debian/0000755000000000000000000000000012167333026007171 5ustar debian/compat0000644000000000000000000000000212165076732010375 0ustar 9 debian/changelog0000644000000000000000000000256112167333026011047 0ustar libemu (0.2.0+git20120122-1.2) unstable; urgency=low * Another non-maintainer upload, fixing the breakage I introduced. (FTBFS on architectures where gcc-4.8 was not the default.) * Recognize GNU systems, such as kfreebsd, hurd, so *as*printf() is available. * Don't mess with CFLAGS. Instead remove unused local typedefs that led to FTBFS with GCC 4.8 (Closes: #701305) -- Hilko Bengen Wed, 10 Jul 2013 21:14:21 +0200 libemu (0.2.0+git20120122-1.1) unstable; urgency=low * Non-maintainer upload * Added proper python dependencies to python-libemu (Closes: #693090) * FTBFS workaround: Disabled unused-local-typedefs warning (Closes: #701305) -- Hilko Bengen Wed, 03 Jul 2013 21:59:56 +0200 libemu (0.2.0+git20120122-1) unstable; urgency=low * Initial release (closes: #503978). * Used as base part of the original packaging from the Ubuntu PPAs. * Migrated to format 3.0 (quilt), do proper cleanup. * Enabled Python bindings. * debian/patches: - 01_no_rpath_python: Remove some rpath in the Python bindings. - 02_python_install_dir: Force installation in debian/tmp/... - 03_remove_rpath_and_fix_ldflags: Fix a logic flaw in configure.ac when trying to guess headers for libcargo that made LDFLAGS empty. -- David Martínez Moreno Sun, 14 Oct 2012 23:11:46 -0700 debian/source/0000755000000000000000000000000012165076732010477 5ustar debian/source/format0000644000000000000000000000001412165076732011705 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000161512165076732011135 0ustar This package was debianized by David Martínez Moreno on Fri, 07 Sep 2012 02:49:42 -0700. It was downloaded from Upstream Author: Paul Baecher Copyright: Copyright (C) 2007-2011 Paul Baecher & Markus Koetter bindings/python/libemu_module.c: Copyright (C) 2007 Georg Wicherski Some parts in include/emu/emu_list.h are Copyright (C) 2001, 2002 Tony Finch libemu was designed and written by: * Paul Baecher * Markus Koetter special thanks go to: * jt / nologin.org for libdasm * Tony Finch for http://dotat.at/prog/lists/list.h License: GPLv2 The Debian packaging is: David Martínez Moreno and is licensed under the GPL version 2 or later see `/usr/share/common-licenses/GPL'. debian/rules0000755000000000000000000000150712167333026010254 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ --with=python2 override_dh_auto_configure: autoreconf -vi ./configure --prefix=/usr --enable-python-bindings override_dh_clean: dh_clean find . -name Makefile.in | xargs --no-run-if-empty rm rm -rf \ bindings/Makefile.in \ bindings/python/build \ aclocal.m4 \ compile \ config.guess \ config.h.in \ config.sub \ configure \ depcomp \ install-sh \ ltmain.sh \ missing debian/control0000644000000000000000000000536312165100526010576 0ustar Source: libemu Priority: extra Maintainer: David Martínez Moreno Build-Depends: debhelper (>= 9), autoconf, automake, libtool, check, python-all-dev (>= 2.3.5-11) Standards-Version: 3.9.3 Section: libs Homepage: http://libemu.carnivore.it/ Package: libemu-dev Section: libdevel Architecture: any Depends: libemu2 (= ${binary:Version}), ${misc:Depends} Description: x86 shellcode detection and emulation libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots. . libemu