Added license to each code file

syreal17 · Oct 26, 2016 · 0639b4c · 0639b4c
1 parent bfb5b23
commit 0639b4c
Show file tree

Hide file tree

Showing 18 changed files with 420 additions and 3 deletions.
diff --git a/dev/benchmarks/dis.py b/dev/benchmarks/dis.py
@@ -1,3 +1,33 @@
+# -----------------------------------------------------------------------------
+# A Three-Pronged Approach to Exploring the Limits of Static Malware Analyses:
+# Capstone Disassembler: dis.py
+#
+# A simple Capstone script that disassembles a binary
+#
+# Luke Jones ([email protected])
+#
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+# -----------------------------------------------------------------------------
+
 from __future__ import print_function
 
 from capstone import *

diff --git a/dev/feature_extraction/benchmarks/ida_bbcp.py b/dev/feature_extraction/benchmarks/ida_bbcp.py
@@ -1,3 +1,33 @@
+# -----------------------------------------------------------------------------
+# A Three-Pronged Approach to Exploring the Limits of Static Malware Analyses:
+# BBCP Benchmark: ida_bbcp.py
+#
+# The IDA script for extracting normalized code windows from a binary in IDA
+#
+# Luke Jones ([email protected])
+#
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+
 from idaapi import *
 from idautils import *
 from idc import *

diff --git a/dev/feature_extraction/benchmarks/machine_code.py b/dev/feature_extraction/benchmarks/machine_code.py
@@ -7,6 +7,27 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
 #-----------------------------------------------------------------------------
 from __future__ import print_function
 import sys

diff --git a/dev/feature_extraction/cpc/asm_helper.py b/dev/feature_extraction/cpc/asm_helper.py
@@ -6,6 +6,26 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #-----------------------------------------------------------------------------
 
 import re

diff --git a/dev/feature_extraction/cpc/bb.py b/dev/feature_extraction/cpc/bb.py
@@ -6,6 +6,26 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #-----------------------------------------------------------------------------
 
 class BasicBlock(object):

diff --git a/dev/feature_extraction/cpc/callee_context.py b/dev/feature_extraction/cpc/callee_context.py
@@ -7,6 +7,26 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 # -----------------------------------------------------------------------------
 
 from asm_helper import *

diff --git a/dev/feature_extraction/cpc/caller_context.py b/dev/feature_extraction/cpc/caller_context.py
@@ -7,6 +7,26 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 # -----------------------------------------------------------------------------
 
 from asm_helper import *

diff --git a/dev/feature_extraction/cpc/context.py b/dev/feature_extraction/cpc/context.py
@@ -7,6 +7,26 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #-----------------------------------------------------------------------------
 
 from asm_helper import *

diff --git a/dev/feature_extraction/cpc/cpc_extract.py b/dev/feature_extraction/cpc/cpc_extract.py
@@ -2,10 +2,30 @@
 # A Three-Pronged Approach to Exploring the Limits of Static Malware Analyses:
 # Callsite Parameter Cardinality (CPC) Counting: cpc_extract.py
 #
-# The driver for ennumerating CPC for a Linux AMD64 binary.
+# The driver for ennumerating CPC for a Linux AMD64 binary with Capstone.
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #-----------------------------------------------------------------------------
 from __future__ import print_function
 import sys

diff --git a/dev/feature_extraction/cpc/ida_cpc_extract.py b/dev/feature_extraction/cpc/ida_cpc_extract.py
@@ -6,6 +6,27 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
 # -----------------------------------------------------------------------------
 # Notes
 # * "arg regs" are often referenced. These are the "argument registers" used by
@@ -56,6 +77,12 @@
 
 
 def caller_arg_analysis(debug, ea):
+    """
+
+    :param debug:
+    :param ea:
+    :return:
+    """
     dst_eas = list()
     er_ctx = caller_context.CallerContext()
     i_nextf = 0
@@ -139,6 +166,15 @@ def caller_add_contexts(h_ea, m, ops, i_curf, er_ctx, dst_eas):
 
 
 def caller_update_context(h_ea, m, ops, er_ctx, i_h):
+    """
+
+    :param h_ea:
+    :param m:
+    :param ops:
+    :param er_ctx:
+    :param i_h: what is this?
+    :return:
+    """
     if ops.count == 0:
         if debug:
             print("%x: %s" % (h_ea, m))
@@ -156,7 +192,7 @@ def caller_update_context(h_ea, m, ops, er_ctx, i_h):
                     i_h = 0
                 else:
                     print("Unrecognized mnemonic: %x: %s %s" % (h_ea, m, ops.o1.text))
-        if ops.o1.type == o_phrase or ops.o1.type == o_displ:
+        if ops.o1.type == o_phrase or ops.o1.type == o_displ:  #o_displ is part of idaapi - more details
             for arg in arg_extract(ops.o1.text):
                 er_ctx.add_src_arg(arg)
 
@@ -402,6 +438,11 @@ def add_stack_arg(stack_args, ops, debug):
 
 
 def arg_extract(opnd):
+    """
+    TODO: explain this function
+    :param opnd:
+    :return:
+    """
     arg_list = list()
 
     arg_rdi = check_arg(asm_helper.arg_reg_rdi, opnd)
@@ -512,7 +553,7 @@ def construct_cpc_aggregate(dst_eas):
                 else:
                     f_ea_to_cpc[ea] = ee_cpc
 
-        except KeyError:
+        except KeyError: #TODO: what could throw this exception?
             if SPLIT_CPC:
                 f_ea_to_cpc[ea] = ee_cpcspl
             else:

diff --git a/dev/feature_extraction/cpc/ida_cpc_extract_bk.py b/dev/feature_extraction/cpc/ida_cpc_extract_bk.py
@@ -6,6 +6,26 @@
 #
 # Luke Jones ([email protected])
 #
+# The MIT License (MIT)
+# Copyright (c) 2016 Chthonian Cyber Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 # -----------------------------------------------------------------------------
 from idaapi import *
 from idautils import *