Cynosphere/bcv-vf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Instruction Printing On Malware Scanner

Browse source
This commit is contained in:
Konloch 2021-07-01 04:34:40 -07:00
parent 007955b2ba
commit c209db4f5b
7 changed files with 72 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
src/main/java/the/bytecode/club/bytecodeviewer/decompilers/bytecode/InstructionPrinter.java
View file

@ -69,6 +69,8 @@ public class InstructionPrinter {
protected List<AbstractInsnNode> matchedInsns; protected List<AbstractInsnNode> matchedInsns;
protected Map<LabelNode, Integer> labels; protected Map<LabelNode, Integer> labels;
private boolean firstLabel = false;
private ArrayList<String> info = new ArrayList<>();
public InstructionPrinter(MethodNode m, TypeAndName[] args) { public InstructionPrinter(MethodNode m, TypeAndName[] args) {
this.args = args; this.args = args;
@ -99,64 +101,17 @@ public class InstructionPrinter {
* @return The print as an ArrayList * @return The print as an ArrayList
*/ */
public ArrayList<String> createPrint() { public ArrayList<String> createPrint() {
ArrayList<String> info = new ArrayList<>(); firstLabel = false;
info.clear();
ListIterator<?> it = mNode.instructions.iterator(); ListIterator<?> it = mNode.instructions.iterator();
boolean firstLabel = false;
while (it.hasNext()) { while (it.hasNext()) {
AbstractInsnNode ain = (AbstractInsnNode) it.next(); AbstractInsnNode ain = (AbstractInsnNode) it.next();
String line = ""; String line = printInstruction(ain);
if (ain instanceof VarInsnNode) {
line = printVarInsnNode((VarInsnNode) ain);
} else if (ain instanceof IntInsnNode) {
line = printIntInsnNode((IntInsnNode) ain);
} else if (ain instanceof FieldInsnNode) {
line = printFieldInsnNode((FieldInsnNode) ain);
} else if (ain instanceof MethodInsnNode) {
line = printMethodInsnNode((MethodInsnNode) ain);
} else if (ain instanceof LdcInsnNode) {
line = printLdcInsnNode((LdcInsnNode) ain);
} else if (ain instanceof InsnNode) {
line = printInsnNode((InsnNode) ain);
} else if (ain instanceof JumpInsnNode) {
line = printJumpInsnNode((JumpInsnNode) ain);
} else if (ain instanceof LineNumberNode) {
line = printLineNumberNode();
} else if (ain instanceof LabelNode) {
if (firstLabel
&& BytecodeViewer.viewer.appendBracketsToLabels
.isSelected())
info.add("}");
line = printLabelnode((LabelNode) ain);
if (BytecodeViewer.viewer.appendBracketsToLabels.isSelected()) {
if (!firstLabel)
firstLabel = true;
line += " {";
}
} else if (ain instanceof TypeInsnNode) {
line = printTypeInsnNode((TypeInsnNode) ain);
} else if (ain instanceof FrameNode) {
line = printFrameNode((FrameNode) ain);
} else if (ain instanceof IincInsnNode) {
line = printIincInsnNode((IincInsnNode) ain);
} else if (ain instanceof TableSwitchInsnNode) {
line = printTableSwitchInsnNode((TableSwitchInsnNode) ain);
} else if (ain instanceof LookupSwitchInsnNode) {
line = printLookupSwitchInsnNode((LookupSwitchInsnNode) ain);
} else if (ain instanceof InvokeDynamicInsnNode) {
line = printInvokeDynamicInsNode((InvokeDynamicInsnNode) ain);
} else if (ain instanceof MultiANewArrayInsnNode) {
line = printMultiANewArrayInsNode((MultiANewArrayInsnNode) ain);
} else {
line += "UNADDED OPCODE: " + nameOpcode(ain.getOpcode()) + " "
+ ain;
}
if (!line.isEmpty()) { if (!line.isEmpty()) {
if (match) if (match)
if (matchedInsns.contains(ain)) if (matchedInsns.contains(ain))
line = " -> " + line; line = " -> " + line;
info.add(line); info.add(line);
} }
} }
@ -165,6 +120,60 @@ public class InstructionPrinter {
info.add("}"); info.add("}");
return info; return info;
} }
public String printInstruction(AbstractInsnNode ain)
{
String line = "";
if (ain instanceof VarInsnNode) {
line = printVarInsnNode((VarInsnNode) ain);
} else if (ain instanceof IntInsnNode) {
line = printIntInsnNode((IntInsnNode) ain);
} else if (ain instanceof FieldInsnNode) {
line = printFieldInsnNode((FieldInsnNode) ain);
} else if (ain instanceof MethodInsnNode) {
line = printMethodInsnNode((MethodInsnNode) ain);
} else if (ain instanceof LdcInsnNode) {
line = printLdcInsnNode((LdcInsnNode) ain);
} else if (ain instanceof InsnNode) {
line = printInsnNode((InsnNode) ain);
} else if (ain instanceof JumpInsnNode) {
line = printJumpInsnNode((JumpInsnNode) ain);
} else if (ain instanceof LineNumberNode) {
line = printLineNumberNode();
} else if (ain instanceof LabelNode) {
if (firstLabel
&& BytecodeViewer.viewer.appendBracketsToLabels
.isSelected())
info.add("}");
line = printLabelnode((LabelNode) ain);
if (BytecodeViewer.viewer.appendBracketsToLabels.isSelected()) {
if (!firstLabel)
firstLabel = true;
line += " {";
}
} else if (ain instanceof TypeInsnNode) {
line = printTypeInsnNode((TypeInsnNode) ain);
} else if (ain instanceof FrameNode) {
line = printFrameNode((FrameNode) ain);
} else if (ain instanceof IincInsnNode) {
line = printIincInsnNode((IincInsnNode) ain);
} else if (ain instanceof TableSwitchInsnNode) {
line = printTableSwitchInsnNode((TableSwitchInsnNode) ain);
} else if (ain instanceof LookupSwitchInsnNode) {
line = printLookupSwitchInsnNode((LookupSwitchInsnNode) ain);
} else if (ain instanceof InvokeDynamicInsnNode) {
line = printInvokeDynamicInsNode((InvokeDynamicInsnNode) ain);
} else if (ain instanceof MultiANewArrayInsnNode) {
line = printMultiANewArrayInsNode((MultiANewArrayInsnNode) ain);
} else {
line += "UNADDED OPCODE: " + nameOpcode(ain.getOpcode()) + " "
+ ain;
}
return line;
}
protected String printVarInsnNode(VarInsnNode vin) { protected String printVarInsnNode(VarInsnNode vin) {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();

