Renamed the sg namespace to mana.

Also replaced some remaining shared pointer creations with `boost::make_shared`.
JusticeRage · Dec 13, 2015 · 1e40889 · 1e40889
1 parent eef587f
commit 1e40889
Show file tree

Hide file tree

Showing 19 changed files with 242 additions and 241 deletions.
diff --git a/include/dump.h b/include/dump.h
@@ -21,28 +21,29 @@ along with Manalyze.  If not, see <http://www.gnu.org/licenses/>.
 #include <set>
 #include <vector>
 #include <boost/algorithm/string/predicate.hpp>
+#include <boost/make_shared.hpp>
 
 #include "output_formatter.h"
 #include "manape/pe.h"
 #include "manape/imports.h"
 #include "hash-library/hashes.h"
 #include "hash-library/ssdeep.h"
 
-namespace sg
+namespace mana
 {
 
-void dump_dos_header(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_pe_header(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_image_optional_header(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_section_table(const sg::PE& pe, io::OutputFormatter& formatter, bool compute_hashes = false);
-void dump_imports(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_exports(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_resources(const sg::PE& pe, io::OutputFormatter& formatter, bool compute_hashes = false);
-void dump_version_info(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_debug_info(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_tls(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_summary(const sg::PE& pe, io::OutputFormatter& formatter);
-void dump_hashes(const sg::PE& pe, io::OutputFormatter& formatter);
+void dump_dos_header(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_pe_header(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_image_optional_header(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_section_table(const mana::PE& pe, io::OutputFormatter& formatter, bool compute_hashes = false);
+void dump_imports(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_exports(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_resources(const mana::PE& pe, io::OutputFormatter& formatter, bool compute_hashes = false);
+void dump_version_info(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_debug_info(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_tls(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_summary(const mana::PE& pe, io::OutputFormatter& formatter);
+void dump_hashes(const mana::PE& pe, io::OutputFormatter& formatter);
 
 } // !namespace sg
 

diff --git a/include/manape/imports.h b/include/manape/imports.h
@@ -39,7 +39,7 @@ namespace hash {
  *
  *	Implementation is located in imports.cpp.
  */
-DECLSPEC pString hash_imports(const sg::PE& pe);
+DECLSPEC pString hash_imports(const mana::PE& pe);
 
 } //namespace hash
 

diff --git a/include/manape/pe.h b/include/manape/pe.h
@@ -56,7 +56,7 @@
 	#define DECLSPEC
 #endif
 
-namespace sg {
+namespace mana {
 
 typedef boost::shared_ptr<Section> pSection;
 typedef boost::shared_ptr<std::vector<std::string> > shared_strings;

diff --git a/include/manape/pe_structs.h b/include/manape/pe_structs.h
@@ -24,7 +24,7 @@
 #include <boost/cstdint.hpp>
 #include <boost/shared_ptr.hpp>
 
-namespace sg
+namespace mana
 {
 
 typedef struct dos_header_t

diff --git a/include/manape/resources.h b/include/manape/resources.h
@@ -31,7 +31,7 @@
 
 #include "manape/utils.h"
 
-namespace sg
+namespace mana
 {
 
 typedef boost::shared_ptr<std::string> pString;

diff --git a/include/manape/section.h b/include/manape/section.h
@@ -38,7 +38,7 @@
 	#define DECLSPEC
 #endif
 
-namespace sg {
+namespace mana {
 
 typedef boost::shared_ptr<std::string> pString;
 typedef boost::shared_ptr<const std::vector<boost::uint8_t> > shared_bytes;
@@ -114,7 +114,7 @@ typedef boost::shared_ptr<Section> pSection;
  *
  *	@return	Whether the RVA is between the bounds of the section.
  */
-bool DECLSPEC is_address_in_section(boost::uint64_t rva, sg::pSection section, bool check_raw_size = false);
+bool DECLSPEC is_address_in_section(boost::uint64_t rva, mana::pSection section, bool check_raw_size = false);
 
 /**
  *	@brief	Finds the section containing a given RVA.
@@ -124,7 +124,7 @@ bool DECLSPEC is_address_in_section(boost::uint64_t rva, sg::pSection section, b
  *
  *	@return	A pointer to the section containing the input address. NULL if no sections match.
  */
-sg::pSection DECLSPEC find_section(unsigned int rva, const std::vector<sg::pSection>& section_list);
+mana::pSection DECLSPEC find_section(unsigned int rva, const std::vector<mana::pSection>& section_list);
 
