├── .gitignore
├── LICENSE
├── PortexAnalyzerGUI.iml
├── README.md
├── pom.xml
├── resources
├── Places-folder-red-icon.png
├── cancel-icon.png
├── crossblack.png
├── document-red-icon.png
├── folder-red-icon.png
├── icons8-hexadecimal-16.png
├── icons8-hexadecimal-24.png
├── icons8-hexadecimal-24black.png
├── icons8-image-24.png
├── image-icon.png
├── laptop-bug-icon.png
├── log4j2.xml
├── moon-icon.png
├── science-icon.png
├── screenshot.png
├── screenshot2.png
└── upd_version.txt
└── src
└── main
└── java
├── META-INF
└── MANIFEST.MF
└── com
└── github
└── struppigel
├── gui
├── AboutFrame.java
├── FullPEData.java
├── MainFrame.java
├── PEComponentTree.java
├── PEFieldsTable.java
├── Starter.java
├── VisualizerPanel.java
├── pedetails
│ ├── FileContentPreviewPanel.java
│ ├── IconPanel.java
│ ├── PEDetailsPanel.java
│ ├── SectionsTabbedPanel.java
│ ├── TabbedPanel.java
│ └── signatures
│ │ ├── EmptyRuleMatch.java
│ │ ├── PEidRuleMatch.java
│ │ ├── PEidScanner.java
│ │ ├── PatternMatch.java
│ │ ├── RuleMatch.java
│ │ ├── SignaturesPanel.java
│ │ ├── YaraRuleMatch.java
│ │ └── YaraScanner.java
└── utils
│ ├── PELoadWorker.java
│ ├── PortexSwingUtils.java
│ ├── TableContent.java
│ ├── WorkerKiller.java
│ └── WriteSettingsWorker.java
└── settings
├── LookAndFeelSetting.java
├── PortexSettings.java
└── PortexSettingsKey.java
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled class file
2 | *.class
3 |
4 | # Log file
5 | *.log
6 |
7 | # BlueJ files
8 | *.ctxt
9 |
10 | # Package Files #
11 | *.war
12 | *.nar
13 | *.ear
14 | *.zip
15 | *.tar.gz
16 | *.rar
17 | *.idea
18 |
19 | # Build dir #
20 | out
21 |
22 | # Resources #
23 | resources/feather
24 |
25 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
26 | hs_err_pid*
27 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/PortexAnalyzerGUI.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # PortexAnalyzerGUI
2 |
3 | Graphical interface for PortEx, a Portable Executable and Malware Analysis Library
4 |
5 | 
6 |
7 | 
8 |
9 | ## Download
10 |
11 | [Releases page](https://github.com/struppigel/PortexAnalyzerGUI/releases)
12 |
13 | ## Features
14 |
15 | * Header information from: MSDOS Header, Rich Header, COFF File Header, Optional Header, Section Table, .NET Metadata
16 | * PE Structures: Import Section, Resource Section, Export Section, Debug Section
17 | * Scanning for file format anomalies and reversing hints for certain combinations
18 | * Visualize file structure, local entropies and byteplot, and save it as PNG
19 | * Calculate Shannon Entropy, Imphash, MD5, SHA256, Rich and RichPV hash
20 | * Overlay and overlay signature scanning, dump or remove overlay
21 | * Version information and manifest
22 | * Icon extraction and saving as PNG
23 | * Customized signature scanning via Yara. Internal signature scans using PEiD signatures and an internal filetype scanner.
24 |
25 | ## Supported OS and JRE
26 |
27 | I test this program on Linux and Windows. But it should work on any OS with JRE version 9 or higher.
28 |
29 | ## Future
30 |
31 | I will be including more and more features that PortEx already provides.
32 |
33 | These features include among others:
34 |
35 | * customized visualization
36 | * extraction and conversion of icons to .ICO files
37 | * dumping of sections, resources
38 | * export reports to txt, json, csv
39 |
40 | Some of these features are already provided by PortexAnalyzer CLI version, which you can find here: [PortexAnalyzer CLI](https://github.com/struppigel/PortEx/tree/master/progs)
41 |
42 | ## Donations
43 |
44 | I develop PortEx and PortexAnalyzer as a hobby in my free time. If you like it, please consider buying me a coffee: https://ko-fi.com/struppigel
45 |
46 | ## Author
47 |
48 | Karsten Hahn
49 |
50 | Twitter: [@Struppigel](https://twitter.com/struppigel)
51 |
52 | Mastodon: [struppigel@infosec.exchange](https://infosec.exchange/@struppigel)
53 |
54 | Youtube: [MalwareAnalysisForHedgehogs](https://www.youtube.com/c/MalwareAnalysisForHedgehogs)
55 |
56 | ## License
57 |
58 | [License](https://github.com/struppigel/PortexAnalyzerGUI/blob/main/LICENSE)
59 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.github.struppigel
8 | PortexAnalyzerGUI
9 | 0.13.2
10 |
11 |
12 | github
13 | https://maven.pkg.github.com/struppigel/PortEx
14 |
15 |
16 |
17 |
18 |
19 |
20 | resources
21 |
22 |
23 |
24 |
25 | org.apache.maven.plugins
26 | maven-assembly-plugin
27 |
28 |
29 | package
30 |
31 | single
32 |
33 |
34 |
35 |
36 | com.github.struppigel.gui.Starter
37 |
38 |
39 | true
40 |
41 |
42 |
43 | jar-with-dependencies
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 | 8
54 | 8
55 | UTF-8
56 |
57 |
58 |
59 | net.ifok.image
60 | image4j
61 | 0.7.2
62 |
63 |
64 | com.google.guava
65 | guava
66 | 31.1-jre
67 |
68 |
69 | org.scala-lang
70 | scala-library
71 | 2.12.13
72 |
73 |
74 | org.apache.logging.log4j
75 | log4j-core
76 | 2.19.0
77 |
78 |
79 | com.github.struppigel
80 | portex_2.12
81 | 5.0.5-SNAPSHOT
82 |
83 |
84 |
85 |
--------------------------------------------------------------------------------
/resources/Places-folder-red-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/Places-folder-red-icon.png
--------------------------------------------------------------------------------
/resources/cancel-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/cancel-icon.png
--------------------------------------------------------------------------------
/resources/crossblack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/crossblack.png
--------------------------------------------------------------------------------
/resources/document-red-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/document-red-icon.png
--------------------------------------------------------------------------------
/resources/folder-red-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/folder-red-icon.png
--------------------------------------------------------------------------------
/resources/icons8-hexadecimal-16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/icons8-hexadecimal-16.png
--------------------------------------------------------------------------------
/resources/icons8-hexadecimal-24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/icons8-hexadecimal-24.png
--------------------------------------------------------------------------------
/resources/icons8-hexadecimal-24black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/icons8-hexadecimal-24black.png
--------------------------------------------------------------------------------
/resources/icons8-image-24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/icons8-image-24.png
--------------------------------------------------------------------------------
/resources/image-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/image-icon.png
--------------------------------------------------------------------------------
/resources/laptop-bug-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/laptop-bug-icon.png
--------------------------------------------------------------------------------
/resources/log4j2.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/resources/moon-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/moon-icon.png
--------------------------------------------------------------------------------
/resources/science-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/science-icon.png
--------------------------------------------------------------------------------
/resources/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/screenshot.png
--------------------------------------------------------------------------------
/resources/screenshot2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/struppigel/PortexAnalyzerGUI/8406d5bde884a71ff40fccdf3aa5c16bbfe64ef6/resources/screenshot2.png
--------------------------------------------------------------------------------
/resources/upd_version.txt:
--------------------------------------------------------------------------------
1 | 14
--------------------------------------------------------------------------------
/src/main/java/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Multi-Release: true
3 | Main-Class: com.github.struppigel.gui.Starter
4 |
5 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/AboutFrame.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui;
19 |
20 | import javax.swing.*;
21 |
22 | /**
23 | * Small window showing the stuff in the About section
24 | */
25 | public class AboutFrame extends JFrame {
26 |
27 | private static final long serialVersionUID = 1L;
28 |
29 | public static String version = "0.13.2";
30 | private static final String text = "Portex Analyzer GUI" + "\n\n" + "Version: " + version
31 | + "\nAuthor: Karsten Hahn"
32 | + "\nLast update: 18. July 2024"
33 | + "\n\nI develop this software as a hobby in my free time."
34 | + "\n\nIf you like it, please consider buying me a coffee: https://ko-fi.com/struppigel"
35 | + "\n\nThe repository is available at https://github.com/struppigel/PortexAnalyzerGUI";
36 |
37 | public AboutFrame() {
38 | super("About PortexAnalyzer GUI");
39 | initGUI();
40 | }
41 |
42 | private void initGUI() {
43 | this.setSize(350, 320);
44 | this.setResizable(false);
45 | this.setVisible(true);
46 | this.setLocationRelativeTo(null);
47 | this.setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE);
48 |
49 | JTextArea area = new JTextArea();
50 | area.setLineWrap(true);
51 | area.setWrapStyleWord(true);
52 | area.setText(text);
53 | area.setEditable(false);
54 | this.add(area);
55 | }
56 | }
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/FullPEData.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui;
19 |
20 | import com.github.struppigel.parser.PEData;
21 | import com.github.struppigel.parser.StandardField;
22 | import com.github.struppigel.parser.sections.clr.CLRSection;
23 | import com.github.struppigel.parser.sections.clr.CLRTable;
24 | import com.github.struppigel.parser.sections.clr.OptimizedStream;
25 | import com.github.struppigel.parser.sections.edata.ExportEntry;
26 | import com.github.struppigel.parser.sections.idata.ImportDLL;
27 | import com.github.struppigel.parser.sections.rsrc.Resource;
28 | import com.github.struppigel.parser.sections.rsrc.icon.IconParser;
29 | import com.github.struppigel.tools.Overlay;
30 | import com.github.struppigel.gui.utils.TableContent;
31 | import org.apache.logging.log4j.LogManager;
32 | import org.apache.logging.log4j.Logger;
33 |
34 | import java.io.File;
35 | import java.io.IOException;
36 | import java.util.List;
37 | import java.util.Map;
38 | import java.util.Optional;
39 |
40 | /**
41 | * Wrapper for the PE data. Contains all data that must be parsed from file and converted by a worker.
42 | * This class makes sure to save all the data that we do not want to compute several times and
43 | * definitely do not want to compute in the event dispatch thread.
44 | * It stores that data in a form that is easily digestible by the GUI and does not need intensive transformations.
45 | */
46 | public class FullPEData {
47 | private static final Logger LOGGER = LogManager.getLogger();
48 | private final PEData pedata;
49 | private final Overlay overlay;
50 | private final double overlayEntropy;
51 | private final List overlaySignatures;
52 | private final double[] sectionEntropies;
53 | private final List imports;
54 | private final List importTableEntries;
55 | private final List delayLoadEntries;
56 |
57 | private final List boundImportEntries;
58 | private final List resourceTableEntries;
59 | private final List resources;
60 | private final List exports;
61 | private final String hashes;
62 | private final List anomaliesTable;
63 | private final List debugTableEntries;
64 | private final List vsInfoTable;
65 | private final List manifests;
66 |
67 | private final List exportTableEntries;
68 | private final List sectionHashTableEntries;
69 | private final String rehintsReport;
70 | private final List stringTableEntries;
71 |
72 | private final List dotNetMetadataRootTableEntries;
73 | private final java.util.Optional maybeCLR;
74 | private final List dotNetStreamHeaders;
75 |
76 | private final List optimizedStreamEntries;
77 | private final Map>> clrTables;
78 | private final Map> clrTableHeaders;
79 |
80 | private final long OFFSET_DEFAULT = 0L;
81 | public FullPEData(PEData data, Overlay overlay, double overlayEntropy, List overlaySignatures,
82 | double[] sectionEntropies, List imports, List importTableEntries, List delayLoadEntries,
83 | List boundImportEntries,
84 | List resourceTableEntries, List resources, List manifests,
85 | List exportTableEntries, List exports,
86 | String hashes, List sectionHashTableEntries,
87 | List anomaliesTable, List debugTableEntries, List vsInfoTable,
88 | String rehintsReport, List stringTableEntries, List dotNetMetadataRootTableEntries,
89 | java.util.Optional maybeCLR, List dotNetStreamHeaders, List optimizedStreamEntries,
90 | Map>> clrTables, Map> clrTableHeaders) {
91 | this.pedata = data;
92 | this.overlay = overlay;
93 | this.overlayEntropy = overlayEntropy;
94 | this.overlaySignatures = overlaySignatures;
95 | this.sectionEntropies = sectionEntropies;
96 | this.imports = imports;
97 | this.importTableEntries = importTableEntries;
98 | this.delayLoadEntries = delayLoadEntries;
99 | this.boundImportEntries = boundImportEntries;
100 | this.resourceTableEntries = resourceTableEntries;
101 | this.resources = resources;
102 | this.manifests = manifests;
103 | this.exportTableEntries = exportTableEntries;
104 | this.exports = exports;
105 | this.hashes = hashes;
106 | this.sectionHashTableEntries = sectionHashTableEntries;
107 | this.anomaliesTable = anomaliesTable;
108 | this.debugTableEntries = debugTableEntries;
109 | this.vsInfoTable = vsInfoTable;
110 | this.rehintsReport = rehintsReport;
111 | this.stringTableEntries = stringTableEntries;
112 | this.dotNetMetadataRootTableEntries = dotNetMetadataRootTableEntries;
113 | this.maybeCLR = maybeCLR;
114 | this.dotNetStreamHeaders = dotNetStreamHeaders;
115 | this.optimizedStreamEntries = optimizedStreamEntries;
116 | this.clrTables = clrTables;
117 | this.clrTableHeaders = clrTableHeaders;
118 | }
119 |
120 | public Map> getClrTableHeaders() { return clrTableHeaders; }
121 |
122 | public Map>> getClrTables() { return clrTables; }
123 |
124 | public PEData getPeData() {
125 | return pedata;
126 | }
127 |
128 | public Overlay getOverlay() {
129 | return overlay;
130 | }
131 |
132 | public double getOverlayEntropy() {
133 | return overlayEntropy;
134 | }
135 |
136 | public List getOverlaySignatures() {
137 | return overlaySignatures;
138 | }
139 |
140 | public File getFile() {
141 | return pedata.getFile();
142 | }
143 |
144 | public List getImportTableEntries() {
145 | return importTableEntries;
146 | }
147 |
148 | public List getDelayLoadEntries() {return delayLoadEntries;}
149 |
150 | public List getBoundImportEntries() {return boundImportEntries;}
151 |
152 | public boolean hasBoundImportEntries() {return !boundImportEntries.isEmpty();}
153 |
154 | public boolean hasManifest() {
155 | return getManifests().size() > 0;
156 | }
157 |
158 | /**
159 | * Obtain manifest as string. Returns empty string if no manifest exists, could not be read or is too large.
