search

FSecureLABS / win_driver_plugin

A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
https://labs.mwrinfosecurity.com/tools/win-driver-tool/
Other
420 stars 122 forks source link

FLOSS import issue? #3

Closed trolloos closed 6 years ago

trolloos commented 6 years ago

I was testing the device name finder on the Capcom 64 bit driver and I got this error: The Device prefixs were found but no full device paths, the device name is likely obsfucated or created on the stack. Unicode device name not found, attempting to find obsfucated and stack based strings. No handlers could be found for logger "vtrace.platforms.win32" Traceback (most recent call last): File "C:/Program Files (x86)/IDA 6.8/plugins/win_driver_plugin.py", line 58, in activate self.callback() File "C:/Program Files (x86)/IDA 6.8/plugins\win_driver_plugin\device_finder.py", line 126, in search stack_strings = floss.stackstrings.extract_stackstrings(vw, functions) TypeError: extract_stackstrings() takes at least 3 arguments (2 given)

So then I added this: def extract_stackstrings(vw, selected_functions, min_length=4, no_filter=False)

and it just gave me this error:

---------------------------------------------------------------------------------------------
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:42:59) [MSC v.1500 32 bit (Intel)] 
IDAPython 64-bit v1.7.0 final (serial 0) (c) The IDAPython Team <idapython@googlegroups.com>
---------------------------------------------------------------------------------------------
The Device prefixs were found but no full device paths, the device name is likely obsfucated or created on the stack.
Unicode device name not found, attempting to find obsfucated and stack based strings.
No handlers could be found for logger "vtrace.platforms.win32"
Traceback (most recent call last):
  File "C:/Program Files (x86)/IDA 6.8/plugins/win_driver_plugin.py", line 58, in activate
    self.callback()
  File "C:/Program Files (x86)/IDA 6.8/plugins\win_driver_plugin\device_finder.py", line 131, in search
    decoded_strings = floss.main.decode_strings(vw, func_index, dec_func_candidates)
  File "C:\Python27\lib\site-packages\floss\main.py", line 70, in decode_strings
    for fva, _ in decoding_functions_candidates.get_top_candidate_functions(10):
AttributeError: 'InstructionFunctionIndex' object has no attribute 'get_top_candidate_functions'

 

sam-b commented 6 years ago

Fixed - floss API changed, have updated the plugin.