From 7420c27542388193213059a189114f33bc0cbbaf Mon Sep 17 00:00:00 2001 From: Alberto Ortega Date: Wed, 23 Dec 2015 19:42:13 +0100 Subject: [PATCH] re #43 Include a DNS request for each detection, useful in restrictive sandboxes --- pafish/Makefile.linux | 2 +- pafish/Makefile.win | 2 +- pafish/common.c | 27 +++++++++++++++++++++++++++ pafish/common.h | 2 ++ pafish/config.h | 7 +++++++ pafish/main.c | 7 +++++++ 6 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 pafish/config.h diff --git a/pafish/Makefile.linux b/pafish/Makefile.linux index ebe0b5e..dffe474 100644 --- a/pafish/Makefile.linux +++ b/pafish/Makefile.linux @@ -7,7 +7,7 @@ OBJ = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/utils.o Ob Objects/MingW/qemu.o Objects/MingW/hooks.o Objects/MingW/cpu.o Objects/MingW/cuckoo.o Objects/MingW/bochs.o \ Objects/MingW/pafish_private.res LINKOBJ = $(OBJ) -LIBS = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -s +LIBS = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -lws2_32 -s INCS = BIN = Output/MingW/pafish.exe CFLAGS = $(INCS) -Wall -Wextra -O0 diff --git a/pafish/Makefile.win b/pafish/Makefile.win index 80f4a6f..8195925 100644 --- a/pafish/Makefile.win +++ b/pafish/Makefile.win @@ -7,7 +7,7 @@ OBJ = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/utils.o Ob Objects/MingW/qemu.o Objects/MingW/hooks.o Objects/MingW/cpu.o Objects/MingW/cuckoo.o Objects/MingW/bochs.o \ Objects/MingW/pafish_private.res LINKOBJ = $(OBJ) -LIBS = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -s +LIBS = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -lws2_32 -s INCS = BIN = Output/MingW/pafish.exe CFLAGS = $(INCS) -Wall -Wextra -O0 diff --git a/pafish/common.c b/pafish/common.c index 50a914b..3d2658c 100644 --- a/pafish/common.c +++ b/pafish/common.c @@ -1,9 +1,13 @@ +#define _WIN32_WINNT 0x0501 /* _WIN32_WINNT_WINXP */ + #include #include #include +#include #include +#include "config.h" #include "common.h" #include "types.h" @@ -68,6 +72,29 @@ void write_trace(char product[]) { FILE *trace; trace = fopen(product, "a"); fclose(trace); + #if ENABLE_DNS_TRACE + write_trace_dns(product); + #endif +} + +void write_trace_dns(char product[]) { + char * dns, tld[] = ".pafish"; + int i; + struct addrinfo* result; + int error; + + dns = calloc(strlen(product) + strlen(tld) + sizeof(char), sizeof(char)); + strncpy(dns, product, strlen(product)); + strncat(dns, tld, strlen(tld)); + for (i = 0; i < (int)strlen(dns); i++) { + if (dns[i] == '_') + dns[i] = '-'; + } + + error = getaddrinfo(dns, NULL, NULL, &result); + if (!error) + freeaddrinfo(result); + free(dns); } void print_check_group(char * text) { diff --git a/pafish/common.h b/pafish/common.h index 2050685..3933454 100644 --- a/pafish/common.h +++ b/pafish/common.h @@ -18,6 +18,8 @@ void write_log(char msg[]); void write_trace(char product[]); +void write_trace_dns(char product[]); + void print_check_group(char * text); void exec_check(char * text, int (*callback)(), char * text_log, char * text_trace); diff --git a/pafish/config.h b/pafish/config.h new file mode 100644 index 0000000..861d40b --- /dev/null +++ b/pafish/config.h @@ -0,0 +1,7 @@ + +#ifndef CONFIG_H +#define CONFIG_H + +#define ENABLE_DNS_TRACE 1 + +#endif diff --git a/pafish/main.c b/pafish/main.c index 88053ad..bcb8c2f 100644 --- a/pafish/main.c +++ b/pafish/main.c @@ -4,6 +4,7 @@ #include #include +#include "config.h" #include "common.h" #include "debuggers.h" @@ -44,6 +45,9 @@ int main(void) unsigned short original_colors = 0; write_log("Start"); + #if ENABLE_DNS_TRACE + write_trace_dns("analysis-start"); + #endif original_colors = init_cmd_colors(); print_header(); @@ -312,6 +316,9 @@ int main(void) printf("[-] Feel free to RE me, check log file for more information."); write_log("End"); + #if ENABLE_DNS_TRACE + write_trace_dns("analysis-end"); + #endif getchar();