Permalink
Browse files

Merge branch 'development' into testing

  • Loading branch information...
2 parents 616f515 + 73f6006 commit b6921ce8814a4bc3fad0a70b4470ad280fd32efd @jekil jekil committed Sep 8, 2012
@@ -40,21 +40,19 @@ def add_file(file_path):
if os.path.exists(file_path):
if file_path not in FILES_LIST:
- log.info("Added new file to list with path: %s" % file_path)
+ log.info("Added new file to list with path: %s" % unicode(file_path).encode("utf-8", "replace"))
FILES_LIST.append(file_path)
def add_pid(pid):
"""Add a process to process list."""
- PROCESS_LOCK.acquire()
if type(pid) == long or type(pid) == int or type(pid) == str:
log.info("Added new process to list with pid: %d" % pid)
PROCESS_LIST.append(pid)
- PROCESS_LOCK.release()
-
def add_pids(pids):
"""Add PID."""
+
if type(pids) == list:
for pid in pids:
add_pid(pid)
@@ -124,22 +122,26 @@ def run(self):
#log.debug("Connection received (data=%s)" % command)
if command.startswith("PID:"):
+ PROCESS_LOCK.acquire()
pid = command[4:]
if pid.isdigit():
pid = int(pid)
if pid not in PROCESS_LIST:
add_pids(pid)
proc = Process(pid=pid)
proc.inject()
- KERNEL32.WriteFile(self.h_pipe,
- create_string_buffer("OK"),
- 2,
- byref(bytes_read),
- None)
+
+ KERNEL32.WriteFile(self.h_pipe,
+ create_string_buffer("OK"),
+ 2,
+ byref(bytes_read),
+ None)
+ PROCESS_LOCK.release()
elif command.startswith("FILE:"):
file_path = command[5:]
add_file(file_path)
+ KERNEL32.CloseHandle(self.h_pipe)
return True
class PipeServer(Thread):
@@ -279,8 +281,12 @@ def run(self):
add_pids(pids)
+ self.do_run = True
+
while self.do_run:
- PROCESS_LOCK.acquire()
+ if PROCESS_LOCK.locked():
+ KERNEL32.Sleep(1000)
+ continue
try:
for pid in PROCESS_LIST:
@@ -289,19 +295,20 @@ def run(self):
PROCESS_LIST.remove(pid)
if len(PROCESS_LIST) == 0:
+ log.info("Process list is empty, terminating analysis...")
timer.cancel()
break
pack.set_pids(PROCESS_LIST)
try:
if not pack.check():
+ log.info("The analysis package requested the termination of the analysis...")
timer.cancel()
break
except NotImplementedError:
pass
finally:
- PROCESS_LOCK.release()
KERNEL32.Sleep(1000)
try:
Binary file not shown.
View
@@ -14,10 +14,10 @@ INACTIVE DEVELOPERS:
Dario Fernandes
CONTRIBUTORS:
-Thorsten Sick
-Adam Pridgen
-Mike Tu
-Loic Jaquemet
+Thorsten Sick (Various patches and contributions)
+Adam Pridgen (Various patches and contributions)
+Mike Tu (Initial VMWare Workstation machine manager)
+Loic Jaquemet (Improvements in VirtualBox machine manager)
BUG REPORTERS/ADVISORS:
Giacomo Milani
View
@@ -1,7 +1,7 @@
CHANGELOG
-Cuckoo Sandbox 0.4.2 (TBA)
-==========================
+Cuckoo Sandbox 0.4.2 (2012-09-08)
+=================================
* Added support for VMWare Workstation
* Added VirtualBox status change monitor and option "timeout" to virtualbox.conf
@@ -14,7 +14,8 @@ Cuckoo Sandbox 0.4.2 (TBA)
* Fixed some bugs in virtual machine management
* Fixed submission with relative path
* Fixed UTF-8 chars handling in analysis.log
-* Some minor fix
+* Fixed race conditions in Windows analyzer
+* Some minor fixes
Cuckoo Sandbox 0.4.1 (2012-08-09)
=================================
@@ -191,6 +191,25 @@ Every processing module should contain:
* A ``self.key`` attribute defining the name to be used as a subcontainer for the returned data.