supports: * executing x86 instructions * reading x86 binary code * register emulation * basic FPU emulation * shellcode execution * shellcode detection * using GetPC heuristics * static analysis * and binary backwards traversal * Win32 API hooking . Using libemu one can: * detect shellcodes * execute the shellcodes * profile shellcode behaviour . This package has the development files. Package: libemu2 Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: x86 shellcode detection and emulation libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots. . libemu supports: * executing x86 instructions * reading x86 binary code * register emulation * basic FPU emulation * shellcode execution * shellcode detection * using GetPC heuristics * static analysis * and binary backwards traversal * Win32 API hooking . Using libemu one can: * detect shellcodes * execute the shellcodes * profile shellcode behaviour . This package has the basic utilities and library files. Package: python-libemu Section: python Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends} XB-Python-Version: ${python:Versions} Description: x86 shellcode detection and emulation - Python bindings libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots. . libemu supports: * executing x86 instructions * reading x86 binary code * register emulation * basic FPU emulation * shellcode execution * shellcode detection * using GetPC heuristics * static analysis * and binary backwards traversal * Win32 API hooking . Using libemu one can: * detect shellcodes * execute the shellcodes * profile shellcode behaviour . This package has the Python bindings. debian/libemu2.install0000644000000000000000000000012212165076732012121 0ustar usr/bin/scprofiler usr/bin/sctest usr/lib/libemu.so.* usr/share/man/man3/libemu.3 debian/patches/0000755000000000000000000000000012167333026010620 5ustar debian/patches/05_unused_local_typedefs0000644000000000000000000000671012167333026015433 0ustar Index: libemu/src/environment/win32/emu_env_w32.c =================================================================== --- libemu.orig/src/environment/win32/emu_env_w32.c 2013-07-03 21:39:06.281432486 +0200 +++ libemu/src/environment/win32/emu_env_w32.c 2013-07-10 21:07:22.279324349 +0200 @@ -382,7 +382,7 @@ uint16_t Length; uint16_t MaximumLength; uint32_t Buffer; - } UNICODE_STRING, *PUNICODE_STRING; + } UNICODE_STRING; //, *PUNICODE_STRING // PEB_LDR_DATA Structure // http://msdn.microsoft.com/en-us/library/aa813708%28VS.85%29.aspx @@ -392,10 +392,10 @@ uint32_t Flink; uint32_t Blink; // struct _LIST_ENTRY *Blink; - } LIST_ENTRY, *PLIST_ENTRY; //, *RESTRICTED_POINTER PRLIST_ENTRY; + } LIST_ENTRY; //, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY; typedef uint32_t PVOID; - typedef unsigned char BYTE; + // typedef unsigned char BYTE; typedef uint32_t ULONG; typedef struct _LDR_DATA_TABLE_ENTRY @@ -415,7 +415,7 @@ PVOID Reserved6; }; uint32_t TimeDateStamp; - } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; + } LDR_DATA_TABLE_ENTRY; //, *PLDR_DATA_TABLE_ENTRY; // http://www.nirsoft.net/kernel_struct/vista/PEB_LDR_DATA.html @@ -428,17 +428,17 @@ /* 0x14 */ LIST_ENTRY InMemoryOrderModuleList; /* 0x1c */ LIST_ENTRY InInitializationOrderModuleList; /* 0x24 */ uint8_t EntryInProgress; - } PEB_LDR_DATA, *PPEB_LDR_DATA; + } PEB_LDR_DATA; //, *PPEB_LDR_DATA; - struct _PEB_LDR_DATA peb_ldr_data; - peb_ldr_data.InMemoryOrderModuleList.Flink = 0x00251ea0 + 0x1000 + offsetof(struct _LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks); - peb_ldr_data.InInitializationOrderModuleList.Flink = 0x00251ea0 + 0x1000 + offsetof(struct _LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks); + PEB_LDR_DATA peb_ldr_data; + peb_ldr_data.InMemoryOrderModuleList.Flink = 0x00251ea0 + 0x1000 + offsetof(LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks); + peb_ldr_data.InInitializationOrderModuleList.Flink = 0x00251ea0 + 0x1000 + offsetof(LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks); emu_memory_write_block(mem, 0x00251ea0, &peb_ldr_data, sizeof(peb_ldr_data)); uint32_t magic_offset = 0x00251ea0+0x1000; - struct _LDR_DATA_TABLE_ENTRY tables[16]; + LDR_DATA_TABLE_ENTRY tables[16]; memset(tables, 0, sizeof(tables)); char names[16][64]; @@ -448,7 +448,7 @@ for ( i=0; known_dlls[i].dllname != NULL; i++ ) { struct emu_env_w32_known_dll *from = known_dlls+i; - struct _LDR_DATA_TABLE_ENTRY *to = tables+i; + LDR_DATA_TABLE_ENTRY *to = tables+i; to->DllBase = from->baseaddress; to->BaseDllName.Length = (strlen(from->dllname) + strlen(".dll")) * 2 + 2; @@ -456,10 +456,10 @@ to->BaseDllName.Buffer = magic_offset + sizeof(tables) + i * 64; to->InMemoryOrderLinks.Blink = 0xaabbccdd; - to->InMemoryOrderLinks.Flink = magic_offset + (i+1) * sizeof(struct _LDR_DATA_TABLE_ENTRY) + offsetof(struct _LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks); + to->InMemoryOrderLinks.Flink = magic_offset + (i+1) * sizeof(struct _LDR_DATA_TABLE_ENTRY) + offsetof(LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks); to->InInitializationOrderLinks.Blink = 0xa1b2c3d4; - to->InInitializationOrderLinks.Flink = magic_offset + (i+1) * sizeof(struct _LDR_DATA_TABLE_ENTRY) + offsetof(struct _LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks); + to->InInitializationOrderLinks.Flink = magic_offset + (i+1) * sizeof(struct _LDR_DATA_TABLE_ENTRY) + offsetof(LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks); int j; for( j=0;jdllname); j++ ) debian/patches/04_recognize_gnu0000644000000000000000000000163212167333017013706 0ustar Index: libemu/configure.ac =================================================================== --- libemu.orig/configure.ac 2013-07-10 19:47:55.333908583 +0200 +++ libemu/configure.ac 2013-07-10 19:49:52.310985538 +0200 @@ -19,15 +19,15 @@ dnl Check for some target-specific stuff case "$host" in -*-*-freebsd*) - #CPPFLAGS="$CPPFLAGS -I/usr/local/include -I/usr/src/contrib/file/" - #LDFLAGS="$LDFLAGS -L/usr/local/lib -Wl,-rpath,/usr/local/lib" - ;; -*-*-linux*) +*-*-linux*|*-*-gnu*) #CPPFLAGS="$CPPFLAGS -D _GNU_SOURCE -I/usr/local/include" CPPFLAGS="$CPPFLAGS -D _GNU_SOURCE" #LDFLAGS="$LDFLAGS -L/usr/local/lib -Wl,-rpath,/usr/local/lib" ;; +*-*-freebsd*) + #CPPFLAGS="$CPPFLAGS -I/usr/local/include -I/usr/src/contrib/file/" + #LDFLAGS="$LDFLAGS -L/usr/local/lib -Wl,-rpath,/usr/local/lib" + ;; *-*-darwin*) CPPFLAGS="$CPPFLAGS -I/opt/local/include" LDFLAGS="$LDFLAGS -L/opt/local/lib" debian/patches/03_remove_rpath_and_fix_ldflags0000644000000000000000000000333612165076732016737 0ustar Description: Remove harmful rpath in LDFLAGS and fix logic for cargo. Before this patch, libemu was searching for includes and also had an rpath for libraries in /usr/local/lib. Also