From 06ec39665e696506b889fd54aa0cb48dd0ad709a Mon Sep 17 00:00:00 2001 From: hasherezade Date: Sat, 14 Dec 2024 06:30:05 -0800 Subject: [PATCH] [VERSION] 0.4.0. Updated Python bindings --- bindings/python/demo.py | 3 ++- bindings/python/pesieve.py | 25 +++++++++++++++++++------ include/pe_sieve_types.h | 11 ++++++----- pe_sieve_ver_short.h | 8 ++++---- 4 files changed, 31 insertions(+), 16 deletions(-) diff --git a/bindings/python/demo.py b/bindings/python/demo.py index 382c40498..cccf3278b 100644 --- a/bindings/python/demo.py +++ b/bindings/python/demo.py @@ -25,13 +25,14 @@ params.make_reflection = False params.use_cache = False params.json_lvl = pesieve.t_json_level.JSON_BASIC +params.results_filter = pesieve.t_results_filter.SHOW_SUSPICIOUS params.output_dir = b"/path/to/output/dir" params.modules_ignored = pesieve.PARAM_STRING(length=10, buffer=b'ignored1;ignored2') + # run the function json_max_size = 2000 (report, json, out_size) = pesieve.PESieve_scan_ex(params, pesieve.t_report_type.REPORT_ALL, json_max_size) - # print the report print("PID: %d" % report.pid) print("Scanned: %d" % report.scanned) diff --git a/bindings/python/pesieve.py b/bindings/python/pesieve.py index 929bb0f97..1993af559 100644 --- a/bindings/python/pesieve.py +++ b/bindings/python/pesieve.py @@ -3,8 +3,8 @@ import ctypes import os -PESIEVE_MIN_VER = 0x030800 # minimal version of the PE-sieve DLL to work with this wrapper -PESIEVE_MAX_VER = 0x030800 # maximal version of the PE-sieve DLL to work with this wrapper +PESIEVE_MIN_VER = 0x040000 # minimal version of the PE-sieve DLL to work with this wrapper +PESIEVE_MAX_VER = 0x040000 # maximal version of the PE-sieve DLL to work with this wrapper ERROR_SCAN_FAILURE = -1 MAX_PATH = 260 @@ -23,7 +23,7 @@ class t_output_filter(ctypes.c_int): OUT_NO_DUMPS = 1 OUT_NO_DIR = 2 OUT_FILTERS_COUNT = 3 - + class t_shellc_mode(ctypes.c_int): SHELLC_NONE = 0 SHELLC_PATTERNS = 1 @@ -31,14 +31,14 @@ class t_shellc_mode(ctypes.c_int): SHELLC_PATTERNS_OR_STATS = 3 SHELLC_PATTERNS_AND_STATS = 4 SHELLC_COUNT = 5 - + class t_obfusc_mode(ctypes.c_int): OBFUSC_NONE = 0 OBFUSC_STRONG_ENC = 1 OBFUSC_WEAK_ENC = 2 OBFUSC_ANY = 3 OBFUSC_COUNT = 4 - + class t_imprec_mode(ctypes.c_int): PE_IMPREC_NONE = 0 PE_IMPREC_AUTO = 1 @@ -85,6 +85,16 @@ class t_json_level(ctypes.c_int): JSON_DETAILS2 = 2 JSON_LVL_COUNT = 3 +class t_results_filter(ctypes.c_int): + SHOW_NONE = 0 + SHOW_ERRORS = 1 + SHOW_NOT_SUSPICIOUS = 2 + SHOW_SUSPICIOUS = 4 + SHOW_SUSPICIOUS_AND_ERRORS = 5 + SHOW_SUCCESSFUL_ONLY = 6 + SHOW_ALL = 7 + SHOW_FILTERS_MAX = 8 + class t_report_type(ctypes.c_int): REPORT_NONE = 0 REPORT_SCANNED = 1 @@ -111,13 +121,16 @@ class t_params(ctypes.Structure): ('iat', t_iat_scan_mode), ('data', t_data_scan_mode), ('minidump', ctypes.c_bool), + ('rebase', ctypes.c_bool), ('dump_mode', t_dump_mode), ('json_output', ctypes.c_bool), ('make_reflection', ctypes.c_bool), ('use_cache', ctypes.c_bool), ('json_lvl', t_json_level), + ('results_filter', t_results_filter), ('output_dir', ctypes.c_char * (MAX_PATH + 1)), - ('modules_ignored', PARAM_STRING) + ('modules_ignored', PARAM_STRING), + ('pattern_file', PARAM_STRING) ] class t_report(ctypes.Structure): diff --git a/include/pe_sieve_types.h b/include/pe_sieve_types.h index 349096ebc..199179e03 100644 --- a/include/pe_sieve_types.h +++ b/include/pe_sieve_types.h @@ -27,15 +27,16 @@ namespace pesieve { OUT_FILTERS_COUNT } t_output_filter; + //! the flags defining what will be reported typedef enum { - SHOW_NONE = 0, - SHOW_ERRORS = 1, - SHOW_NOT_SUSPICIOUS = 2, - SHOW_SUSPICIOUS = 4, + SHOW_NONE = 0, ///< do not report any module + SHOW_ERRORS = 1, ///< report only scan errors + SHOW_NOT_SUSPICIOUS = 2, ///< report only not suspicious + SHOW_SUSPICIOUS = 4, ///< report only suspicious SHOW_SUSPICIOUS_AND_ERRORS = SHOW_ERRORS | SHOW_SUSPICIOUS, SHOW_SUCCESSFUL_ONLY = SHOW_NOT_SUSPICIOUS | SHOW_SUSPICIOUS, SHOW_ALL = SHOW_ERRORS | SHOW_NOT_SUSPICIOUS | SHOW_SUSPICIOUS, - SHOW_FILTERS_COUNT + SHOW_FILTERS_MAX ///< terminator of the list of filters } t_results_filter; typedef enum { diff --git a/pe_sieve_ver_short.h b/pe_sieve_ver_short.h index 3f97cf0df..47110b6bf 100644 --- a/pe_sieve_ver_short.h +++ b/pe_sieve_ver_short.h @@ -1,8 +1,8 @@ #pragma once #define PESIEVE_MAJOR_VERSION 0 -#define PESIEVE_MINOR_VERSION 3 -#define PESIEVE_MICRO_VERSION 9 -#define PESIEVE_PATCH_VERSION 8 +#define PESIEVE_MINOR_VERSION 4 +#define PESIEVE_MICRO_VERSION 0 +#define PESIEVE_PATCH_VERSION 0 -#define PESIEVE_VERSION_STR "0.3.9.8" +#define PESIEVE_VERSION_STR "0.4.0.0"