Sykole Posted February 20, 2017 Share Posted February 20, 2017 You may have seen my previous topic on this subject, which can be found here; https://forum.skylords.eu/index.php?/topic/2559-my-project/ I've been working on a project for quite some time now, not full time ofcourse but as a side hobby of mine which is learning more about PE structures. A true motive of mine to keep working on it is so simplify advanced features you might find in others tools, allowing as many as possible to understand the meaning of analysis and how important it is in our current day. Let me start introducing the functionalities now~ Since last time, I've pushed alot of changes and updates, and they go as follow; -> Updated the GUI as I have seen fit. It was an issue in the previous versions, but I think it will be good for now. (Side functionalities are now also supported like exporting strings, colored strings for critical ones, closing/reloading opened file .. and so on) -> A complete recode (It will receive a newer one, but I don't have time for it yet) - The new engine is faster, more efficient, and resource friendly -> Added the ability to configure nearly everything the tool has to offer, whether it is a notice message or a result. -> Following to configuration, I have even started working on a custom scripting engine to allow the user to have full control over the fired events, results and inputs/outputs. (And no, not CSPluginManager if you are wondering) A simple example of how the script may look like (Not implemented yet); - Side note; it will be even more simplified than that. if [Module:<moduleName>] or [Function:<functionName>] if ![File.Size > 30(mb)] MessageBox("File Size is smaller than 30megabytes") end if end if //Explanation; if [condition..] [options..] [condition..] == true //(either of the conditions are met, unless specified otherwise using an !operator) <tab> if [(variable.child) (operator) (integer)] -> Added the ability to browse an archive file and have the program automatically unpack and display all directories and files -> Improved the heuristic scanning engine, and increased the signatures database (Packers, obfuscators etc) And at last, the screenshots. Here I have analyzed a C# coded program called Fiddler ( Click to enlarge pictures ); Quick explanation of the buttons before we start; C -> Close loaded file, R -> Reload loaded file, ... -> Browse a file (.NET Analysis tab - Basically an overview of the information regarding the file, soon will allow complete decompilcation of the code by just selecting the module) (PE Strings tab - Shows the user all the important strings of a file, and highlights the ones that are critical as shown below in different colors. Currently I have it set on showing just links, emails, registry values etc. There are various scan types too incase you want a more specific field of strings) (PE Modules tab - In a short explanation, every program coded requires a module to do a specific thing. For example, to modify Registry values you need to use a module called advapi32.dll (the one selected below), and a function called RegCloseKey. This part of the tool is the most configurable since the user decides what Modules/Functions to show, which module and function relate to each other and what notes to show. PS -> By selecting a module, it will list all the used function of that specific module in the explanation box) (Configuration file of the modules if you are interested; http://pastebin.com/9sADEBqS - Explained too.) That's all; In a few minutes you are able to analyze a file you downloaded and determine whether is it safe or not. (And here is a quick screenshot of how the archive extraction and display works, double click a file; trid.exe for example and the tool will load and analyze it) For the sake of time and space of this topic I'll stop here, but if you have any questions I'd happily answer them below or privately! (PS - This will become a public release one day, hopefully) Let me know your opinions please! ~Thank you Link to comment Share on other sites More sharing options...
sylvix95 Posted February 21, 2017 Share Posted February 21, 2017 Link to comment Share on other sites More sharing options...
anonyme0273 Posted February 21, 2017 Share Posted February 21, 2017 11 hours ago, Sykole said: Added the ability to browse an archive file and have the program automatically unpack and display all directories and files Yay, new version of WinRar It looks amazing, mostly because I don't fully understand it, but yea, I do have some questions for you then, when it comes public. Link to comment Share on other sites More sharing options...
PlainVenom Posted February 21, 2017 Share Posted February 21, 2017 Looks like a cool little project. I hope you have success with this, while youre developing you might want to look for investors or some people that could publish it for you. Just my opinion of course. Although I have no idea what any of the coding means other than some of the basics, I should really get off my lazy ass and start learning to program shouldnt I?... Link to comment Share on other sites More sharing options...
