insns_list, opcodes_list.decode("hex"), fcn_offset, fcn_call_conv, flow_insns)
                 except Exception as err:
+                    print err
                     print("error on function %s, skipped" % func["name"])
                 count += 1
                 bar.update(count)
@@ -516,7 +510,7 @@ def fromIdaDB(self, filename):
         :param str filename: The name of the IDA databse or its path
         '''
 
-        if config.idacmd == None or True:
+        if config.idacmd == None:
             print("IDA Pro not found, using built-in idb parsing module.\nThe output may not be accurate.")
             self._parseIDB(filename)
         else:
@@ -582,6 +576,7 @@ def _r2Task(self):
             count = 0
             for func in funcs_dict:
                 try:
+                #if True:
                     #skip library symbols
                     if len(func["name"]) >= sym_imp_l and func["name"][:sym_imp_l] == "sym.imp":
                         continue
@@ -604,6 +599,7 @@ def _r2Task(self):
                     opcodes_list = ""
 
                     flow_insns = []
+                    targets = {}
 
                     for instr in fcn_instructions:
                         if instr["type"] == "invalid":
@@ -635,6 +631,7 @@ def _r2Task(self):
                             else:
                                 call_instr = matching.CallInsn(instr["offset"], instr["size"], instr["jump"], target_name)
                             flow_insns.append(call_instr)
+
                         #check if the instruction is of type 'jump'
                         elif (instr["type"] == "cjmp" or instr["type"] == "jmp") and "jump" in instr:
                             target = instr["jump"]

diff --git a/guanciale/idascript.py b/guanciale/idascript.py
@@ -146,7 +146,7 @@ def theFlow(call_check, jump_check, jump_insns, call_insns):
             jumpout = target  < start or target > end
             jump_insns.append((cur_addr, size, target, jumpout))
 
-metapc = theFlow
+metapcFlow = theFlow
 avrFlow = theFlow
 ppcFlow = theFlow
 mipsFlow = theFlow
@@ -215,15 +215,13 @@ def checkFlow(arch, mnem):
 
 #iterate through functions
 for func in idautils.Functions():
-
     #if func from library skip
     flags = idc.GetFunctionFlags(func)
     if flags & FUNC_LIB or flags & FUNC_THUNK or flags & FUNC_HIDDEN:
         continue
 
     #get procedure name
     name = idc.GetFunctionName(func)
-
     #get procedure callconv
     func_info = idc.GetType(func)
     callconv = getCallConv(func_info)
@@ -288,7 +286,7 @@ def checkFlow(arch, mnem):
         'ops': ops
     }
     data['procedures'].append(proc_data)
-
+    
 json.dump(data, dump)
 
 dump.close()