 } // !namespace sg
 

diff --git a/include/plugin_framework/plugin_interface.h b/include/plugin_framework/plugin_interface.h
@@ -51,7 +51,7 @@ class IPlugin
 	 *	@return	A shared pointer to a result object, representing the information obtained
 	 *			by the plugin.
 	 */
-	virtual pResult analyze(const sg::PE& pe) = 0;
+	virtual pResult analyze(const mana::PE& pe) = 0;
 
 	/**
 	 *	@brief	Returns the API version for which this plugin was compiled.

diff --git a/manape/imports.cpp b/manape/imports.cpp
@@ -18,7 +18,7 @@
 #include "manape/pe.h"
 #include "manape/imports.h" // Non-member functions related to imports
 
-namespace sg {
+namespace mana {
 
 bool PE::_parse_imports(FILE* f)
 {
@@ -243,11 +243,11 @@ const_shared_strings PE::find_imports(const std::string& function_name_regexp,
 	return destination;
 }
 
-} // !namespace sg
+} // !namespace mana
 
 namespace hash {
 
-pString hash_imports(const sg::PE& pe)
+pString hash_imports(const mana::PE& pe)
 {
 	std::stringstream ss;
 

diff --git a/manape/pe.cpp b/manape/pe.cpp
@@ -21,7 +21,7 @@
 #undef min
 #undef max
 
-namespace sg {
+namespace mana {
 
 PE::PE(const std::string& path)
 	: _path(path), _initialized(false)
@@ -795,4 +795,4 @@ boost::shared_ptr<manape_data> PE::create_manape_module_data() const
 	return res;
 }
 
-} // !namespace sg
+} // !namespace mana
diff --git a/manape/resources.cpp b/manape/resources.cpp
@@ -25,7 +25,7 @@
 namespace bfs = boost::filesystem;
 
 
-namespace sg
+namespace mana
 {
 
 // Initialize the Yara wrapper used by resource objects
@@ -840,4 +840,4 @@ yara::const_matches Resource::detect_filetype() const
 	}
 }
 
-} // !namespace sg
+} // !namespace mana
diff --git a/manape/section.cpp b/manape/section.cpp
@@ -17,7 +17,7 @@
 
 #include "manape/section.h"
 
-namespace sg
+namespace mana
 {
 
 Section::Section(const image_section_header& header,
@@ -92,7 +92,7 @@ shared_bytes Section::get_raw_data() const
 
 // ----------------------------------------------------------------------------
 
-bool is_address_in_section(boost::uint64_t rva, sg::pSection section, bool check_raw_size)
+bool is_address_in_section(boost::uint64_t rva, mana::pSection section, bool check_raw_size)
 {
 	if (!check_raw_size) {
 		return section->get_virtual_address() <= rva && rva < section->get_virtual_address() + section->get_virtual_size();
@@ -104,9 +104,9 @@ bool is_address_in_section(boost::uint64_t rva, sg::pSection section, bool check
 
 // ----------------------------------------------------------------------------
 
-sg::pSection find_section(unsigned int rva, const std::vector<sg::pSection>& section_list)
+mana::pSection find_section(unsigned int rva, const std::vector<mana::pSection>& section_list)
 {
-	sg::pSection res = sg::pSection();
+	mana::pSection res = mana::pSection();
 	for (auto it = section_list.begin() ; it != section_list.end() ; ++it)
 	{
 		if (is_address_in_section(rva, *it))
@@ -131,4 +131,4 @@ sg::pSection find_section(unsigned int rva, const std::vector<sg::pSection>& sec
 	return res;
 }
 
-} // !namespace sg
+} // !namespace mana
diff --git a/plugins/plugin_authenticode.cpp b/plugins/plugin_authenticode.cpp
@@ -77,10 +77,10 @@ void make_information(const std::string& type, const std::wstring& data, pResult
  *	The idea behind this check is that if the binary is unsigned but pretends to come from
  *	Microsoft, Adobe, etc. then it is very likely a malware.
  *
- *	@param	const sg::PE& pe The PE to analyze.
+ *	@param	const mana::PE& pe The PE to analyze.
  *	@param	pResult res The result to update if something is found.
  */
-void check_version_info(const sg::PE& pe, pResult res);
+void check_version_info(const mana::PE& pe, pResult res);
 
