diff --git a/docs/logo.png b/docs/logo.png index 2cbd64b..ff2a139 100644 Binary files a/docs/logo.png and b/docs/logo.png differ diff --git a/src/reminder/VERSION.txt b/src/reminder/VERSION.txt index 0698a2c..b26afe9 100644 --- a/src/reminder/VERSION.txt +++ b/src/reminder/VERSION.txt @@ -1 +1 @@ -1.1.0 +1.1.1 diff --git a/src/reminder/__init__.py b/src/reminder/__init__.py index 1265e95..5129158 100644 --- a/src/reminder/__init__.py +++ b/src/reminder/__init__.py @@ -9,6 +9,8 @@ THRESHOLDS = { 'default': 6.85, 'PE': 6.85, + #'ELF': TODO + #'MACHO': TODO } @@ -23,17 +25,18 @@ def _get_ep_and_section(self): :param binary: LIEF-parsed binary object :return: (binary_type, ep_file_offset, name_of_ep_section) """ - btype, fn = str(type(self.binary)).split(".")[1], os.path.basename(self.binary.name) + bn = self.binary + btype, fn = bn.format.name, os.path.basename(bn.name) try: - if btype == "ELF": - ep = self.binary.virtual_address_to_offset(self.binary.entrypoint) + if btype in ["ELF", "MACHO"]: + ep = bn.virtual_address_to_offset(bn.entrypoint) # e.g. with UPX, the section table header gets packed too, hence LIEF gives 0 section parsed - ep_section = self.binary.section_from_offset(ep) if len(self.binary.sections) > 0 else None + ep_section = bn.section_from_offset(ep) if len(bn.sections) > 0 else None # when #sections=0, the sample will be considered as packed anyway, so set wflag=False - wflag = ep_section.has(lief.ELF.SECTION_FLAGS.WRITE) if len(self.binary.sections) > 0 else False + wflag = ep_section.has(lief.ELF.SECTION_FLAGS.WRITE) if len(bn.sections) > 0 else False elif btype == "PE": - ep = self.binary.rva_to_offset(self.binary.optional_header.addressof_entrypoint) - ep_section = self.binary.section_from_rva(self.binary.optional_header.addressof_entrypoint) + ep_addr = bn.optional_header.addressof_entrypoint + ep, ep_section = bn.rva_to_offset(ep_addr), bn.section_from_rva(ep_addr) wflag = ep_section.has_characteristic(lief.PE.SECTION_CHARACTERISTICS.MEM_WRITE) else: if self.logger: