debian/0000755000000000000000000000000011700446543007172 5ustar debian/source/0000755000000000000000000000000011664116526010476 5ustar debian/source/format0000644000000000000000000000001411664116526011704 0ustar 3.0 (quilt) debian/compat0000644000000000000000000000000211664116526010374 0ustar 8 debian/patches/0000755000000000000000000000000011700446206010615 5ustar debian/patches/01_fix_interpreter0000644000000000000000000000135611672267157014274 0ustar Description: Fix interpreters in some of the scripts. This patch addresses some wrong headers in the original pyew tarball. Author: David Martínez Moreno Forwarded: no Reviewed-By: David Martínez Moreno Last-Update: <2011-12-14> --- pyew-2.0.orig/pefile.py +++ pyew-2.0/pefile.py @@ -1,3 +1,4 @@ +#!/usr/bin/python # -*- coding: Latin-1 -*- """pefile, Portable Executable reader module @@ -4178,4 +4179,4 @@ class PE: def is_suspicious(self): """""" pass - \ No newline at end of file + --- pyew-2.0.orig/plugins/OleFileIO_PL.py +++ pyew-2.0/plugins/OleFileIO_PL.py @@ -1,4 +1,4 @@ -#!/usr/local/bin/python +#!/usr/bin/python # -*- coding: latin-1 -*- """ OleFileIO_PL: debian/patches/101_system_install0000644000000000000000000000214011674060772014202 0ustar Description: Make Pyew available for wide system use. This allows the repo to be run locally but makes Pyew only able to run inside a normal system directory, also fixes a couple of assumptions in the code. Author: David Martínez Moreno Forwarded: not-needed Last-Update: <2011-12-14> --- pyew-2.0.orig/pyew +++ pyew-2.0/pyew @@ -1,5 +1,3 @@ #!/bin/sh -export LD_LIBRARY_PATH=`dirname $0`/lib -./pyew.py $@ - +/usr/share/pyshared/pyew/pyew.py $@ --- pyew-2.0.orig/pydistorm.py +++ pyew-2.0/pydistorm.py @@ -34,7 +34,7 @@ osVer = platform.system() if osVer == "Windows": LIB_FILENAME = "distorm64.dll" else: - LIB_FILENAME = 'libdistorm64.so' + LIB_FILENAME = 'libdistorm64.so.1' distorm = cdll.LoadLibrary(LIB_FILENAME) Decode16Bits = 0 --- pyew-2.0.orig/config.py +++ pyew-2.0/config.py @@ -6,4 +6,4 @@ CODE_ANALYSIS=True DEEP_CODE_ANALYSIS=False CONFIG_ANALYSIS_TIMEOUT=0 PLUGINS_PATH=os.path.dirname(__file__) + os.sep + "plugins" -DATABASE_PATH=os.path.dirname(__file__) + os.sep + "files.sqlite" +DATABASE_PATH=os.path.expanduser('~' + os.sep + 'pyew-files.sqlite') debian/patches/series0000644000000000000000000000007511700446123012032 0ustar 01_fix_interpreter 02_kenshoto_bad_import 101_system_install debian/patches/02_kenshoto_bad_import0000644000000000000000000000107411700443104015067 0ustar Description: Fix import elf_parser path in Kenshoto's__init__.py. __init__.py for the Kenshoto ELF parser imports an ELF parser with a statement that won't always work (when importing pyew as a module for example). Author: David Martínez Moreno Forwarded: no Reviewed-By: David Martínez Moreno Last-Update: 2012-01-05 --- pyew-2.0.orig/Elf/__init__.py +++ pyew-2.0/Elf/__init__.py @@ -25,7 +25,7 @@ import traceback import zlib from stat import * -from Elf.elf_lookup import * +from elf_lookup import * verbose = False debian/changelog0000644000000000000000000000250111700446226011040 0ustar pyew (2.0-3) unstable; urgency=low * debian/patches/02_kenshoto_bad_import: The import in Kenshoto's ELF parser __init__.py is wrong and doesn't work in some situations. -- David Martínez Moreno Tue, 03 Jan 2012 01:32:09 +0100 pyew (2.0-2) unstable; urgency=low * debian/control: Added python to Build-Depends to have dh_python2. -- David Martínez Moreno Sun, 25 Dec 2011 09:16:35 -0800 pyew (2.0-1) unstable; urgency=low * Initial release (closes: #651893). * This version was released on Feb 8th, 2011. * Main changes in this release are: - Code analysis system for x86 rewritten from scratch. - Support for databases. You can analyze binaries (PE or ELF) and save/open databases. - Added graph-based clusterization tool 'gcluster.py'. - Added new PDF utilities: * pdfss: Seek to one stream * pdfobj: Show object's list * pdfso: Seek to one object - Added new plugins: * binvi: Show an image representing the contents of the file. Useful to see different sections in a binary. * packer: Check if the PE file is packed. * cgraph: Show the callgraph of the whole program (needs PyGTK to show a GUI). - Many bug fixes. -- David Martínez Moreno Fri, 23 Dec 2011 17:50:56 -0800 debian/pyew.install0000644000000000000000000000027711672264736011566 0ustar pyew /usr/bin/ *.py /usr/share/pyshared/pyew anal/ /usr/share/pyshared/pyew