From 7db978e06dc058ee7f97f4e6afb3d4f15681a38c Mon Sep 17 00:00:00 2001 From: JakubPruzinec Date: Sun, 3 Jun 2018 18:51:43 +0200 Subject: [PATCH 1/4] compute hashes --- .../fileformat/file_format/file_format.h | 1 + .../fileformat/types/export_table/export.h | 1 + .../types/export_table/export_table.h | 9 ++++++- .../types/import_table/import_table.h | 1 - src/fileformat/file_format/file_format.cpp | 23 ++++++++++++---- src/fileformat/file_format/pe/pe_format.cpp | 21 ++++++++------- src/fileinfo/file_detector/file_detector.cpp | 2 +- src/fileinfo/file_detector/pe_detector.cpp | 4 +-- .../file_information/file_information.cpp | 27 +++++++++++++++++++ .../file_information/file_information.h | 3 +++ .../file_information_types/export_table.cpp | 27 +++++++++++++++++++ .../file_information_types/export_table.h | 3 +++ .../export_table_plain_getter.cpp | 12 ++++++--- .../export_table_json_getter.cpp | 12 ++++++--- 14 files changed, 121 insertions(+), 25 deletions(-) diff --git a/include/retdec/fileformat/file_format/file_format.h b/include/retdec/fileformat/file_format/file_format.h index b6f7782b6..3d13e011d 100644 --- a/include/retdec/fileformat/file_format/file_format.h +++ b/include/retdec/fileformat/file_format/file_format.h @@ -116,6 +116,7 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils void loadStrings(StringType type, std::size_t charSize); void loadStrings(StringType type, std::size_t charSize, const SecSeg* secSeg); void loadImpHash(); + void loadExpHash(); bool isInValidState() const; LoadFlags getLoadFlags() const; /// @} diff --git a/include/retdec/fileformat/types/export_table/export.h b/include/retdec/fileformat/types/export_table/export.h index b1635c020..464c84b99 100644 --- a/include/retdec/fileformat/types/export_table/export.h +++ b/include/retdec/fileformat/types/export_table/export.h @@ -42,6 +42,7 @@ class Export /// @name Other methods /// @{ + virtual bool isUsedForImphash() const; void invalidateOrdinalNumber(); bool hasEmptyName() const; /// @} diff --git a/include/retdec/fileformat/types/export_table/export_table.h b/include/retdec/fileformat/types/export_table/export_table.h index af902ddc4..0a152def4 100644 --- a/include/retdec/fileformat/types/export_table/export_table.h +++ b/include/retdec/fileformat/types/export_table/export_table.h @@ -21,7 +21,10 @@ class ExportTable { private: using exportsIterator = std::vector::const_iterator; - std::vector exports; ///< stored exports + std::vector exports; ///< stored exports + std::string expHashCrc32; ///< exphash CRC32 + std::string expHashMd5; ///< exphash MD5 + std::string expHashSha256; ///< exphash SHA256 public: ExportTable(); ~ExportTable(); @@ -29,6 +32,9 @@ class ExportTable /// @name Getters /// @{ std::size_t getNumberOfExports() const; + std::string getExphashCrc32() const; + std::string getExphashMd5() const; + std::string getExphashSha256() const; const Export* getExport(std::size_t exportIndex) const; const Export* getExport(const std::string &name) const; const Export* getExportOnAddress(unsigned long long address) const; @@ -42,6 +48,7 @@ class ExportTable /// @name Other methods /// @{ + void computeHashes(); void clear(); void addExport(Export &newExport); bool hasExports() const; diff --git a/include/retdec/fileformat/types/import_table/import_table.h b/include/retdec/fileformat/types/import_table/import_table.h index 5149a4b09..a3d194e77 100644 --- a/include/retdec/fileformat/types/import_table/import_table.h +++ b/include/retdec/fileformat/types/import_table/import_table.h @@ -24,7 +24,6 @@ class ImportTable using importsIterator = std::vector>::const_iterator; std::vector libraries; ///< name of libraries std::vector> imports; ///< stored imports - std::vector impHashBytes; ///< bytes for calculation of imphash std::string impHashCrc32; ///< imphash CRC32 std::string impHashMd5; ///< imphash MD5 std::string impHashSha256; ///< imphash SHA256 diff --git a/src/fileformat/file_format/file_format.cpp