* A set of data (list, dictionary or string etc.) that will be appended to the global container.
+You can also specify an *order* value, which allows you to run the available processing modules in
+an ordered sequence. By default all modules are set with an *order* value of *1* and are executed
+in alphabetical order.
+
+If you want to change this value your module would look like:
+
+ .. code-block:: python
+ :linenos:
+
+ from lib.cuckoo.common.abstracts import Processing
+
+ class MyModule(Processing):
+ order = 2
+
+ def run(self):
+ self.key = "file"
+ data = do_something()
+ return data
+
The processing modules are provided with some attributes that can be used to access the raw results
for the given analysis:
@@ -4,7 +4,6 @@ FAQ
Frequently Asked Questions:
- * :ref:`general_vmware`
* :ref:`general_volatility`
* :ref:`troubles_upgrade`
* :ref:`troubles_problem`
@@ -13,15 +12,6 @@ Frequently Asked Questions:
General Questions
=================
-.. _general_vmware:
-
-Can I use VMWare?
------------------
-
-Cuckoo does not provide support for VMWare by default, but it provides a modular
-engine that allows you to write your own plugin for supporting any virtualization
-software you might want to use. Refer to :doc:`../customization/machinemanagers`.
-
.. _general_volatility:
Can I use Volatility with Cuckoo?
@@ -37,23 +37,23 @@ the email address you're trying to post with.
Please respect netiquette when posting, in detail:
* Before posting read the mailing list archives, read the Cuckoo blog, read
- the documentation and Google about your issue. Stop posting questions that have
- already been answered over and over everywhere.
+ the documentation and Google about your issue. Stop posting questions that
+ have already been answered over and over everywhere.
* Posting emails saying just like "Doesn't work, help me" are completely
- useless. If something is not working report the error, paste the logs, paste the
- config file, paste the information on the virtual machine, paste the
- results of the troubleshooting, give context. We are not wizards and we
- don't have the crystal ball.
+ useless. If something is not working report the error, paste the logs, paste
+ the config file, paste the information on the virtual machine, paste the
+ results of the troubleshooting, give context. We are not wizards and we
+ don't have the crystal ball.
* Use a proper title. Stuff like "Doesn't work", "Help me", "Error" is not a
- proper title.
- * Tend to use `pastebin.com`_, `pastie.org`_ and similar services to paste
- logs and configs: make the email more readable.
+ proper title.
+ * Tend to use `pastebin.com`_ or `pastie.org`_ and similar services to paste
+ logs and configs: make the email more readable.
* Tend to upload your attachment to file upload services, we have a very
- low attachment size limit.
+ low attachment size limit.
* Tend to not write HTML emails.
.. _`pastebin.com`: http://pastebin.com/
-.. _`pastie.org`:http://pastie.org/
+.. _`pastie.org`: http://pastie.org/
Donations
=========
@@ -89,6 +89,8 @@ Active Developers
+-------------------------------+--------------------+-------------------------------------+
| Jurriaan "*skier*" Bremer | Developer | ``jurriaanbremer at gmail dot com`` |
+-------------------------------+--------------------+-------------------------------------+
+ | Mark "*rep*" Schloesser | Developer | |
+ +-------------------------------+--------------------+-------------------------------------+
Inactive Developers
-------------------
@@ -98,9 +100,10 @@ Inactive Developers
Contributors
------------
- * Mark Schloesser
- * Thorsten Sick
- * Adam Pridgen
+ * Thorsten Sick (Various patches and contributions)
+ * Adam Pridgen (Various patches and contributions)
+ * Mike Tu (Initial VMWare Workstation machine manager)
+ * Loic Jaquemet (Improvements in VirtualBox machine manager)
Bug Reporters/Advisors
----------------------
@@ -18,7 +18,7 @@ requests.
You can do so from Windows' Control Panel as shown in the picture:
- .. figure:: ../../_images/screenshots/windows_security.png
+ .. image:: ../../_images/screenshots/windows_security.png
:align: center
Virtual Networking
@@ -39,3 +39,10 @@ virtual network setup.
This stage is very much up to your own requirements and to the
characteristics of your virtualization software.
