Module pychrysalide.analysis

Documentation

Python module for Chrysalide.analysis

Sub modules

Interfaces

Classes

Interface BinContent

PyChrysalide binary content

Hierarchy

gobject.GInterface
 ╰── pychrysalide.analysis.BinContent

Methods

describe(self, full)

Get a (full ?) description of the binary content.

read_raw(self, addr, length)

Read bytes from a given position.

read_u16(self, addr, endianness)

Read two unsigned bytes from a given position.

read_u32(self, addr, endianness)

Read four unsigned bytes from a given position.

read_u64(self, addr, endianness)

Read eight unsigned bytes from a given position.

read_u8(self, addr)

Read an unsigned byte from a given position.

Attributes

checksum

Compute a SHA256 hash as chechsum of handled data.

data

Provide all the content bytes at once.

end_pos

Provide the ending position of the binary content.

size

Compute the quantity of readable bytes.

start_pos

Provide the starting position of the binary content.

Interface LoadedContent

PyChrysalide loaded content

Hierarchy

gobject.GInterface
 ╰── pychrysalide.analysis.LoadedContent

Methods

analyze(self, cache)

Start the analysis of the loaded binary and send an "analyzed" signal when done.

analyze_and_wait(self, cache)

Run the analysis of the loaded binary and wait for its completion.

count_views(self)

Compute the quantity of available views.

detect_obfuscators(self, version)

List all detected obfuscators.

Attributes

content

Binary content.

Class BinRoutine

PyChrysalide binary routine

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.format.BinSymbol
           ╰── pychrysalide.analysis.BinRoutine

Interfaces: pychrysalide.glibext.LineGenerator

Methods

__eq__(self, value)

Return self==value.

__ge__(self, value)

Return self>=value.

__gt__(self, value)

Return self>value.

__le__(self, value)

Return self<=value.

__lt__(self, value)

Return self

__ne__(self, value)

Return self!=value.

__str__(self)

Return str(self).

Attributes

args

Arguments for the routine.

basic_blocks

Basic blocks of the binary routine.

name

Name of the current routine.

namespace

Namespace for the routine, None if any.

ret

Return type of the routine, None if any.

typed_name

Name of the current routine provided by a type.

Data

__hash__ = None

Class BinVariable

PyChrysalide binary variable

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.BinVariable

Methods

__str__(self)

Return str(self).

Attributes

name

Name of the current variable.

type

Type of the current variable.

Class BlockList

PyChrysalide basic block

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.BlockList

Methods

__iter__(self)

Implement iter(self).

find_by_addr(self, addr)

Find a code block containing a given address.

Attributes

count

Quantity of code blocks included in the list.

Class CodeBlock

PyChrysalide code block

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.CodeBlock

Attributes

destinations

List of destination blocks.

index

Index of the code block in the parent list, if any.

rank

Rang of the code block.

sources

List of source blocks.

Class ContentExplorer

PyChrysalide content explorer

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.ContentExplorer

Methods

note_detected(self, wid, loaded)

Mark a loaded content as one final candidate.

populate_group(self, wid, content)

Push a new binary content into the list to explore.

Class ContentResolver

PyChrysalide content resolver

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.ContentResolver

Methods

add_detected(self, wid, loaded)

Add a binary content as loaded content ready to get analyzed.

Class DataType

PyChrysalide data type

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.DataType

Methods

__str__(self)

Return str(self).

Attributes

is_pointer

True if the type is a pointer.

is_reference

True if the type is a reference.

namespace

Namespace for the type, None if any.

qualifiers

Qualifiers linked to the type, TQF_NONE if any.

Constants

TQF_NONE = TQF_NONE

TQF_RESTRICT = TQF_RESTRICT

TQF_VOLATILE = TQF_VOLATILE

TQF_CONST = TQF_CONST

TQF_ALL = TQF_ALL

Class LoadedBinary

PyChrysalide loaded binary

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.LoadedBinary

Interfaces: pychrysalide.analysis.LoadedContent

Attributes

disassembled_cache

Disassembled buffer cache.

format

File format recognized in the binary content.

name

Name of the loaded binary.

processor

Handler for the current binary processor.

Class StudyProject

PyChrysalide study project

Hierarchy

builtins.object
 ╰── gi._gobject.GObject
      ╰── pychrysalide.analysis.StudyProject

Methods

attach(self, loaded)

Add a loaded content to the project.

discover(self, content, cache, filter)

Explore a new binary content for the project.

save(self, filename)

Save the project into a given file.

Attributes

contents

List of all loaded contents for the project.