From 0bf8ff8c62dd2d2c4a072f52d25951c6ff634b03 Mon Sep 17 00:00:00 2001 From: ark Date: Sun, 23 Jun 2024 18:03:07 +0530 Subject: [PATCH 1/4] Add verbose output of file offsets and virtual addresses for language-specific strings --- floss/language/rust/extract.py | 17 +++++++++++++++++ floss/main.py | 5 +++++ floss/render/default.py | 7 ++++--- floss/results.py | 3 ++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/floss/language/rust/extract.py b/floss/language/rust/extract.py index 4d40c3af9..d2ec339b6 100644 --- a/floss/language/rust/extract.py +++ b/floss/language/rust/extract.py @@ -135,6 +135,23 @@ def get_static_strings_from_rdata(sample, static_strings) -> List[StaticString]: return list(filter(lambda s: start_rdata <= s.offset < end_rdata, static_strings)) +def get_file_offset_in_rdata(sample: pathlib.Path) -> int: + pe = pefile.PE(data=pathlib.Path(sample).read_bytes(), fast_load=True) + + try: + rdata_section = get_rdata_section(pe) + except ValueError: + return -1 + + image_base = pe.OPTIONAL_HEADER.ImageBase + virtual_address = rdata_section.VirtualAddress + pointer_to_raw_data = rdata_section.PointerToRawData + + print("DD:", image_base + virtual_address - pointer_to_raw_data) + + return image_base + virtual_address - pointer_to_raw_data + + def get_string_blob_strings(pe: pefile.PE, min_length: int) -> Iterable[StaticString]: image_base = pe.OPTIONAL_HEADER.ImageBase diff --git a/floss/main.py b/floss/main.py index 38f0d027a..465592d28 100644 --- a/floss/main.py +++ b/floss/main.py @@ -681,6 +681,11 @@ def main(argv=None) -> int: results.strings.language_strings_missed = floss.language.utils.get_missed_strings( rdata_strings, results.strings.language_strings, args.min_length ) + + # get the file offset diff file offset and va + if args.verbose: + results.metadata.file_offset_in_rdata = floss.language.rust.extract.get_file_offset_in_rdata(sample) + if ( results.analysis.enable_decoded_strings or results.analysis.enable_stack_strings diff --git a/floss/render/default.py b/floss/render/default.py index eedc46f3f..41a4db002 100644 --- a/floss/render/default.py +++ b/floss/render/default.py @@ -158,7 +158,7 @@ def strtime(seconds): return f"{m:02.0f}:{s:02.0f}" -def render_language_strings(language, language_strings, language_strings_missed, console, verbose, disable_headers): +def render_language_strings(language, language_strings, language_strings_missed, file_offset, console, verbose, disable_headers): strings = sorted(language_strings + language_strings_missed, key=lambda s: s.offset) render_heading(f"FLOSS {language.upper()} STRINGS ({len(strings)})", console, verbose, disable_headers) offset_len = len(f"{strings[-1].offset}") @@ -167,7 +167,7 @@ def render_language_strings(language, language_strings, language_strings_missed, console.print(sanitize(s.string, is_ascii_only=False), markup=False) else: colored_string = string_style(sanitize(s.string, is_ascii_only=False)) - console.print(f"0x{s.offset:>0{offset_len}x} {colored_string}") + console.print(f"0x{s.offset:>0{offset_len}x} 0x{s.offset + file_offset:>0{offset_len}x} {colored_string}") def render_static_substrings(strings, encoding, offset_len, console, verbose, disable_headers): @@ -340,9 +340,10 @@ def render(results: floss.results.ResultDocument, verbose, disable_headers, colo results.metadata.language, results.strings.language_strings, results.strings.language_strings_missed, + results.metadata.file_offset_in_rdata, console, verbose, - disable_headers, + disable_headers ) console.print("\n") diff --git a/floss/results.py b/floss/results.py index bd8b90f1a..9f6872713 100644 --- a/floss/results.py +++ b/floss/results.py @@ -4,7 +4,7 @@ import json import datetime from enum import Enum -from typing import Dict, List +from typing import Dict, List, Optional from pathlib import Path from dataclasses import field @@ -194,6 +194,7 @@ class Metadata: language: str = "" language_version: str = "" language_selected: str = "" # configured by user + file_offset_in_rdata: Optional[int] = None @dataclass From 96be3dca28a633366f2194fb7351eb6e675f4ba5 Mon Sep 17 00:00:00 2001 From: ark Date: Sun, 23 Jun 2024 18:13:01 +0530 Subject: [PATCH 2/4] Code Style --- floss/main.py | 2 +- floss/render/default.py | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/floss/main.py b/floss/main.py index 465592d28..a8eb4a92e 100644 --- a/floss/main.py +++ b/floss/main.py @@ -682,7 +682,7 @@ def main(argv=None) -> int: rdata_strings, results.strings.language_strings, args.min_length ) - # get the file offset diff file offset and va + # get the file offset diff file offset and va if args.verbose: results.metadata.file_offset_in_rdata = floss.language.rust.extract.get_file_offset_in_rdata(sample) diff --git a/floss/render/default.py b/floss/render/default.py index 41a4db002..7dc91407c 100644 --- a/floss/render/default.py +++ b/floss/render/default.py @@ -158,7 +158,9 @@ def strtime(seconds): return f"{m:02.0f}:{s:02.0f}" -def render_language_strings(language, language_strings, language_strings_missed, file_offset, console, verbose, disable_headers): +def render_language_strings( + language, language_strings, language_strings_missed, file_offset, console, verbose, disable_headers +): strings = sorted(language_strings + language_strings_missed, key=lambda s: s.offset) render_heading(f"FLOSS {language.upper()} STRINGS ({len(strings)})", console, verbose, disable_headers) offset_len = len(f"{strings[-1].offset}") @@ -343,7 +345,7 @@ def render(results: floss.results.ResultDocument, verbose, disable_headers, colo results.metadata.file_offset_in_rdata, console, verbose, - disable_headers + disable_headers, ) console.print("\n") From 09f3018f850564cece0eba83262bc478f1db9175 Mon Sep 17 00:00:00 2001 From: Arker123 Date: Wed, 26 Jun 2024 11:13:59 +0530 Subject: [PATCH 3/4] Tweak --- floss/language/rust/extract.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/floss/language/rust/extract.py b/floss/language/rust/extract.py index d2ec339b6..c2bf7e7c8 100644 --- a/floss/language/rust/extract.py +++ b/floss/language/rust/extract.py @@ -147,8 +147,6 @@ def get_file_offset_in_rdata(sample: pathlib.Path) -> int: virtual_address = rdata_section.VirtualAddress pointer_to_raw_data = rdata_section.PointerToRawData - print("DD:", image_base + virtual_address - pointer_to_raw_data) - return image_base + virtual_address - pointer_to_raw_data From 1379a84c8179c71230c086aa9f4eaa809d78f60b Mon Sep 17 00:00:00 2001 From: Arker123 Date: Wed, 26 Jun 2024 11:36:42 +0530 Subject: [PATCH 4/4] Column Headers Added --- floss/render/default.py | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/floss/render/default.py b/floss/render/default.py index 7dc91407c..ba6e763c4 100644 --- a/floss/render/default.py +++ b/floss/render/default.py @@ -164,12 +164,32 @@ def render_language_strings( strings = sorted(language_strings + language_strings_missed, key=lambda s: s.offset) render_heading(f"FLOSS {language.upper()} STRINGS ({len(strings)})", console, verbose, disable_headers) offset_len = len(f"{strings[-1].offset}") - for s in strings: - if verbose == Verbosity.DEFAULT: + va_offset_len = len(f"{strings[-1].offset + file_offset}") + + if verbose != Verbosity.DEFAULT: + # add column headers + table = Table( + "Offset", + "VA", + "String", + show_header=not (disable_headers), + box=box.ASCII2, + show_edge=False, + ) + + # add rows + for s in strings: + table.add_row( + f"0x{s.offset:>0{offset_len}x}", + f"0x{s.offset + file_offset:>0{va_offset_len}x}", + string_style(sanitize(s.string, is_ascii_only=False)), + ) + + console.print(table) + + else: + for s in strings: console.print(sanitize(s.string, is_ascii_only=False), markup=False) - else: - colored_string = string_style(sanitize(s.string, is_ascii_only=False)) - console.print(f"0x{s.offset:>0{offset_len}x} 0x{s.offset + file_offset:>0{offset_len}x} {colored_string}") def render_static_substrings(strings, encoding, offset_len, console, verbose, disable_headers):