+ .. warning:: Virtual networking errors!
+ Virtual networking is a virtual component for Cuckoo, you must be really
+ sure to get connectivity between host and guest.
+ Most of the issues reported by users are related to a wrong setup of
+ their networking.
+ You you aren't sure about that check your virtualization software
+ documentation and test connectivity with ping and telnet.
@@ -72,3 +72,17 @@ running Cuckoo's agent.
You can finally take a snapshot with the following command::
$ virsh snapshot-create "<Name of VM>"
+
+VMware Workstation
+==================
+
+If decided to adopt VMware Workstation, you can take the snapshot from the graphical user
+interface or from the command line::
+
+ $ vmrun snapshot "/your/disk/image/path/wmware_image_name.vmx" your_snapshot_name
+
+Where your_snapshot_name is the name you choose for the snapshot.
+After that power off the machine from the graphical user interface or from the
+command line::
+
+ $ vmrun stop "/your/disk/image/path/wmware_image_name.vmx" hard
@@ -21,7 +21,7 @@ command-line utility. It currently has the following options available::
path
positional arguments:
- path Path to the file to analyze
+ path Path to the file or folder to analyze
optional arguments:
-h, --help show this help message and exit
@@ -35,6 +35,9 @@ command-line utility. It currently has the following options available::
--platform PLATFORM Specify the operating system platform you want to use
(windows/darwin/linux)
+If you specify a directory as path, all the files contained in it will be
+submitted for analysis.
+
The concept of analysis packages will be dealt later in this documentation (at
:doc:`packages`). Following are some usage examples:
@@ -20,7 +20,7 @@ task you need clean.sh utility.
* Cuckoo task's database
* Cuckoo logs
-To clean your setup, run:
+To clean your setup, run::
$ cd utils
$ sh clean.sh
@@ -39,9 +39,10 @@ Test Report Utility
===================
Run the reporting engine (run all reports) on an already available analysis
-folder. So you don't need to run an analysis again to generate reports.
+folder, in order to not re-run the analysis if you want to re-generate the
+reports for it.
This is used mainly in debugging and developing Cuckoo.
-For example if you want run again the report engine for analysis number 1:
+For example if you want run again the report engine for analysis number 1::
$ cd utils
$ python testreport.py ../storage/analyses/1/
@@ -50,9 +51,10 @@ Test Signature Utility
======================
Run the signature engine (checks all signatures) on an already available
-analysis folder. So you don't need to run an analysis again.
-This is used mainly in debugging and developing Cuckoo.
-For example if you want run again the singature engine for analysis number 1:
+analysis folder and see possible matches.
+This is used mainly in debugging and developing Cuckoo and testing new
+signatures.
+For example if you want run again the singature engine for analysis number 1::
$ cd utils
$ python testsignatures.py ../storage/analyses/1/
@@ -61,8 +63,9 @@ Community Download Utility
==========================
This utility downloads signatures from `Cuckoo Community Repository`_ and installs
-it. So with just a command you can keep updated all the signatures.
-Following are the usage options.
+specific additional modules in your local setup and for example update id with
+all the latest available signatures.
+Following are the usage options::
$ cd utils
$ python community.py
@@ -77,4 +80,8 @@ Following are the usage options.
-f, --force Install files without confirmation
-w, --rewrite Rewrite existing files
+**Example**: install all available signatures::
+
+ $ ./utils/community.py --signatures --force
+
.. _`Cuckoo Community Repository`: https://github.com/cuckoobox/community
@@ -175,8 +175,7 @@ def _wait_status(self, label, state):
while current not in state:
log.debug("Waiting %i cuckooseconds for vm %s to switch to status %s" % (waitme, label, state))
if waitme > int(self.options.virtualbox.timeout):
- self.stop(label)
- raise CuckooMachineError("Waiting too much for vm %s status change. Stopping vm and aborting" % label)
+ raise CuckooMachineError("Waiting too much for vm %s status change. Please check manually" % label)
time.sleep(1)
waitme += 1
current = self._status(label)
Oops, something went wrong. Retry.

0 comments on commit b6921ce

Please sign in to comment.