diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2021-04-06 22:55:54 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2021-04-06 22:55:54 (GMT) |
commit | c12d6a5d11bf9a2436ff78e393173ca59b6c9c46 (patch) | |
tree | b579b642e301f5d6e6d88fb0213a54db6bf6fd38 /plugins/bhash/python/rich.c | |
parent | c4d2e0fa48eab453d5c43a3c0938427617449a6a (diff) |
Provide several kinds of hashes for binary files.
Diffstat (limited to 'plugins/bhash/python/rich.c')
-rw-r--r-- | plugins/bhash/python/rich.c | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/plugins/bhash/python/rich.c b/plugins/bhash/python/rich.c new file mode 100644 index 0000000..1a8b894 --- /dev/null +++ b/plugins/bhash/python/rich.c @@ -0,0 +1,194 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * rich.c - équivalent Python du fichier "plugins/bhash/rich.c" + * + * Copyright (C) 2020 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "rich.h" + + +#include <pygobject.h> + + +#include <plugins/pe/python/format.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../rich.h" + + + +/* Calcule la valeur pour empreinte d'en-tête PE enrichi. */ +static PyObject *py_bhash_compute_pe_rich_header_checksum(PyObject *, PyObject *); + +/* Calcule l'empreinte des informations d'en-tête PE enrichi. */ +static PyObject *py_bhash_compute_pe_rich_header_hash(PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = paramètre à récupérer pour le traitement. * +* * +* Description : Calcule la valeur pour empreinte d'en-tête PE enrichi. * +* * +* Retour : None ou empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_bhash_compute_pe_rich_header_checksum(PyObject *self, PyObject *args) +{ + PyObject *result; /* Valeur à retourner */ + GPeFormat *format; /* Format PE à manipuler */ + int ret; /* Bilan de lecture des args. */ + uint32_t csum; /* Empreinte réalisée */ + bool status; /* Bilan de l'opération */ + +#define BHASH_COMPUTE_PE_RICH_HEADER_CHECKSUM_METHOD PYTHON_METHOD_DEF \ +( \ + compute_pe_rich_header_checksum, "format, /", \ + METH_VARARGS, py_bhash, \ + "Compute the expected value for the Rich header checksum of a PE" \ + " file.\n" \ + "\n" \ + "The *format* argument is a PE file format provided as a" \ + " pychrysalide.format.pe.PeFormat instance.\n" \ + "\n" \ + "The returned value is a 32-bit integer value or *None* in case of" \ + " error." \ +) + + result = NULL; + + ret = PyArg_ParseTuple(args, "O&", convert_to_pe_format, &format); + if (!ret) goto exit; + + status = compute_pe_rich_header_checksum(format, &csum); + + if (status) + result = PyLong_FromUnsignedLong(csum); + + else + { + result = Py_None; + Py_INCREF(result); + } + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = paramètre à récupérer pour le traitement. * +* * +* Description : Calcule l'empreinte des informations d'en-tête PE enrichi. * +* * +* Retour : Empreinte MD5 calculée ou None en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_bhash_compute_pe_rich_header_hash(PyObject *self, PyObject *args) +{ + PyObject *result; /* Valeur à retourner */ + int pv; /* Sélection de l'empreinte */ + GPeFormat *format; /* Format PE à manipuler */ + int ret; /* Bilan de lecture des args. */ + char *digest; /* Empreinte calculée */ + +#define BHASH_COMPUTE_PE_RICH_HEADER_HASH_METHOD PYTHON_METHOD_DEF \ +( \ + compute_pe_rich_header_hash, "format, /, pv=True", \ + METH_VARARGS, py_bhash, \ + "Compute the Rich hash or the RichPV hash for a given PE format.\n" \ + "\n" \ + "The *format* argument is a PE file format provided as a" \ + " pychrysalide.format.pe.PeFormat instance and *pv* defines the" \ + " kind of hash to compute.\n" \ + "\n" \ + "The returned value is a MD5 digest string or *None* in case of" \ + " error." \ +) + + result = NULL; + + pv = 1; + + ret = PyArg_ParseTuple(args, "O&|p", convert_to_pe_format, &format, &pv); + if (!ret) goto exit; + + digest = compute_pe_rich_header_hash(format, pv); + + if (digest != NULL) + { + result = PyUnicode_FromString(digest); + free(digest); + } + else + { + result = Py_None; + Py_INCREF(result); + } + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : super = module dont la définition est à compléter. * +* * +* Description : Définit une extension du module 'bhash' à compléter. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool populate_bhash_module_with_rich_header(PyObject *super) +{ + bool result; /* Bilan à retourner */ + + static PyMethodDef py_rich_header_methods[] = { + BHASH_COMPUTE_PE_RICH_HEADER_CHECKSUM_METHOD, + BHASH_COMPUTE_PE_RICH_HEADER_HASH_METHOD, + { NULL } + }; + + result = register_python_module_methods(super, py_rich_header_methods); + + return result; + +} |