adding header bytes to SmdaReport for future processing

Author: danielplohmann

smda/common/BinaryInfo.py

@@ -75,3 +75,12 @@ def isInCodeAreas(self, address):
         else:
             is_inside = any([a[0] <= address < a[1] for a in self.code_areas])
         return is_inside
+
+    def getHeaderBytes(self):
+        if self.raw_data:
+            lief_result = lief.parse(self.raw_data)
+            if isinstance(lief_result, lief.PE.Binary):
+                return self.raw_data[:0x400]
+            elif isinstance(lief_result, lief.ELF.Binary):
+                return self.raw_data[:0x40]
+        return None

smda/common/SmdaReport.py

@@ -55,6 +55,7 @@ class SmdaReport(object):
     timestamp = None
     version = None
     xcfg = None
+    xheader = None
 
     # on first usage, initialize codexrefs objects for all functions based on inrefs/outrefs (requires knowledge about all functions)
     _has_codexrefs = False
@@ -95,6 +96,7 @@ def __init__(self, disassembly=None, config=None, buffer=None):
             self.timestamp = datetime.datetime.now(datetime.timezone.utc)
             self.version = disassembly.binary_info.version
             self.xcfg = self._convertCfg(disassembly, config=config)
+            self.xheader = disassembly.binary_info.getHeaderBytes()
 
     def _convertCfg(self, disassembly, config=None):
         function_results = {}
@@ -257,6 +259,7 @@ def fromDict(cls, report_dict) -> Optional["SmdaReport"]:
         binary_info.binary_size = smda_report.binary_size
         binary_info.oep = smda_report.oep
         smda_report.xcfg = {int(function_addr): SmdaFunction.fromDict(function_dict, binary_info=binary_info, version=smda_report.smda_version, smda_report=smda_report) for function_addr, function_dict in report_dict["xcfg"].items()}
+        smda_report.xheader = bytes.fromhex(report_dict["xheader"]) if "xheader" in report_dict else None
         return smda_report
 
     def toDict(self) -> dict:
@@ -289,7 +292,8 @@ def toDict(self) -> dict:
             "statistics": self.statistics.toDict(),
             "status": self.status,
             "timestamp": self.timestamp.strftime("%Y-%m-%dT%H-%M-%S"),
-            "xcfg": {function_addr: smda_function.toDict() for function_addr, smda_function in self.xcfg.items()}
+            "xcfg": {function_addr: smda_function.toDict() for function_addr, smda_function in self.xcfg.items()},
+            "xheader": self.xheader.hex(),
         }
 
     @classmethod

tests/testFileFormatParsers.py

@@ -2,6 +2,7 @@
 
 import logging
 import os
+import lief
 import unittest
 
 from smda.utility.FileLoader import FileLoader
@@ -46,6 +47,10 @@ def testPeParsingWithCutwail(self):
         binary_info.code_areas = loader.getCodeAreas()
         binary_info.oep = binary_info.getOep()
         cutwail_binary_info = binary_info
+        # parse bytes of 0x400 truncated PE header
+        pe_header = lief.parse(binary_info.getHeaderBytes())
+        assert pe_header.dos_header.magic == 0x5A4D
+        assert pe_header.header.machine == 0x14C
         cutwail_disassembly = disasm._disassemble(binary_info)
         cutwail_unmapped_disassembly = disasm.disassembleUnmappedBuffer(cutwail_binary)
         assert cutwail_unmapped_disassembly.num_functions == 33