re #43 Include a DNS request for each detection, useful in restrictive sandboxes

2015-12-23 19:42:13 +01:00 · 2015-12-23 19:42:13 +01:00 · 7420c27542
parent eac42caae3
commit 7420c27542
6 changed files with 45 additions and 2 deletions
--- a/pafish/Makefile.linux
+++ b/pafish/Makefile.linux
@ -7,7 +7,7 @@ OBJ       = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/utils.o Ob
            Objects/MingW/qemu.o Objects/MingW/hooks.o Objects/MingW/cpu.o Objects/MingW/cuckoo.o Objects/MingW/bochs.o \
            Objects/MingW/pafish_private.res
 LINKOBJ   = $(OBJ)
-LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -s
+LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -lws2_32 -s
 INCS      =
 BIN       = Output/MingW/pafish.exe
 CFLAGS    = $(INCS) -Wall -Wextra -O0
--- a/pafish/Makefile.win
+++ b/pafish/Makefile.win
@ -7,7 +7,7 @@ OBJ       = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/utils.o Ob
            Objects/MingW/qemu.o Objects/MingW/hooks.o Objects/MingW/cpu.o Objects/MingW/cuckoo.o Objects/MingW/bochs.o \
            Objects/MingW/pafish_private.res
 LINKOBJ   = $(OBJ)
-LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -s
+LIBS      = -lwsock32 -liphlpapi -lsetupapi -lmpr -lole32 -lwbemuuid -loleaut32 -lws2_32 -s
 INCS      =
 BIN       = Output/MingW/pafish.exe
 CFLAGS    = $(INCS) -Wall -Wextra -O0
--- a/pafish/common.c
+++ b/pafish/common.c
@ -1,9 +1,13 @@

+#define _WIN32_WINNT 0x0501 /* _WIN32_WINNT_WINXP */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ws2tcpip.h>
 #include <windows.h>

+#include "config.h"
 #include "common.h"
 #include "types.h"

@ -68,6 +72,29 @@ void write_trace(char product[]) {
 	FILE *trace;
 	trace = fopen(product, "a");
 	fclose(trace);
+	#if ENABLE_DNS_TRACE
+		write_trace_dns(product);
+	#endif
+}
+
+void write_trace_dns(char product[]) {
+	char * dns, tld[] = ".pafish";
+	int i;
+	struct addrinfo* result;
+	int error;
+
+	dns = calloc(strlen(product) + strlen(tld) + sizeof(char), sizeof(char));
+	strncpy(dns, product, strlen(product));
+	strncat(dns, tld, strlen(tld));
+	for (i = 0; i < (int)strlen(dns); i++) {
+		if (dns[i] == '_')
+			dns[i] = '-';
+	}
+
+	error = getaddrinfo(dns, NULL, NULL, &result);
+	if (!error)
+		freeaddrinfo(result);
+	free(dns);
 }

 void print_check_group(char * text) {
--- a/pafish/common.h
+++ b/pafish/common.h
@ -18,6 +18,8 @@ void write_log(char msg[]);

 void write_trace(char product[]);

+void write_trace_dns(char product[]);
+
 void print_check_group(char * text);

 void exec_check(char * text, int (*callback)(), char * text_log, char * text_trace);
--- a/pafish/config.h
+++ b/pafish/config.h
@ -0,0 +1,7 @@
+
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#define ENABLE_DNS_TRACE 1
+
+#endif
--- a/pafish/main.c
+++ b/pafish/main.c
@ -4,6 +4,7 @@
 #include <string.h>
 #include <windows.h>

+#include "config.h"
 #include "common.h"

 #include "debuggers.h"
@ -44,6 +45,9 @@ int main(void)
 	unsigned short original_colors = 0;

 	write_log("Start");
+	#if ENABLE_DNS_TRACE
+		write_trace_dns("analysis-start");
+	#endif

 	original_colors = init_cmd_colors();
 	print_header();
@ -312,6 +316,9 @@ int main(void)
 	printf("[-] Feel free to RE me, check log file for more information.");

 	write_log("End");
+	#if ENABLE_DNS_TRACE
+		write_trace_dns("analysis-end");
+	#endif

 	getchar();