Class: Dorothy::Loadmalw

Inherits:

Object

• Object
• Dorothy::Loadmalw

Defined in:

lib/dorothy2/do-utils.rb

Instance Attribute Summary

• #binpath ⇒ Object readonly

  Returns the value of attribute binpath.

• #ctime ⇒ Object readonly

  Returns the value of attribute ctime.

• #dbtype ⇒ Object readonly

  Returns the value of attribute dbtype.

• #dir_bin ⇒ Object

  Returns the value of attribute dir_bin.

• #dir_downloads ⇒ Object

  Returns the value of attribute dir_downloads.

• #dir_pcap ⇒ Object

  attr_accessor :dir_home.

• #dir_screens ⇒ Object

  Returns the value of attribute dir_screens.

• #extension ⇒ Object readonly

  Returns the value of attribute extension.

• #filename ⇒ Object readonly

  Returns the value of attribute filename.

• #md5 ⇒ Object readonly

  Returns the value of attribute md5.

• #pcaprid ⇒ Object readonly

  Returns the value of attribute pcaprid.

• #pcapsize ⇒ Object readonly

  Returns the value of attribute pcapsize.

• #sha ⇒ Object

  Returns the value of attribute sha.

• #size ⇒ Object readonly

  Returns the value of attribute size.

• #sourceinfo ⇒ Object

  used for storing info about where the binary come from (if needed).

• #type ⇒ Object readonly

  Returns the value of attribute type.

Class Method Summary

• .calc_pcaprid(file, size) ⇒ Object

Instance Method Summary

• #initialize(file) ⇒ Loadmalw constructor

  A new instance of Loadmalw.

Constructor Details

#initialize(file) ⇒ Loadmalw

Returns a new instance of Loadmalw.

# File 'lib/dorothy2/do-utils.rb', line 243

def initialize(file)

  fm = FileMagic.new
  sha = Digest::SHA2.new
  md5 = Digest::MD5.new
  @binpath = file
  @filename = File.basename file
  @extension = File.extname file

  File.open(file, 'rb') do |fh1|
    while buffer1 = fh1.read(1024)
      @sha = sha << buffer1
      @md5 = md5 << buffer1
    end
  end

  @sha = @sha.to_s
  @md5 = @md5.to_s.rstrip
  @sourceinfo = nil

  timetmp = File.ctime(file)
  @ctime= timetmp.strftime("%m/%d/%y %H:%M:%S")
  @type = fm.file(file)

  if @extension.empty?    #no extension, trying to put the right one..
    case @type
      when /^PE32/ then
        @extension = (@type =~ /DLL/ ? ".dll" : ".exe")
      when /^MS-DOS/ then
        @extension = ".bat"
      when /^HTML/ then
        @extension = ".html"
      else
        @extension = nil
    end
  end


  @size = File.size(file)
end

Instance Attribute Details

#binpath ⇒ Object (readonly)

Returns the value of attribute binpath.

# File 'lib/dorothy2/do-utils.rb', line 229

def binpath
  @binpath
end

#ctime ⇒ Object (readonly)

Returns the value of attribute ctime.

# File 'lib/dorothy2/do-utils.rb', line 231

def ctime
  @ctime
end

#dbtype ⇒ Object (readonly)

Returns the value of attribute dbtype.

# File 'lib/dorothy2/do-utils.rb', line 226

def dbtype
  @dbtype
end

#dir_bin ⇒ Object

Returns the value of attribute dir_bin.

# File 'lib/dorothy2/do-utils.rb', line 239

def dir_bin
  @dir_bin
end

#dir_downloads ⇒ Object

Returns the value of attribute dir_downloads.

# File 'lib/dorothy2/do-utils.rb', line 241

def dir_downloads
  @dir_downloads
end

#dir_pcap ⇒ Object

attr_accessor :dir_home

# File 'lib/dorothy2/do-utils.rb', line 238

def dir_pcap
  @dir_pcap
end

#dir_screens ⇒ Object

Returns the value of attribute dir_screens.

# File 'lib/dorothy2/do-utils.rb', line 240

def dir_screens
  @dir_screens
end

#extension ⇒ Object (readonly)

Returns the value of attribute extension.

# File 'lib/dorothy2/do-utils.rb', line 234

def extension
  @extension
end

#filename ⇒ Object (readonly)

Returns the value of attribute filename.

# File 'lib/dorothy2/do-utils.rb', line 230

def filename
  @filename
end

#md5 ⇒ Object (readonly)

Returns the value of attribute md5.

# File 'lib/dorothy2/do-utils.rb', line 228

def md5
  @md5
end

#pcaprid ⇒ Object (readonly)

Returns the value of attribute pcaprid.

# File 'lib/dorothy2/do-utils.rb', line 224

def pcaprid
  @pcaprid
end

#pcapsize ⇒ Object (readonly)

Returns the value of attribute pcapsize.

# File 'lib/dorothy2/do-utils.rb', line 233

def pcapsize
  @pcapsize
end

#sha ⇒ Object

Returns the value of attribute sha.

# File 'lib/dorothy2/do-utils.rb', line 227

def sha
  @sha
end

#size ⇒ Object (readonly)

Returns the value of attribute size.

# File 'lib/dorothy2/do-utils.rb', line 232

def size
  @size
end

#sourceinfo ⇒ Object

used for storing info about where the binary come from (if needed)

# File 'lib/dorothy2/do-utils.rb', line 235

def sourceinfo
  @sourceinfo
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/dorothy2/do-utils.rb', line 225

def type
  @type
end

Class Method Details

.calc_pcaprid(file, size) ⇒ Object

# File 'lib/dorothy2/do-utils.rb', line 286

def self.calc_pcaprid(file, size)
  #t = file.split('/')
  #dumpname = t[t.length - 1]
  @pcaprid = Digest::MD5.new
  @pcaprid << "#{file}:#{size}"
  @pcaprid = @pcaprid.dup.to_s.rstrip
end