upload win exe for symbols

orochi/templates/website/list_symbols.html

@@ -22,7 +22,7 @@
                         <i class="fa fa-upload"></i> Symbols
                     </button>
                     <button type="button" class="btn btn-sm btn-secondary" id="upload-packages">
-                        <i class="fa fa-upload"></i> Linux Package
+                        <i class="fa fa-upload"></i> .deb .ddeb .rmp .exe
                     </button>
                     <button type="button" class="btn btn-sm btn-success" id="download-isf">
                         <i class="fa fa-download"></i> from ISF Server

orochi/utils/download_symbols.py

@@ -1,3 +1,5 @@
+import binascii
+import json
 import lzma
 import os
 import subprocess
@@ -8,6 +10,9 @@
 import rpmfile
 from debian import debfile
 from django.conf import settings
+from pefile import PE
+from volatility3.framework.contexts import Context
+from volatility3.framework.symbols.windows.pdbconv import PdbReader, PdbRetreiver
 
 
 class Downloader:
@@ -17,6 +22,7 @@ def __init__(self, file_list: List[str] = None, url_list: List[str] = None) -> N
         self.down_path = f"{settings.VOLATILITY_SYMBOL_PATH}/added/"
 
     def download_list(self):
+        """Download and process files from web urls [Linux]"""
         processed_files = {}
         for url in self.url_list:
             print(f" - Downloading {url}")
@@ -33,6 +39,7 @@ def download_list(self):
         self.process(processed_files)
 
     def process_list(self):
+        """Download and process uploaded files"""
         processed_files = {}
         for filepath, filename in self.file_list:
             print(f" - Processing {filename}")
@@ -43,9 +50,12 @@ def process_list(self):
                     processed_files[filename] = self.process_deb(archivedata)
                 elif filename.endswith(".ddeb"):
                     processed_files[filename] = self.process_ddeb(archivedata)
+                elif filename.endswith(".exe"):
+                    self.process_exe(filepath)
         self.process(processed_files)
 
     def process(self, processed_files):
+        """Process the files and remove the temporary files"""
         self.process_files(processed_files)
         for fname in processed_files.values():
             if fname:
@@ -78,6 +88,28 @@ def process_files(self, named_files: Dict[str, str]):
         with lzma.open(output_filename, "w") as f:
             f.write(proc.stdout)
 
+    def process_exe(self, archivedata) -> Optional[str]:
+        """Download json from pdb in exe [Windows]"""
+        pe = PE(archivedata)
+        debug = pe.DIRECTORY_ENTRY_DEBUG[0].entry
+        guid = "{0:08X}{1:04X}{2:04X}{3}{4}".format(
+            debug.Signature_Data1,
+            debug.Signature_Data2,
+            debug.Signature_Data3,
+            f"{debug.Signature_Data4:x}{debug.Signature_Data5:x}{binascii.hexlify(debug.Signature_Data6).decode('utf-8')}",
+            debug.Age,
+        ).upper()
+        filename = PdbRetreiver().retreive_pdb(
+            guid, file_name="ntkrnlmp.pdb", progress_callback=None
+        )
+        ctxt = Context()
+        profile = PdbReader(ctxt, filename).get_json()
+
+        output_filename = f"{self.down_path}{guid}.json"
+        print(f" - Writing to {output_filename}")
+        with open(output_filename, "w") as f:
+            json.dump(profile, f, indent=4)
+
     def process_rpm(self, archivedata) -> Optional[str]:
         rpm = rpmfile.RPMFile(fileobj=archivedata)
         member = None

requirements/base.txt

@@ -131,6 +131,8 @@ beautifulsoup4==4.12.3
 python-debian==0.1.49
 # https://github.com/srossross/rpmfile
 rpmfile==2.0.0
+# https://github.com/erocarrera/pefile
+pefile==2023.2.7
 
 # misp export
 # ------------------------------------------------------------------------------