160 | * @return UTF-8 string of manifest, or empty string if not exists
161 | */
162 | public List getManifests() {
163 | return manifests;
164 | }
165 |
166 | /**
167 | * Check for presence of resources,
168 | * @return true of at least one resource exists, false if not there or if exceptions occur
169 | */
170 | public boolean hasResources() {
171 | return resources.size() > 0;
172 | }
173 |
174 | /**
175 | * Check overlay presence without dealing with exceptions from reading. Returns false if exception occurs.
176 | * @return true if overlay exists, false otherwise or if exception occurs while reading
177 | */
178 | public boolean overlayExists() {
179 | try {
180 | if (new Overlay(pedata).exists()) {
181 | return true;
182 | }
183 | } catch (IOException e) {
184 | LOGGER.error(e);
185 | e.printStackTrace();
186 | }
187 | return false;
188 | }
189 |
190 | public boolean hasVersionInfo() {
191 | return resources.stream().anyMatch(r -> r.getType().equals("RT_VERSION"));
192 | }
193 |
194 | public double getEntropyForSection(int secNumber) {
195 | return sectionEntropies[secNumber-1] * 8;
196 | }
197 |
198 | public boolean hasImports() {
199 | return imports.size() > 0;
200 | }
201 |
202 | public boolean hasDelayLoadImports() {
203 | return delayLoadEntries.size() > 0;
204 | }
205 |
206 | public List getResourceTableEntries() {
207 | return resourceTableEntries;
208 | }
209 |
210 | public List getResources() {
211 | return resources;
212 | }
213 |
214 | public boolean hasExports() {
215 | return exports.size() > 0;
216 | }
217 |
218 | public List getExportTableEntries() {
219 | return this.exportTableEntries;
220 | }
221 |
222 | public boolean hasDebugInfo() {
223 | return debugTableEntries.size() > 0;
224 | }
225 |
226 | public String getHashesReport() {
227 | return this.hashes;
228 | }
229 |
230 | public List getSectionHashTableEntries() {
231 | return this.sectionHashTableEntries;
232 | }
233 |
234 | public List getAnomaliesTable() {
235 | return anomaliesTable;
236 | }
237 |
238 | public List getDebugTableEntries() {
239 | return debugTableEntries;
240 | }
241 |
242 |
243 | public List getVersionInfoTable() {
244 | return vsInfoTable;
245 | }
246 |
247 | public boolean hasIcons() {
248 | return resources.stream().anyMatch(r -> IconParser.isGroupIcon(r));
249 | }
250 |
251 | public String getReHintsReport() {
252 | return this.rehintsReport;
253 | }
254 |
255 | public boolean hasRTStrings() {
256 | return !stringTableEntries.isEmpty();
257 | }
258 |
259 | public List getRTStringTableEntries() {
260 | return this.stringTableEntries;
261 | }
262 |
263 | public boolean isDotNet() { return !dotNetMetadataRootTableEntries.isEmpty(); }
264 |
265 | public boolean hasOptimizedStream() { return !optimizedStreamEntries.isEmpty(); }
266 |
267 | public List getDotNetMetadataRootEntries() {
268 | return dotNetMetadataRootTableEntries;
269 | }
270 |
271 | public long getDotNetMetadataRootOffset(){
272 | if(maybeCLR.isPresent() && !maybeCLR.get().isEmpty()) {
273 | return maybeCLR.get().getMetadataRoot().getOffset();
274 | } else {
275 | return OFFSET_DEFAULT;
276 | }
277 | }
278 |
279 | public String getDotNetMetadataVersionString(){
280 | if(maybeCLR.isPresent() && !maybeCLR.get().isEmpty()) {
281 | return maybeCLR.get().getMetadataRoot().getVersionString();
282 | } else {
283 | return "";
284 | }
285 | }
286 |
287 | public java.util.Optional getClrTableForName(String name) {
288 | Optional clr = getPeData().loadClrSection();
289 | if(clr.isPresent()) {
290 | Optional optStream = clr.get().getMetadataRoot().maybeGetOptimizedStream();
291 | if (optStream.isPresent()) {
292 | java.util.Optional clrTable = optStream.get().getCLRTables().stream().filter(t -> name.contains(t.getTableName())).findFirst();
293 | return clrTable;
294 | }
295 | }
296 | return Optional.empty();
297 | }
298 |
299 | public long getClrTableOffset(String tableName) {
300 | java.util.Optional clrTable = getClrTableForName(tableName);
301 | if(clrTable.isPresent()) {
302 | return clrTable.get().getRawOffset();
303 | }
304 | return OFFSET_DEFAULT;
305 | }
306 |
307 | public List getDotNetStreamHeaderEntries() {
308 | return this.dotNetStreamHeaders;
309 | }
310 |
311 | public List getOptimizedStreamEntries() {
312 | return this.optimizedStreamEntries;
313 | }
314 | }
315 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/MainFrame.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui;
19 |
20 | import com.github.struppigel.gui.pedetails.FileContentPreviewPanel;
21 | import com.github.struppigel.gui.pedetails.PEDetailsPanel;
22 | import com.github.struppigel.gui.utils.PELoadWorker;
23 | import com.github.struppigel.gui.utils.PortexSwingUtils;
24 | import com.github.struppigel.gui.utils.WorkerKiller;
25 | import com.github.struppigel.gui.utils.WriteSettingsWorker;
26 | import com.github.struppigel.settings.LookAndFeelSetting;
27 | import com.github.struppigel.settings.PortexSettings;
28 | import com.github.struppigel.settings.PortexSettingsKey;
29 | import org.apache.logging.log4j.LogManager;
30 | import org.apache.logging.log4j.Logger;
31 |
32 | import javax.swing.*;
33 | import java.awt.*;
34 | import java.awt.datatransfer.DataFlavor;
35 | import java.awt.datatransfer.UnsupportedFlavorException;
36 | import java.awt.dnd.DnDConstants;
37 | import java.awt.dnd.DropTarget;
38 | import java.awt.dnd.DropTargetDropEvent;
39 | import java.awt.event.ItemEvent;
40 | import java.io.BufferedReader;
41 | import java.io.File;
42 | import java.io.IOException;
43 | import java.io.InputStreamReader;
44 | import java.net.*;
45 | import java.nio.charset.StandardCharsets;
46 | import java.util.List;
47 | import java.util.Scanner;
48 | import java.util.concurrent.ExecutionException;
49 |
50 | import static javax.swing.SwingUtilities.invokeLater;
51 | import static javax.swing.SwingWorker.StateValue.DONE;
52 |
53 | /**
54 | * The main frame that sets everything in place and holds the main menu.
55 | */
56 | public class MainFrame extends JFrame {
57 | private static final Logger LOGGER = LogManager.getLogger();
58 | private final JLabel filePathLabel = new JLabel();
59 | private final VisualizerPanel visualizerPanel = new VisualizerPanel();;
60 | private final PEDetailsPanel peDetailsPanel;
61 | private final PortexSettings settings;
62 | private FullPEData pedata = null;
63 | private PEComponentTree peComponentTree;
64 | ;
65 | private JFrame progressBarFrame;
66 | private JProgressBar progressBar;
67 | private final static String versionURL = "https://github.com/struppigel/PortexAnalyzerGUI/raw/main/resources/upd_version.txt";
68 | private final static String currVersion = "/upd_version.txt";
69 | private final static String releasePage = "https://github.com/struppigel/PortexAnalyzerGUI/releases";
70 | private final JLabel progressText = new JLabel("Loading ...");
71 | private final JPanel cardPanel = new JPanel(new CardLayout());
72 | private FileContentPreviewPanel fileContent = new FileContentPreviewPanel();
73 |
74 | public MainFrame(PortexSettings settings) {
75 | super("Portex Analyzer v. " + AboutFrame.version);
76 |
77 | this.settings = settings;
78 | peDetailsPanel = new PEDetailsPanel(cardPanel, this, settings, fileContent);
79 | peComponentTree = new PEComponentTree(peDetailsPanel);
80 |
81 | initGUI();
82 | initDropTargets();
83 | checkForUpdate();
84 | setToHex(settings.valueEquals(PortexSettingsKey.VALUES_AS_HEX, "1"));
85 | }
86 |
87 | private void checkForUpdate() {
88 | // only update if setting does not prevent it
89 | if(settings.valueEquals(PortexSettingsKey.DISABLE_UPDATE,"1")) {
90 | return;
91 | }
92 | UpdateWorker updater = new UpdateWorker();
93 | updater.execute();
94 | }
95 |
96 | public void refreshSelection() {
97 | peComponentTree.refreshSelection();
98 | }
99 |
100 | private static class UpdateWorker extends SwingWorker {
101 | @Override
102 | protected Boolean doInBackground() {
103 | try {
104 | URL githubURL = new URL(versionURL);
105 | try (InputStreamReader is = new InputStreamReader(getClass().getResourceAsStream(currVersion), StandardCharsets.UTF_8);
106 | BufferedReader versionIn = new BufferedReader(is);
107 | Scanner s = new Scanner(githubURL.openStream())) {
108 |
109 | int versionHere = Integer.parseInt(versionIn.readLine().trim());
110 | int githubVersion = s.nextInt();
111 |
112 | if (versionHere < githubVersion) {
113 | return true;
114 | }
115 | }
116 | } catch (UnknownHostException e) {
117 | LOGGER.info("unknown host or no internet connection: " + e.getMessage());
118 | } catch (IOException | NumberFormatException e) {
119 | LOGGER.error(e);
120 | e.printStackTrace();
121 | }
122 | return false;
123 | }
124 |
125 | protected void done() {
126 | try {
127 | if (get()) {
128 | LOGGER.debug("update requested");
129 | String message = "A new version is available. Do you want to download it?";
130 | int response = JOptionPane.showConfirmDialog(null,
131 | message,
132 | "Update available",
133 | JOptionPane.YES_NO_OPTION);
134 | if (response == JOptionPane.YES_OPTION) {
135 | openWebpage(new URL(releasePage));
136 | }
137 | } else {
138 | LOGGER.debug("no update necessary");
139 | }
140 | } catch (InterruptedException | ExecutionException | MalformedURLException e) {
141 | LOGGER.error(e);
142 | }
143 | }
144 | }
145 |
146 | private static boolean openWebpage(URI uri) {
147 | Desktop desktop = Desktop.isDesktopSupported() ? Desktop.getDesktop() : null;
148 | if (desktop != null && desktop.isSupported(Desktop.Action.BROWSE)) {
149 | try {
150 | desktop.browse(uri);
151 | return true;
152 | } catch (IOException e) {
153 | LOGGER.error(e);
154 | e.printStackTrace();
155 | }
156 | }
157 | return false;
158 | }
159 |
160 | private static boolean openWebpage(URL url) {
161 | try {
162 | return openWebpage(url.toURI());
163 | } catch (URISyntaxException e) {
164 | LOGGER.error(e);
165 | e.printStackTrace();
166 | }
167 | return false;
168 | }
169 |
170 | private void initDropTargets() {
171 | // file drag and drop support
172 | this.setDropTarget(new FileDropper());
173 | peDetailsPanel.setDropTarget(new FileDropper());
174 | visualizerPanel.setDropTarget(new FileDropper());
175 | filePathLabel.setDropTarget(new FileDropper());
176 | }
177 |
178 | private void loadFile(File file) {
179 | PELoadWorker worker = new PELoadWorker(file, this, progressText);
180 | worker.addPropertyChangeListener(evt -> {
181 | String name = evt.getPropertyName();
182 | if (name.equals("progress")) {