7
src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java
View file

@ -2,6 +2,7 @@ package the.bytecode.club.bytecodeviewer.malwarescanner;
import org.objectweb.asm.tree.*; import org.objectweb.asm.tree.*;
import the.bytecode.club.bytecodeviewer.BytecodeViewer; import the.bytecode.club.bytecodeviewer.BytecodeViewer;
import the.bytecode.club.bytecodeviewer.decompilers.bytecode.InstructionPrinter;
import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString;
/** /**
@ -12,6 +13,7 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString;
*/ */
public abstract class MalwareCodeScanner implements CodeScanner public abstract class MalwareCodeScanner implements CodeScanner
{ {
private final InstructionPrinter instructionPrinter = new InstructionPrinter(null, null);
public MalwareScanModule module; public MalwareScanModule module;
public abstract void scanFieldString(MalwareScan scan, ClassNode cn, FieldNode field, SearchableString string); public abstract void scanFieldString(MalwareScan scan, ClassNode cn, FieldNode field, SearchableString string);
@ -79,6 +81,11 @@ public abstract class MalwareCodeScanner implements CodeScanner
return cn.name + "." + method.name + "(" + method.desc + ")"; return cn.name + "." + method.name + "(" + method.desc + ")";
} }
public String instructionToString(AbstractInsnNode instruction)
{
return instructionPrinter.printInstruction(instruction).trim();
}
public String header() public String header()
{ {
String header = String.format("%30s", (module.getReadableName() + " ->\t")); String header = String.format("%30s", (module.getReadableName() + " ->\t"));

2
src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java
View file

@ -38,7 +38,7 @@ public class AWTRobotScanner extends MalwareCodeScanner
{ {
final MethodInsnNode min = (MethodInsnNode) instruction; final MethodInsnNode min = (MethodInsnNode) instruction;
if (min.owner.startsWith("java/awt/Robot")) if (min.owner.startsWith("java/awt/Robot"))
foundMethod(scan, methodToString(cn, method) + nl); foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl);
} }
} }
} }

2
src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java
View file

@ -26,7 +26,7 @@ public class JavaIOScanner extends MalwareCodeScanner
{ {
final MethodInsnNode min = (MethodInsnNode) instruction; final MethodInsnNode min = (MethodInsnNode) instruction;
if (min.owner.startsWith("java/io")) if (min.owner.startsWith("java/io"))
foundMethod(scan, methodToString(cn, method) + nl); foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl);
} }
} }
} }

2
src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java
View file

@ -27,7 +27,7 @@ public class JavaNetScanner extends MalwareCodeScanner
{ {
final MethodInsnNode min = (MethodInsnNode) instruction; final MethodInsnNode min = (MethodInsnNode) instruction;
if (min.owner.startsWith("java/net")) if (min.owner.startsWith("java/net"))
foundMethod(scan, methodToString(cn, method) + nl); foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl);
} }
} }
} }

2
src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java
View file

@ -38,7 +38,7 @@ public class JavaRuntimeScanner extends MalwareCodeScanner
{ {
final MethodInsnNode min = (MethodInsnNode) instruction; final MethodInsnNode min = (MethodInsnNode) instruction;
if (min.owner.startsWith("java/lang/Runtime")) if (min.owner.startsWith("java/lang/Runtime"))
foundMethod(scan, methodToString(cn, method) + nl); foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl);
} }
} }
} }

2
src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java
View file

@ -29,7 +29,7 @@ public class ReflectionScanner extends MalwareCodeScanner
{ {
final MethodInsnNode min = (MethodInsnNode) instruction; final MethodInsnNode min = (MethodInsnNode) instruction;
if (min.owner.startsWith("java/lang/reflect")) if (min.owner.startsWith("java/lang/reflect"))
foundMethod(scan, methodToString(cn, method) + nl); foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl);
} }
} }
} }