re #43 Include a DNS request for each detection, useful in restrictive sandboxes

2015-12-23 19:42:13 +01:00 · 2015-12-23 19:42:13 +01:00 · 7420c27542
parent eac42caae3
commit 7420c27542
6 changed files with 45 additions and 2 deletions
--- a/pafish/Makefile.linux
+++ b/pafish/Makefile.linux
@ -7,7 +7,7 @@ OBJ       = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/utils.o Ob
            Objects/MingW/qemu.o Objects/MingW/hooks.o Objects/MingW/cpu.o Objects/MingW/cuckoo.o Objects/MingW/bochs.o \
            Objects/MingW/pafish_private.res
 LINKOBJ   = $(OBJ)
-LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -s
+LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -lws2_32 -s
 INCS      =
 BIN       = Output/MingW/pafish.exe
 CFLAGS    = $(INCS) -Wall -Wextra -O0
--- a/pafish/Makefile.win
+++ b/pafish/Makefile.win
@ -7,7 +7,7 @@ OBJ       = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/utils.o Ob
            Objects/MingW/qemu.o Objects/MingW/hooks.o Objects/MingW/cpu.o Objects/MingW/cuckoo.o Objects/MingW/bochs.o \
            Objects/MingW/pafish_private.res
 LINKOBJ   = $(OBJ)
-LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -s
+LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -lws2_32 -s
 INCS      =
 BIN       = Output/MingW/pafish.exe
 CFLAGS    = $(INCS) -Wall -Wextra -O0
--- a/pafish/common.c
+++ b/pafish/common.c
@ -1,9 +1,13 @@
 #define _WIN32_WINNT 0x0501 /* _WIN32_WINNT_WINXP */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <ws2tcpip.h>
 #include <windows.h>
 #include "config.h"
 #include "common.h"
 #include "types.h"
@ -68,6 +72,29 @@ void write_trace(char product[]) {
 	FILE *trace;
 	trace = fopen(product, "a");
 	fclose(trace);
 	#if ENABLE_DNS_TRACE
 		write_trace_dns(product);
 	#endif
 }
 void write_trace_dns(char product[]) {
 	char * dns, tld[] = ".pafish";
 	int i;
 	struct addrinfo* result;
 	int error;
 	dns = calloc(strlen(product) + strlen(tld) + sizeof(char), sizeof(char));
 	strncpy(dns, product, strlen(product));
 	strncat(dns, tld, strlen(tld));
 	for (i = 0; i < (int)strlen(dns); i++) {
 		if (dns[i] == '_')
 			dns[i] = '-';
 	}
 	error = getaddrinfo(dns, NULL, NULL, &result);
 	if (!error)
 		freeaddrinfo(result);
 	free(dns);
 }
 void print_check_group(char * text) {
--- a/pafish/common.h
+++ b/pafish/common.h
@ -18,6 +18,8 @@ void write_log(char msg[]);
 void write_trace(char product[]);
 void write_trace_dns(char product[]);
 void print_check_group(char * text);
 void exec_check(char * text, int (*callback)(), char * text_log, char * text_trace);
--- a/pafish/config.h
+++ b/pafish/config.h
@ -0,0 +1,7 @@
 #ifndef CONFIG_H
 #define CONFIG_H
 #define ENABLE_DNS_TRACE 1
 #endif
--- a/pafish/main.c
+++ b/pafish/main.c
@ -4,6 +4,7 @@
 #include <string.h>
 #include <windows.h>
 #include "config.h"
 #include "common.h"
 #include "debuggers.h"
@ -44,6 +45,9 @@ int main(void)
 	unsigned short original_colors = 0;
 	write_log("Start");
 	#if ENABLE_DNS_TRACE
 		write_trace_dns("analysis-start");
 	#endif
 	original_colors = init_cmd_colors();
 	print_header();
@ -312,6 +316,9 @@ int main(void)
 	printf("[-] Feel free to RE me, check log file for more information.");
 	write_log("End");
 	#if ENABLE_DNS_TRACE
 		write_trace_dns("analysis-end");
 	#endif
 	getchar();