183 | int progress = (Integer) evt.getNewValue();
184 | progressBar.setValue(progress);
185 | progressBar.setString(progress + " %");
186 | progressBarFrame.toFront();
187 | progressBarFrame.setAlwaysOnTop(true);
188 | } else if (name.equals("state")) {
189 | SwingWorker.StateValue state = (SwingWorker.StateValue) evt
190 | .getNewValue();
191 | if (state == DONE) {
192 | progressBarFrame.setVisible(false);
193 | }
194 | }
195 | });
196 | progressBarFrame.setVisible(true);
197 | WorkerKiller.getInstance().cancelAndDeleteWorkers();
198 | WorkerKiller.getInstance().addWorker(worker); // need to add this in case a user loads another PE during load process
199 | worker.execute();
200 | }
201 |
202 | public void setPeData(FullPEData data) {
203 | try {
204 | this.pedata = data;
205 | visualizerPanel.visualizePE(pedata.getFile());
206 | peDetailsPanel.setPeData(pedata);
207 | peComponentTree.setPeData(pedata);
208 | peComponentTree.setSelectionRow(0);
209 | fileContent.setPeData(pedata);
210 | } catch (IOException e) {
211 | String message = "Could not load PE file! Reason: " + e.getMessage();
212 | LOGGER.error(message);
213 | e.printStackTrace();
214 | JOptionPane.showMessageDialog(this,
215 | message,
216 | "Unable to load",
217 | JOptionPane.ERROR_MESSAGE);
218 | }
219 | }
220 |
221 | private void initGUI() {
222 | // Main frame settings
223 | setSize(1280, 768);
224 | setLocationRelativeTo(null);
225 | setVisible(true);
226 | setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
227 |
228 | // Init main panel that holds everything
229 | JPanel panel = new JPanel();
230 | panel.setLayout(new BorderLayout());
231 |
232 | // init Card Panel on the right
233 | this.cardPanel.add(visualizerPanel, "VISUALIZER");
234 | this.cardPanel.add(fileContent, "FILE_CONTENT");
235 | if(settings.valueEquals(PortexSettingsKey.CONTENT_PREVIEW, "1")) {
236 | ((CardLayout) cardPanel.getLayout()).show(cardPanel, "FILE_CONTENT");
237 | } else {
238 | ((CardLayout) cardPanel.getLayout()).show(cardPanel, "VISUALIZER");
239 | }
240 | // Add all other components
241 | panel.add(peDetailsPanel, BorderLayout.CENTER);
242 | panel.add(peComponentTree, BorderLayout.LINE_START);
243 | panel.add(cardPanel, BorderLayout.LINE_END);
244 | this.add(panel, BorderLayout.CENTER);
245 |
246 | initToolbar();
247 | initMenu();
248 | initProgressBar();
249 | }
250 |
251 | private void initToolbar() {
252 | JToolBar toolBar = new JToolBar();
253 |
254 | ImageIcon ico = new ImageIcon(getClass().getResource("/icons8-hexadecimal-24.png"));
255 | JToggleButton hexButton = new JToggleButton(ico);
256 | hexButton.setSelected(settings.valueEquals(PortexSettingsKey.VALUES_AS_HEX, "1"));
257 | hexButton.addItemListener(e -> {
258 | int state = e.getStateChange();
259 | if (state == ItemEvent.SELECTED) {
260 | setToHex(true);
261 | settings.put(PortexSettingsKey.VALUES_AS_HEX, "1");
262 | } else if (state == ItemEvent.DESELECTED) {
263 | setToHex(false);
264 | settings.put(PortexSettingsKey.VALUES_AS_HEX, "0");
265 | }
266 | new WriteSettingsWorker(settings).execute();
267 | });
268 | ImageIcon imgIco = new ImageIcon(getClass().getResource("/icons8-image-24.png"));
269 | JToggleButton imgButton = new JToggleButton(imgIco);
270 | imgButton.setSelected(settings.valueEquals(PortexSettingsKey.CONTENT_PREVIEW, "0"));
271 | imgButton.addItemListener(e -> {
272 | int state = e.getStateChange();
273 | if(state == ItemEvent.SELECTED){
274 | ((CardLayout) cardPanel.getLayout()).show(cardPanel, "VISUALIZER");
275 | settings.put(PortexSettingsKey.CONTENT_PREVIEW, "0");
276 | } else {
277 | ((CardLayout) cardPanel.getLayout()).show(cardPanel, "FILE_CONTENT");
278 | settings.put(PortexSettingsKey.CONTENT_PREVIEW, "1");
279 | }
280 | cardPanel.repaint();
281 | fileContent.repaint();
282 | new WriteSettingsWorker(settings).execute();
283 | });
284 |
285 | toolBar.add(hexButton);
286 | toolBar.add(imgButton);
287 | toolBar.add(Box.createHorizontalGlue());
288 | toolBar.add(filePathLabel);
289 | toolBar.add(Box.createHorizontalGlue());
290 | toolBar.setOpaque(true);
291 |
292 | add(toolBar, BorderLayout.PAGE_START);
293 |
294 | toolBar.repaint();
295 | }
296 |
297 | private void setToHex(boolean hexEnabled) {
298 | peDetailsPanel.setHexEnabled(hexEnabled);
299 | }
300 |
301 | private void initProgressBar() {
302 | this.progressBarFrame = new JFrame("Loading PE file");
303 | JPanel panel = new JPanel();
304 | this.progressBar = new JProgressBar();
305 | progressBar.setPreferredSize(new Dimension(250, 25));
306 | progressBar.setIndeterminate(false);
307 | progressBar.setStringPainted(true);
308 | progressBar.setMaximum(100);
309 |
310 | panel.setLayout(new GridLayout(0, 1));
311 | panel.add(progressBar);
312 |
313 | // this panel makes sure the text is in the middle
314 | JPanel middleText = new JPanel();
315 | middleText.add(progressText);
316 | panel.add(middleText);
317 |
318 | progressBarFrame.add(panel);
319 | progressBarFrame.pack();
320 | progressBarFrame.setSize(400, 100);
321 | progressBarFrame.setLocationRelativeTo(null);
322 | progressBarFrame.setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE);
323 | }
324 |
325 | private void initMenu() {
326 | JMenuBar menuBar = new JMenuBar();
327 | JMenu fileMenu = createFileMenu();
328 | JMenu help = createHelpMenu();
329 | JMenu settingsMenu = createSettingsMenu();
330 |
331 | menuBar.add(fileMenu);
332 | menuBar.add(settingsMenu);
333 | menuBar.add(help);
334 |
335 | this.setJMenuBar(menuBar);
336 | }
337 |
338 | private JMenu createSettingsMenu() {
339 | JMenu settingsMenu = new JMenu("Settings");
340 | JCheckBoxMenuItem disableYaraWarn = new JCheckBoxMenuItem("Disable Yara warnings");
341 | JCheckBoxMenuItem disableUpdateCheck = new JCheckBoxMenuItem("Disable update check");
342 | JCheckBoxMenuItem systemTheme = new JCheckBoxMenuItem("Use system theme");
343 | disableUpdateCheck.setState(settings.valueEquals(PortexSettingsKey.DISABLE_UPDATE, "1"));
344 | disableYaraWarn.setState(settings.valueEquals(PortexSettingsKey.DISABLE_YARA_WARNINGS, "1"));
345 | systemTheme.setState(settings.valueEquals(PortexSettingsKey.LOOK_AND_FEEL, LookAndFeelSetting.SYSTEM.toString()));
346 |
347 | settingsMenu.add(disableYaraWarn);
348 | settingsMenu.add(disableUpdateCheck);
349 | settingsMenu.add(systemTheme);
350 |
351 | disableYaraWarn.addActionListener(e -> {
352 | if(disableYaraWarn.getState()) {
353 | settings.put(PortexSettingsKey.DISABLE_YARA_WARNINGS, "1");
354 | } else {
355 | settings.put(PortexSettingsKey.DISABLE_YARA_WARNINGS, "0");
356 | }
357 | try {
358 | settings.writeSettings();
359 | } catch (IOException ex) {
360 | LOGGER.error(e);
361 | }
362 | });
363 |
364 | disableUpdateCheck.addActionListener(e -> {
365 | if(disableUpdateCheck.getState()) {
366 | settings.put(PortexSettingsKey.DISABLE_UPDATE, "1");
367 | } else {
368 | settings.put(PortexSettingsKey.DISABLE_UPDATE, "0");
369 | }
370 | try {
371 | settings.writeSettings();
372 | } catch (IOException ex) {
373 | LOGGER.error(e);
374 | }
375 | });
376 |
377 | systemTheme.addActionListener(e -> {
378 | JOptionPane.showMessageDialog(this,
379 | "Please restart PortexAnalyzerGUI for the new theme!",
380 | "Theme changed",
381 | JOptionPane.INFORMATION_MESSAGE);
382 | if(systemTheme.getState()) {
383 | settings.put(PortexSettingsKey.LOOK_AND_FEEL, LookAndFeelSetting.SYSTEM.toString());
384 | } else {
385 | settings.put(PortexSettingsKey.LOOK_AND_FEEL, LookAndFeelSetting.PORTEX.toString());
386 | }
387 | try {
388 | settings.writeSettings();
389 | } catch (IOException ex) {
390 | LOGGER.error(e);
391 | }
392 | });
393 | return settingsMenu;
394 | }
395 |
396 | private JMenu createHelpMenu() {
397 | JMenu help = new JMenu("Help");
398 | JMenuItem about = new JMenuItem("About");
399 | help.add(about);
400 | about.addActionListener(arg0 -> invokeLater(() -> {
401 | AboutFrame aFrame = new AboutFrame();
402 | aFrame.setVisible(true);
403 | }));
404 | return help;
405 | }
406 |
407 | private JMenu createFileMenu() {
408 | // open file
409 | JMenu fileMenu = new JMenu("File");
410 | JMenuItem open = new JMenuItem("Open...", new ImageIcon(getClass().getResource("/laptop-bug-icon.png")));
411 | fileMenu.add(open);
412 | open.addActionListener(arg0 -> {
413 | String path = PortexSwingUtils.getOpenFileNameFromUser(this);
414 | if (path != null) {
415 | filePathLabel.setText(path);
416 | loadFile(new File(path));
417 | }
418 | });
419 |
420 | // close application
421 | JMenuItem exit = new JMenuItem("Exit", new ImageIcon(getClass().getResource("/moon-icon.png")));
422 | fileMenu.add(exit);
423 | exit.addActionListener(arg0 -> dispose());
424 | return fileMenu;
425 | }
426 |
427 | private class FileDropper extends DropTarget {
428 | public synchronized void drop(DropTargetDropEvent evt) {
429 | try {
430 | evt.acceptDrop(DnDConstants.ACTION_COPY);
431 | List droppedFiles = (List)
432 | evt.getTransferable().getTransferData(DataFlavor.javaFileListFlavor);
433 | if (droppedFiles.size() > 0) {
434 | File file = droppedFiles.get(0);
435 | filePathLabel.setText(file.getAbsolutePath());
436 | loadFile(file);
437 | }
438 | } catch (IOException | UnsupportedFlavorException ex) {
439 | String message = "Could not load PE file from dropper! Reason: " + ex.getMessage();
440 | LOGGER.error(message);
441 | ex.printStackTrace();
442 | JOptionPane.showMessageDialog(null,
443 | message,
444 | "Unable to load",
445 | JOptionPane.ERROR_MESSAGE);
446 | }
447 | }
448 | }
449 | }
450 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/PEComponentTree.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui;
19 |
20 | import com.github.struppigel.gui.pedetails.PEDetailsPanel;
21 | import org.apache.logging.log4j.LogManager;
22 | import org.apache.logging.log4j.Logger;
23 |
24 | import javax.swing.*;
25 | import javax.swing.tree.DefaultMutableTreeNode;
26 | import javax.swing.tree.DefaultTreeCellRenderer;
27 | import javax.swing.tree.DefaultTreeModel;
28 | import javax.swing.tree.TreePath;
29 | import java.awt.*;
30 | import java.util.*;
31 | import java.util.List;
32 | import java.util.stream.Collectors;
33 |
34 | /**
35 | * The tree on the left side
36 | */
37 | public class PEComponentTree extends JPanel {
38 |
39 | private static final Logger LOGGER = LogManager.getLogger();
40 | private static final String DOS_STUB_TEXT = "MS DOS Stub";
41 | private static final String COFF_FILE_HEADER_TEXT = "COFF File Header";
42 | private static final String OPTIONAL_HEADER_TEXT = "Optional Header";
