/* Chrysalide - Outil d'analyse de fichiers binaires * loaded.c - prototypes pour l'équivalent Python du fichier "analysis/loaded.c" * * Copyright (C) 2018-2019 Cyrille Bagard * * This file is part of Chrysalide. * * Chrysalide is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * Chrysalide is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "loaded.h" #include #include #include #include #include #include #include "../access.h" #include "../helpers.h" /* Lance l'analyse propre à l'élément chargé. */ static PyObject *py_loaded_content_analyze(PyObject *, PyObject *, PyObject *); /* Lance l'analyse de l'élément chargé et attend sa conclusion. */ static PyObject *py_loaded_content_analyze_and_wait(PyObject *, PyObject *, PyObject *); /* Etablit une liste d'obscurcissements présents. */ static PyObject *py_loaded_content_detect_obfuscators(PyObject *, PyObject *); /* Détermine le nombre de vues disponibles pour un contenu. */ static PyObject *py_loaded_content_count_views(PyObject *, PyObject *); /* Fournit le contenu représenté de l'élément chargé. */ static PyObject *py_loaded_content_get_content(PyObject *, void *); /****************************************************************************** * * * Paramètres : self = contenu binaire à manipuler. * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * * * * Description : Lance l'analyse propre à l'élément chargé. * * * * Retour : Rien (None). * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_loaded_content_analyze(PyObject *self, PyObject *args, PyObject *kwds) { int connect; /* Connexion à la base ? */ int cache; /* Préparation de rendu ? */ int ret; /* Bilan de lecture des args. */ GLoadedContent *content; /* Version GLib de l'élément */ static char *kwlist[] = { "connect", "cache", NULL }; #define LOADED_CONTENT_ANALYZE_METHOD PYTHON_METHOD_DEF \ ( \ analyze, "$self, /, connect='?', cache='?'", \ METH_VARARGS | METH_KEYWORDS, py_loaded_content, \ "Start the analysis of the loaded binary and send an *analyzed* signal" \ " when done." \ "\n" \ "The *connect* parameter defines if connections to database servers" \ " (internal and/or remote) will be established. The default value" \ " depends on the running mode: if the analysis is run from the GUI," \ " the binary will get connected to servers; in batch mode, no" \ " connection will be made." \ "\n" \ "The *cache* parameter rules the build of the cache for rendering" \ " lines. The same behavior relative to the running mode applies." \ "\n" \ "All theses operations can be forced by providing True values as" \ " parameters." \ ) connect = is_batch_mode() ? 0 : 1; cache = is_batch_mode() ? 0 : 1; ret = PyArg_ParseTupleAndKeywords(args, kwds, "|pp", kwlist, &connect, &cache); if (!ret) return NULL; content = G_LOADED_CONTENT(pygobject_get(self)); g_loaded_content_analyze(content, connect, cache); Py_RETURN_NONE; } /****************************************************************************** * * * Paramètres : self = contenu binaire à manipuler. * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * * * * Description : Lance l'analyse de l'élément chargé et attend sa conclusion. * * * * Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_loaded_content_analyze_and_wait(PyObject *self, PyObject *args, PyObject *kwds) { PyObject *result; /* Bilan à retourner */ int connect; /* Connexion à la base ? */ int cache; /* Préparation de rendu ? */ int ret; /* Bilan de lecture des args. */ PyThreadState *_save; /* Sauvegarde de contexte */ GLoadedContent *content; /* Version GLib de l'élément */ bool status; /* Bilan de l'opération */ static char *kwlist[] = { "connect", "cache", NULL }; #define LOADED_CONTENT_ANALYZE_AND_WAIT_METHOD PYTHON_METHOD_DEF \ ( \ analyze_and_wait, "$self, /, connect='?', cache='?'", \ METH_VARARGS | METH_KEYWORDS, py_loaded_content, \ "Run the analysis of the loaded binary and wait for its completion." \ "\n" \ "The final analysis status is returned as boolean." \ "\n" \ "The *connect* parameter defines if connections to database servers" \ " (internal and/or remote) will be established. The default value" \ " depends on the running mode: if the analysis is run from the GUI," \ " the binary will get connected to servers; in batch mode, no" \ " connection will be made." \ "\n" \ "The *cache* parameter rules the build of the cache for rendering" \ " lines. The same behavior relative to the running mode applies." \ "\n" \ "All theses operations can be forced by providing True values as" \ " parameters." \ ) connect = is_batch_mode() ? 0 : 1; cache = is_batch_mode() ? 0 : 1; ret = PyArg_ParseTupleAndKeywords(args, kwds, "|pp", kwlist, &connect, &cache); if (!ret) return NULL; content = G_LOADED_CONTENT(pygobject_get(self)); Py_UNBLOCK_THREADS; status = g_loaded_content_analyze_and_wait(content, connect, cache); Py_BLOCK_THREADS; result = status ? Py_True : Py_False; Py_INCREF(result); return result; } /****************************************************************************** * * * Paramètres : self = contenu binaire à manipuler. * * args = non utilisé ici. * * * * Description : Etablit une liste d'obscurcissements présents. * * * * Retour : Désignations humaines correspondantes. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_loaded_content_detect_obfuscators(PyObject *self, PyObject *args) { PyObject *result; /* Bilan à retourner */ int version; /* Avec la version si possible */ int ret; /* Bilan de lecture des args. */ GLoadedContent *content; /* Version GLib de l'élément */ size_t count; /* Nombre de détections */ char **detections; /* Liste d'obscurcissements */ size_t i; /* Boucle de parcours */ ret = PyArg_ParseTuple(args, "p", &version); if (!ret) return NULL; content = G_LOADED_CONTENT(pygobject_get(self)); detections = g_loaded_content_detect_obfuscators(content, version, &count); result = PyTuple_New(count); for (i = 0; i < count; i++) { PyTuple_SetItem(result, i, PyUnicode_FromString(detections[i])); free(detections[i]); } if (detections != NULL) free(detections); return result; } /****************************************************************************** * * * Paramètres : self = contenu chargé à manipuler. * * args = non utilisé ici. * * * * Description : Détermine le nombre de vues disponibles pour un contenu. * * * * Retour : Quantité strictement positive. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_loaded_content_count_views(PyObject *self, PyObject *args) { PyObject *result; /* Instance à retourner */ GLoadedContent *content; /* Version GLib de l'élément */ size_t count; /* Quantité à retourner */ content = G_LOADED_CONTENT(pygobject_get(self)); count = g_loaded_content_count_views(content); result = PyLong_FromUnsignedLongLong(count); return result; } /****************************************************************************** * * * Paramètres : self = objet Python concerné par l'appel. * * closure = non utilisé ici. * * * * Description : Fournit le contenu représenté de l'élément chargé. * * * * Retour : Contenu représenté. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_loaded_content_get_content(PyObject *self, void *closure) { PyObject *result; /* Instance Python à retourner */ GLoadedContent *content; /* Version GLib de l'élément */ GBinContent *bincnt; /* Contenu binaire associé */ #define LOADED_CONTENT_CONTENT_ATTRIB PYTHON_GET_DEF_FULL \ ( \ content, py_loaded_content, \ "Binary content, provided as a pychrysalide.analysis.BinContent instance." \ ) content = G_LOADED_CONTENT(pygobject_get(self)); bincnt = g_loaded_content_get_content(content); result = pygobject_new(G_OBJECT(bincnt)); g_object_unref(G_OBJECT(bincnt)); return result; } /****************************************************************************** * * * Paramètres : - * * * * Description : Fournit un accès à une définition de type à diffuser. * * * * Retour : Définition d'objet pour Python. * * * * Remarques : - * * * ******************************************************************************/ PyTypeObject *get_python_loaded_content_type(void) { static PyMethodDef py_loaded_content_methods[] = { LOADED_CONTENT_ANALYZE_METHOD, LOADED_CONTENT_ANALYZE_AND_WAIT_METHOD, { "detect_obfuscators", py_loaded_content_detect_obfuscators, METH_VARARGS, "detect_obfuscators($self, version, /)\n--\n\nList all detected obfuscators." }, { "count_views", py_loaded_content_count_views, METH_NOARGS, "count_views($self, /)\n--\n\nCompute the quantity of available views." }, { NULL } }; static PyGetSetDef py_loaded_content_getseters[] = { LOADED_CONTENT_CONTENT_ATTRIB, { NULL } }; static PyTypeObject py_loaded_content_type = { PyVarObject_HEAD_INIT(NULL, 0) .tp_name = "pychrysalide.analysis.LoadedContent", .tp_basicsize = sizeof(PyObject), .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = "PyChrysalide loaded content", .tp_methods = py_loaded_content_methods, .tp_getset = py_loaded_content_getseters }; return &py_loaded_content_type; } /****************************************************************************** * * * Paramètres : - * * * * Description : Prend en charge l'objet 'pychrysalide.....LoadedContent'. * * * * Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ bool ensure_python_loaded_content_is_registered(void) { PyTypeObject *type; /* Type Python 'LoadedContent' */ PyObject *module; /* Module à recompléter */ PyObject *dict; /* Dictionnaire du module */ type = get_python_loaded_content_type(); if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) { module = get_access_to_python_module("pychrysalide.analysis"); dict = PyModule_GetDict(module); if (!register_interface_for_pygobject(dict, G_TYPE_LOADED_CONTENT, type)) return false; } return true; } /****************************************************************************** * * * Paramètres : arg = argument quelconque à tenter de convertir. * * dst = destination des valeurs récupérées en cas de succès. * * * * Description : Tente de convertir en contenu chargé. * * * * Retour : Bilan de l'opération, voire indications supplémentaires. * * * * Remarques : - * * * ******************************************************************************/ int convert_to_loaded_content(PyObject *arg, void *dst) { int result; /* Bilan à retourner */ result = PyObject_IsInstance(arg, (PyObject *)get_python_loaded_content_type()); switch (result) { case -1: /* L'exception est déjà fixée par Python */ result = 0; break; case 0: PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to loaded content"); break; case 1: *((GLoadedContent **)dst) = G_LOADED_CONTENT(pygobject_get(arg)); break; default: assert(false); break; } return result; }