 /**
  *	@brief	This plugin uses the Windows API to verify the digital signature of a PE.
@@ -98,7 +98,7 @@ class AuthenticodePlugin : public IPlugin
 		return boost::make_shared<std::string>("Checks if the digital signature of the PE is valid.");
 	}
 
-	pResult analyze(const sg::PE& pe) override
+	pResult analyze(const mana::PE& pe) override
 	{
 		pResult res = create_result();
 
@@ -554,11 +554,11 @@ void get_certificate_info(const std::wstring& file_path, pResult result)
 
 // ----------------------------------------------------------------------------
 
-void check_version_info(const sg::PE& pe, pResult res)
+void check_version_info(const mana::PE& pe, pResult res)
 {
 	// Find the VERSION_INFO resource
 	auto resources = pe.get_resources();
-	sg::pResource version_info;
+	mana::pResource version_info;
 	for (auto it = resources->begin() ; it != resources->end() ; ++it)
 	{
 		if (*(*it)->get_type() == "RT_VERSION")

diff --git a/plugins/plugin_imports.cpp b/plugins/plugin_imports.cpp
@@ -53,7 +53,7 @@ std::string temporary_files = "GetTempPath(A|W)|(Create|Write)File(A|W)";
  *	@brief	Checks the presence of some functions in the PE and updates the
  *			result accordingly.
  *
- *	@param	const sg::PE& pe The PE in which the imports should be looked for.
+ *	@param	const mana::PE& pe The PE in which the imports should be looked for.
  *	@param	const std::string& regex The regular expression against which the
  *			imports should be matched.
  *	@param	Result::LEVEL level The severity level to set if the imports are found.
@@ -63,14 +63,14 @@ std::string temporary_files = "GetTempPath(A|W)|(Create|Write)File(A|W)";
  *			be found before updating the result.
  *	@param	pResult res The result which will receive the information.
  */
-void check_functions(const sg::PE& pe,
+void check_functions(const mana::PE& pe,
 					 const std::string& regex,
 					 LEVEL level,
 					 const std::string& description,
 					 REQUIREMENT req,
 					 pResult res)
 {
-	sg::const_shared_strings found_imports = pe.find_imports(regex);
+	mana::const_shared_strings found_imports = pe.find_imports(regex);
 	if (found_imports->size() >= static_cast<unsigned int>(req))  // Safe cast: these are positive enum indexes
 	{
 		res->raise_level(level);
@@ -98,7 +98,7 @@ class ImportsPlugin : public IPlugin
 		return pString(new std::string("Looks for suspicious imports."));
 	}
 
-	pResult analyze(const sg::PE& pe) override
+	pResult analyze(const mana::PE& pe) override
 	{
 		pResult res = create_result();
 		check_functions(pe, dynamic_import, NO_OPINION, "[!] The program may be hiding some of its imports", AT_LEAST_TWO, res);

diff --git a/plugins/plugin_packer_detection.cpp b/plugins/plugin_packer_detection.cpp
@@ -60,12 +60,12 @@ class PackerDetectionPlugin : public IPlugin
 		return pString(new std::string("Tries to structurally detect packer presence."));
 	}
 
-	pResult analyze(const sg::PE& pe) override
+	pResult analyze(const mana::PE& pe) override
 	{
 		pResult res = create_result();
 
-		sg::shared_sections sections = pe.get_sections();
-		for (sg::shared_sections::element_type::const_iterator it = sections->begin() ; it != sections->end() ; ++it)
+		mana::shared_sections sections = pe.get_sections();
+		for (mana::shared_sections::element_type::const_iterator it = sections->begin() ; it != sections->end() ; ++it)
 		{
 			if (common_names.end() == std::find(common_names.begin(), common_names.end(), *(*it)->get_name()))
 			{
@@ -109,7 +109,7 @@ class PackerDetectionPlugin : public IPlugin
 		}
 
 		// A low number of imports indicates that the binary is packed.
-		sg::const_shared_strings imports = pe.find_imports(".*"); // Get all imports
+		mana::const_shared_strings imports = pe.find_imports(".*"); // Get all imports
 
 		// Read the minimum import number from the configuration
 		unsigned int min_imports;

diff --git a/plugins/plugin_resources.cpp b/plugins/plugin_resources.cpp
@@ -41,7 +41,7 @@ class ResourcesPlugin : public IPlugin
 		return pString(new std::string("Analyzes the program's resources."));
 	}
 