43 | private static final String STANDARD_FIELDS_TEXT = "Standard Fields";
44 | private static final String WINDOWS_FIELDS_TEXT = "Windows Fields";
45 | private static final String DATA_DIRECTORY_TEXT = "Data Directory";
46 | private static final String SECTION_TABLE_TEXT = "Section Table";
47 | private static final String PE_HEADERS_TEXT = "PE Headers";
48 | private static final String OVERLAY_TEXT = "Overlay";
49 | private static final String RICH_TEXT = "Rich Header";
50 | private static final String MANIFEST_TEXT = "Manifests";
51 | private static final String RESOURCES_TEXT = "Resources";
52 | private static final String RT_STRING_TEXT = "String Table";
53 | private static final String VERSION_INFO_TEXT = "Version Info";
54 | private static final String IMPORTS_TEXT = "Imports";
55 |
56 | private static final String DELAY_LOAD_IMPORTS_TEXT = "Delay Load Imports";
57 | private static final String BOUND_IMPORTS_TEXT = "Bound Imports";
58 | private static final String EXPORTS_TEXT = "Exports";
59 | private static final String DEBUG_TEXT = "Debug";
60 | private static final String ANOMALY_TEXT = "Anomalies";
61 | private static final String HASHES_TEXT = "Hashes";
62 | private static final String VISUALIZATION_TEXT = "Visualization";
63 | private static final String PE_FORMAT_TEXT = "PE Format";
64 | private static final String ICONS_TEXT = "Icons";
65 | private static final String SIGNATURES_TEXT = "Signatures";
66 | private static final String DOT_NET_TEXT = ".NET Headers";
67 | private static final String DOT_NET_METADATA_ROOT_TEXT = "Metadata Root";
68 |
69 | private static final String DOT_NET_STREAM_HEADERS_TEXT = "Stream Headers";
70 |
71 | private static final String DOT_NET_OPTIMIZED_STREAM_TEXT = "#~";
72 |
73 | private List clrTableNames = new ArrayList<>();
74 |
75 | private final PEDetailsPanel peDetailsPanel;
76 | private FullPEData peData = null;
77 | private JTree peTree;
78 |
79 | public PEComponentTree(PEDetailsPanel peDetailsPanel) {
80 | this.peDetailsPanel = peDetailsPanel;
81 | initTree();
82 | }
83 |
84 | public void setPeData(FullPEData peData) {
85 | this.peData = peData;
86 | updateTree();
87 | }
88 |
89 | private void updateTree() {
90 | LOGGER.debug("Updating tree");
91 | DefaultMutableTreeNode root = (DefaultMutableTreeNode) peTree.getModel().getRoot();
92 | root.removeAllChildren();
93 | // create the child nodes
94 | // PE related
95 | // DOS/PE Headers
96 | DefaultMutableTreeNode pe = new DefaultMutableTreeNode(PE_FORMAT_TEXT);
97 | DefaultMutableTreeNode dosStub = new DefaultMutableTreeNode(DOS_STUB_TEXT);
98 | DefaultMutableTreeNode rich = new DefaultMutableTreeNode(RICH_TEXT);
99 | DefaultMutableTreeNode coff = new DefaultMutableTreeNode(COFF_FILE_HEADER_TEXT);
100 | DefaultMutableTreeNode optional = new DefaultMutableTreeNode(OPTIONAL_HEADER_TEXT);
101 | DefaultMutableTreeNode sections = new DefaultMutableTreeNode(SECTION_TABLE_TEXT);
102 | DefaultMutableTreeNode overlay = new DefaultMutableTreeNode(OVERLAY_TEXT);
103 | // OptionalHeader
104 | DefaultMutableTreeNode standard = new DefaultMutableTreeNode(STANDARD_FIELDS_TEXT);
105 | DefaultMutableTreeNode windows = new DefaultMutableTreeNode(WINDOWS_FIELDS_TEXT);
106 | DefaultMutableTreeNode datadir = new DefaultMutableTreeNode(DATA_DIRECTORY_TEXT);
107 | // Resources
108 | DefaultMutableTreeNode resources = new DefaultMutableTreeNode(RESOURCES_TEXT);
109 | DefaultMutableTreeNode manifest = new DefaultMutableTreeNode(MANIFEST_TEXT);
110 | DefaultMutableTreeNode version = new DefaultMutableTreeNode(VERSION_INFO_TEXT);
111 | DefaultMutableTreeNode icons = new DefaultMutableTreeNode(ICONS_TEXT);
112 | DefaultMutableTreeNode rtstrings = new DefaultMutableTreeNode(RT_STRING_TEXT);
113 | // Data directories
114 | DefaultMutableTreeNode imports = new DefaultMutableTreeNode(IMPORTS_TEXT);
115 | DefaultMutableTreeNode delayLoad = new DefaultMutableTreeNode(DELAY_LOAD_IMPORTS_TEXT);
116 | DefaultMutableTreeNode bound = new DefaultMutableTreeNode(BOUND_IMPORTS_TEXT);
117 | DefaultMutableTreeNode exports = new DefaultMutableTreeNode(EXPORTS_TEXT);
118 | DefaultMutableTreeNode debug = new DefaultMutableTreeNode(DEBUG_TEXT);
119 |
120 | // .NET related
121 | DefaultMutableTreeNode dotNet = new DefaultMutableTreeNode(DOT_NET_TEXT);
122 | DefaultMutableTreeNode dotNetRoot = new DefaultMutableTreeNode(DOT_NET_METADATA_ROOT_TEXT);
123 | DefaultMutableTreeNode dotNetStreams = new DefaultMutableTreeNode(DOT_NET_STREAM_HEADERS_TEXT);
124 | DefaultMutableTreeNode dotNetOptStream = new DefaultMutableTreeNode(DOT_NET_OPTIMIZED_STREAM_TEXT);
125 |
126 | // Non-PE
127 | DefaultMutableTreeNode anomaly = new DefaultMutableTreeNode(ANOMALY_TEXT);
128 | DefaultMutableTreeNode hashes = new DefaultMutableTreeNode(HASHES_TEXT);
129 | DefaultMutableTreeNode vis = new DefaultMutableTreeNode(VISUALIZATION_TEXT);
130 | DefaultMutableTreeNode signatures = new DefaultMutableTreeNode(SIGNATURES_TEXT);
131 |
132 | // adding the sub nodes for optional header
133 | optional.add(standard);
134 | optional.add(windows);
135 | optional.add(datadir);
136 |
137 | // add the child nodes to the root node
138 | root.add(pe);
139 | pe.add(dosStub);
140 | if (peData.getPeData().maybeGetRichHeader().isPresent()) {
141 | pe.add(rich);
142 | }
143 | pe.add(coff);
144 | pe.add(optional);
145 | pe.add(sections);
146 | if (peData.hasResources()) {
147 | pe.add(resources);
148 | if (peData.hasManifest()) {
149 | resources.add(manifest);
150 | }
151 | if(peData.hasVersionInfo()) {
152 | resources.add(version);
153 | }
154 | if(peData.hasIcons()){
155 | resources.add(icons);
156 | }
157 | if(peData.hasRTStrings()) {
158 | resources.add(rtstrings);
159 | }
160 | }
161 |
162 | if(peData.hasImports()){
163 | pe.add(imports);
164 | }
165 |
166 | if(peData.hasDelayLoadImports()){
167 | pe.add(delayLoad);
168 | }
169 |
170 | if(peData.hasBoundImportEntries()) {
171 | pe.add(bound);
172 | }
173 |
174 | if(peData.hasExports()){
175 | pe.add(exports);
176 | }
177 |
178 | if(peData.hasDebugInfo()) {
179 | pe.add(debug);
180 | }
181 |
182 | if (peData.overlayExists()) {
183 | pe.add(overlay);
184 | LOGGER.debug("Overlay added to root node of tree");
185 | }
186 |
187 | if(peData.isDotNet()) {
188 | root.add(dotNet);
189 | dotNet.add(dotNetRoot);
190 | dotNet.add(dotNetStreams);
191 | if(peData.hasOptimizedStream()) {
192 | dotNetStreams.add(dotNetOptStream);
193 | this.clrTableNames = peData.getClrTables().keySet().stream().sorted().collect(Collectors.toList());
194 | for (String name : clrTableNames) {
195 | DefaultMutableTreeNode node = new DefaultMutableTreeNode(name);
196 | dotNetOptStream.add(node);
197 | }
198 | }
199 | }
200 |
201 | root.add(anomaly);
202 | root.add(hashes);
203 | root.add(vis);
204 | root.add(signatures);
205 |
206 | // no root
207 | peTree.setRootVisible(false);
208 | // reload the tree model to actually show the update
209 | DefaultTreeModel model = (DefaultTreeModel) peTree.getModel();
210 | model.reload();
211 | // expand the tree per default except for .NET CLR tables
212 | setTreeExpandedState(peTree, true);
213 | setNodeExpandedState(peTree, dotNetOptStream, false);
214 | }
215 |
216 | // this method is from https://www.logicbig.com/tutorials/java-swing/jtree-expand-collapse-all-nodes.html
217 | private static void setTreeExpandedState(JTree tree, boolean expanded) {
218 | DefaultMutableTreeNode node = (DefaultMutableTreeNode) tree.getModel().getRoot();
219 | setNodeExpandedState(tree, node, expanded);
220 | }
221 |
222 | // this method is from https://www.logicbig.com/tutorials/java-swing/jtree-expand-collapse-all-nodes.html
223 | private static void setNodeExpandedState(JTree tree, DefaultMutableTreeNode node, boolean expanded) {
224 | List list = Collections.list(node.children());
225 | for (DefaultMutableTreeNode treeNode : list) {
226 | setNodeExpandedState(tree, treeNode, expanded);
227 | }
228 | if (!expanded && node.isRoot()) {
229 | return;
230 | }
231 | TreePath path = new TreePath(node.getPath());
232 | if (expanded) {
233 | tree.expandPath(path);
234 | } else {
235 | tree.collapsePath(path);
236 | }
237 | }
238 |
239 | public void setSelectionRow(int i) {
240 | peTree.setSelectionRow(i);
241 | }
242 |
243 | private void initTree() {
244 | //create the root node
245 | DefaultMutableTreeNode root = new DefaultMutableTreeNode("PE Format");
246 |
247 | //create the tree by passing in the root node
248 | this.peTree = new JTree(root);
249 |
250 | DefaultTreeCellRenderer renderer = (DefaultTreeCellRenderer) peTree.getCellRenderer();
251 | Icon leafIcon = new ImageIcon(getClass().getResource("/document-red-icon.png"));
252 | Icon openIcon = new ImageIcon(getClass().getResource("/Places-folder-red-icon.png"));
253 | Icon closeIcon = new ImageIcon(getClass().getResource("/folder-red-icon.png"));
254 | renderer.setLeafIcon(leafIcon);
255 | renderer.setOpenIcon(openIcon);
256 | renderer.setOpenIcon(closeIcon);
257 |
258 | // set scrollbar
259 | JScrollPane scrollPane = new JScrollPane(peTree);
260 | this.setLayout(new BorderLayout());
261 | this.add(scrollPane, BorderLayout.CENTER);
262 |
263 | peTree.setRootVisible(false);
264 | peTree.addTreeSelectionListener(e -> selectionChanged(e.getNewLeadSelectionPath()));
265 | this.setVisible(true);
266 | }
267 |
268 | private void selectionChanged(TreePath path) {
269 | if (path == null)
270 | return; // this happens when a selected node was removed, e.g., new file with no overlay loaded
271 | String node = path.getLastPathComponent().toString();
272 | LOGGER.debug("Tree selection changed to " + node);
273 | switch (node) {
274 | case DOS_STUB_TEXT:
275 | peDetailsPanel.showDosStub();
276 | return;
277 | case RICH_TEXT:
278 | peDetailsPanel.showRichHeader();
279 | return;
280 | case COFF_FILE_HEADER_TEXT:
281 | peDetailsPanel.showCoffFileHeader();
282 | return;
283 | case OPTIONAL_HEADER_TEXT:
284 | peDetailsPanel.showOptionalHeader();
285 | return;
286 | case STANDARD_FIELDS_TEXT:
287 | peDetailsPanel.showStandardFieldsTable();
288 | return;
289 | case WINDOWS_FIELDS_TEXT:
290 | peDetailsPanel.showWindowsFieldsTable();
291 | return;
292 | case DATA_DIRECTORY_TEXT:
293 | peDetailsPanel.showDataDirectoryTable();
294 | return;
295 | case SECTION_TABLE_TEXT:
296 | peDetailsPanel.showSectionTable();
297 | return;
298 | case PE_HEADERS_TEXT:
299 | peDetailsPanel.showPEHeaders();
300 | return;
301 | case OVERLAY_TEXT:
302 | peDetailsPanel.showOverlay();
303 | return;
304 | case MANIFEST_TEXT:
