From 95fd790f7293b460d87051f719cd285dd25de2ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leandro=20Fr=C3=B3es?= Date: Wed, 24 Mar 2021 14:55:31 -0300 Subject: [PATCH] v2.2 --- Makefile | 2 +- README.md | 2 +- main.go | 4 ++-- pkg/cache/cache.go | 12 ++++++++---- pkg/scrapy/function.go | 24 ++++++++++++++++-------- pkg/scrapy/google.go | 8 ++++---- pkg/scrapy/structure.go | 6 +++--- pkg/scrapy/syscall.go | 10 +++++----- pkg/scrapy/type.go | 10 +++++----- pkg/utils/utils.go | 14 +++++++++----- 10 files changed, 54 insertions(+), 38 deletions(-) diff --git a/Makefile b/Makefile index 4c29f8e..91a3843 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ GOCMD=go all: build build: - $(GOCMD) build manw + $(GOCMD) build clean: rm -f manw diff --git a/README.md b/README.md index e1161d3..5174d50 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ BOOL CreateProcessA( LPPROCESS_INFORMATION lpProcessInformation ); -Return value: If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to initialize, the process is terminated. +Return value: If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. Example code: diff --git a/main.go b/main.go index 9dac9a4..5429608 100644 --- a/main.go +++ b/main.go @@ -55,14 +55,14 @@ OPTIONS: flag.Parse() - if(len(os.Args) < 2){ + if len(os.Args) < 2{ fmt.Fprintf(os.Stderr, usage) os.Exit(1) } var cachePath string - if(!cacheFlag){ + if !cacheFlag{ cachePath = config.Load() } diff --git a/pkg/cache/cache.go b/pkg/cache/cache.go index 1c01b98..7bde537 100644 --- a/pkg/cache/cache.go +++ b/pkg/cache/cache.go @@ -16,7 +16,11 @@ func addFunctionCache(search, cachePath string, api *utils.API) (entry string){ utils.CheckError(err) f.WriteString(api.Title + "\n\n") - f.WriteString("Exported by: " + api.DLL + "\n\n") + + if api.DLL != ""{ + f.WriteString("Exported by: " + api.DLL + "\n\n") + } + f.WriteString(api.Description + "\n\n") f.WriteString(api.CodeA + "\n") @@ -58,12 +62,12 @@ func addStructureCache(search, cachePath string, api *utils.API) (entry string){ func parseSyscallJson(data *map[string]interface{}, search string, f *os.File){ for k, v := range *data { - if(strings.HasPrefix(k, "Windows")){ + if strings.HasPrefix(k, "Windows"){ f.WriteString(k + "\n") - } else if(!strings.Contains(k, "Nt")){ + } else if !strings.Contains(k, "Nt"){ f.WriteString("\t- " + k + ": ") } - if(strings.ToLower(k) == strings.ToLower(search)){ + if strings.ToLower(k) == strings.ToLower(search){ switch v.(type){ case float64: s := fmt.Sprintf("%2.f\n", v) diff --git a/pkg/scrapy/function.go b/pkg/scrapy/function.go index eeead60..26d25a5 100644 --- a/pkg/scrapy/function.go +++ b/pkg/scrapy/function.go @@ -23,7 +23,7 @@ func ParseMSDNFunction(search, url string) *utils.API{ if e.Attr("property") == "og:title"{ funcTitle := strings.Split(strings.ToLower(e.Attr("content")), " ")[0] - if(!strings.Contains(funcTitle, search)){ + if !strings.Contains(funcTitle, search){ utils.Warning("Unable to find this Windows function.") } @@ -42,8 +42,16 @@ func ParseMSDNFunction(search, url string) *utils.API{ collector.OnHTML("meta", func(e *colly.HTMLElement){ if e.Attr("name") == "req.dll"{ - api.DLL = e.Attr("content") - return + if e.Attr("content") != ""{ + api.DLL = e.Attr("content") + return + } + } + if e.Attr("name") == "APILocation"{ + if strings.Contains(e.Attr("content"), ".dll"){ + api.DLL = e.Attr("content") + return + } } }) @@ -59,12 +67,12 @@ func ParseMSDNFunction(search, url string) *utils.API{ }) collector.OnHTML("p", func(e *colly.HTMLElement){ - re, err := regexp.Compile(".*(no error occurs|succeeds|fails|failure|returns|return value|returned).*(no error occurs|succeeds|fails|failure|returns|return value|returned)[^.]+") + re, err := regexp.Compile("^(If the function succeeds|The return value|Returns|This function does|If the function fails|If no error occurs)[^.]+.*[.]") utils.CheckError(err) match := re.FindString(e.Text) - + if match != ""{ - api.Return += match + ". " + api.Return += match api.Return = strings.ReplaceAll(api.Return, "\n", " ",) } }) @@ -81,8 +89,8 @@ func ParseMSDNFunction(search, url string) *utils.API{ func RunFunctionScraper(search, cachePath string){ search = strings.ToLower(search) - if(cachePath != ""){ - if(!cache.CheckCache(search, cachePath)){ + if cachePath != ""{ + if !cache.CheckCache(search, cachePath){ searchAux := "+api+function+msdn" url := GoogleMSDNSearch(search, searchAux) diff --git a/pkg/scrapy/google.go b/pkg/scrapy/google.go index fd0ec34..352376e 100644 --- a/pkg/scrapy/google.go +++ b/pkg/scrapy/google.go @@ -26,10 +26,10 @@ func GoogleMSDNSearch(search, searchAux string) string{ item := sellector.Eq(node) link, _ := item.Attr("href") - re, err := regexp.Compile("https://docs.microsoft.com/en-us/windows+") + re, err := regexp.Compile("https://docs.microsoft.com/en-us/+") utils.CheckError(err) - if(re.MatchString(link)) { + if re.MatchString(link) { tmpUrl := strings.Split(link, "=")[5] result = strings.Split(tmpUrl, "&")[0] return @@ -49,7 +49,7 @@ func GoogleMSDNSearch(search, searchAux string) string{ func GoogleKernelSearch(search, searchAux string) string{ baseUrl := "https://www.google.com/search?q=" - if(!strings.HasPrefix(search, "_")){ + if !strings.HasPrefix(search, "_"){ search = "_" + search } @@ -71,7 +71,7 @@ func GoogleKernelSearch(search, searchAux string) string{ re, err := regexp.Compile("https://www.nirsoft.net/kernel_struct/+") utils.CheckError(err) - if(re.MatchString(link)) { + if re.MatchString(link) { tmpUrl := strings.Split(link, "=")[5] result = strings.Split(tmpUrl, "&")[0] return diff --git a/pkg/scrapy/structure.go b/pkg/scrapy/structure.go index 4018fbd..e4653de 100644 --- a/pkg/scrapy/structure.go +++ b/pkg/scrapy/structure.go @@ -23,7 +23,7 @@ func ParseMSDNStructure(search, url string) *utils.API{ if e.Attr("property") == "og:title"{ strucTitle := strings.Split(strings.ToLower(e.Attr("content")), " ")[0] - if(!strings.Contains(strucTitle, search)){ + if !strings.Contains(strucTitle, search){ utils.Warning("Unable to find this Windows structure.") } @@ -78,8 +78,8 @@ func ParseMSDNStructure(search, url string) *utils.API{ func RunStructureScraper(search, cachePath string){ search = strings.ToLower(search) - if(cachePath != ""){ - if(!cache.CheckCache(search, cachePath)){ + if cachePath != ""{ + if !cache.CheckCache(search, cachePath){ searchAux := "+structure+msdn" url := GoogleMSDNSearch(search, searchAux) diff --git a/pkg/scrapy/syscall.go b/pkg/scrapy/syscall.go index bd48d49..74b0f87 100644 --- a/pkg/scrapy/syscall.go +++ b/pkg/scrapy/syscall.go @@ -24,7 +24,7 @@ func parseSyscallRepo(search, url string) map[string]interface{}{ utils.CheckError(err) match := re.FindString(strings.ToLower(string(body))) - if(match == ""){ + if match == ""{ utils.Warning("Unable to find this Windows Syscall ID.") } @@ -39,18 +39,18 @@ func RunSyscallScraper(search, arch, cachePath string){ search = strings.ToLower(search) - if(arch == "x64" || arch == "amd64" || arch == "x86_64" ){ + if arch == "x64" || arch == "amd64" || arch == "x86_64" { url = "https://raw.githubusercontent.com/j00ru/windows-syscalls/master/x64/json/nt-per-system.json" arch = "_x64" - } else if(arch == "x86" || arch == "i386" || arch == "80386"){ + } else if arch == "x86" || arch == "i386" || arch == "80386"{ url = "https://raw.githubusercontent.com/j00ru/windows-syscalls/master/x86/json/nt-per-system.json" arch = "_x86" } else { utils.Warning("Missing architecture (-a) value.") } - if(cachePath != ""){ - if(!cache.CheckSyscallCache(search, arch, cachePath)){ + if cachePath != ""{ + if !cache.CheckSyscallCache(search, arch, cachePath){ jsonData := parseSyscallRepo(search, url) cache.RunSyscallCache(&jsonData, search, arch, cachePath) } diff --git a/pkg/scrapy/type.go b/pkg/scrapy/type.go index e42e2a3..b684729 100644 --- a/pkg/scrapy/type.go +++ b/pkg/scrapy/type.go @@ -29,7 +29,7 @@ func parseMSDNDataType(search, url string) string{ strSlice := strings.Split(e.Text, "\n") dataTypeInfo += "\nData Type: " for i, str := range strSlice{ - if(i > 0 && i < len(strSlice) -1){ + if i > 0 && i < len(strSlice) - 1{ dataTypeInfo += str + "\n\n" } } @@ -48,8 +48,8 @@ func parseMSDNDataType(search, url string) string{ func RunTypeScraper(search, cachePath string){ search = strings.ToLower(search) - if(cachePath != ""){ - if(!cache.CheckCache(search, cachePath)){ + if cachePath != ""{ + if !cache.CheckCache(search, cachePath){ searchAux := "+windows+data+type+msdn" url := GoogleMSDNSearch(search, searchAux) @@ -60,7 +60,7 @@ func RunTypeScraper(search, cachePath string){ dataTypeInfo := parseMSDNDataType(search, url) - if(dataTypeInfo == ""){ + if dataTypeInfo == ""{ utils.Warning("Unable to find this Windows data type.") } @@ -77,7 +77,7 @@ func RunTypeScraper(search, cachePath string){ dataTypeInfo := parseMSDNDataType(search, url) - if(dataTypeInfo == ""){ + if dataTypeInfo == ""{ utils.Warning("Unable to find this Windows data type.") } diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index f664b2e..d245368 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -19,7 +19,7 @@ type API struct { } func CheckError(err error){ - if(err != nil){ + if err != nil{ log.Fatal(err) } } @@ -40,7 +40,11 @@ func GenericPrint(data string){ func PrintMSDNFunc(api *API){ fmt.Printf(api.Title + "\n\n") - fmt.Printf("Exported by: " + api.DLL + "\n\n") + + if api.DLL != ""{ + fmt.Printf("Exported by: " + api.DLL + "\n\n") + } + fmt.Printf(api.Description + "\n\n") fmt.Printf(api.CodeA + "\n") @@ -73,12 +77,12 @@ func PrintMSDNStructure(api *API){ func PrintSyscallJson(data *map[string]interface{}, search string){ for k, v := range *data { - if(strings.HasPrefix(k, "Windows")){ + if strings.HasPrefix(k, "Windows"){ fmt.Printf("%s\n", k) - } else if(!strings.Contains(k, "Nt")){ + } else if !strings.Contains(k, "Nt"){ fmt.Printf("\t- %s: ", k) } - if(strings.ToLower(k) == strings.ToLower(search)){ + if strings.ToLower(k) == strings.ToLower(search){ switch v.(type){ case float64: fmt.Printf("%2.f\n", v)