1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
# A script for analyzing the output of NPSPY and merging data about streams.
import sys
def ReadFile(filename, flags='rb'):
"""Returns the contents of a file."""
file = open(filename, flags)
result = file.read()
file.close()
return result
def WriteFile(filename, contents):
"""Overwrites the file with the given contents."""
file = open(filename, 'w')
file.write(contents)
file.close()
# sample line: 'NPP_NewStream(0x645c898, 0x56ba900("application/x-shockwave-flash"), 0x64bb3b0 (http://weeklyad.target.com/target/flash/target/target.swf?ver=090326), TRUE, NP_NORMAL)'
class Stream:
def __init__(self, line):
split = line.split(', ')
self.mime_type = split[1].split('"')[1]
self.url = split[2].split(' ')[1].strip('()')
self.seekable = split[3]
self.type = split[4].strip(')')
self.size = 0
self.status = ''
try:
self.address = split[2].split(' ')[0]
except:
print 'parsing error on ' + line
self.address = ''
if self.type != 'NP_NORMAL':
print 'line got unexpected type: ' + line
def main(argv=None):
if argv is None:
argv = sys.argv
streams = []
if len(argv) != 2:
print 'need filename'
return
file = ReadFile(argv[1])
for line in file.splitlines():
if line.startswith('NPP_NewStream('):
if line.count('(') < 3:
print 'unknown format for line: ' + line
continue
s = Stream(line)
streams.append(s)
elif line.startswith('NPP_Write('):
# sample: NPP_Write(0x645c898, 0x64bb3b0, 0, 16384, 0x56c1000("CW")))
split = line.split(', ')
address = split[1]
start = int(split[2])
size = int(split[3])
found = False
for stream in streams:
if stream.address == address:
if stream.size != start:
print 'error: starting at wrong place for write ' + stream.url + ' ' + str(stream.size) + ' ' + str(start)
stream.size += size
found = True
break
if not found:
print "couldn't find stream to match NPP_Write " + line
elif line.startswith('NPP_DestroyStream('):
# sample: NPP_DestroyStream(0x645c898, 0x64bb3b0, NPRES_DONE)
split = line.split(', ')
address = split[1]
status = split[2].strip(')')
found = False
for stream in streams:
if stream.address == address:
stream.status = status
stream.address = '' # address can be reused
found = True
break
if not found:
print "couldn't find stream to match NPP_DestroyStream " + line
output = []
for stream in streams:
if stream.status != 'NPRES_DONE':
print 'error: no NPP_DestroyStream with success for ' + stream.url + ' ' + stream.status + '.'
output.append(', '.join([stream.url, stream.mime_type, str(stream.size), stream.seekable]))
output_file = argv[1].replace('.', '_analyzed.')
WriteFile(output_file, '\n'.join(output))
if __name__ == "__main__":
sys.exit(main())
|