305 | peDetailsPanel.showManifests();
306 | return;
307 | case RESOURCES_TEXT:
308 | peDetailsPanel.showResources();
309 | return;
310 | case VERSION_INFO_TEXT:
311 | peDetailsPanel.showVersionInfo();
312 | return;
313 | case IMPORTS_TEXT:
314 | peDetailsPanel.showImports();
315 | return;
316 | case DELAY_LOAD_IMPORTS_TEXT:
317 | peDetailsPanel.showDelayLoadImports();
318 | return;
319 | case BOUND_IMPORTS_TEXT:
320 | peDetailsPanel.showBoundImports();
321 | return;
322 | case EXPORTS_TEXT:
323 | peDetailsPanel.showExports();
324 | return;
325 | case DEBUG_TEXT:
326 | peDetailsPanel.showDebugInfo();
327 | return;
328 | case ANOMALY_TEXT:
329 | peDetailsPanel.showAnomalies();
330 | return;
331 | case HASHES_TEXT:
332 | peDetailsPanel.showHashes();
333 | return;
334 | case VISUALIZATION_TEXT:
335 | peDetailsPanel.showVisualization();
336 | return;
337 | case PE_FORMAT_TEXT:
338 | peDetailsPanel.showPEFormat();
339 | return;
340 | case ICONS_TEXT:
341 | peDetailsPanel.showIcons();
342 | return;
343 | case SIGNATURES_TEXT:
344 | peDetailsPanel.showSignatures();
345 | return;
346 | case RT_STRING_TEXT:
347 | peDetailsPanel.showRTStrings();
348 | return;
349 | case DOT_NET_METADATA_ROOT_TEXT:
350 | peDetailsPanel.showDotNetMetadataRoot();
351 | return;
352 | case DOT_NET_STREAM_HEADERS_TEXT:
353 | peDetailsPanel.showDotNetStreamHeaders();
354 | return;
355 | case DOT_NET_OPTIMIZED_STREAM_TEXT:
356 | peDetailsPanel.showOptimizedStream();
357 | return;
358 | }
359 | for(String name : clrTableNames){
360 | if(node.equals(name)) {
361 | peDetailsPanel.showClrTable(name);
362 | return;
363 | }
364 | }
365 | }
366 |
367 | public void refreshSelection() {
368 | TreePath[] paths = peTree.getSelectionModel().getSelectionPaths();
369 | if(paths.length > 0) {
370 | // trigger selection change on same element to refresh the view
371 | selectionChanged(paths[0]);
372 | }
373 | }
374 | }
375 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/PEFieldsTable.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui;
19 |
20 | import com.github.struppigel.gui.pedetails.FileContentPreviewPanel;
21 | import org.apache.logging.log4j.LogManager;
22 | import org.apache.logging.log4j.Logger;
23 |
24 | import javax.swing.*;
25 | import javax.swing.table.DefaultTableCellRenderer;
26 | import javax.swing.table.DefaultTableModel;
27 | import java.awt.*;
28 | import java.util.Vector;
29 |
30 | public class PEFieldsTable extends JTable {
31 |
32 | private static final Logger LOGGER = LogManager.getLogger();
33 | private final boolean enableHex;
34 | private int previewOffsetColumn;
35 |
36 | public PEFieldsTable(boolean enableHex) {
37 | this.enableHex = enableHex;
38 | initTable();
39 | }
40 |
41 | public void setPreviewOffsetColumn(int column, FileContentPreviewPanel previewPanel) {
42 | this.previewOffsetColumn = column;
43 | initOffsetListener(this, previewPanel);
44 | }
45 |
46 | private void initTable() {
47 | // set PETableModel for proper sorting of integers and longs
48 | DefaultTableModel model = new PETableModel();
49 | setModel(model);
50 |
51 | // show long and int as hexadecimal string
52 | setDefaultRenderer(Long.class, new HexValueRenderer(enableHex));
53 | setDefaultRenderer(Integer.class, new HexValueRenderer(enableHex));
54 |
55 | setPreferredScrollableViewportSize(new Dimension(500, 70));
56 | setFillsViewportHeight(true);
57 | setAutoCreateRowSorter(true);
58 | setDefaultEditor(Object.class, null); // make not editable
59 | }
60 |
61 | private void initOffsetListener(JTable table, FileContentPreviewPanel previewPanel) {
62 | ListSelectionModel model = table.getSelectionModel();
63 | model.addListSelectionListener(e -> {
64 | Long offset = getOffsetForSelectedRow(table);
65 | if(offset == null) return;
66 | LOGGER.info(offset + " offset selected");
67 | previewPanel.showContentAtOffset(offset);
68 | });
69 | }
70 |
71 | private Long getOffsetForSelectedRow(JTable table) {
72 | DefaultTableModel model = (DefaultTableModel) table.getModel();
73 | int row = getSelectedRow(table);
74 | if (row == -1) return null;
75 | Vector vRow = (Vector) model.getDataVector().elementAt(row);
76 | Object offset = vRow.elementAt(previewOffsetColumn);
77 | return (Long) offset;
78 | }
79 |
80 | /**
81 | * Return a vector of the data in the currently selected row. Returns null if no row selected
82 | *
83 | * @param table
84 | * @return vector of the data in the currently selected row or null if nothing selected
85 | */
86 | private int getSelectedRow(JTable table) {
87 | int rowIndex = table.getSelectedRow();
88 | if (rowIndex >= 0) {
89 | return table.convertRowIndexToModel(rowIndex);
90 |
91 | }
92 | return -1;
93 | }
94 |
95 | public static class PETableModel extends DefaultTableModel {
96 |
97 | @Override
98 | public Class getColumnClass(int columnIndex) {
99 | if (this.getColumnCount() < columnIndex || this.getRowCount() == 0) {
100 | return Object.class;
101 | }
102 | Class clazz = getValueAt(0, columnIndex).getClass();
103 | return clazz;
104 | }
105 | }
106 |
107 | public static class HexValueRenderer extends DefaultTableCellRenderer {
108 |
109 | private boolean enableHex;
110 |
111 | public HexValueRenderer(boolean enableHex){
112 | this.enableHex = enableHex;
113 | }
114 | @Override
115 | public void setValue(Object value){
116 | if(value == null) {
117 | return;
118 | }
119 | if(value.getClass() == Long.class) {
120 | Long lvalue = (Long) value;
121 | if(enableHex) {
122 | setText(toHex(lvalue));
123 | } else {
124 | setText(lvalue.toString());
125 | }
126 | }
127 | if(value.getClass() == Integer.class) {
128 | Integer ivalue = (Integer) value;
129 | if(enableHex) {
130 | setText(toHex(ivalue));
131 | } else {
132 | setText(ivalue.toString());
133 | }
134 | }
135 | }
136 | }
137 |
138 | private static String toHex(Long num) {
139 | return "0x" + Long.toHexString(num);
140 | }
141 |
142 | private static String toHex(Integer num) {
143 | return "0x" + Integer.toHexString(num);
144 | }
145 | }
146 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/Starter.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui;
19 |
20 | import com.github.struppigel.settings.LookAndFeelSetting;
21 | import com.github.struppigel.settings.PortexSettings;
22 | import com.github.struppigel.settings.PortexSettingsKey;
23 | import org.apache.logging.log4j.LogManager;
24 | import org.apache.logging.log4j.Logger;
25 |
26 | import javax.swing.*;
27 | import javax.swing.UIManager.LookAndFeelInfo;
28 | import java.awt.*;
29 |
30 | /**
31 | * Sets the look and feel and starts the GUI
32 | */
33 | public class Starter {
34 | private static final Logger LOGGER = LogManager.getLogger();
35 |
36 | public static void main(String[] args) {
37 |
38 | LOGGER.debug("starting program");
39 | PortexSettings s = new PortexSettings();
40 | if(s.valueEquals(PortexSettingsKey.LOOK_AND_FEEL, LookAndFeelSetting.PORTEX.toString())) {
41 | setPortexLookAndFeel();
42 | } else {
43 | setSystemLookAndFeel();
44 | }
45 | initMainFrame(s);
46 | }
47 |
48 | private static void initMainFrame(PortexSettings s) {
49 | SwingUtilities.invokeLater(() -> new MainFrame(s));
50 | }
51 |
52 | private static void setSystemLookAndFeel() {
53 | try {
54 | // Set System L&F
55 | UIManager.setLookAndFeel(
56 | UIManager.getSystemLookAndFeelClassName());
57 | UIManager.put("Table.alternateRowColor", new Color(240,240,240));
58 | }
59 | catch (ClassNotFoundException | InstantiationException
60 | | IllegalAccessException
61 | | UnsupportedLookAndFeelException e) {
62 | LOGGER.error(e.getMessage());
63 | }
64 | }
65 |
66 | private static void setPortexLookAndFeel() {
67 | UIManager.put("nimbusBase", new Color(15, 0, 0));
68 | UIManager.put("nimbusBlueGrey", new Color(170, 0, 0));
69 | UIManager.put("control", Color.black);
70 |
71 | // UIManager.put("ToggleButton.disabled", Color.yellow);
72 | //UIManager.put("ToggleButton.foreground", Color.yellow);
73 | //UIManager.put("ToolBar.opaque", true);
74 | //UIManager.put("ToolBar.background", new Color(100, 0, 0));
75 | //UIManager.put("ToolBar.disabled", Color.green);
76 | //UIManager.put("ToolBar.foreground", Color.red);
77 |
78 | UIManager.put("text", Color.white);
79 |
80 | UIManager.put("nimbusSelectionBackground", Color.gray);
81 | UIManager.put("nimbusSelectedText", Color.white);
82 | UIManager.put("textHighlight", Color.lightGray);
83 | UIManager.put("nimbusFocus", new Color(0xBA3A1E));
84 | UIManager.put("nimbusSelection", new Color(170, 0, 0));
85 | UIManager.put("textBackground", Color.darkGray);
86 | UIManager.put("nimbusLightBackground", Color.black);
87 | UIManager.put("Table.alternateRowColor", new Color(20,20,20));
88 | /*
89 | UIManager.put("ToolBar.background", Color.blue);
90 | UIManager.put("ToolBar.foreground", Color.blue);
91 | UIManager.put("ToolBar.disabled", Color.blue);
92 | UIManager.put("ToolBar.opaque", false);
93 | */
94 |
95 | for (LookAndFeelInfo info : UIManager.getInstalledLookAndFeels()) {
96 | if ("Nimbus".equals(info.getName())) {
97 | try {
98 | UIManager.setLookAndFeel(info.getClassName());
99 | } catch (ClassNotFoundException | InstantiationException
100 | | IllegalAccessException
101 | | UnsupportedLookAndFeelException e) {
102 | LOGGER.error(e.getMessage());
103 | }
104 | break;
105 | }
106 | }
107 | }
108 |
109 | }
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/VisualizerPanel.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui;
19 |
20 | import com.github.struppigel.tools.visualizer.ColorableItem;
21 | import com.github.struppigel.tools.visualizer.ImageUtil;
22 | import com.github.struppigel.tools.visualizer.Visualizer;
23 | import com.github.struppigel.tools.visualizer.VisualizerBuilder;
24 | import com.github.struppigel.gui.utils.WorkerKiller;
25 | import org.apache.logging.log4j.LogManager;
26 | import org.apache.logging.log4j.Logger;
27 |
28 | import javax.swing.*;
29 | import java.awt.*;
30 | import java.awt.event.ActionEvent;
31 | import java.awt.event.ActionListener;
32 | import java.awt.event.ComponentAdapter;
33 | import java.awt.event.ComponentEvent;
34 | import java.awt.image.BufferedImage;
35 | import java.io.File;
36 | import java.io.IOException;
37 | import java.util.concurrent.ExecutionException;
38 |
39 | /**
40 | * Panel with byteplot, entropy and PE structure image
41 | */
42 | public class VisualizerPanel extends JPanel {
43 |
44 | private static final Logger LOGGER = LogManager.getLogger();
45 |
46 | private javax.swing.Timer waitingTimer;
47 |
