From 3d068fe3cdbcb9c155d7d23ac10197fd2598d0b2 Mon Sep 17 00:00:00 2001
From: William Ballenthin <william.ballenthin@fireeye.com>
Date: Thu, 4 Nov 2021 13:17:38 -0600
Subject: [PATCH] scripts: add utilities for collecting profile traces

---
 .gitignore                     |  2 ++
 scripts/profile-time.sh        | 62 ++++++++++++++++++++++++++++++++++
 scripts/render-time-profile.sh | 24 +++++++++++++
 3 files changed, 88 insertions(+)
 create mode 100644 scripts/profile-time.sh
 create mode 100644 scripts/render-time-profile.sh

diff --git a/.gitignore b/.gitignore
index 4a731c3c..29161c05 100644
--- a/.gitignore
+++ b/.gitignore
@@ -115,3 +115,5 @@ isort-output.log
 black-output.log
 rule-linter-output.log
 .vscode
+scripts/perf/*.txt
+scripts/perf/*.svg
diff --git a/scripts/profile-time.sh b/scripts/profile-time.sh
new file mode 100644
index 00000000..d09eabd3
--- /dev/null
+++ b/scripts/profile-time.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+# unset variables are errors
+set -o nounset;
+# any failed commands are errors
+set -o errexit;
+
+# current_directory is the path to the directory containing this script.
+# ref: https://stackoverflow.com/a/4774063/87207
+readonly CD="$( cd "$(dirname "$0")" ; pwd -P )"
+
+panic() {
+	echo "[erro]: $@" >&2;
+	exit 1;
+}
+
+info() {
+	echo "[info]: $@" >&2;
+}
+
+verbose=false;
+debug() {
+	if "$verbose"; then
+		echo "[debu]: $@" >&2;
+	fi
+}
+
+if [ "$(git status | grep "modified: " | grep -v "rules" | grep -v "tests/data")" ]; then
+    panic "modified content";
+fi
+
+rev=$(git rev-parse --short HEAD);
+info "rev: $rev";
+
+mkdir -p "$CD/perf/";
+
+info "analyzing PMA 01-01.dll...";
+
+pma_out=$(
+    py-spy record \
+    -o "$CD/perf/capa-$rev-PMA0101.svg" \
+    -- python -m capa.main \
+       -d \
+       "$CD/../tests/data/Practical Malware Analysis Lab 01-01.dll_" \
+       2>&1 || true);
+
+echo "$pma_out" | grep "perf:" | sed -e "s/^.*perf: /perf: /g" | tee "$CD/perf/capa-$rev-PMA0101.txt";
+ 
+info "analyzing kernel32.dll...";
+k32_out=$(
+    py-spy record \
+    -o "$CD/perf/capa-$rev-k32.svg" \
+    -- python -m capa.main \
+       -d \
+       "$CD/../tests/data/kernel32.dll_" \
+       2>&1 || true);
+
+echo "$k32_out" | grep "perf:" | sed -e "s/^.*perf: /perf: /g" | tee "$CD/perf/capa-$rev-k32.txt";
+
+bash "$CD/render-time-profile.sh" "$rev";
+
+info "done.";
diff --git a/scripts/render-time-profile.sh b/scripts/render-time-profile.sh
new file mode 100644
index 00000000..5232a265
--- /dev/null
+++ b/scripts/render-time-profile.sh
@@ -0,0 +1,24 @@
+fields=("load FLIRT" "viv analyze" "match functions" "match file" "find capabilities");
+
+echo -n "|         |";
+for T in "${fields[@]}"; do
+    printf ' %-17s |' "$T";
+done
+echo "";
+ 
+echo -n "|---------|";
+for T in "${fields[@]}"; do
+    echo -n '-------------------|';
+done
+echo "";
+
+for rev in "$@"; do
+
+    echo -n "| $rev |";
+    for T in "${fields[@]}"; do
+        V1=$(cat scripts/perf/capa-$rev-PMA0101.txt | grep "$T" | sed -e "s/^.*$T: //g");
+        V2=$(cat scripts/perf/capa-$rev-k32.txt | grep "$T" | sed -e "s/^.*$T: //g");
+        printf ' %-17s |' "$V1/$V2";
+    done
+    echo "";
+done