WIP-Extending extensions-multiple loading hooks - discuss... #378

atlas0fd00m · 2021-03-13T05:15:33Z

No description provided.

…odel)

added SHA256 hashing

@williballenthin

* dynamic dialog box helper * actually do something with defaults, and update docstr to help. * warning and informational messages too. * bugfixes in QtCore and other imports * cleanup and additions to the README * oops, removed this prematurely. * cleanup example gui extension * Update README.md thanks @williballenthin! Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com> Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

vivisect/extensions/__init__.py

williballenthin · 2021-03-13T19:30:33Z

vivisect/extensions/__init__.py

+                extensions.append(mod)
+
+            except Exception as e:
+                logger.warn(traceback.format_exc())


you can use logging.somelevel("....", args, exc_info=True) to render the traceback with the log message

also, looks like inconsistent reporting: is it vw.vprint or logger.warn on extension errors?

williballenthin · 2021-03-13T19:32:30Z

vivisect/parsers/__init__.py


+from os.path import dirname, basename, isfile, join
+parserpaths = glob.glob(join(dirname(__file__), "*.py"))
+__all__ = [ basename(f)[:-3] for f in parserpaths if isfile(f) and not f.endswith('__init__.py')]


imho, i dont like this. can we instead do explicit imports and avoid runtime resolution of source code?

williballenthin · 2021-03-13T19:34:53Z

vivisect/parsers/blob.py

    'arm':'armcall',
    }

+def isParser(bytez):


"taste" ?

isParser makes me think that we check the bytez to see if the bytez are a parser, versus can be parsed by a given parser.

suggestion? i think of how it will be called "module.isParser(bytez)" and it makes sense. but you have a good point as well.

vivisect/parsers/elf.py

vivisect/parsers/macho.py

williballenthin · 2021-03-13T19:39:01Z

oh... after going through the code, i see now that it was first proposed in 2019 and there are multiple merge conflicts that would have to be addressed first. sorry!

atlas0fd00m · 2021-03-16T01:13:00Z

thanks @williballenthin ! i appreciate your feedback. this certainly is not ready for merging. @rakuy0 and i were talking about the idea of giving extensions more places to hook in, allowing them to provide new parsers, new architectures, etc...

unfortunately, that means some dynamic loading of code, but we'll work with you to minimize the pain. extensions are by nature dynamic code in some fashion. i'm not sure what your constraints are, but i'm interested in a solution that gives the power but doesn't cause you grief.

williballenthin · 2021-03-16T13:13:41Z

@rakuy0 and i were talking about the idea of giving extensions more places to hook in, allowing them to provide new parsers, new architectures, etc...

I think this is great!

but i'm interested in a solution that gives the power but doesn't cause you grief.

couple thoughts...

first, i'd discourage dynamically looking for code based on the file path of some analyzer. recall that viv will often be installed via pypi these days, so the source code gets copied into site-packages (or similar) and is typically not easily writable. so its a longshot/unreasonable that users will be manually placing extensions there.

instead, i'd suggest an architecture in which clients of the library (including vivbin and friends) register plugins they've configured/recognized with the workspace as they create it. for example:

vw = vivisect.Workspace()
vw.registerFileFormatPlugin(viv_utils.png.PngFileFormatPlugin)
vw.registerFunctionAnalyzer(viv_utils.flirt.FlirtFunctionAnalyzer)
vw.load(...)
vw.analyze(...)

This way, various applications can use different strategies to locate the plugins that are relevant to them. For example, maybe capa looks into ~/.local/config/capa/plugins/* unless specified by cli argument, while vivbin looks in the current directory.

(A nice side effect is that there are fewer global variables needed, which is great when working with multiple workspaces/daemons/etc. As is, its currently hard to isolate settings and context.)

# Conflicts: # vivisect/__init__.py # vivisect/extensions/__init__.py # vivisect/extensions/example_gui_extension.py # vivisect/parsers/__init__.py # vivisect/parsers/blob.py # vivisect/parsers/elf.py # vivisect/parsers/ihex.py # vivisect/parsers/macho.py # vivisect/parsers/pe.py # vivisect/vivbin.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

atlas0fd00m · 2021-12-07T22:43:30Z

hey @williballenthin i was just re-reading your suggestions from 9 months ago (wow, how time flies). thank you, those are valuable suggestions. i may pick this PR back up in the near future, and i'll consider how to leverage your suggestions to make this a positive change.

atlas0fd00m · 2022-01-22T23:29:07Z

TODO: make architectures a registerable thing.

atlas0fd00m · 2023-03-14T14:35:18Z

@williballenthin oddly enough, this is part of what drove the "loading envi modules" approach for v1.1.0. the ability to load envi modules in a uniform way.

atlas0fd00m and others added 5 commits August 6, 2019 23:15

early extension changes, and logging mods

30c9d3b

dynamic parser loading (allows for extensions modifying the parsing m…

1bced99

…odel)

preFileLoad extension hook

cc90e0d

added SHA256 hashing

oops, removed this as superfluous too quickly.

231bd27