-	pResult analyze(const sg::PE& pe) override
+	pResult analyze(const mana::PE& pe) override
 	{
 		pResult res = create_result();
 		yara::Yara y;
@@ -50,9 +50,9 @@ class ResourcesPlugin : public IPlugin
 			return res;
 		}
 
-		sg::shared_resources r = pe.get_resources();
+		mana::shared_resources r = pe.get_resources();
 		unsigned int size = 0;
-		for (sg::shared_resources::element_type::const_iterator it = r->begin() ; it != r->end() ; ++it)
+		for (mana::shared_resources::element_type::const_iterator it = r->begin() ; it != r->end() ; ++it)
 		{
 			size += (*it)->get_size();
 			yara::const_matches matches = y.scan_bytes(*(*it)->get_raw_data());

diff --git a/plugins/plugin_virustotal/plugin_virustotal.cpp b/plugins/plugin_virustotal/plugin_virustotal.cpp
@@ -61,7 +61,7 @@ class VirusTotalPlugin : public IPlugin
 		return boost::make_shared<std::string>("Checks existing AV results on VirusTotal.");
 	}
 
-	pResult analyze(const sg::PE& pe) override
+	pResult analyze(const mana::PE& pe) override
 	{
 		pResult res = create_result();
 

diff --git a/plugins/plugins_yara.cpp b/plugins/plugins_yara.cpp
@@ -35,7 +35,7 @@ class YaraPlugin : public IPlugin
 	/**
 	 *	@brief	Helper function designed to generically prepare a result based on a Yara scan.
 	 *
-	 *	@param	const sg::PE& pe The PE to scan.
+	 *	@param	const mana::PE& pe The PE to scan.
 	 *	const std::string& summary The summary to set if there is a match.
 	 *	Result::LEVEL level The threat level to set if there is a match.
 	 *	const std::string& meta_field_name The meta field name (of the yara rule) to query to
@@ -44,7 +44,7 @@ class YaraPlugin : public IPlugin
 	 *
 	 *	@return	A pResult detailing the findings of the scan.
 	 */
-	pResult scan(const sg::PE& pe, const std::string& summary, LEVEL level, const std::string& meta_field_name, bool show_strings = false)
+	pResult scan(const mana::PE& pe, const std::string& summary, LEVEL level, const std::string& meta_field_name, bool show_strings = false)
 	{
 		pResult res = create_result();
 		if (!_load_rules()) {
@@ -101,7 +101,7 @@ class ClamavPlugin : public YaraPlugin
 public:
 	ClamavPlugin() : YaraPlugin("yara_rules/clamav.yara") {}
 
-	pResult analyze(const sg::PE& pe) override {
+	pResult analyze(const mana::PE& pe) override {
 		return scan(pe, "Matching ClamAV signature(s):", MALICIOUS, "signature");
 	}
 
@@ -119,7 +119,7 @@ class CompilerDetectionPlugin : public YaraPlugin
 public:
 	CompilerDetectionPlugin() : YaraPlugin("yara_rules/compilers.yara") {}
 
-	pResult analyze(const sg::PE& pe) override {
+	pResult analyze(const mana::PE& pe) override {
 		return scan(pe, "Matching compiler(s):", NO_OPINION, "description");
 	}
 
@@ -137,7 +137,7 @@ class PEiDPlugin : public YaraPlugin
 public:
 	PEiDPlugin() : YaraPlugin("yara_rules/peid.yara") {}
 
-	pResult analyze(const sg::PE& pe) {
+	pResult analyze(const mana::PE& pe) {
 		return scan(pe, "PEiD Signature:", SUSPICIOUS, "packer_name");
 	}
 
@@ -156,7 +156,7 @@ class SuspiciousStringsPlugin : public YaraPlugin
 public:
 	SuspiciousStringsPlugin() : YaraPlugin("yara_rules/suspicious_strings.yara") {}
 
-	pResult analyze(const sg::PE& pe) override {
+	pResult analyze(const mana::PE& pe) override {
 		return scan(pe, "Strings found in the binary may indicate undesirable behavior:", SUSPICIOUS, "description", true);
 	}
 
@@ -174,7 +174,7 @@ class FindCryptPlugin : public YaraPlugin
 public:
 	FindCryptPlugin() : YaraPlugin("yara_rules/findcrypt.yara") {}
 
-	pResult analyze(const sg::PE& pe) override
+	pResult analyze(const mana::PE& pe) override
 	{
 		pResult res = scan(pe, "Cryptographic algorithms detected in the binary:", NO_OPINION, "description");