contrib/ /usr/share/pyshared/pyew Elf/ /usr/share/pyshared/pyew plugins/ /usr/share/pyshared/pyew debian/copyright0000644000000000000000000002473111675230364011137 0ustar Format: http://dep.debian.net/deps/dep5 Upstream-Name: pyew Source: http://code.google.com/p//pyew Files: * Copyright: 2009-2011 Joxean Koret License: GPL-2.0 Files: plugins/xdot.py Copyright: 2008 José Fonseca License: LGPL-3.0+ Files: plugins/xdot.py Copyright: 2002 Cynthia Brewer , Mark Harrower, and The Pennsylvania State University License: Apache-ColorBrewer Files: Elf/* Copyright: 2007 Invisigoth (license extracted from http://code.google.com/p/vtrace-mirror/) License: MIT Files: pefile.py peutils.py Copyright: 2005, 2006, 2007, 2008, 2009 Ero Carrera License: BSD Files: plugins/pdfid_PL.py Copyright: No copyright, in the public domain by Didier Stevens. License: Public_domain Files: plugins/OleFileIO_PL.py Copyright: 1997-2005 by Secret Labs AB 1995-2005 by Fredrik Lundh 2005-2011 Philippe Lagadec License: OleFileIO Files: plugins/pdfid_PL.py Copyright: 2003-2007, Gil Dabah License: BSD-3-Clause License: Public_domain Files: debian/* Copyright: 2011 David Martínez Moreno License: GPL-2.0+ License: GPL-2.0+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". License: GPL-2.0 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2 of the License. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". License: LGPL-3.0+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU Lesser General Public License version 3 can be found in "/usr/share/common-licenses/LGPL-3". License: Apache-ColorBrewer Apache-Style Software License for ColorBrewer software and ColorBrewer Color Schemes, Version 1.1 . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions as source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: . This product includes color specifications and designs developed by Cynthia Brewer (http://colorbrewer.org/). . Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. . 3. The name "ColorBrewer" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact Cynthia Brewer at cbrewer@psu.edu. . 4. Products derived from this software may not be called "ColorBrewer", nor may "ColorBrewer" appear in their name, without prior written permission of Cynthia Brewer. . THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL CYNTHIA BREWER, MARK HARROWER, OR THE PENNSYLVANIA STATE UNIVERSITY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. License: BSD Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: Public_domain Source code put in public domain by Didier Stevens, no Copyright https://DidierStevens.com Use at your own risk License: OleFileIO By obtaining, using, and/or copying this software and/or its associated documentation, you agree that you have read, understood, and will comply with the following terms and conditions: . Permission to use, copy, modify, and distribute this software and its associated documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies, and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Secret Labs AB or the author not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. . SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL SECRET LABS AB OR THE AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. License: BSD-3-Clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/rules0000755000000000000000000000113311674055535010257 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ --with python2 override_dh_auto_build: touch __init__.py override_dh_clean: dh_clean find . -name "*.pyc" | xargs --no-run-if-empty rm -f rm -f __init__.py debian/control0000644000000000000000000000153411675655172010613 0ustar Source: pyew Section: python Priority: extra Maintainer: David Martínez Moreno Build-Depends: debhelper (>= 8.0.0), python Standards-Version: 3.9.2 Homepage: http://code.google.com/p/pyew Vcs-Hg: https://code.google.com/p/pyew/ Vcs-Browser: http://code.google.com/p/pyew/source/browse/ Package: pyew Architecture: all Depends: ${misc:Depends}, ${python:Depends}, libdistorm64-1 Description: Python tool like radare or *iew for malware analysis Pyew is a (command line) Python tool like radare and *iew, oriented, mainly, to analyze malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it does code analysis the right way), following direct call/jmp instructions, OLE2 format, PDF format (limited) and more. It also supports plugins to add more features to the tool.