diff --git a/.gitignore b/.gitignore index 6ee3b939..6bdddf54 100644 --- a/.gitignore +++ b/.gitignore @@ -182,24 +182,3 @@ docker-src.* /qemu/trace-ust-all.h /qemu/trace-ust-all.c /qemu/target/arm/decode-sve.inc.c - - -/qemu/roms/seabios -/qemu/roms/ipxe -/qemu/roms/openbios -/qemu/roms/openhackware -/qemu/roms/qemu-palcode -/qemu/roms/sgabios -/qemu/dtc -/qemu/roms/u-boot -/qemu/roms/skiboot -/qemu/roms/QemuMacDrivers -/qemu/ui/keycodemapdb -/qemu/capstone -/qemu/roms/seabios-hppa -/qemu/roms/u-boot-sam460ex -/qemu/tests/fp/berkeley-testfloat-3 -/qemu/tests/fp/berkeley-softfloat-3 -/qemu/roms/edk2 -/qemu/slirp -/qemu/roms/SLOF diff --git a/Dockerfile b/Dockerfile index b29b5c10..e2082818 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,25 +21,33 @@ # # ------------------------------------------------------------------------------- -FROM ubuntu:16.04 +FROM ubuntu:18.04 MAINTAINER Jonas Zaddach ENV PREFIX /home - -#Install packages RUN apt-get update -RUN apt-get install -y build-essential zlib1g-dev pkg-config \ +RUN apt-get install -y python3 python3-pip +RUN export python=python3 +#Install packages +RUN apt-get install -y --fix-missing build-essential zlib1g-dev pkg-config \ libglib2.0-dev binutils-dev libboost-all-dev \ autoconf libtool libssl-dev libpixman-1-dev \ libpython-dev python-pip \ git curl vim +#upgrade pip +RUN python3 -m pip install --upgrade pip + + #clone pybox RUN git clone https://github.com/Cisco-Talos/pyrebox pyrebox WORKDIR pyrebox -RUN pip install -r requirements.txt +RUN python3 -m pip install -r requirements.txt RUN ./build.sh -RUN cp /usr/local/lib/python2.7/dist-packages/capstone/lib/libcapstone.so /usr/local/lib +# i don't know why pyrebox-i386 uses python2 still +RUN python2 -m pip install distorm3 ipython capstone +#RUN cp /usr/local/lib/python2.7/dist-packages/capstone/lib/libcapstone.so /usr/local/lib +#RUN cp /usr/local/lib/python3.6/dist-packages/capstone/lib/libcapstone.so /usr/local/lib RUN ldconfig #OPTIONAL: Copy VM in. Left as an example diff --git a/README.rst b/README.rst index 0d9a98ce..55b21322 100644 --- a/README.rst +++ b/README.rst @@ -45,6 +45,7 @@ active development and new cool features are yet to come! The master branch shou version, while the dev branches contain the latest, work-in progress features. The following announcement list refers to the master branch, and the date when the development changes were merged into master. +- [Dec 5, 2019] **Beta version of PyREBox3, ready on the python3migration branch**. The tool has been ported to Python3 and Volatility3. Plugins have not been ported yet. - [Jun 21, 2019] **Upgraded QEMU to version 4.0.0, with MTTCG (multi-threaded TCG) support.** Special thanks to @richsurgenor for his valuable contributions to this upgrade. - [Jun 17, 2019] Merge of dev branch (Malware monitor 2). - [Jun 17, 2019] Mouse movement automation. diff --git a/build.sh b/build.sh index e9eaa034..f19748fe 100755 --- a/build.sh +++ b/build.sh @@ -86,9 +86,9 @@ if [ x"${reconfigure}" = xyes ] || [ ! -f ${qemu_path}/config-host.mak ] || [ ! echo -e "\n${GREEN}[*] Configuring qemu...${NC}\n" - git submodule deinit . + git submodule deinit -f . git submodule init - git submodule update --recursive + git submodule update -f --recursive cd ${qemu_path} qemu_configure_flags="" if [ x"${debug}" = xyes ] diff --git a/mw_monitor/mw_monitor_classes.py b/mw_monitor/mw_monitor_classes.py index f8fe6bb4..3c952dcf 100644 --- a/mw_monitor/mw_monitor_classes.py +++ b/mw_monitor/mw_monitor_classes.py @@ -174,7 +174,7 @@ def find_ep(proc, proc_name): name = m["name"] base = m["base"] # size = m["size"] - if name == proc_name: + if proc_name in name: pe_data = api.r_va(proc.get_pgd(), base, 0x1000) pe = pefile.PE(data=pe_data) ep = pe.OPTIONAL_HEADER.AddressOfEntryPoint diff --git a/qemu/slirp b/qemu/slirp new file mode 160000 index 00000000..0d337b53 --- /dev/null +++ b/qemu/slirp @@ -0,0 +1 @@ +Subproject commit 0d337b5382f3521216c3dfd30fcde4f5bcdffd02