moving over files

.gitignore

@@ -0,0 +1,14 @@
+# Generated by Cargo
+# will have compiled files and executables
+/target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+#ignore generated Cargo.lock
+Cargo.lock
+
+#ignore config
+xori.json

AUTHORS.md

@@ -0,0 +1,8 @@
+# Authors
+
+## Xori
+* Amanda Rousseau [@malwareunicorn](https://twitter.com/malwareunicorn)
+* Rich Seymour [@rseymour](https://twitter.com/rseymour)
+
+## Xori-Gui
+* Lucien Brule [@_LucienBrule](https://twitter.com/_LucienBrule)

Cargo.toml

@@ -0,0 +1,29 @@
+[package]
+name = "xori"
+version = "0.0.1"
+authors = [ "amanda@endgame.com" ]
+
+[profile.release]
+debug = true
+
+[dependencies]
+nom = "4.0.0-beta2"
+num = "0.1"
+colored = "1.6.0"
+memmap = "0.6.2"
+serde_json = "1.0"
+serde = "1.0"
+serde_derive = "1.0"
+argparse = "0.2.1"
+bincode = "1.0.0"
+encoding = "0.2.33"
+reqwest = "0.8.5"
+url = "1.7.0"
+pdb = "0.2.0"
+base64 = "0.9.1"
+uuid = { version = "0.6", features = ["v4"] }
+regex = "1"
+itertools = "0.7.8"
+glob = "0.2"
+crc = "^1.0.0"
+flate2 = { version = "1.0", features = ["zlib"], default-features = false }

README.md

@@ -1 +1,136 @@
-# xori
+![alt text](xori.png "Xori Logo")
+# Xori - Custom disassembly framework
+
+[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)
+
+
+Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data.
+
+## Architectures:
+* i386
+* x86-64
+
+## File Formats
+* PE, PE+
+* Plain shellcode
+
+## Current Features
+* Outputs json of the 1) Disassembly, 2) Functions, and 3) Imports.
+* Manages Image and Stack memory.
+* 2 modes:
+  * Light Emulation - meant to enumerate all paths (Registers, Stack, Some Instructions).
+  * Full Emulation - only follows the code’s path (Slow performance).
+* Simulated TEB & PEB structures.
+* Evaluates functions based on DLL exports.
+* Displays strings based on referenced memory locations.
+* Uses FLIRT style signatures (Fast Library Identification and Recognition Technology).
+* Allows you to use your own exports for simulating the PEB.
+* Will detect padding after a non-returning call.
+* Will try to identify function references from offsets.
+
+What it doesn't do yet:
+* The engine is interactive.
+* Does not dump strings.
+* Does not process non-executable sections.
+* TEB and PEB are not enabled for non-pe files.
+* Only some x86 instructions are emulated, not all.
+* Patching and assembling.
+* No plugins or scripting.
+
+
+## [Documentation](doc/xori/)
+
+## [Code](https://git.endgames.local/amanda/xori)
+
+## Requirements
+rustc 1.27.0+
+
+### Install rust for OSX & Linux Distros
+
+```
+curl https://sh.rustup.rs -sSf | sh
+```
+
+### Install rust for Windows
+
+https://www.rust-lang.org/en-US/other-installers.html
+
+Select: 
+* x86_64-pc-windows-gnu or 
+* x86_64-pc-windows-msvc (Visual Studio Build Tools Required)
+
+# Installation
+
+## 1. Build Xori
+
+This command will also create other binaries such as pesymbols ans peinfo.
+
+```
+cargo build --release
+```
+
+
+## 2. (Optional) Build the symbols files
+
+If you want to create your own symbol files you need to set the dll folders to where you stored your windows dlls. 
+
+```
+"function_symbol32": "./src/analysis/symbols/generated_user_syswow64.json",
+"function_symbol64": "./src/analysis/symbols/generated_user_system32.json",
+"symbol_server": {
+	"dll_folder32": "./dlls/32bit",
+	"dll_folder64": "./dlls/64bit"
+```
+
+Run pesymbols to overwrite the function_symbol json
+
+```
+ ./target/release/pesymbols
+```
+
+# Run
+
+```
+./target/release/xori -f test.exe
+```
+
+## Run all tests
+
+```
+cargo test
+```
+
+# Browser GUI
+
+Chrome | Firefox | Safari | IE | Opera
+--- | --- | --- | --- | --- |
+Latest ✔ | Latest ✔ | Latest ✔ | x | Latest ✔ |
+
+## Requirements
+
+nodejs
+yarn (optional for UI dev)
+
+
+## Build
+
+```
+cd gui
+npm install
+```
+
+## Run
+
+In one terminal
+```
+cd gui
+node src/server.js
+```
+In another terminal
+```
+cd gui
+npm start
+```
+
+It will open your default browser to http://localhost:3000/.
+The backend API is listening on localhost:5000.