b/src/fileformat/file_format/file_format.cpp index 3e7c67a8b..7f106e41a 100644 --- a/src/fileformat/file_format/file_format.cpp +++ b/src/fileformat/file_format/file_format.cpp @@ -451,12 +451,25 @@ void FileFormat::loadStrings(StringType type, std::size_t charSize, const SecSeg */ void FileFormat::loadImpHash() { - if (!importTable || (loadFlags & LoadFlags::NO_VERBOSE_HASHES)) - { - return; - } + if (!importTable || (loadFlags & LoadFlags::NO_VERBOSE_HASHES)) + { + return; + } + + importTable->computeHashes(); +} + +/** + * Loads exphash from export table. + */ +void FileFormat::loadExpHash() +{ + if (!exportTable || (loadFlags & LoadFlags::NO_VERBOSE_HASHES)) + { + return; + } - importTable->computeHashes(); + exportTable->computeHashes(); } /** diff --git a/src/fileformat/file_format/pe/pe_format.cpp b/src/fileformat/file_format/pe/pe_format.cpp index 8dc8c0024..535f01d90 100644 --- a/src/fileformat/file_format/pe/pe_format.cpp +++ b/src/fileformat/file_format/pe/pe_format.cpp @@ -388,14 +388,15 @@ void PeFormat::initStructures() stateIsValid = false; } - if(stateIsValid) - { - fileFormat = Format::PE; - loadRichHeader(); - loadSections(); - loadSymbols(); - loadImports(); - loadExports(); + + if(stateIsValid) + { + fileFormat = Format::PE; + loadRichHeader(); + loadSections(); + loadSymbols(); + loadImports(); + loadExports(); loadPdbInfo(); loadResources(); loadCertificates(); @@ -707,7 +708,7 @@ void PeFormat::loadImports() loadImpHash(); - for (auto&& addressRange : formatParser->getImportDirectoryOccupiedAddresses()) + for(auto&& addressRange : formatParser->getImportDirectoryOccupiedAddresses()) { nonDecodableRanges.addRange(std::move(addressRange)); } @@ -733,6 +734,8 @@ void PeFormat::loadExports() exportTable->addExport(newExport); } + loadExpHash(); + for (auto&& addressRange : formatParser->getExportDirectoryOccupiedAddresses()) { nonDecodableRanges.addRange(std::move(addressRange)); diff --git a/src/fileinfo/file_detector/file_detector.cpp b/src/fileinfo/file_detector/file_detector.cpp index 2e59feded..d739ec20c 100644 --- a/src/fileinfo/file_detector/file_detector.cpp +++ b/src/fileinfo/file_detector/file_detector.cpp @@ -26,7 +26,7 @@ namespace fileinfo { FileDetector::FileDetector(std::string pathToInputFile, FileInformation &finfo, retdec::cpdetect::DetectParams &searchPar, retdec::fileformat::LoadFlags loadFlags) : fileInfo(finfo), cpParams(searchPar), fileConfig(nullptr), fileParser(nullptr), loaded(false), loadFlags(loadFlags) { - fileInfo.setPathToFile(pathToInputFile); + fileInfo.setPathToFile(pathToInputFile); } /** diff --git a/src/fileinfo/file_detector/pe_detector.cpp b/src/fileinfo/file_detector/pe_detector.cpp index 15ea23871..efa463789 100644 --- a/src/fileinfo/file_detector/pe_detector.cpp +++ b/src/fileinfo/file_detector/pe_detector.cpp @@ -37,8 +37,8 @@ const unsigned long long PE_16_FLAGS_SIZE = 16; PeDetector::PeDetector(std::string pathToInputFile, FileInformation &finfo, retdec::cpdetect::DetectParams &searchPar, retdec::fileformat::LoadFlags loadFlags) : FileDetector(pathToInputFile, finfo, searchPar, loadFlags) { - fileParser = peParser = std::make_shared(fileInfo.getPathToFile(), loadFlags); - loaded = peParser->isInValidState(); + fileParser = peParser = std::make_shared(fileInfo.getPathToFile(), loadFlags); + loaded = peParser->isInValidState(); } /** diff --git a/src/fileinfo/file_information/file_information.cpp b/src/fileinfo/file_information/file_information.cpp index e8f1767a2..0cde563a2 100644 --- a/src/fileinfo/file_information/file_information.cpp +++ b/src/fileinfo/file_information/file_information.cpp @@ -943,6 +943,33 @@ std::size_t FileInformation::getNumberOfStoredExports() const return exportTable.getNumberOfExports(); } +/** + * Get exphash as CRC32 + * @return Exphash as CRC32 + */ +std::string FileInformation::getExphashCrc32() const +{ + return exportTable.getExphashCrc32(); +} + +/** + * Get exphash as MD5 + * @return Exphash as MD5 + */ +std::string FileInformation::getExphashMd5() const +{ + return exportTable.getExphashMd5(); +} + +/** + * Get exphash as SHA256 + * @return Exphash as SHA256 + */ +std::string FileInformation::getExphashSha256() const +{ + return exportTable.getExphashSha256(); +} + /** * Get export name * @param position Index of selected export (indexed from 0) diff --git a/src/fileinfo/file_information/file_information.h b/src/fileinfo/file_information/file_information.h index 3140d22bf..b22787700 100644 --- a/src/fileinfo/file_information/file_information.h +++ b/src/fileinfo/file_information/file_information.h @@ -179,6 +179,9 @@ class FileInformation /// @name Getters of @a exportTable /// @{ std::size_t getNumberOfStoredExports() const; + std::string getExphashCrc32() const; + std::string getExphashMd5() const; + std::string getExphashSha256() const; std::string getExportName(std::size_t position) const; std::string getExportAddressStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const; std::string getExportOrdinalNumberStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const; diff --git a/src/fileinfo/file_information/file_information_types/export_table.cpp b/src/fileinfo/file_information/file_information_types/export_table.cpp index d51b3530b..695f12777 100644 --- a/src/fileinfo/file_information/file_information_types/export_table.cpp +++ b/src/fileinfo/file_information/file_information_types/export_table.cpp @@ -34,6 +34,33 @@ std::size_t ExportTable::getNumberOfExports() const return table ? table->getNumberOfExports() : 0; } +/** + * Get exphash as CRC32 + * @return Exphash as CRC32 + */ +std::string ExportTable::getExphashCrc32() const +{ + return table ? table->getExphashCrc32() : ""; +} + +/** + * Get exphash as MD5 + * @return Exphash as MD5 + */ +std::string ExportTable::getExphashMd5() const +{ + return table ? table->getExphashMd5() : ""; +} + +/** + * Get exphash as SHA256 + * @return Exphash as SHA256 + */ +std::string ExportTable::getExphashSha256() const +{ + return table ? table->getExphashSha256() : ""; +} + /** * Get export name * @param position Index of selected export from table (indexed from 0) diff --git a/src/fileinfo/file_information/file_information_types/export_table.h b/src/fileinfo/file_information/file_information_types/export_table.h index bb9affd73..0a2bcef78 100644 --- a/src/fileinfo/file_information/file_information_types/export_table.h +++ b/src/fileinfo/file_information/file_information_types/export_table.h @@ -25,6 +25,9 @@ class ExportTable /// @name Getters /// @{ std::size_t getNumberOfExports() const; + std::string getExphashCrc32() const; + std::string getExphashMd5() const; + std::string getExphashSha256() const; std::string getExportName(std::size_t position) const; std::string getExportAddressStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const; std::string getExportOrdinalNumberStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const; diff --git a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp index 871072559..41f392bae 100644 --- a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp +++ b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp @@ -58,9 +58,15 @@ std::size_t ExportTablePlainGetter::getBasicInfo(std::size_t structIndex, std::v info.clear(); desc.push_back("Number of exports: "); - info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); - - return info.size(); + desc.push_back("CRC32 : "); + desc.push_back("MD5 : "); + desc.push_back("SHA256 : "); + info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); + info.push_back(fileinfo.getExphashCrc32()); + info.push_back(fileinfo.getExphashMd5()); + info.push_back(fileinfo.getExphashSha256()); + + return info.size(); } bool ExportTablePlainGetter::loadRecord(std::size_t structIndex, std::size_t recIndex, std::vector &record) diff --git a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp index c5891b746..e320a0e93 100644 --- a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp +++ b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp @@ -50,9 +50,15 @@ std::size_t ExportTableJsonGetter::getBasicInfo(std::size_t structIndex, std::ve info.clear(); desc.push_back("numberOfExports"); - info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); - - return info.size(); + desc.push_back("crc32"); + desc.push_back("md5"); + desc.push_back("sha256"); + info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); + info.push_back(fileinfo.getImphashCrc32()); + info.push_back(fileinfo.getImphashMd5()); + info.push_back(fileinfo.getImphashSha256()); + + return info.size(); } bool ExportTableJsonGetter::getRecord(std::size_t structIndex, std::size_t recIndex, std::vector &record) const From 2b05d27378d173b828463f6e486b1c9a2f7db052 Mon Sep 17 00:00:00 2001 From: JakubPruzinec Date: Mon, 4 Jun 2018 23:32:57 +0200 Subject: [PATCH 2/4] fileformat and fileinfo export-table hashes support --- .../fileformat/file_format/file_format.h | 2 +- .../fileformat/types/export_table/export.h | 2 +- .../types/export_table/export_table.h | 14 ++-- .../types/import_table/import_table.h | 6 +- src/fileformat/file_format/file_format.cpp | 20 ++--- src/fileformat/file_format/pe/pe_format.cpp | 21 +++-- src/fileformat/types/export_table/export.cpp | 10 +++ .../types/export_table/export_table.cpp | 83 +++++++++++++++++++ .../types/import_table/import_table.cpp | 7 +- src/fileinfo/file_detector/file_detector.cpp | 2 +- src/fileinfo/file_detector/pe_detector.cpp | 4 +- .../file_information/file_information.cpp | 6 +- .../file_information/file_information.h | 6 +- .../export_table_plain_getter.cpp | 18 ++-- .../export_table_json_getter.cpp | 18 ++-- 15 files changed, 155 insertions(+), 64 deletions(-) diff --git a/include/retdec/fileformat/file_format/file_format.h b/include/retdec/fileformat/file_format/file_format.h index 3d13e011d..36a8f08f8 100644 --- a/include/retdec/fileformat/file_format/file_format.h +++ b/include/retdec/fileformat/file_format/file_format.h @@ -116,7 +116,7 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils void loadStrings(StringType type, std::size_t charSize); void loadStrings(StringType type, std::size_t charSize, const SecSeg* secSeg); void loadImpHash(); - void loadExpHash(); + void loadExpHash(); bool isInValidState() const; LoadFlags getLoadFlags() const; /// @} diff --git a/include/retdec/fileformat/types/export_table/export.h b/include/retdec/fileformat/types/export_table/export.h index 464c84b99..81c618fe7 100644 --- a/include/retdec/fileformat/types/export_table/export.h +++ b/include/retdec/fileformat/types/export_table/export.h @@ -42,7 +42,7 @@ class Export /// @name Other methods /// @{ - virtual bool isUsedForImphash() const; + virtual bool isUsedForExphash() const; void invalidateOrdinalNumber(); bool hasEmptyName() const; /// @} diff --git a/include/retdec/fileformat/types/export_table/export_table.h b/include/retdec/fileformat/types/export_table/export_table.h index 0a152def4..dc037db64 100644 --- a/include/retdec/fileformat/types/export_table/export_table.h +++ b/include/retdec/fileformat/types/export_table/export_table.h @@ -21,10 +21,10 @@ class ExportTable { private: using exportsIterator = std::vector::const_iterator; - std::vector exports; ///< stored exports - std::string expHashCrc32; ///< exphash CRC32 - std::string expHashMd5; ///< exphash MD5 - std::string expHashSha256; ///< exphash SHA256 + std::vector exports; ///< stored exports + std::string expHashCrc32; ///< exphash CRC32 + std::string expHashMd5; ///< exphash MD5 + std::string expHashSha256; ///< exphash SHA256 public: ExportTable(); ~ExportTable(); @@ -32,9 +32,9 @@ class ExportTable /// @name Getters /// @{ std::size_t getNumberOfExports() const; - std::string getExphashCrc32() const; - std::string getExphashMd5() const; - std::string getExphashSha256() const; + const std::string& getExphashCrc32() const; + const std::string& getExphashMd5() const; + const std::string& getExphashSha256() const; const