the logic for libcargo is wrong, as makes the content of LDFLAGS empty if cargo is enabled but there are no headers in the system. This was preventing proper hardening to be activated in Debian. Author: David Martínez Moreno Forwarded: no Reviewed-By: David Martínez Moreno Last-Update: 2012-10-14 --- a/configure.ac +++ b/configure.ac @@ -20,12 +20,13 @@ dnl Check for some target-specific stuff case "$host" in *-*-freebsd*) - CPPFLAGS="$CPPFLAGS -I/usr/local/include -I/usr/src/contrib/file/" - LDFLAGS="$LDFLAGS -L/usr/local/lib -Wl,-rpath,/usr/local/lib" + #CPPFLAGS="$CPPFLAGS -I/usr/local/include -I/usr/src/contrib/file/" + #LDFLAGS="$LDFLAGS -L/usr/local/lib -Wl,-rpath,/usr/local/lib" ;; *-*-linux*) - CPPFLAGS="$CPPFLAGS -D _GNU_SOURCE -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib -Wl,-rpath,/usr/local/lib" + #CPPFLAGS="$CPPFLAGS -D _GNU_SOURCE -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -D _GNU_SOURCE" + #LDFLAGS="$LDFLAGS -L/usr/local/lib -Wl,-rpath,/usr/local/lib" ;; *-*-darwin*) CPPFLAGS="$CPPFLAGS -I/opt/local/include" @@ -170,6 +171,7 @@ if test x$enable_cargos = "xyes" ; then OLD_CPPFLAGS=${CPPFLAGS}; + OLD_LDFLAGS=${LDFLAGS} if test x$cargos_inc != "xno"; then CPPFLAGS="${CPPFLAGS} -I${cargos_inc}" fi @@ -177,7 +179,6 @@ AC_CHECK_HEADER(cargos-lib.h,[enable_cargos=yes],[enable_cargos=no]) if test x$enable_cargos = "xyes" ; then - OLD_LDFLAGS=${LDFLAGS} if test x$cargos_lib != "xno"; then LDFLAGS="${LDFLAGS} -L${cargos_lib}" fi debian/patches/02_python_install_dir0000644000000000000000000000103512165076732014756 0ustar Description: Force installation of the Python module in debian/tmp. Debian-centric patch to force the installation of this module into debian/tmp. Author: David Martínez Moreno Forwarded: not-needed Last-Update: 2012-10-12 --- libemu-0.2.0+git20120122.orig/bindings/python/Makefile.am +++ libemu-0.2.0+git20120122/bindings/python/Makefile.am @@ -6,7 +6,7 @@ all: python setup.py build install: all - python setup.py install + python setup.py install --prefix=../../debian/tmp/usr clean: python setup.py clean debian/patches/series0000644000000000000000000000016312167333026012035 0ustar 01_no_rpath_python 02_python_install_dir 03_remove_rpath_and_fix_ldflags 04_recognize_gnu 05_unused_local_typedefs debian/patches/01_no_rpath_python0000644000000000000000000000133312165076732014264 0ustar Description: Don't use rpath in the Python bindings. The Python bindings insist on using an rpath on /usr/lib. Nuke it. Author: David Martínez Moreno Forwarded: no Last-Update: 2012-10-01 --- libemu-0.2.0+git20120122.orig/bindings/python/setup.py.in +++ libemu-0.2.0+git20120122/bindings/python/setup.py.in @@ -6,7 +6,7 @@ libemu = Extension('libemu', sources = ['libemu_module.c'], include_dirs = ['../../include'], library_dirs = ['../../src/.libs'], - extra_link_args=['-Wl,-rpath=@LIBDIR@'], + #extra_link_args=['-Wl,-rpath=@LIBDIR@'], libraries = ['emu'], ) debian/libemu-dev.install0000644000000000000000000000014312165076732012616 0ustar usr/lib/libemu.so usr/lib/libemu.a usr/lib/libemu.la usr/include/emu/* usr/lib/pkgconfig/libemu.pc debian/python-libemu.install0000644000000000000000000000010512165076732013357 0ustar usr/lib/python2.7/site-packages/*so usr/lib/python2.7/dist-packages/ debian/python-libemu.dirs0000644000000000000000000000004212165076732012652 0ustar /usr/lib/python2.7/dist-packages/