Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes typos in ExtractOffsets script

Browse Source
This commit is contained in:
Qazeer
2022-01-17 23:51:05 +01:00
parent d29986ab80
commit 744754ae04
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Offsets/ExtractOffsets.py
+6 -6
View File
@@ -68,7 +68,7 @@ def downloadSpecificFile(entry, pe_basename, pe_ext, knownPEVersions, output_fol
print(f'[!] ERROR : Could not download {pe_name} version {version} (URL: {url}).') print(f'[!] ERROR : Could not download {pe_name} version {version} (URL: {url}).')
return "KO" return "KO"
def dowloadPEFileFromMS(pe_basename, pe_ext, knownPEVersions, output_folder): def downloadPEFileFromMS(pe_basename, pe_ext, knownPEVersions, output_folder):
pe_name = f'{pe_basename}.{pe_ext}' pe_name = f'{pe_basename}.{pe_ext}'
print (f'[*] Downloading {pe_name} files!') print (f'[*] Downloading {pe_name} files!')
@@ -218,10 +218,10 @@ if __name__ == '__main__':
parser.add_argument('mode', help='ntoskrnl or wdigest. Mode to download and extract offsets for either ntoskrnl or wdigest') parser.add_argument('mode', help='ntoskrnl or wdigest. Mode to download and extract offsets for either ntoskrnl or wdigest')
parser.add_argument('-i', '--input', dest='input', required=True, parser.add_argument('-i', '--input', dest='input', required=True,
help='Single file or directory containing ntoskrnl.exe / wdigest.dll to extract offsets from. If in dowload mode, the PE downloaded from MS symbols servers will be placed in this folder.') help='Single file or directory containing ntoskrnl.exe / wdigest.dll to extract offsets from. If in download mode, the PE downloaded from MS symbols servers will be placed in this folder.')
parser.add_argument('-o', '--output', dest='output', parser.add_argument('-o', '--output', dest='output',
help='CSV file to write offsets to. If the specified file already exists, only new ntoskrnl versions will be downloaded / analyzed. Defaults to NtoskrnlOffsets.csv / WdigestOffsets.csv in the current folder.') help='CSV file to write offsets to. If the specified file already exists, only new ntoskrnl versions will be downloaded / analyzed. Defaults to NtoskrnlOffsets.csv / WdigestOffsets.csv in the current folder.')
parser.add_argument('-d', '--dowload', dest='dowload', action='store_true', parser.add_argument('-d', '--download', dest='download', action='store_true',
help='Flag to download the PE from Microsoft servers using list of versions from winbindex.m417z.com.') help='Flag to download the PE from Microsoft servers using list of versions from winbindex.m417z.com.')
args = parser.parse_args() args = parser.parse_args()
@@ -269,14 +269,14 @@ if __name__ == '__main__':
else: else:
assert False assert False
# In download mode, an updated list of image versions published will be retrieved from https://winbindex.m417z.com. # In download mode, an updated list of image versions published will be retrieved from https://winbindex.m417z.com.
# The symbols for each version will be dowloaded from the Microsoft symbols servers. # The symbols for each version will be downloaded from the Microsoft symbols servers.
# Only new versions will be downloaded if the specified output file already contains offsets. # Only new versions will be downloaded if the specified output file already contains offsets.
if (args.dowload): if (args.download):
if not os.path.isdir(args.input): if not os.path.isdir(args.input):
print('[!] ERROR : in download mode, -i / --input option must specify a folder') print('[!] ERROR : in download mode, -i / --input option must specify a folder')
exit(1) exit(1)
extension = extensions_by_mode[mode] extension = extensions_by_mode[mode]
dowloadPEFileFromMS(mode, extension, knownImageVersions[mode], args.input) downloadPEFileFromMS(mode, extension, knownImageVersions[mode], args.input)
# Extract the offsets from the specified file or the folders containing image files. # Extract the offsets from the specified file or the folders containing image files.
extractOffsets(args.input, args.output, mode) extractOffsets(args.input, args.output, mode)