Export* getExport(std::size_t exportIndex) const; const Export* getExport(const std::string &name) const; const Export* getExportOnAddress(unsigned long long address) const; diff --git a/include/retdec/fileformat/types/import_table/import_table.h b/include/retdec/fileformat/types/import_table/import_table.h index a3d194e77..6cb2caee5 100644 --- a/include/retdec/fileformat/types/import_table/import_table.h +++ b/include/retdec/fileformat/types/import_table/import_table.h @@ -38,9 +38,9 @@ class ImportTable std::size_t getNumberOfImportsInLibrary(std::size_t libraryIndex) const; std::size_t getNumberOfImportsInLibrary(const std::string &name) const; std::size_t getNumberOfImportsInLibraryCaseInsensitive(const std::string &name) const; - std::string getImphashCrc32() const; - std::string getImphashMd5() const; - std::string getImphashSha256() const; + const std::string& getImphashCrc32() const; + const std::string& getImphashMd5() const; + const std::string& getImphashSha256() const; std::string getLibrary(std::size_t libraryIndex) const; const Import* getImport(std::size_t importIndex) const; const Import* getImport(const std::string &name) const; diff --git a/src/fileformat/file_format/file_format.cpp b/src/fileformat/file_format/file_format.cpp index 7f106e41a..c6c5ddc96 100644 --- a/src/fileformat/file_format/file_format.cpp +++ b/src/fileformat/file_format/file_format.cpp @@ -451,12 +451,12 @@ void FileFormat::loadStrings(StringType type, std::size_t charSize, const SecSeg */ void FileFormat::loadImpHash() { - if (!importTable || (loadFlags & LoadFlags::NO_VERBOSE_HASHES)) - { - return; - } + if (!importTable || (loadFlags & LoadFlags::NO_VERBOSE_HASHES)) + { + return; + } - importTable->computeHashes(); + importTable->computeHashes(); } /** @@ -464,12 +464,12 @@ void FileFormat::loadImpHash() */ void FileFormat::loadExpHash() { - if (!exportTable || (loadFlags & LoadFlags::NO_VERBOSE_HASHES)) - { - return; - } + if (!exportTable || (loadFlags & LoadFlags::NO_VERBOSE_HASHES)) + { + return; + } - exportTable->computeHashes(); + exportTable->computeHashes(); } /** diff --git a/src/fileformat/file_format/pe/pe_format.cpp b/src/fileformat/file_format/pe/pe_format.cpp index 535f01d90..41cff4e43 100644 --- a/src/fileformat/file_format/pe/pe_format.cpp +++ b/src/fileformat/file_format/pe/pe_format.cpp @@ -388,15 +388,14 @@ void PeFormat::initStructures() stateIsValid = false; } - - if(stateIsValid) - { - fileFormat = Format::PE; - loadRichHeader(); - loadSections(); - loadSymbols(); - loadImports(); - loadExports(); + if(stateIsValid) + { + fileFormat = Format::PE; + loadRichHeader(); + loadSections(); + loadSymbols(); + loadImports(); + loadExports(); loadPdbInfo(); loadResources(); loadCertificates(); @@ -734,9 +733,9 @@ void PeFormat::loadExports() exportTable->addExport(newExport); } - loadExpHash(); + loadExpHash(); - for (auto&& addressRange : formatParser->getExportDirectoryOccupiedAddresses()) + for(auto&& addressRange : formatParser->getExportDirectoryOccupiedAddresses()) { nonDecodableRanges.addRange(std::move(addressRange)); } diff --git a/src/fileformat/types/export_table/export.cpp b/src/fileformat/types/export_table/export.cpp index 5b0a2430a..85f024993 100644 --- a/src/fileformat/types/export_table/export.cpp +++ b/src/fileformat/types/export_table/export.cpp @@ -88,6 +88,16 @@ void Export::setOrdinalNumber(unsigned long long exportOrdinalNumber) ordinalNumberIsValid = true; } +/** + * Virtual method which indicates whether export should be used + * for calculating exphash. + * @return `true` if should be used, otherwise `false`. + */ +bool Export::isUsedForExphash() const +{ + return true; +} + /** * Invalidate ordinal number of export * diff --git a/src/fileformat/types/export_table/export_table.cpp b/src/fileformat/types/export_table/export_table.cpp index 59fad43db..6494d5bb0 100644 --- a/src/fileformat/types/export_table/export_table.cpp +++ b/src/fileformat/types/export_table/export_table.cpp @@ -4,6 +4,8 @@ * @copyright (c) 2017 Avast Software, licensed under the MIT license */ +#include "retdec/crypto/crypto.h" +#include "retdec/utils/string.h" #include "retdec/utils/conversion.h" #include "retdec/fileformat/types/export_table/export_table.h" @@ -37,6 +39,33 @@ std::size_t ExportTable::getNumberOfExports() const return exports.size(); } +/** + * Get exphash as CRC32 + * @return Exphash as CRC32 + */ +const std::string& ExportTable::getExphashCrc32() const +{ + return expHashCrc32; +} + +/** + * Get exphash as MD5 + * @return Exphash as MD5 + */ +const std::string& ExportTable::getExphashMd5() const +{ + return expHashMd5; +} + +/** + * Get exphash as SHA256 + * @return Exphash as SHA256 + */ +const std::string& ExportTable::getExphashSha256() const +{ + return expHashSha256; +} + /** * Get selected export * @param exportIndex Index of selected export (indexed from 0) @@ -101,6 +130,60 @@ ExportTable::exportsIterator ExportTable::end() const return exports.end(); } +/** + * Compute export hashes - CRC32, MD5, SHA256. + */ +void ExportTable::computeHashes() +{ + std::vector funcNames; + std::vector expHashBytes; + + for(const auto& newExport : exports) + { + if(!newExport.isUsedForExphash()) + { + continue; + } + + auto funcName = toLower(newExport.getName()); + + // convert ordinal to export name + if(funcName.empty()) + { + unsigned long long ord; + if(newExport.getOrdinalNumber(ord)) + { + funcName = toLower("ord" + std::to_string(ord)); + } + } + + if(!funcName.empty()) + { + funcNames.push_back(funcName); + } + } + + std::sort(funcNames.begin(), funcNames.end()); + + for(const auto& funcName : funcNames) + { + // Yara adds comma if there are multiple imports + if(!expHashBytes.empty()) + { + expHashBytes.push_back(static_cast(',')); + } + + for(const auto c : std::string(funcName)) + { + expHashBytes.push_back(static_cast(c)); + } + } + + expHashCrc32 = retdec::crypto::getCrc32(expHashBytes.data(), expHashBytes.size()); + expHashMd5 = retdec::crypto::getMd5(expHashBytes.data(), expHashBytes.size()); + expHashSha256 = retdec::crypto::getSha256(expHashBytes.data(), expHashBytes.size()); +} + /** * Delete all records from table */ diff --git a/src/fileformat/types/import_table/import_table.cpp b/src/fileformat/types/import_table/import_table.cpp index c96834f6d..03e47b8d2 100644 --- a/src/fileformat/types/import_table/import_table.cpp +++ b/src/fileformat/types/import_table/import_table.cpp @@ -668,7 +668,7 @@ std::size_t ImportTable::getNumberOfImportsInLibraryCaseInsensitive(const std::s * Get imphash as CRC32 * @return Imphash as CRC32 */ -std::string ImportTable::getImphashCrc32() const +const std::string& ImportTable::getImphashCrc32() const { return impHashCrc32; } @@ -677,7 +677,7 @@ std::string ImportTable::getImphashCrc32() const * Get imphash as MD5 * @return Imphash as MD5 */ -std::string ImportTable::getImphashMd5() const +const std::string& ImportTable::getImphashMd5() const { return impHashMd5; } @@ -686,7 +686,7 @@ std::string ImportTable::getImphashMd5() const * Get imphash as SHA256 * @return Imphash as SHA256 */ -std::string ImportTable::getImphashSha256() const +const std::string& ImportTable::getImphashSha256() const { return impHashSha256; } @@ -826,7 +826,6 @@ void ImportTable::computeHashes() */ void ImportTable::clear() { - impHashBytes.clear(); libraries.clear(); imports.clear(); impHashCrc32.clear(); diff --git a/src/fileinfo/file_detector/file_detector.cpp b/src/fileinfo/file_detector/file_detector.cpp index d739ec20c..2e59feded 100644 --- a/src/fileinfo/file_detector/file_detector.cpp +++ b/src/fileinfo/file_detector/file_detector.cpp @@ -26,7 +26,7 @@ namespace fileinfo { FileDetector::FileDetector(std::string pathToInputFile, FileInformation &finfo, retdec::cpdetect::DetectParams &searchPar, retdec::fileformat::LoadFlags