Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Custom UTF-8 Decoder #885

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Prev Previous commit
Next Next commit
Merge branch 'master' of https://github.com/Arker123/flare-floss into…
… HEAD
  • Loading branch information
Arker123 committed Jun 23, 2024
commit 3d1093a635e5ee589a6ad811cf08e2ebde253440
15 changes: 8 additions & 7 deletions floss/language/rust/extract.py
Original file line number Diff line number Diff line change
@@ -10,7 +10,13 @@
import binary2strings as b2s

from floss.results import StaticString, StringEncoding
from floss.language.utils import find_lea_xrefs, find_mov_xrefs, find_push_xrefs, get_struct_string_candidates
from floss.language.utils import (
find_lea_xrefs,
find_mov_xrefs,
find_push_xrefs,
get_rdata_section,
get_struct_string_candidates,
)
from floss.language.rust.decode_utf8 import extract_utf8_strings

logger = logging.getLogger(__name__)
@@ -145,12 +151,7 @@ def get_string_blob_strings(pe: pefile.PE, min_length: int) -> Iterable[StaticSt
strings = extract_utf8_strings(pe, min_length)

# select only UTF-8 strings and adjust offset
static_strings = filter_and_transform_utf8_strings(strings, start_rdata)

# TODO(mr-tz) - handle miss in rust-hello64.exe
# .rdata:00000001400C1270 0A aPanickedAfterP db 0Ah ; DATA XREF: .rdata:00000001400C12B8↓o
# .rdata:00000001400C1271 70 61 6E 69 63 6B 65 64… db 'panicked after panic::always_abort(), aborting.',0Ah,0
# .rdata:00000001400C12A2 00 00 00 00 00 00 align 8
static_strings = filter_and_transform_utf8_strings(fixed_strings, start_rdata)

struct_string_addrs = map(lambda c: c.address, get_struct_string_candidates(pe))

Loading
You are viewing a condensed version of this merge commit. You can view the full changes here.