mirror of
https://github.com/mandiant/capa.git
synced 2025-12-12 15:49:46 -08:00
scripts: add utilities for collecting profile traces
This commit is contained in:
William Ballenthin
2
.gitignore
vendored
2
.gitignore
vendored
@@ -115,3 +115,5 @@ isort-output.log
|
|||||||
black-output.log
|
black-output.log
|
||||||
rule-linter-output.log
|
rule-linter-output.log
|
||||||
.vscode
|
.vscode
|
||||||
|
scripts/perf/*.txt
|
||||||
|
scripts/perf/*.svg
|
||||||
|
|||||||
62
scripts/profile-time.sh
Normal file
62
scripts/profile-time.sh
Normal file
@@ -0,0 +1,62 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# unset variables are errors
|
||||||
|
set -o nounset;
|
||||||
|
# any failed commands are errors
|
||||||
|
set -o errexit;
|
||||||
|
|
||||||
|
# current_directory is the path to the directory containing this script.
|
||||||
|
# ref: https://stackoverflow.com/a/4774063/87207
|
||||||
|
readonly CD="$( cd "$(dirname "$0")" ; pwd -P )"
|
||||||
|
|
||||||
|
panic() {
|
||||||
|
echo "[erro]: $@" >&2;
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
info() {
|
||||||
|
echo "[info]: $@" >&2;
|
||||||
|
}
|
||||||
|
|
||||||
|
verbose=false;
|
||||||
|
debug() {
|
||||||
|
if "$verbose"; then
|
||||||
|
echo "[debu]: $@" >&2;
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$(git status | grep "modified: " | grep -v "rules" | grep -v "tests/data")" ]; then
|
||||||
|
panic "modified content";
|
||||||
|
fi
|
||||||
|
|
||||||
|
rev=$(git rev-parse --short HEAD);
|
||||||
|
info "rev: $rev";
|
||||||
|
|
||||||
|
mkdir -p "$CD/perf/";
|
||||||
|
|
||||||
|
info "analyzing PMA 01-01.dll...";
|
||||||
|
|
||||||
|
pma_out=$(
|
||||||
|
py-spy record \
|
||||||
|
-o "$CD/perf/capa-$rev-PMA0101.svg" \
|
||||||
|
-- python -m capa.main \
|
||||||
|
-d \
|
||||||
|
"$CD/../tests/data/Practical Malware Analysis Lab 01-01.dll_" \
|
||||||
|
2>&1 || true);
|
||||||
|
|
||||||
|
echo "$pma_out" | grep "perf:" | sed -e "s/^.*perf: /perf: /g" | tee "$CD/perf/capa-$rev-PMA0101.txt";
|
||||||
|
|
||||||
|
info "analyzing kernel32.dll...";
|
||||||
|
k32_out=$(
|
||||||
|
py-spy record \
|
||||||
|
-o "$CD/perf/capa-$rev-k32.svg" \
|
||||||
|
-- python -m capa.main \
|
||||||
|
-d \
|
||||||
|
"$CD/../tests/data/kernel32.dll_" \
|
||||||
|
2>&1 || true);
|
||||||
|
|
||||||
|
echo "$k32_out" | grep "perf:" | sed -e "s/^.*perf: /perf: /g" | tee "$CD/perf/capa-$rev-k32.txt";
|
||||||
|
|
||||||
|
bash "$CD/render-time-profile.sh" "$rev";
|
||||||
|
|
||||||
|
info "done.";
|
||||||
24
scripts/render-time-profile.sh
Normal file
24
scripts/render-time-profile.sh
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
fields=("load FLIRT" "viv analyze" "match functions" "match file" "find capabilities");
|
||||||
|
|
||||||
|
echo -n "| |";
|
||||||
|
for T in "${fields[@]}"; do
|
||||||
|
printf ' %-17s |' "$T";
|
||||||
|
done
|
||||||
|
echo "";
|
||||||
|
|
||||||
|
echo -n "|---------|";
|
||||||
|
for T in "${fields[@]}"; do
|
||||||
|
echo -n '-------------------|';
|
||||||
|
done
|
||||||
|
echo "";
|
||||||
|
|
||||||
|
for rev in "$@"; do
|
||||||
|
|
||||||
|
echo -n "| $rev |";
|
||||||
|
for T in "${fields[@]}"; do
|
||||||
|
V1=$(cat scripts/perf/capa-$rev-PMA0101.txt | grep "$T" | sed -e "s/^.*$T: //g");
|
||||||
|
V2=$(cat scripts/perf/capa-$rev-k32.txt | grep "$T" | sed -e "s/^.*$T: //g");
|
||||||
|
printf ' %-17s |' "$V1/$V2";
|
||||||
|
done
|
||||||
|
echo "";
|
||||||
|
done
|
||||||
Reference in New Issue
Block a user