loadFlags) : fileInfo(finfo), cpParams(searchPar), fileConfig(nullptr), fileParser(nullptr), loaded(false), loadFlags(loadFlags) { - fileInfo.setPathToFile(pathToInputFile); + fileInfo.setPathToFile(pathToInputFile); } /** diff --git a/src/fileinfo/file_detector/pe_detector.cpp b/src/fileinfo/file_detector/pe_detector.cpp index efa463789..15ea23871 100644 --- a/src/fileinfo/file_detector/pe_detector.cpp +++ b/src/fileinfo/file_detector/pe_detector.cpp @@ -37,8 +37,8 @@ const unsigned long long PE_16_FLAGS_SIZE = 16; PeDetector::PeDetector(std::string pathToInputFile, FileInformation &finfo, retdec::cpdetect::DetectParams &searchPar, retdec::fileformat::LoadFlags loadFlags) : FileDetector(pathToInputFile, finfo, searchPar, loadFlags) { - fileParser = peParser = std::make_shared(fileInfo.getPathToFile(), loadFlags); - loaded = peParser->isInValidState(); + fileParser = peParser = std::make_shared(fileInfo.getPathToFile(), loadFlags); + loaded = peParser->isInValidState(); } /** diff --git a/src/fileinfo/file_information/file_information.cpp b/src/fileinfo/file_information/file_information.cpp index 0cde563a2..a3f567579 100644 --- a/src/fileinfo/file_information/file_information.cpp +++ b/src/fileinfo/file_information/file_information.cpp @@ -949,7 +949,7 @@ std::size_t FileInformation::getNumberOfStoredExports() const */ std::string FileInformation::getExphashCrc32() const { - return exportTable.getExphashCrc32(); + return exportTable.getExphashCrc32(); } /** @@ -958,7 +958,7 @@ std::string FileInformation::getExphashCrc32() const */ std::string FileInformation::getExphashMd5() const { - return exportTable.getExphashMd5(); + return exportTable.getExphashMd5(); } /** @@ -967,7 +967,7 @@ std::string FileInformation::getExphashMd5() const */ std::string FileInformation::getExphashSha256() const { - return exportTable.getExphashSha256(); + return exportTable.getExphashSha256(); } /** diff --git a/src/fileinfo/file_information/file_information.h b/src/fileinfo/file_information/file_information.h index b22787700..03249c8a7 100644 --- a/src/fileinfo/file_information/file_information.h +++ b/src/fileinfo/file_information/file_information.h @@ -179,9 +179,9 @@ class FileInformation /// @name Getters of @a exportTable /// @{ std::size_t getNumberOfStoredExports() const; - std::string getExphashCrc32() const; - std::string getExphashMd5() const; - std::string getExphashSha256() const; + std::string getExphashCrc32() const; + std::string getExphashMd5() const; + std::string getExphashSha256() const; std::string getExportName(std::size_t position) const; std::string getExportAddressStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const; std::string getExportOrdinalNumberStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const; diff --git a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp index 41f392bae..27f09db7a 100644 --- a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp +++ b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_distribution_getter/export_table_plain_getter.cpp @@ -58,15 +58,15 @@ std::size_t ExportTablePlainGetter::getBasicInfo(std::size_t structIndex, std::v info.clear(); desc.push_back("Number of exports: "); - desc.push_back("CRC32 : "); - desc.push_back("MD5 : "); - desc.push_back("SHA256 : "); - info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); - info.push_back(fileinfo.getExphashCrc32()); - info.push_back(fileinfo.getExphashMd5()); - info.push_back(fileinfo.getExphashSha256()); - - return info.size(); + desc.push_back("CRC32 : "); + desc.push_back("MD5 : "); + desc.push_back("SHA256 : "); + info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); + info.push_back(fileinfo.getExphashCrc32()); + info.push_back(fileinfo.getExphashMd5()); + info.push_back(fileinfo.getExphashSha256()); + + return info.size(); } bool ExportTablePlainGetter::loadRecord(std::size_t structIndex, std::size_t recIndex, std::vector &record) diff --git a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp index e320a0e93..461b7cb21 100644 --- a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp +++ b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp @@ -50,15 +50,15 @@ std::size_t ExportTableJsonGetter::getBasicInfo(std::size_t structIndex, std::ve info.clear(); desc.push_back("numberOfExports"); - desc.push_back("crc32"); - desc.push_back("md5"); - desc.push_back("sha256"); - info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); - info.push_back(fileinfo.getImphashCrc32()); - info.push_back(fileinfo.getImphashMd5()); - info.push_back(fileinfo.getImphashSha256()); - - return info.size(); + desc.push_back("crc32"); + desc.push_back("md5"); + desc.push_back("sha256"); + info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); + info.push_back(fileinfo.getImphashCrc32()); + info.push_back(fileinfo.getImphashMd5()); + info.push_back(fileinfo.getImphashSha256()); + + return info.size(); } bool ExportTableJsonGetter::getRecord(std::size_t structIndex, std::size_t recIndex, std::vector &record) const From 86f7b2c82ff486d493b6dba5cedc3f15297cbaff Mon Sep 17 00:00:00 2001 From: JakubPruzinec Date: Sat, 9 Jun 2018 17:36:42 +0200 Subject: [PATCH 3/4] Imphash to Exphash and space padding fixed --- .../retdec/fileformat/types/export_table/export_table.h | 8 ++++---- .../export_table_json_getter.cpp | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/retdec/fileformat/types/export_table/export_table.h b/include/retdec/fileformat/types/export_table/export_table.h index dc037db64..629491b61 100644 --- a/include/retdec/fileformat/types/export_table/export_table.h +++ b/include/retdec/fileformat/types/export_table/export_table.h @@ -21,10 +21,10 @@ class ExportTable { private: using exportsIterator = std::vector::const_iterator; - std::vector exports; ///< stored exports - std::string expHashCrc32; ///< exphash CRC32 - std::string expHashMd5; ///< exphash MD5 - std::string expHashSha256; ///< exphash SHA256 + std::vector exports; ///< stored exports + std::string expHashCrc32; ///< exphash CRC32 + std::string expHashMd5; ///< exphash MD5 + std::string expHashSha256; ///< exphash SHA256 public: ExportTable(); ~ExportTable(); diff --git a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp index 461b7cb21..ec0379504 100644 --- a/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp +++ b/src/fileinfo/file_presentation/getters/iterative_getter/iterative_subtitle_getter/export_table_json_getter.cpp @@ -54,9 +54,9 @@ std::size_t ExportTableJsonGetter::getBasicInfo(std::size_t structIndex, std::ve desc.push_back("md5"); desc.push_back("sha256"); info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); - info.push_back(fileinfo.getImphashCrc32()); - info.push_back(fileinfo.getImphashMd5()); - info.push_back(fileinfo.getImphashSha256()); + info.push_back(fileinfo.getExphashCrc32()); + info.push_back(fileinfo.getExphashMd5()); + info.push_back(fileinfo.getExphashSha256()); return info.size(); } From ef827394deab783d72b8d572020978c7aa4e1074 Mon Sep 17 00:00:00 2001 From: JakubPruzinec Date: Wed, 13 Jun 2018 13:07:40 +0200 Subject: [PATCH 4/4] export hashes support for MACH-o and ELF file format --- src/fileformat/file_format/elf/elf_format.cpp | 1 + src/fileformat/file_format/macho/macho_format.cpp | 1 + 2 files changed, 2 insertions(+) diff --git a/src/fileformat/file_format/elf/elf_format.cpp b/src/fileformat/file_format/elf/elf_format.cpp index 46cd3af75..8fe1df15b 100644 --- a/src/fileformat/file_format/elf/elf_format.cpp +++ b/src/fileformat/file_format/elf/elf_format.cpp @@ -1744,6 +1744,7 @@ void ElfFormat::loadSymbols(const ELFIO::elfio *file, const ELFIO::symbol_sectio } loadImpHash(); + loadExpHash(); } /** diff --git a/src/fileformat/file_format/macho/macho_format.cpp b/src/fileformat/file_format/macho/macho_format.cpp index a32e63aa0..e9ec2f927 100644 --- a/src/fileformat/file_format/macho/macho_format.cpp +++ b/src/fileformat/file_format/macho/macho_format.cpp @@ -246,6 +246,7 @@ void MachOFormat::initStructures() loadCommands(); loadStrings(); loadImpHash(); + loadExpHash(); } }