Changeset 499
- Timestamp:
- 04/08/06 20:40:14 (3 years ago)
- Files:
-
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.cpp (modified) (2 diffs)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.cpp (modified) (2 diffs)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.cpp (modified) (2 diffs)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_xor.cpp (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.cpp
r445 r499 81 81 continue; 82 82 83 log Info(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));83 logSpam(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i])); 84 84 const char *match = NULL; 85 85 pcre_get_substring((char *) shellcode, (int *)ovec, (int)matchCount, i, &match); nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.cpp
r445 r499 87 87 if ( (matchCount = pcre_exec(m_Pcre, 0, (char *) shellcode, len, 0, 0, (int *)ovec, sizeof(ovec)/sizeof(int32_t))) > 0 ) 88 88 { 89 log Crit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);89 logSpam("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems); 90 90 int32_t i; 91 91 for ( i=0; i < m_MapItems; i++ ) nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.cpp
r445 r499 90 90 if ( (matchCount = pcre_exec(m_Pcre, 0, (char *) shellcode, len, 0, 0, (int *)ovec, sizeof(ovec)/sizeof(int32_t))) > 0 ) 91 91 { 92 log Crit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);92 logSpam("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems); 93 93 int32_t i; 94 94 for ( i=0; i < m_MapItems; i++ ) … … 98 98 99 99 100 log Info(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));100 logSpam(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i])); 101 101 const char *match = NULL; 102 102 pcre_get_substring((char *) shellcode, (int *)ovec, (int)matchCount, i, &match); nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.cpp
r445 r499 94 94 if ( (matchCount = pcre_exec(m_Pcre, 0, (char *) shellcode, len, 0, 0, (int *)ovec, sizeof(ovec)/sizeof(int32_t))) > 0 ) 95 95 { 96 log Crit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);96 logSpam("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems); 97 97 int32_t i; 98 98 for ( i=0; i < m_MapItems; i++ ) … … 102 102 103 103 104 log Info(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));104 logSpam(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i])); 105 105 const char *match = NULL; 106 106 pcre_get_substring((char *) shellcode, (int *)ovec, (int)matchCount, i, &match); nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.cpp
r445 r499 77 77 pcre_get_substring((char *) shellcode, (int *)ovec, (int)matchCount, 1, &match); 78 78 79 log Info("%s \"%s\" \n",m_ShellcodeHandlerName.c_str(), match);79 logSpam("%s \"%s\" \n",m_ShellcodeHandlerName.c_str(), match); 80 80 81 81 if (g_Nepenthes->getFactoryMgr()->getFactory("WinNTShell DialogueFactory") == NULL) nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.cpp
r445 r499 76 76 if ( (matchCount = pcre_exec(m_Pcre, 0, (char *) shellcode, len, 0, 0, (int *)ovec, sizeof(ovec)/sizeof(int32_t))) > 0 ) 77 77 { 78 log Crit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);78 logSpam("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems); 79 79 int32_t i; 80 80 for ( i=0; i < m_MapItems; i++ ) … … 83 83 continue; 84 84 85 log Info(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));85 logSpam(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i])); 86 86 const char *match = NULL; 87 87 int matchSize = pcre_get_substring((char *) shellcode, (int *)ovec, (int)matchCount, i, &match); nepenthes/trunk/modules/shellcode-signatures/sch_namespace_xor.cpp
r471 r499 97 97 if ( (matchCount = pcre_exec(m_Pcre, 0, (char *) shellcode, len, 0, 0, (int *)ovec, sizeof(ovec)/sizeof(int32_t))) > 0 ) 98 98 { 99 log Crit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);99 logSpam("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems); 100 100 int32_t i; 101 101 for ( i=0; i < m_MapItems; i++ ) … … 104 104 continue; 105 105 106 log Info(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));106 logSpam(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i])); 107 107 const char *match = NULL; 108 108 int matchSize = pcre_get_substring((char *) shellcode, (int *)ovec, (int)matchCount, i, &match); … … 230 230 memcpy(newshellcode+preSize+decoderSize ,decodedMessage ,postSize); 231 231 232 g_Nepenthes->getUtilities()->hexdump(l_crit,(byte *)newshellcode, len);232 // g_Nepenthes->getUtilities()->hexdump(l_crit,(byte *)newshellcode, len); 233 233 234 234 Message *newMessage = new Message((char *)newshellcode, len, (*msg)->getLocalPort(), (*msg)->getRemotePort(),
