KaneAI - World’s First E2E Software Testing Agent.Book a Demo Join TestMu Conference

How to use resolve_apis method in localstack

Best Python code snippet using localstack_python

deobfuscate_resolve_Vidar.py

Source:deobfuscate_resolve_Vidar.py

...97              plaintext = "str_" + plaintext98              idc.MakeName(var_addr, plaintext)99100101def resolve_apis(main_refsList):102    """GetProcaddress call pattern103    mov     ecx, str_Exitprocess104    push    ecx             ; lpProcName105    mov     edx, [ebp+pKernel32Base]106    push    edx             ; hModule107    call    getprocaddress108    mov     dword_4317B4, eax109    """110    pattern = ['mov', 'push', 'mov', 'push', 'call', 'mov']111    resolveList = list(FuncItems(idc.LocByName(main_refsList[1])))112    113    resolve_addrList = list(FuncItems(idc.LocByName(main_refsList[1])))114    idc.MakeName(idc.LocByName(main_refsList[1]), "resolveAPIs_"+main_refsList[1])115    resolve_refsList = [idc.GetOpnd(line,0) for line in resolve_addrList if idc.GetMnem(line) == 'call']116    117    idc.MakeName(idc.LocByName(resolve_refsList[0]), "load_kernel32dll_"+resolve_refsList[0])118    idc.MakeName(idc.LocByName(resolve_refsList[1]), "parse_kernel32dll_"+resolve_refsList[1])119    120    ea = idc.LocByName("parse_kernel32dll_"+resolve_refsList[1])121    xref = idautils.XrefsTo(ea, 0)122    loadlib_ref = idc.NextHead(idc.NextHead(next(xref).frm))123    idc.MakeName(idc.GetOperandValue(loadlib_ref, 0), "loadlibraryA")124    getprocaddr_ref = idc.NextHead(idc.NextHead(next(xref).frm))125    idc.MakeName(idc.GetOperandValue(getprocaddr_ref, 0), "getprocaddress")126    127    for i in range(0, len(resolveList)-len(pattern)):128      if idc.GetMnem(resolveList[i]) == 'call' and "getprocaddress" in idc.GetOpnd(resolveList[i], 0):129        addr = idc.GetOperandValue(resolveList[i-4],1)130        if addr in strings_dict:131            api = strings_dict[addr]132            resolvedaddr = idc.GetOperandValue(resolveList[i+1],0)133            idc.MakeName(resolvedaddr, "_"+api)134135if __name__ == "__main__":136   main_addrList = list(FuncItems(idc.LocByName("_WinMain@16")))137   main_refsList = [idc.GetOpnd(line,0) for line in main_addrList if idc.GetMnem(line) == 'call'] 138   decrypt_strings(main_refsList)139   resolve_apis(main_refsList)140   141   idc.MakeName(idc.LocByName(main_refsList[2]), "CIS_check_"+main_refsList[2])142   idc.MakeName(idc.LocByName(main_refsList[3]), "windowsdefender_check_"+main_refsList[3])
...

ida_resolve_apis.py

Source:ida_resolve_apis.py

...47        for api in item['imports']:48            if api_hash == api['hash']:49                return "{}!{}".format(item['name'], api['name'])50        return "{}!unknown".format(item['name'])51def resolve_apis(resolver_offset, hashes_table, xor_key):52    for xref in idautils.XrefsTo(resolver_offset):53        off = idc.prev_head(xref.frm)54        # This loop will search for the hash that is being passed by the function55        # It's limited to 100 searches to avoid possible infinite loops.56        dll, api = None, None57        for i in range(1, 101):58            if i == 100:59                print "[-] Cannot find hash for address: %s" % hex(xref.frm)60                break61            # If it's not a "push" operation, keep looking62            if idc.GetMnem(off) != "push":63                off = idc.prev_head(off)64                continue65            # If a "push" is identified, checks if it's the DLL or the API hash66            if not dll:67                dll = hex(idc.GetOperandValue(off, 0))68                off = idc.prev_head(off)69                continue70            # If the DLL was already found, then the second push is the API hash71            api_name = api_resolver(dll, hex(idc.GetOperandValue(off, 0)), hashes_table, xor_key)72            comment = "Unknown" if not api_name else api_name73            idc.set_cmt(xref.frm, comment, True)74            break75# ---------------------- Main ---------------------- #76def main(xor_key, resolver_function):77    hashes = generate_hashes_table(xor_key)78    resolve_apis(resolver_function, hashes, xor_key)...

fix.py

Source:fix.py

1def resolve_apis(services: Iterable[str]) -> Set[str]:2    """3    Resolves recursively for the given collection of services (e.g., ["serverless", "cognito"]) the list of actual4    API services that need to be included (e.g., {'dynamodb', 'cloudformation', 'logs', 'kinesis', 'sts',5    'cognito-identity', 's3', 'dynamodbstreams', 'apigateway', 'cloudwatch', 'lambda', 'cognito-idp', 'iam'}).6    More specifically, it does this by:7    (1) resolving and adding dependencies (e.g., "dynamodbstreams" requires "kinesis"),8    (2) resolving and adding composites (e.g., "serverless" describes an ensemble9            including "iam", "lambda", "dynamodb", "apigateway", "s3", "sns", and "logs"), and10    (3) removing duplicates from the list.11    :param services: a collection of services that can include composites (e.g., "serverless").12    :returns a set of canonical service names13    """14    stack = []15    result = set()...

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.