48 | private final JLabel visLabel = new JLabel();
49 | private File pefile;
50 |
51 | private final static int RESIZE_DELAY = 1000;
52 | private JProgressBar scanRunningBar = new JProgressBar();
53 |
54 | private boolean enableLegend = false;
55 | private boolean enableByteplot = true;
56 | private boolean enableEntropy = true;
57 |
58 | private int imageWidth = 50;
59 | private BufferedImage image;
60 |
61 | public VisualizerPanel() {
62 | super();
63 | initPanel();
64 | }
65 |
66 | public VisualizerPanel(boolean enableLegend, boolean enableByteplot, boolean enableEntropy, int imageWidth) {
67 | super();
68 | this.enableByteplot = enableByteplot;
69 | this.enableEntropy = enableEntropy;
70 | this.enableLegend = enableLegend;
71 | this.imageWidth = imageWidth;
72 | initPanel();
73 | }
74 |
75 | private void initPanel(){
76 | this.removeAll();
77 | setLayout(new BorderLayout());
78 | add(visLabel, BorderLayout.CENTER);
79 | addComponentListener(new ResizeListener());
80 |
81 | /*JToolBar toolBar = new JToolBar();
82 | ImageIcon ico = new ImageIcon(getClass().getResource("/science-icon.png"));
83 | toolBar.add(new JToggleButton(ico));
84 |
85 | add(toolBar, BorderLayout.PAGE_START);*/
86 | }
87 |
88 | public void visualizePE(File pefile) throws IOException {
89 | this.pefile = pefile;
90 | SwingWorker worker = new VisualizerWorker(getHeight(), imageWidth, pefile, enableEntropy, enableByteplot, enableLegend);
91 | WorkerKiller.getInstance().addWorker(worker);
92 | worker.execute();
93 | initProgressBar();
94 | }
95 |
96 | private void initProgressBar() {
97 | this.removeAll();
98 | this.add(scanRunningBar);
99 | this.setLayout(new FlowLayout());
100 | scanRunningBar.setIndeterminate(true);
101 | scanRunningBar.setVisible(true);
102 | this.repaint();
103 | }
104 |
105 | public BufferedImage getImage() {
106 | return image;
107 | }
108 |
109 | private class VisualizerWorker extends SwingWorker {
110 |
111 | private final int maxHeight;
112 | private final File file;
113 | private final boolean showEntropy;
114 | private final boolean showByteplot;
115 | private final boolean showLegend;
116 | private final int width;
117 |
118 | private int pixelSize = 4;
119 |
120 | public VisualizerWorker(int height, int width, File file, boolean showEntropy, boolean showByteplot, boolean showLegend) {
121 | this.maxHeight = height;
122 | this.width = width;
123 | this.file = file;
124 | this.showEntropy = showEntropy;
125 | this.showByteplot = showByteplot;
126 | this.showLegend = showLegend;
127 | }
128 |
129 | private int height(int nrBytes) {
130 | double nrOfPixels = file.length() / (double) nrBytes;
131 | double pixelsPerRow = width / (double) pixelSize;
132 | double pixelsPerCol = nrOfPixels / pixelsPerRow;
133 | return (int) Math.ceil(pixelsPerCol * pixelSize);
134 | }
135 |
136 | @Override
137 | protected BufferedImage doInBackground() throws Exception {
138 | if(pefile == null) return null;
139 | // bps
140 | int res = 1;
141 | while(height(res) > maxHeight) res *= 2;
142 | int bytesPerPixel = res;
143 |
144 | Visualizer visualizer = new VisualizerBuilder()
145 | .setFileWidth(width)
146 | .setPixelSize(pixelSize)
147 | .setBytesPerPixel(bytesPerPixel, file.length())
148 | .setColor(ColorableItem.ENTROPY, Color.cyan)
149 | .build();
150 |
151 | BufferedImage peImage = visualizer.createImage(file);
152 |
153 | if(showEntropy){
154 | BufferedImage entropyImg = visualizer.createEntropyImage(file);
155 | peImage = ImageUtil.appendImages(entropyImg, peImage);
156 | }
157 | if(showByteplot) {
158 | int bytePlotPixelSize = (width * height(bytesPerPixel) > file.length()) ? pixelSize : 1;
159 | Visualizer vi2 = new VisualizerBuilder() // more fine grained bytePlot, hence new visualizer
160 | .setPixelSize(bytePlotPixelSize)
161 | .setFileWidth(width)
162 | .setHeight(height(bytesPerPixel))
163 | .build();
164 | BufferedImage bytePlot = vi2.createBytePlot(file);
165 | peImage = ImageUtil.appendImages(bytePlot, peImage);
166 | }
167 | if(showLegend) {
168 | BufferedImage legendImage = visualizer.createLegendImage(showByteplot, showEntropy, true);
169 | peImage = ImageUtil.appendImages(peImage, legendImage);
170 | }
171 | return peImage;
172 | }
173 |
174 | @Override
175 | protected void done() {
176 | if(isCancelled()){return;}
177 | try {
178 | image = get();
179 | if(image == null) return;
180 | initPanel();
181 | visLabel.setIcon(new ImageIcon(image));
182 | visLabel.repaint();
183 | } catch (InterruptedException e) {
184 | String message = "Problem with visualizer! Reason: " + e.getMessage();
185 | LOGGER.error(message);
186 | e.printStackTrace(); // no dialog necessary
187 | } catch (ExecutionException e) {
188 | LOGGER.error(e);
189 | e.printStackTrace();
190 | }
191 | }
192 | }
193 |
194 | private class ResizeListener extends ComponentAdapter implements ActionListener {
195 | public void componentResized(ComponentEvent e) {
196 | if(waitingTimer == null) {
197 | try {
198 | waitingTimer = new Timer(RESIZE_DELAY, this);
199 | waitingTimer.start();
200 | } catch (Exception ex) {
201 | LOGGER.error("Visualization update failed " + ex.getMessage());
202 | throw new RuntimeException(ex);
203 | }
204 | } else {
205 | waitingTimer.restart();
206 | }
207 | }
208 |
209 | public void actionPerformed(ActionEvent ae)
210 | {
211 | /* Timer finished? */
212 | if (ae.getSource()==waitingTimer)
213 | {
214 | /* Stop timer */
215 | waitingTimer.stop();
216 | waitingTimer = null;
217 | /* Resize */
218 | applyResize();
219 | }
220 | }
221 |
222 | private void applyResize() {
223 | SwingWorker worker = new VisualizerWorker(getHeight(), imageWidth, pefile, enableEntropy, enableByteplot, enableLegend);
224 | WorkerKiller.getInstance().addWorker(worker);
225 | worker.execute();
226 | }
227 | }
228 |
229 | public void setEnableLegend(boolean enableLegend) {
230 | this.enableLegend = enableLegend;
231 | }
232 |
233 | public void setEnableByteplot(boolean enableByteplot) {
234 | this.enableByteplot = enableByteplot;
235 | }
236 |
237 | public void setEnableEntropy(boolean enableEntropy) {
238 | this.enableEntropy = enableEntropy;
239 | }
240 |
241 | public void setImageWidth(int imageWidth) {
242 | this.imageWidth = imageWidth;
243 | }
244 |
245 | }
246 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/FileContentPreviewPanel.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui.pedetails;
19 |
20 | import com.github.struppigel.parser.PEData;
21 | import com.github.struppigel.parser.sections.rsrc.icon.IcoFile;
22 | import com.github.struppigel.parser.sections.rsrc.icon.IconParser;
23 | import com.github.struppigel.gui.FullPEData;
24 | import com.github.struppigel.gui.utils.WorkerKiller;
25 | import net.ifok.image.image4j.codec.ico.ICODecoder;
26 | import org.apache.logging.log4j.LogManager;
27 | import org.apache.logging.log4j.Logger;
28 |
29 | import javax.swing.*;
30 | import java.awt.*;
31 | import java.awt.image.BufferedImage;
32 | import java.io.IOException;
33 | import java.util.ArrayList;
34 | import java.util.List;
35 | import java.util.concurrent.ExecutionException;
36 |
37 | public class IconPanel extends JPanel {
38 | private static final Logger LOGGER = LogManager.getLogger();
39 | private FullPEData peData;
40 |
41 | private List icons;
42 |
43 | public void setPeData(FullPEData peData) {
44 | this.peData = peData;
45 | SwingWorker worker = new IconUpdateWorker(peData.getPeData());
46 | WorkerKiller.getInstance().addWorker(worker);
47 | worker.execute();
48 | }
49 |
50 | public List getIcons() {
51 | return icons;
52 | }
53 |
54 | private class IconUpdateWorker extends SwingWorker, Void> {
55 | private final PEData data;
56 |
57 | public IconUpdateWorker(PEData data) {
58 | this.data = data;
59 | }
60 |
61 | @Override
62 | protected List doInBackground() throws IOException {
63 | List icons = IconParser.extractIcons(data);
64 | List images = new ArrayList<>();
65 | for (IcoFile icon : icons) {
66 | try {
67 | List result = ICODecoder.read(icon.getInputStream());
68 | images.addAll(result);
69 | } catch (IOException e) {
70 | LOGGER.error(e);
71 | }
72 | }
73 | return images;
74 | }
75 |
76 | @Override
77 | protected void done() {
78 | if (isCancelled()) {
79 | return;
80 | }
81 | try {
82 | // get images
83 | icons = get();
84 |
85 | // init Swing components in the icon panel
86 | GridLayout grid = new GridLayout(0, 2);
87 | JPanel gridPanel = new JPanel(grid);
88 | //gridPanel.setPreferredSize(new Dimension(getWidth(), getHeight()));
89 | IconPanel.this.removeAll();
90 | IconPanel.this.add(gridPanel);
91 |
92 | // add all icons to the grid
93 | for (BufferedImage image : icons) {
94 | JLabel iconLabel = new JLabel(new ImageIcon(image));
95 | gridPanel.add(iconLabel);
96 | }
97 | } catch (InterruptedException | ExecutionException e) {
98 | e.printStackTrace();
99 | LOGGER.error(e);
100 | }
101 | }
102 | }
103 | }
104 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/SectionsTabbedPanel.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui.pedetails;
19 |
20 | import com.github.struppigel.parser.sections.*;
21 | import com.github.struppigel.gui.FullPEData;
22 | import com.github.struppigel.gui.PEFieldsTable;
23 | import org.apache.logging.log4j.LogManager;
24 | import org.apache.logging.log4j.Logger;
25 |
26 | import javax.swing.*;
27 | import javax.swing.table.DefaultTableModel;
28 | import java.awt.*;
29 | import java.util.ArrayList;
30 | import java.util.List;
31 | import java.util.stream.Collectors;
32 | import java.util.stream.Stream;
33 |
34 | import static com.github.struppigel.parser.sections.SectionHeaderKey.*;
35 | import static java.lang.Math.min;
36 |
37 | /**
38 | * There can be many sections, so this panel adds tabs at the top.
39 | */
40 | public class SectionsTabbedPanel extends JPanel {
41 |
42 | private static final Logger LOGGER = LogManager.getLogger();
43 | private FullPEData peData;
44 | private final List tables = new ArrayList<>();
45 | private final JTabbedPane tabbedPane = new JTabbedPane();
46 |
47 | private static final int SECTIONS_PER_TABLE = 4;
48 | private static final int TABLES_PER_TAB = 2;
49 | private static final int SECTION_NR_MAX = 200;
50 | private boolean hexEnabled = true;
51 |
52 | public SectionsTabbedPanel() {
53 | this.setLayout(new GridLayout(0,1));
54 | add(tabbedPane);
55 | }
56 |
57 | private void cleanUpTabsAndTables() {
58 | tabbedPane.removeAll();
59 | tables.clear();
60 | //tabs.clear(); // this will make everything non-working, but why?
61 | LOGGER.debug("Tabs and tables cleared");
62 | }
63 |
64 | public void setPeData(FullPEData peData){
65 | LOGGER.debug("PEData for tabbed Pane changed");
66 | this.peData = peData;
67 | initializeContent();
68 | }
69 |
70 | public void initializeContent() {
71 | LOGGER.debug("Init tabs for section tables");
72 | cleanUpTabsAndTables();
73 |
74 | SectionTable sectionTable = peData.getPeData().getSectionTable();
75 | List sections = sectionTable.getSectionHeaders();
76 | List tabs = initTabs(sections);
77 |
78 | if (peData == null) {
79 | LOGGER.error("PE Data is null!");
80 | return;
81 | }
82 | initTables(tabs, sections);
83 |
84 | LOGGER.debug("Section table shown");
85 | refreshPanel(tabs);
86 | }
87 |
88 | private void initTables(List tabs, List sections) {
89 | // we need that to calculate how many tabs and tables
90 | // init counters
91 | int tableCount = 0;
92 | int tabIndex = 0;
93 | // get first tab
94 | JPanel currTab = tabs.get(tabIndex);
95 | // a section group will contain SECTIONS_PER_TABLE sections max
96 | List sectionGroup = new ArrayList<>();
97 |
98 | // we want to add every section
99 | for (SectionHeader currSec : sections) {
100 | // obtain current section header and add to section group
101 | sectionGroup.add(currSec);
102 | // check if enough sections to create a table
103 | if (sectionGroup.size() == SECTIONS_PER_TABLE) {
104 | // create table with the sections and add table to current tab
105 | addSingleTableForSections(sectionGroup, currTab);
106 | // increment table counter
107 | tableCount++;
108 | // we added the sections to a table, so empty the list
109 | sectionGroup.clear();
110 | // check if we need to grab the next tab for the next table
111 | if (tableCount % TABLES_PER_TAB == 0) {
112 | // increment tab index (which is equal to tab count - 1)
113 | tabIndex++;
114 | // bounds check, in case we are already done with everything the index will be out of bounds
115 | if (tabIndex < tabs.size()) {
116 | currTab = tabs.get(tabIndex);
117 | }
118 | }
119 | }
120 | }
121 | // add remaining tables
122 | if(sectionGroup.size() > 0) {
123 | addSingleTableForSections(sectionGroup, currTab);
124 | tableCount++;
125 | }
126 | LOGGER.debug("Added " + tableCount + " tables and " + tabIndex + " tabs");
127 | }
128 |
129 | private List initTabs(List sections) {
130 | int secNr = min(sections.size(), SECTION_NR_MAX);
131 | int nrOfTabs = new Double(Math.ceil(secNr/(double)(TABLES_PER_TAB * SECTIONS_PER_TABLE))).intValue();
132 | LOGGER.debug("Number of tabs to create: " + nrOfTabs);
133 | if(nrOfTabs == 0){ nrOfTabs = 1;}
134 | List tabs = new ArrayList<>();
135 | for (int i = 0; i < nrOfTabs; i++) {
136 | JPanel tab = new JPanel();
137 | tab.setLayout(new GridLayout(0, 1));
138 | tabbedPane.addTab((i + 1) + "", tab);
139 | tabs.add(tab);
140 | }
141 | return tabs;
142 | }
143 |
144 | private void refreshPanel(List tabs) {
145 | LOGGER.debug("Refreshing tabs");
146 | for(JTable tbl : tables) {
147 | tbl.revalidate();
148 | tbl.repaint();
149 | }
150 | for(JPanel tab : tabs) {
151 | tab.revalidate();
152 | tab.repaint();
153 | }
154 | revalidate();
155 | repaint();
156 | tabbedPane.revalidate();
157 | tabbedPane.repaint();
158 | }
159 |
160 | private void addSingleTableForSections(List sections, JPanel tab) {
161 | LOGGER.info("Setting hex enabled to " + hexEnabled);
162 | JTable table = new PEFieldsTable(hexEnabled);
163 | DefaultTableModel model = new PEFieldsTable.PETableModel();
164 |
165 | createTableHeaderForSections(sections, model);
166 | createRowsForSections(sections, model);
167 |
168 | table.setModel(model);
169 | addTable(table, tab);
170 | }
171 |
172 | private void addTable(JTable table, JPanel tab) {
173 | tables.add(table);
174 | JScrollPane sPane = new JScrollPane(table);
175 | tab.add(sPane);
176 | }
177 |
178 | private void createRowsForSections(List sections, DefaultTableModel model) {
179 | // Section tables should only use string based sorting because there are mixed data types --> keep String[] type for rows
180 | List rows = new ArrayList<>();
181 | SectionLoader loader = new SectionLoader(peData.getPeData());
182 | boolean lowAlign = peData.getPeData().getOptionalHeader().isLowAlignmentMode();
183 |
184 | // collect entropy
185 | Stream entropyRow = sections.stream().map(s -> String.format("%1.2f", peData.getEntropyForSection(s.getNumber())));
186 | addStreamToRow(entropyRow, rows, "Entropy");
187 |
188 | // collect Pointer To Raw Data
189 | Stream ptrToRawRow = sections.stream().map(s -> toHexIfEnabled(s.get(SectionHeaderKey.POINTER_TO_RAW_DATA)));
190 | addStreamToRow(ptrToRawRow, rows, "Pointer To Raw Data");
191 |
192 | // collect aligned Pointer To Raw Data
193 |
194 | Stream alignedPtrRaw = sections.stream().map(s -> toHexIfEnabled(s.getAlignedPointerToRaw(lowAlign)));
195 | addStreamToRow(alignedPtrRaw, rows, "-> Aligned (act. start)");
196 |
197 | // collect Size of Raw Data
198 | Stream sizeRawRow = sections.stream().map(s -> toHexIfEnabled(s.get(SIZE_OF_RAW_DATA)));
199 | addStreamToRow(sizeRawRow, rows, "Size Of Raw Data");
200 |
201 | // collect actual read size
202 | Stream readSizeRow = sections.stream().map(s -> s.get(SIZE_OF_RAW_DATA) != loader.getReadSize(s) ? toHexIfEnabled(loader.getReadSize(s)) : "");
203 | addStreamToRow(readSizeRow, rows, "-> Actual Read Size");
204 |
205 | // collect Physical End
206 | Stream endRow = sections.stream().map(s -> toHexIfEnabled(loader.getReadSize(s) + s.getAlignedPointerToRaw(lowAlign)));
207 | addStreamToRow(endRow, rows, "-> Physical End");
208 |
209 | // collect VA
210 | Stream vaRow = sections.stream().map(s -> toHexIfEnabled(s.get(VIRTUAL_ADDRESS)));
211 | addStreamToRow(vaRow, rows, "Virtual Address");
212 |
213 | // collect alligned VA
214 | Stream vaAlignedRow = sections.stream().map(s -> s.get(VIRTUAL_ADDRESS) != s.getAlignedVirtualAddress(lowAlign) ? toHexIfEnabled(s.getAlignedVirtualAddress(lowAlign)) : "");
215 | addStreamToRow(vaAlignedRow, rows, "-> Aligned");
216 |
217 | // collect Virtual Size
218 | Stream vSizeRow = sections.stream().map(s -> toHexIfEnabled(s.get(VIRTUAL_SIZE)));
219 | addStreamToRow(vSizeRow, rows, "Virtual Size");
220 | // collect Actual Virtual Size
221 | Stream actSizeRow = sections.stream().map(s -> s.get(VIRTUAL_SIZE) != loader.getActualVirtSize(s) ? toHexIfEnabled(loader.getActualVirtSize(s)) : "");
222 | addStreamToRow(actSizeRow, rows, "-> Actual Virtual Size");
223 | // collect Virtual End
224 | Stream veRow = sections.stream().map(s -> toHexIfEnabled(s.getAlignedVirtualAddress(lowAlign) + loader.getActualVirtSize(s)));
225 | addStreamToRow(veRow, rows, "-> Virtual End");
226 | // collect Pointer To Relocations
227 | Stream relocRow = sections.stream().map(s -> toHexIfEnabled(s.get(POINTER_TO_RELOCATIONS)));
228 | addStreamToRow(relocRow, rows, "Pointer To Relocations");
229 | // collect Number Of Relocations
230 | Stream numreRow = sections.stream().map(s -> toHexIfEnabled(s.get(NUMBER_OF_RELOCATIONS)));
231 | addStreamToRow(numreRow, rows, "Number Of Relocations");
232 | // collect Pointer To Line Numbers
233 | Stream linRow = sections.stream().map(s -> toHexIfEnabled(s.get(POINTER_TO_LINE_NUMBERS)));
234 | addStreamToRow(linRow, rows, "Pointer To Line Numbers");
235 | // collect Number Of Line Numbers
236 | Stream numLinRow = sections.stream().map(s -> toHexIfEnabled(s.get(NUMBER_OF_LINE_NUMBERS)));
237 | addStreamToRow(numLinRow, rows, "Number Of Line Numbers");
238 |
239 | for(SectionCharacteristic ch : SectionCharacteristic.values()) {
240 | Stream secCharRow = sections.stream().map(s -> s.getCharacteristics().contains(ch) ? "x" : "");
241 | addStreamToRow(secCharRow, rows, ch.shortName());
242 | }
243 |
244 | // add all rows to model
245 | for(String[] row : rows) {
246 | model.addRow(row);
247 | }
248 | }
249 |
250 | private void addStreamToRow(Stream aStream, List rows, String title) {
251 | List list = aStream.collect(Collectors.toList());
252 | boolean hasContent = false;
253 | for(String l : list) {
254 | if (!l.equals("")) {
255 | hasContent = true;
256 | break;
257 | }
258 | }
259 | if(hasContent) {
260 | list.add(0, title);
261 | rows.add(list.toArray(new String[0]));
262 | }
263 | }
264 |
265 | private String toHexIfEnabled(Long num) {
266 | if(hexEnabled) {
267 | return "0x" + Long.toHexString(num);
268 | }
269 | return num.toString();
270 | }
271 |
272 | private void createTableHeaderForSections(List sections, DefaultTableModel model) {
273 | List names = sections.stream().map(h -> h.getNumber() + ". " + h.getName()).collect(Collectors.toList());
274 | names.add(0,"");
275 | String[] tableHeader = names.toArray(new String[0]);
276 | model.setColumnIdentifiers(tableHeader);
277 | }
278 |
279 | public void setHexEnabled(boolean hexEnabled) {
280 | this.hexEnabled = hexEnabled;
281 | if(peData == null) {return;}
282 | initializeContent();
283 | }
284 | }
285 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/TabbedPanel.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2023 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui.pedetails;
19 |
20 | import com.github.struppigel.parser.StandardField;
21 | import com.github.struppigel.gui.PEFieldsTable;
22 | import com.github.struppigel.gui.utils.TableContent;
23 | import org.apache.logging.log4j.LogManager;
24 | import org.apache.logging.log4j.Logger;
25 |
26 | import javax.swing.*;
27 | import javax.swing.table.DefaultTableModel;
28 | import java.awt.*;
29 | import java.util.ArrayList;
30 | import java.util.Arrays;
31 | import java.util.List;
32 |
33 | public class TabbedPanel extends JPanel {
34 |
35 | private static final Logger LOGGER = LogManager.getLogger();
36 | private final List tables = new ArrayList<>();
37 | private final JTabbedPane tabbedPane = new JTabbedPane();
38 | private final FileContentPreviewPanel previewPanel;
39 | private List tableHeader = new ArrayList<>();
40 | private List contents = new ArrayList<>();
41 | private boolean hexEnabled = true;
42 |
43 | public TabbedPanel(FileContentPreviewPanel previewPanel) {
44 | LOGGER.debug("Tabbed Panel constructor");
45 | this.previewPanel = previewPanel;
46 | this.setLayout(new GridLayout(0,1));
47 | add(tabbedPane);
48 | }
49 |
50 | public void setContent(List contents, String[] tableHeader) {
51 | this.contents = contents;
52 | this.tableHeader = Arrays.asList(tableHeader);
53 | initializeContent();
54 | }
55 |
56 | private void cleanUpTabsAndTables() {
57 | tabbedPane.removeAll();
58 | tables.clear();
59 | LOGGER.debug("Tabs and tables cleared");
60 | }
61 |
62 | public void initializeContent() {
63 | LOGGER.debug("Init tabs for tables");
64 | cleanUpTabsAndTables();
65 | List tabs = initTabsAndTables();
66 | refreshPanel(tabs);
67 | }
68 |
69 | private void refreshPanel(List tabs) {
70 | LOGGER.debug("Refreshing tabs");
71 | for(JTable tbl : tables) {
72 | tbl.revalidate();
73 | tbl.repaint();
74 | }
75 | for(JPanel tab : tabs) {
76 | tab.revalidate();
77 | tab.repaint();
78 | }
79 | revalidate();
80 | repaint();
81 | tabbedPane.revalidate();
82 | tabbedPane.repaint();
83 | }
84 |
85 | private String toHexIfEnabled(Long num) {
86 | if(hexEnabled) {
87 | return "0x" + Long.toHexString(num);
88 | }
89 | return num.toString();
90 | }
91 |
92 | public void setHexEnabled(boolean hexEnabled) {
93 | this.hexEnabled = hexEnabled;
94 | initializeContent();
95 | }
96 |
97 | private List initTabsAndTables() {
98 | List tabs = new ArrayList<>();
99 | for(TableContent content : contents) {
100 | String title = content.getTitle();
101 | JPanel tab = createTabWithTitle(title);
102 | tabs.add(tab);
103 | addSingleTableForContent(content, tab);
104 | }
105 | return tabs;
106 | }
107 |
108 | private JPanel createTabWithTitle(String title) {
109 | JPanel tab = new JPanel();
110 | tab.setLayout(new GridLayout(0, 1));
111 | tabbedPane.addTab(title, tab);
112 | return tab;
113 | }
114 |
115 | private void addSingleTableForContent(TableContent content, JPanel tab) {
116 | LOGGER.info("Setting hex enabled to " + hexEnabled);
117 | PEFieldsTable table = new PEFieldsTable(hexEnabled);
118 | DefaultTableModel model = new PEFieldsTable.PETableModel();
119 | table.setPreviewOffsetColumn(2, previewPanel);
120 | // add table header
121 | String[] header = tableHeader.toArray(new String[0]);
122 | model.setColumnIdentifiers(header);
123 | createRows(content, model);
124 |
125 | table.setModel(model);
126 | addTableAndDescription(table, tab, content.getDescription());
127 | }
128 | private void createRows(TableContent content, DefaultTableModel model) {
129 | for(StandardField field : content) {
130 | Object[] row = {field.getDescription(), field.getValue(), field.getOffset()};
131 | model.addRow(row);
132 | }
133 | }
134 |
135 | private void addTableAndDescription(JTable table, JPanel tab, String description) {
136 | tables.add(table);
137 | if(description.length() > 0) {
138 | tab.add(new JScrollPane(new JTextArea(description)));
139 | }
140 | JScrollPane sPane = new JScrollPane(table);
141 | tab.add(sPane);
142 | }
143 |
144 | }
145 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/signatures/EmptyRuleMatch.java:
--------------------------------------------------------------------------------
1 | package com.github.struppigel.gui.pedetails.signatures;
2 |
3 | import java.util.ArrayList;
4 | import java.util.List;
5 |
6 | public class EmptyRuleMatch implements RuleMatch {
7 |
8 | private static final String message = "no matches found";
9 | @Override
10 | public Object[] toSummaryRow() {
11 | Object[] row = {message,"",""};
12 | return row;
13 | }
14 |
15 | // {"Rule name" , "Pattern name", "Pattern content", "Offset", "Location"};
16 | @Override
17 | public List toPatternRows() {
18 | List row = new ArrayList<>();
19 | Object[] obj = {message, "","","",""};
20 | row.add(obj);
21 | return row;
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/signatures/PEidRuleMatch.java:
--------------------------------------------------------------------------------
1 | package com.github.struppigel.gui.pedetails.signatures;
2 |
3 | import java.util.List;
4 | import java.util.stream.Collectors;
5 |
6 | public class PEidRuleMatch implements RuleMatch {
7 | final String ruleName;
8 | private final List patterns;
9 | private final String scanMode;
10 | private final String scannerName;
11 |
12 |
13 | public PEidRuleMatch(String ruleName, String scanMode, List patterns, String scannerName) {
14 | this.ruleName = ruleName;
15 | this.patterns = patterns;
16 | this.scanMode = scanMode;
17 | this.scannerName = scannerName;
18 | }
19 |
20 | // {"Source", "Match name", "Scan mode"};
21 | public Object[] toSummaryRow() {
22 | Object[] row = {scannerName, ruleName, scanMode};
23 | return row;
24 | }
25 | // {"Rule name", "Pattern", "Content", "Offset"}
26 | public List toPatternRows() {
27 | return patterns.stream().map(p -> p.toPatternRow(ruleName)).collect(Collectors.toList());
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/signatures/PEidScanner.java:
--------------------------------------------------------------------------------
1 | package com.github.struppigel.gui.pedetails.signatures;
2 |
3 | import com.github.struppigel.parser.sections.rsrc.Resource;
4 | import com.github.struppigel.tools.Overlay;
5 | import com.github.struppigel.tools.sigscanner.FileTypeScanner;
6 | import com.github.struppigel.tools.sigscanner.SignatureScanner;
7 | import com.github.struppigel.gui.FullPEData;
8 | import org.apache.logging.log4j.LogManager;
9 | import org.apache.logging.log4j.Logger;
10 |
11 | import javax.swing.*;
12 | import java.io.IOException;
13 | import java.util.ArrayList;
14 | import java.util.HashSet;
15 | import java.util.List;
16 | import java.util.Set;
17 | import java.util.concurrent.ExecutionException;
18 | import java.util.stream.Collectors;
19 |
20 | public class PEidScanner extends SwingWorker, Void> {
21 | private static final Logger LOGGER = LogManager.getLogger();
22 | private final SignaturesPanel signaturesPanel;
23 | private final FullPEData pedata;
24 |
25 | public PEidScanner(SignaturesPanel signaturesPanel, FullPEData data) {
26 | this.signaturesPanel = signaturesPanel;
27 | this.pedata = data;
28 | }
29 |
30 | @Override
31 | protected List doInBackground() {
32 | List result = entryPointScan(); // epOnly
33 | result.addAll(overlayScan()); // Overlay
34 | result.addAll(resourceScan()); // Resource
35 | return result;
36 | }
37 |
38 | private List entryPointScan() {
39 | List result;
40 | List matches = SignatureScanner.newInstance().scanAll(pedata.getFile(), true);
41 | result = toPeidRuleMatches(toPatternMatches(matches), "Entry Point", "PEiD");
42 | return result;
43 | }
44 |
45 | private List overlayScan() {
46 | Overlay overlay = pedata.getOverlay();
47 | List result = new ArrayList<>();
48 | try {
49 | long offset = overlay.getOffset();
50 | List overlayMatches = new SignatureScanner(SignatureScanner.loadOverlaySigs()).scanAt(pedata.getFile(), offset);
51 | List oMatch = toPeidRuleMatches(toPatternMatches(overlayMatches), "Overlay", "Filetype");
52 | result.addAll(oMatch);
53 | } catch (IOException e) {
54 | LOGGER.error("something went wrong while scanning the overlay " + e);
55 | }
56 | return result;
57 | }
58 |
59 | private List resourceScan() {
60 | List resMatches = new ArrayList<>();
61 | for (Resource r : pedata.getResources()) {
62 | long resOffset = r.rawBytesLocation().from();
63 | List filetypes = FileTypeScanner.apply(pedata.getFile()).scanAt(resOffset);
64 | resMatches.addAll(toPatternMatches(filetypes));
65 | }
66 | return toPeidRuleMatches(resMatches, "Resource", "Filetype");
67 | }
68 |
69 |
70 | private List toPatternMatches(List matches){
71 | return matches.stream().map(m -> toPatternMatch(m)).collect(Collectors.toList());
72 | }
73 |
74 | private PatternMatch toPatternMatch(SignatureScanner.SignatureMatch m) {
75 | String rulename = m.signature().name();
76 | if (rulename.startsWith("[")) {
77 | rulename = rulename.substring(1, rulename.length() - 1);
78 | }
79 | String pattern = m.signature().signatureString();
80 | long offset = m.address();
81 | return new PatternMatch(offset, rulename, pattern);
82 | }
83 |
84 | private List toPeidRuleMatches(List patterns, String scanMode, String scannerName) {
85 | List result = new ArrayList<>();
86 | // create unique list of all rule names
87 | Set uniqueRulenames = new HashSet<>();
88 | for(PatternMatch pattern : patterns) {
89 | uniqueRulenames.add(pattern.patternName);
90 | }
91 | // for every unique rule name get all patterns
92 | for(String rule : uniqueRulenames) {
93 | List rulePatterns = patterns.stream().filter(p -> p.patternName.equals(rule)).collect(Collectors.toList());
94 | // make pattern name empty string because it looks weird to see the same value for rule name and pattern name
95 | rulePatterns = rulePatterns.stream().map(p -> new PatternMatch(p.offset, "", p.patternContent)).collect(Collectors.toList());
96 | // create a PEiD rule match out of these patterns
97 | result.add(new PEidRuleMatch(rule, scanMode, rulePatterns, scannerName));
98 | }
99 | return result;
100 | }
101 |
102 | @Override
103 | protected void done() {
104 | if(isCancelled()){return;}
105 | try {
106 | List matches = get();
107 | signaturesPanel.buildPEiDTables(get());
108 | } catch (InterruptedException | ExecutionException e) {
109 | e.printStackTrace();
110 | LOGGER.error(e);
111 | }
112 |
113 | }
114 | }
115 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/signatures/PatternMatch.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui.pedetails.signatures;
19 |
20 | public class PatternMatch {
21 | final long offset;
22 | final String patternContent;
23 | String patternName;
24 | String location = "NaN";
25 |
26 | public PatternMatch(long offset, String patternName, String patternContent) {
27 | this.offset = offset;
28 | this.patternName = patternName;
29 | this.patternContent = patternContent;
30 | }
31 |
32 | // {"Rule name" , "Pattern name", "Pattern content", "Offset", "Location"};
33 | // TODO location cannot be implemented here because it needs to parse the whole PE again and this is only a getter
34 | public Object[] toPatternRow(String rulename) {
35 | Object[] row = {rulename, patternName, patternContent, offset, location};
36 | return row;
37 | }
38 |
39 | }
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/signatures/RuleMatch.java:
--------------------------------------------------------------------------------
1 | package com.github.struppigel.gui.pedetails.signatures;
2 |
3 | import java.util.List;
4 |
5 | public interface RuleMatch {
6 | public Object[] toSummaryRow();
7 | public List toPatternRows();
8 | }
9 |
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/signatures/SignaturesPanel.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui.pedetails.signatures;
19 |
20 | import java.util.List;
21 | import java.util.stream.Collectors;
22 |
23 | public class YaraRuleMatch implements RuleMatch {
24 | final String ruleName;
25 | final List patterns;
26 | final List tags;
27 |
28 | public YaraRuleMatch(String ruleName, List patterns, List tags) {
29 | this.ruleName = ruleName;
30 | this.patterns = patterns;
31 | this.tags = tags;
32 | }
33 |
34 | // {"Source", "Match name", "Scan mode"};
35 | public Object[] toSummaryRow() {
36 | Object[] row = {"Yara", ruleName, "Full file"};
37 | return row;
38 | }
39 |
40 | public List toPatternRows() {
41 | return patterns.stream().map(p -> p.toPatternRow(ruleName)).collect(Collectors.toList());
42 | }
43 | }
--------------------------------------------------------------------------------
/src/main/java/com/github/struppigel/gui/pedetails/signatures/YaraScanner.java:
--------------------------------------------------------------------------------
1 | /**
2 | * *****************************************************************************
3 | * Copyright 2022 Karsten Hahn
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | * ****************************************************************************
17 | */
18 | package com.github.struppigel.gui.utils;
19 |
20 | import com.github.struppigel.parser.*;
21 | import com.github.struppigel.parser.sections.SectionHeader;
22 | import com.github.struppigel.parser.sections.SectionLoader;
23 | import com.github.struppigel.parser.sections.SectionTable;
24 | import com.github.struppigel.parser.sections.clr.*;
25 | import com.github.struppigel.parser.sections.debug.*;
26 | import com.github.struppigel.parser.sections.edata.ExportEntry;
27 | import com.github.struppigel.parser.sections.edata.ExportNameEntry;
28 | import com.github.struppigel.parser.sections.idata.*;
29 | import com.github.struppigel.parser.sections.rsrc.IDOrName;
30 | import com.github.struppigel.parser.sections.rsrc.Level;
31 | import com.github.struppigel.parser.sections.rsrc.Resource;
32 | import com.github.struppigel.parser.sections.rsrc.version.VersionInfo;
33 | import com.github.struppigel.tools.*;
34 | import com.github.struppigel.tools.anomalies.Anomaly;
35 | import com.github.struppigel.tools.anomalies.PEAnomalyScanner;
36 | import com.github.struppigel.tools.sigscanner.FileTypeScanner;
37 | import com.github.struppigel.tools.sigscanner.SignatureScanner;
38 | import com.github.struppigel.gui.FullPEData;
39 | import com.github.struppigel.gui.MainFrame;
40 | import com.google.common.base.Optional;
41 | import org.apache.logging.log4j.LogManager;
42 | import org.apache.logging.log4j.Logger;
43 |
44 | import javax.swing.*;
45 | import java.io.File;
46 | import java.io.IOException;
47 | import java.security.MessageDigest;
48 | import java.security.NoSuchAlgorithmException;
49 | import java.util.ArrayList;
50 | import java.util.List;
51 | import java.util.Map;
52 | import java.util.concurrent.ExecutionException;
53 | import java.util.stream.Collectors;
54 | import java.util.stream.Stream;
55 |
56 | /**
57 | * Loads and computes all the data related to PE files, so that this code does not run in the event dispatch thread.
58 | * Everything that is too complicated here must be improved in the library PortEx.
59 | */
60 | public class PELoadWorker extends SwingWorker {
61 | private static final Logger LOGGER = LogManager.getLogger();
62 | private final String NL = System.getProperty("line.separator");
63 | private final File file;
64 | private final MainFrame frame;
65 | private final JLabel progressText;
66 |
67 | public PELoadWorker(File file, MainFrame frame, JLabel progressText) {
68 | this.file = file;
69 | this.frame = frame;
70 | this.progressText = progressText;
71 | }
72 |
73 | @Override
74 | protected FullPEData doInBackground() throws Exception {
75 | setProgress(0);
76 | publish("Loading Headers...");
77 | PEData data = PELoader.loadPE(file);
78 | java.util.Optional maybeCLR = loadCLRSection(data).transform(java.util.Optional::of).or(java.util.Optional.empty());
79 | List dotnetMetaDataRootEntries = createDotNetMetadataRootEntries(maybeCLR);
80 | List dotNetStreamHeaders = createDotNetStreamHeaders(maybeCLR);
81 | List optimizedStreamEntries = createOptimizedStreamEntries(maybeCLR);
82 | Map>> clrTables = data.loadCLRTables();
83 | Map> clrTableHeaders = data.loadCLRTableHeaders();
84 | setProgress(10);
85 |
86 | publish("Calculating Hashes...");
87 | ReportCreator r = ReportCreator.newInstance(data.getFile());
88 | String hashesReport = createHashesReport(data);
89 | List hashesForSections = createHashTableEntries(data);
90 | setProgress(20);
91 |
92 | publish("Calculating Entropies...");
93 | double[] sectionEntropies = calculateSectionEntropies(data);
94 | setProgress(30);
95 |
96 | publish("Extracting Imports...");
97 | List importDLLs = data.loadImports();
98 | List delayDLLs = data.loadDelayLoadImports();
99 | List impEntries = createImportTableEntries(importDLLs);
100 | List delayLoadEntries = createImportTableEntries(delayDLLs);
101 | List boundImportEntries = createBoundImportEntries(data);
102 | setProgress(40);
103 |
104 | publish("Scanning for signatures...");
105 | String rehintsReport = r.reversingHintsReport();
106 | setProgress(50);
107 |
108 | publish("Loading Resources...");
109 | List resourceTableEntries = createResourceTableEntries(data);
110 | List manifests = data.loadManifests();
111 | List vsInfoTable = createVersionInfoEntries(data);
112 | List stringTableEntries = createStringTableEntries(data);
113 | setProgress(60);
114 |
115 | publish("Loading Exports...");
116 | List exports = data.loadExports();
117 | List exportEntries = createExportTableEntries(data);
118 | setProgress(70);
119 |
120 | publish("Loading Debug Info...");
121 | List debugTableEntries = getDebugTableEntries(data);
122 | data.loadExtendedDllCharacteristics(); // preload it so it can be accessed next time
123 | setProgress(80);
124 |
125 | publish("Scanning for Anomalies...");
126 | List anomaliesTable = createAnomalyTableEntries(data);
127 | setProgress(90);
128 |
129 | publish("Scanning Overlay...");
130 | Overlay overlay = new Overlay(data);
131 | double overlayEntropy = ShannonEntropy.entropy(data.getFile(), overlay.getOffset(), overlay.getSize());
132 | List overlaySignatures = new SignatureScanner(SignatureScanner.loadOverlaySigs()).scanAtToString(data.getFile(), overlay.getOffset());
133 | setProgress(100);
134 |
135 | publish("Done!");
136 | return new FullPEData(data, overlay, overlayEntropy, overlaySignatures, sectionEntropies, importDLLs,
137 | impEntries, delayLoadEntries, boundImportEntries, resourceTableEntries, data.loadResources(), manifests, exportEntries, exports,
138 | hashesReport, hashesForSections, anomaliesTable, debugTableEntries, vsInfoTable,
139 | rehintsReport, stringTableEntries, dotnetMetaDataRootEntries, maybeCLR, dotNetStreamHeaders,
140 | optimizedStreamEntries, clrTables, clrTableHeaders);
141 | }
142 |
143 | private Object[] createBoundImportEntry(BoundImportDescriptor bi) {
144 | List