You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected Behavior
I am currently trying to add Pe sieve as an auxiliary module in Cape Sandbox. I copied the add_pid functions from usage.py so that pe sieve recognizes which is the pid of the malware sample and run on it. When running pe sieve its required to give it a pid to scan the process. In Cape i want to integrate Pe-sieve by using pid functions to help it interact with the malware sample.
CAPE devs said that i should reach out here for that manner: b86da47
Current Behavior
I looked at usage.py and i saw it had lines about PID. I thought i could use that to help Pe sieve interact with the malware sample in order to run on it. But in usage.py that function does not get called why is that, does it wait for something or? Can you explain how does usage.py work for this.
My current code:
import time
import logging
import os
import subprocess
from threading import Thread
from lib.common.abstracts import Auxiliary
from lib.common.results import NetlogFile
log = logging.getLogger(__name__)
class PESieve(Auxiliary, Thread):
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
Thread.__init__(self)
#self.enabled = config.get("pesieve", True)
self.pesieve_path = "C:\\Users\\CapeUser\\Desktop\\pesieve\\pe-sieve64.exe"
self.netlog_file = NetlogFile("aux/pesieve.log")
def add_pid(self, pid):
log.info("Pid Check")
print("Started PID checks")
pass
def del_pid(self, pid):
log.info("Pid Check")
print("Started PID checks")
def start(self):
self.run()
#if self.enabled:
def run(self):
log.info("RUN CHECK")
print("Running PID checks")
""" try:
subprocess.Popen([self.pesieve_path], shell=False)
log.info("PE-sieve started successfully.")
print("PE-sieve started successfully.") # Add print statement
self.collect_and_store_results()
except Exception as e:
log.error(f"Failed to start PE-sieve: {e}")
print(f"Failed to start PE-sieve: {e}") # Add print statement """
while False:
time.sleep(2)
return True
def collect_and_store_results(self):
pesieve_output_path = "C:\\Users\\CapeUser\\Desktop\\pesieve\\output\\pesieve_output.json"
try:
with open(pesieve_output_path, "r") as f:
results = f.read()
self.netlog_file.send(results.encode())
log.info("PE-sieve results collected and logged.")
print("PE-sieve results collected and logged.") # Add print statement
except IOError:
log.error("PE-sieve output not found or could not be opened.")
print("PE-sieve output not found or could not be opened.") # Add print statement
def stop(self):
pass
``
The text was updated successfully, but these errors were encountered:
Expected Behavior
I am currently trying to add Pe sieve as an auxiliary module in Cape Sandbox. I copied the add_pid functions from usage.py so that pe sieve recognizes which is the pid of the malware sample and run on it. When running pe sieve its required to give it a pid to scan the process. In Cape i want to integrate Pe-sieve by using pid functions to help it interact with the malware sample.
CAPE devs said that i should reach out here for that manner: b86da47
Current Behavior
I looked at usage.py and i saw it had lines about PID. I thought i could use that to help Pe sieve interact with the malware sample in order to run on it. But in usage.py that function does not get called why is that, does it wait for something or? Can you explain how does usage.py work for this.
My current code:
The text was updated successfully, but these errors were encountered: