quarkslab / binmap Goto Github PK
View Code? Open in Web Editor NEWsystem scanner
License: Apache License 2.0
system scanner
License: Apache License 2.0
Nice tool :)
It'd be even nicer to be able to restrict dependency lookup to a specific root. It'd be particularly useful for scanning extracted filesystems.
For example:
./binscan scan -R extracted_fs/
would consider a reference to /lib/ld.so
as extracted_fs/lib/ld.so
Hello,
I don't understand why binmap have multiple keys for one library.
my guess is: you check ELF 'needed libraries' and add it to the graph.
Which means: when they have different name there is different keys, even if the hash is the same.
Which is logic considering there is often symlinks for libraries, and you follow symlinks.
But there is also a key created for each dependency of any elf file (resolved or not), and the metadata of this key have a hash string which I don't know where it comes from, and it has an empty name, and empty version, and when calling view.predecessors
on this type of key: there is different results on the same library with different names on the system.
My guess is you use this key to make your graph easily using pure dependency name.
This means : For the same library there is different result when calling view.predecessors
With that said, I don't understand why you have both absolute path to libraries, and pure dependency name of the library in the graph, and with different predecessors.
Case of use:
I want the predecessors of libz.so.1
Another solution would be to do the merge myself in order to clean up the graph:
Example:
If I have this keys ['libz.so.1', '/usr/main/local/lib/libz.so.1', '/usr/main/local/lib/libz.so.1.2.8', '/usr/main/local/lib/libz.so']
I must merge all of it into one key. (libz.so.1) and do the same for all other keys, in order to recreate a "clean" graph.
It really sounds weird to me to have this kind of behavior considering goal of binmap
Am I doing anything wrong? If no have you planned to change this behavior or are you open to such additions/modifications to binmap?
Hello again. I noticed that binmap can't scan some files and exits without any error.
Example file: http://rgho.st/8HLM52dqN
C:\test>binmap scan drweb32.dll -v2 -o test.dat
blacklisting: "/dev"
blacklisting: "/proc"
blacklisting: "/sys"
blacklisting: "/tmp"
ApiSetMap::parse_apisetmap_v2: not implemented
C:\test>type test.dat
22 serialization::archive 10 0 0 0 0 1 0 0 0 1462888107 3 1 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 0 0 0 17 0
Directory scanning will be stopped when such file occures.
Hello. I'd like to try your interesting tool but i have problems with compilation.
I've installed cmake, boost 1.55.0 (link=shared threading=single) to "C:\Libs\boost_1_55_0", zlib to "C:\Libs\zlib-1.2.8", visual studio 2013.
Then executed cmake -DBoost_DEBUG=ON -G "Visual Studio 12" -DBOOST_ROOT=C:\libs\boost_1_55_0 -DBOOST_LIBRARYDIR=C:\libs\boost_1_55_0\lib32-msvc-12.0 -DZLIB_LIBRARY=C:\libs\zlib-1.2.8 -DZLIB_INCLUDE_DIR=C:\libs\zlib-1.2.8
When i'm trying to compile 'binmap' project in visual studio i'm getting 2 errors like this:
C:\Libs\boost_1_55_0\boost/serialization/access.hpp(118): error C2039: 'serialize' : is not a member of 'boost::unordered::unordered_map<std::string,MetadataInfo,boost::hash<std::string>,std::equal_to<T>,std::allocator<std::pair<const K,MetadataInfo>>>'
Full log:
binmap.txt
I've also tried to compile with precompiled boost 1.56.0/1.59.0/1.60 and visual studio 2010/2015 - nothing helped.
Hope you can help me. Thank you!
This bug report is pretty similar to the one I wrote last week
The code below segfaults (I believe you can use any *.dat file to reproduce this bug)
blob = blobmap.BlobMap("./test/local.dat")
view = next(blob.values())
view.predecessors("does_not_exists")
I think it should return a python error instead
It's maybe dumb question, but where i can get blobmap module for python?
i believe "blobmap.dll" is the module but i don't know how to install it to python.
The code below segfaults (I believe you can use any *.dat file to reproduce this bug)
import blobmap
f = blobmap.BlobMap("./test/local.dat")
f[0]
I think it should return a python error instead
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.