doc/COPYRIGHT.txt

@@ -0,0 +1,59 @@
+These documentation pages include resources by third parties. This copyright
+file applies only to those resources. The following third party resources are
+included, and carry their own copyright notices and license terms:
+
+* Fira Sans (FiraSans-Regular.woff, FiraSans-Medium.woff):
+
+    Copyright (c) 2014, Mozilla Foundation https://mozilla.org/
+    with Reserved Font Name Fira Sans.
+
+    Copyright (c) 2014, Telefonica S.A.
+
+    Licensed under the SIL Open Font License, Version 1.1.
+    See FiraSans-LICENSE.txt.
+
+* Heuristica (Heuristica-Italic.woff):
+
+    Copyright 1989, 1991 Adobe Systems Incorporated. All rights reserved.
+    Utopia is either a registered trademark or trademark of Adobe Systems
+    Incorporated in the United States and/or other countries. Used under
+    license.
+
+    Copyright 2006 Han The Thanh, Vntopia font family, http://vntex.sf.net
+
+    Copyright (c) 2008-2012, Andrey V. Panov (panov@canopus.iacp.dvo.ru),
+    with Reserved Font Name Heuristica.
+
+    Licensed under the SIL Open Font License, Version 1.1.
+    See Heuristica-LICENSE.txt.
+
+* rustdoc.css, main.js, and playpen.js:
+
+    Copyright 2015 The Rust Developers.
+    Licensed under the Apache License, Version 2.0 (see LICENSE-APACHE.txt) or
+    the MIT license (LICENSE-MIT.txt) at your option.
+
+* normalize.css:
+
+    Copyright (c) Nicolas Gallagher and Jonathan Neal.
+    Licensed under the MIT license (see LICENSE-MIT.txt).
+
+* Source Code Pro (SourceCodePro-Regular.woff, SourceCodePro-Semibold.woff):
+
+    Copyright 2010, 2012 Adobe Systems Incorporated (http://www.adobe.com/),
+    with Reserved Font Name 'Source'. All Rights Reserved. Source is a trademark
+    of Adobe Systems Incorporated in the United States and/or other countries.
+
+    Licensed under the SIL Open Font License, Version 1.1.
+    See SourceCodePro-LICENSE.txt.
+
+* Source Serif Pro (SourceSerifPro-Regular.woff, SourceSerifPro-Bold.woff):
+
+    Copyright 2014 Adobe Systems Incorporated (http://www.adobe.com/), with
+    Reserved Font Name 'Source'. All Rights Reserved. Source is a trademark of
+    Adobe Systems Incorporated in the United States and/or other countries.
+
+    Licensed under the SIL Open Font License, Version 1.1.
+    See SourceSerifPro-LICENSE.txt.
+
+This copyright file is intended to be distributed with rustdoc output.

doc/FiraSans-LICENSE.txt

@@ -0,0 +1,99 @@
+Copyright (c) 2014, Mozilla Foundation https://mozilla.org/
+with Reserved Font Name Fira Sans.
+
+Copyright (c) 2014, Mozilla Foundation https://mozilla.org/
+with Reserved Font Name Fira Mono.
+
+Copyright (c) 2014, Telefonica S.A.
+
+This Font Software is licensed under the SIL Open Font License, Version 1.1.
+This license is copied below, and is also available with a FAQ at:
+http://scripts.sil.org/OFL
+
+
+-----------------------------------------------------------
+SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
+-----------------------------------------------------------
+
+PREAMBLE
+The goals of the Open Font License (OFL) are to stimulate worldwide
+development of collaborative font projects, to support the font creation
+efforts of academic and linguistic communities, and to provide a free and
+open framework in which fonts may be shared and improved in partnership
+with others.
+
+The OFL allows the licensed fonts to be used, studied, modified and
+redistributed freely as long as they are not sold by themselves. The
+fonts, including any derivative works, can be bundled, embedded,
+redistributed and/or sold with any software provided that any reserved
+names are not used by derivative works. The fonts and derivatives,
+however, cannot be released under any other type of license. The
+requirement for fonts to remain under this license does not apply
+to any document created using the fonts or their derivatives.
+
+DEFINITIONS
+"Font Software" refers to the set of files released by the Copyright
+Holder(s) under this license and clearly marked as such. This may
+include source files, build scripts and documentation.
+
+"Reserved Font Name" refers to any names specified as such after the
+copyright statement(s).
+
+"Original Version" refers to the collection of Font Software components as
+distributed by the Copyright Holder(s).
+
+"Modified Version" refers to any derivative made by adding to, deleting,
+or substituting -- in part or in whole -- any of the components of the
+Original Version, by changing formats or by porting the Font Software to a
+new environment.
+
+"Author" refers to any designer, engineer, programmer, technical
+writer or other person who contributed to the Font Software.
+
+PERMISSION & CONDITIONS
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of the Font Software, to use, study, copy, merge, embed, modify,
+redistribute, and sell modified and unmodified copies of the Font
+Software, subject to the following conditions:
+
+1) Neither the Font Software nor any of its individual components,
+in Original or Modified Versions, may be sold by itself.
+
+2) Original or Modified Versions of the Font Software may be bundled,
+redistributed and/or sold with any software, provided that each copy
+contains the above copyright notice and this license. These can be
+included either as stand-alone text files, human-readable headers or
+in the appropriate machine-readable metadata fields within text or
+binary files as long as those fields can be easily viewed by the user.
+
+3) No Modified Version of the Font Software may use the Reserved Font
+Name(s) unless explicit written permission is granted by the corresponding
+Copyright Holder. This restriction only applies to the primary font name as
+presented to the users.
+
+4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
+Software shall not be used to promote, endorse or advertise any
+Modified Version, except to acknowledge the contribution(s) of the
+Copyright Holder(s) and the Author(s) or with their explicit written
+permission.
+
+5) The Font Software, modified or unmodified, in part or in whole,
+must be distributed entirely under this license, and must not be
+distributed under any other license. The requirement for fonts to
+remain under this license does not apply to any document created
+using the Font Software.
+
+TERMINATION
+This license becomes null and void if any of the above conditions are
+not met.
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
+OTHER DEALINGS IN THE FONT SOFTWARE.