binsider 0.3.2

Analyze ELF binaries like a boss
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

use crate::{
    elf::Elf,
    error::{Error, Result},
    file::FileInfo,
    tui::event::Event,
};
use elf::{endian::AnyEndian, ElfBytes};
use heh::app::Application as Heh;
use heh::decoder::Encoding;
use lddtree::DependencyAnalyzer;
use ratatui::text::Line;
use rust_strings::BytesConfig;
use std::{
    fmt::{self, Debug, Formatter},
    path::PathBuf,
    sync::mpsc,
    thread,
};

/// Tracer data.
#[derive(Debug, Default)]
pub struct TraceData {
    /// System calls.
    pub syscalls: Vec<u8>,
    /// Summary.
    pub summary: Vec<u8>,
}

/// Binary analyzer.
pub struct Analyzer<'a> {
    /// List of files that are being analyzed.
    pub files: Vec<PathBuf>,
    /// Current file information.
    pub file: FileInfo<'a>,
    /// Elf properties.
    pub elf: Elf,
    /// Strings.
    pub strings: Option<Vec<(u64, String)>>,
    /// Min length of the strings.
    pub strings_len: usize,
    /// Heh application.
    pub heh: Heh,
    /// Tracer data.
    pub tracer: TraceData,
    /// System calls.
    pub system_calls: Vec<Line<'a>>,
    /// Library dependencies.
    pub dependencies: Vec<(String, String)>,
}

impl Debug for Analyzer<'_> {
    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
        f.debug_struct("Analyzer")
            .field("bytes", &self.file.bytes)
            .finish()
    }
}

impl<'a> Analyzer<'a> {
    /// Constructs a new instance.
    pub fn new(
        mut file_info: FileInfo<'a>,
        strings_len: usize,
        files: Vec<PathBuf>,
    ) -> Result<Self> {
        let elf_bytes = ElfBytes::<AnyEndian>::minimal_parse(file_info.bytes)?;
        let elf = Elf::try_from(elf_bytes)?;
        let heh = Heh::new(file_info.open_file()?, Encoding::Ascii, 0)
            .map_err(|e| Error::HexdumpError(e.to_string()))?;
        Ok(Self {
            dependencies: Self::extract_libs(&file_info)?,
            files,
            file: file_info,
            elf,
            strings: None,
            strings_len,
            heh,
            tracer: TraceData::default(),
            system_calls: Vec::new(),
        })
    }

    /// Extracts the library dependencies.
    pub fn extract_libs(file_info: &FileInfo<'a>) -> Result<Vec<(String, String)>> {
        let mut dependencies = DependencyAnalyzer::default()
            .analyze(file_info.path)?
            .libraries
            .clone()
            .into_iter()
            .map(|(name, lib)| {
                (
                    name.to_string(),
                    lib.realpath
                        .unwrap_or(lib.path)
                        .to_string_lossy()
                        .to_string(),
                )
            })
            .collect::<Vec<(String, String)>>();
        dependencies.sort_by(|a, b| {
            let lib_condition1 = a.0.starts_with("lib");
            let lib_condition2 = b.0.starts_with("lib");
            match (lib_condition1, lib_condition2) {
                (true, false) => std::cmp::Ordering::Less,
                (false, true) => std::cmp::Ordering::Greater,
                _ => a.0.cmp(&b.0),
            }
        });
        Ok(dependencies)
    }

    /// Returns the sequences of printable characters.
    pub fn extract_strings(&mut self, event_sender: mpsc::Sender<Event>) {
        let config = BytesConfig::new(self.file.bytes.to_vec()).with_min_length(self.strings_len);
        thread::spawn(move || {
            event_sender
                .send(Event::FileStrings(
                    rust_strings::strings(&config).map_err(|e| Error::StringsError(e.to_string())),
                ))
                .expect("failed to send strings event");
        });
    }
}