mirrors
/
pafish
mirror of https://github.com/a0rtega/pafish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add memory PE image traces output

This commit is contained in:
Alberto Ortega 2021-11-08 20:45:19 +01:00
parent c6c28ab896
commit f658ccc959
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pafish/common.c
View File

@ -11,6 +11,8 @@
#include "common.h"
#include "types.h"
char pafish_pe_img_log[2048];
unsigned short init_cmd_colors() {
CONSOLE_SCREEN_BUFFER_INFO csbi;
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
@ -73,6 +75,9 @@ void write_trace(char product[]) {
#if ENABLE_DNS_TRACE
write_trace_dns(product);
#endif
#if ENABLE_PE_IMG_TRACE
write_trace_pe_img(product, TRUE);
#endif
}
void write_trace_dns(char product[]) {
@ -95,6 +100,12 @@ void write_trace_dns(char product[]) {
free(dns);
}
void write_trace_pe_img(char product[], BOOLEAN add_comma) {
strncat(pafish_pe_img_log, product, strlen(product));
if (add_comma)
strncat(pafish_pe_img_log, ",", 2);
}
void print_check_group(char * text) {
printf("\n[-] %s\n", text);
}

2
pafish/common.h
View File

@ -20,6 +20,8 @@ void write_trace(char product[]);
void write_trace_dns(char product[]);
void write_trace_pe_img(char product[], BOOLEAN add_comma);
void print_check_group(char * text);
void exec_check(char * text, int (*callback)(), char * text_log, char * text_trace);

11
pafish/config.h
View File

@ -2,6 +2,17 @@
#ifndef CONFIG_H
#define CONFIG_H
/* This output flag enables sending of DNS
* requests when pafish detects products.
*/
#define ENABLE_DNS_TRACE 1
/* This output flag enables writing traces of
* detections to a PE section of the pafish
* image in memory. Memory dumps of unpacked executables
* may reveal the detected products.
* Output format: "analysis-start trace1,trace2, analysis-end"
*/
#define ENABLE_PE_IMG_TRACE 1
#endif

6
pafish/main.c
View File

@ -54,6 +54,9 @@ int main(void)
#if ENABLE_DNS_TRACE
write_trace_dns("analysis-start");
#endif
#if ENABLE_PE_IMG_TRACE
write_trace_pe_img("analysis-start ", FALSE);
#endif
original_colors = init_cmd_colors();
print_header();
@ -372,6 +375,9 @@ int main(void)
#if ENABLE_DNS_TRACE
write_trace_dns("analysis-end");
#endif
#if ENABLE_PE_IMG_TRACE
write_trace_pe_img(" analysis-end", FALSE);
#endif
/* Restore window */
ShowWindow(GetConsoleWindow(), SW_RESTORE);