Sykole Posted February 21, 2017 Author Share Posted February 21, 2017 4 minutes ago, PlainVenom said: Looks like a cool little project. I hope you have success with this, while youre developing you might want to look for investors or some people that could publish it for you. Just my opinion of course. Although I have no idea what any of the coding means other than some of the basics, I should really get off my lazy ass and start learning to program shouldnt I?... Yeah, coding is really fun. Gets your mind to think alot and burns time too Link to comment Share on other sites More sharing options...
Sykole Posted February 23, 2017 Author Share Posted February 23, 2017 Link to comment Share on other sites More sharing options...
fiki574 Posted February 23, 2017 Share Posted February 23, 2017 On 2/21/2017 at 11:16 AM, Sykole said: Yeah, coding is really fun. Gets your mind to think alot and burns time too Oh hell yes, it burns time. It rekts time. 3h real time = 15min programming lmao Anyways, nice little project, good luck! Link to comment Share on other sites More sharing options...
Sykole Posted September 16, 2017 Author Share Posted September 16, 2017 (edited) Update - Had just a bit of time to be able to work on the scripting engine the past two days and this is the start, created a documentation to help mainly me in case I set the project aside and decide to return to it later . (Total hours: ~6h, Total Lines: ~650) By no means this it the final product, still has a long way to go. Posting it here to get suggestions and feedback on improvements. GitHub documentation: https://github.com/Mayion/fileinspect/blob/master/README.md Simplified the actual scripting compared to the prototype I had in the main topic a bunch to help not make things complicated. I'd love to hear back from you; @fiki574 @anonyme0273 @sylvix95 @Eddio and anybody else interested in giving their input on anything related to the project Edited September 16, 2017 by Sykole Link to comment Share on other sites More sharing options...
fiki574 Posted September 17, 2017 Share Posted September 17, 2017 10 hours ago, Sykole said: Update - Had just a bit of time to be able to work on the scripting engine the past two days and this is the start, created a documentation to help mainly me in case I set the project aside and decide to return to it later . (Total hours: ~6h, Total Lines: ~650) By no means this it the final product, still has a long way to go. Posting it here to get suggestions and feedback on improvements. GitHub documentation: https://github.com/Mayion/fileinspect/blob/master/README.md Simplified the actual scripting compared to the prototype I had in the main topic a bunch to help not make things complicated. I'd love to hear back from you; @fiki574 @anonyme0273 @sylvix95 @Eddio and anybody else interested in giving their input on anything related to the project Like it so far (gj on docs as well), though would be good if you treated strings with " " instead of without, I mean it's okay like that as well, but looks nicer with "string". Also, have you though about making your own or using existing syntax highlighter? Link to comment Share on other sites More sharing options...
Sykole Posted September 17, 2017 Author Share Posted September 17, 2017 40 minutes ago, fiki574 said: Like it so far (gj on docs as well), though would be good if you treated strings with " " instead of without, I mean it's okay like that as well, but looks nicer with "string". Also, have you though about making your own or using existing syntax highlighter? Yeah, the original example required strings to be surrounded by " " but when I showed it to people who have no prior experience in coding, it caused them confusion which was what led me to simplify it in that way. My idea is to have it as flexible as possible, meaning whether a string is treated with " " or not, it will still parse, or do you think otherwise? Also yeah, thought of making a "script builder" where it highlights the syntax & pre-parse the code (without executing) to show if there are any errors Link to comment Share on other sites More sharing options...
fiki574 Posted September 18, 2017 Share Posted September 18, 2017 21 hours ago, Sykole said: Yeah, the original example required strings to be surrounded by " " but when I showed it to people who have no prior experience in coding, it caused them confusion which was what led me to simplify it in that way. My idea is to have it as flexible as possible, meaning whether a string is treated with " " or not, it will still parse, or do you think otherwise? Also yeah, thought of making a "script builder" where it highlights the syntax & pre-parse the code (without executing) to show if there are any errors If " " were causing confusion, then programming is not for people that are not capable of understanding string principles. And go for highlighter and compiler for your language, fun stuff to do. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now