Inserita categoria per euristiche, inserito check per ELF header, spostate

euristiche del formato file sulla cartella corretta, inserita euristica
per le risorse file PE

Author: seekbytes

.gitignore

@@ -16,3 +16,5 @@
 data/
 examples/
 
+
+dist/

.goreleaser.yaml

@@ -0,0 +1,38 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    ignore:
+      - goarch: '386'
+archives:
+  - replacements:
+      darwin: Darwin
+      linux: Linux
+      windows: Windows
+      386: i386
+      amd64: x86_64
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+# modelines, feel free to remove those if you don't want/use them:
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj

CHANGELOG

@@ -1,2 +1,5 @@
+Versione 0.0.2-alpha:
+- Risolti fix
+
 Versione 0.0.1-alpha:
 - Prima versione

analysis/strings.go

@@ -46,3 +46,7 @@ func ExtractStrings(file *os.File, min, max int, ascii bool) []string {
 		str = append(str, ch)
 	}
 }
+
+func ExtractHTTPAddress() {
+
+}

formats/analysis.go

@@ -22,6 +22,7 @@ type FileAnalyzed struct {
 }
 
 type Anomaly struct {
-	Reason string
-	Points int
+	Reason string // Ragione dell'anomalia
+	Points int    // Punteggio assegnato all'anomalia
+	Type   uint   // Tipo di anomalia (1: difetti sul file, 2: imports/sysapi, 3: stringhe)
 }

formats/pe/exports.go

@@ -30,7 +30,7 @@ func readExports(virtualAddress uint32) {
 	err = binary.Read(reader, binary.LittleEndian, &exportDirectory)
 
 	if err != nil {
-		fmt.Println("Impossibile leggere la struttura exportDirectory")
+		fmt.Println("Impossibile leggere la struttura exportDirectory " + err.Error())
 	}
 
 	namesTableRVA := exportDirectory.NameRva - section.VirtualAddress
@@ -47,12 +47,14 @@ func readExports(virtualAddress uint32) {
 		_, err = reader.Seek(int64(namesTableRVA+uint32(i*4)), io.SeekStart)
 		if err != nil {
 			fmt.Println("Errore nel seek per la tabella delle funzioni esportate")
+			return
 		}
 
 		exportAddressTable := ExportAddressTable{}
 		err = binary.Read(reader, binary.LittleEndian, &exportAddressTable)
 		if err != nil {
 			fmt.Println("Impossibile leggere la struttura ExportAddressTable per il seguente motivo : " + err.Error())
+			return
 		}
 
 		name := utils.ReadString(section.Raw[exportAddressTable.ExportRva-section.VirtualAddress:])
@@ -61,12 +63,17 @@ func readExports(virtualAddress uint32) {
 
 		if err != nil {
 			fmt.Println("Impossibile eseguire il seek per la lettura della prossima riga.")
+			return
 		}
 
 		exportOrdinalTable := ExportAddressTable{}
 		err = binary.Read(reader, binary.LittleEndian, &exportOrdinalTable)
+		if err != nil {
+			fmt.Println("Impossibile leggere la struttura ExportAddressTable per il seguente motivo: " + err.Error())
+			return
+		}
 		rva := exportOrdinalTable.ExportRva
-		
+
 		export := &Export{name, ordinal + uint16(exportDirectory.OrdinalBase), rva}
 		fileAnalyzed.Exports = append(fileAnalyzed.Exports, export)
 		fileAnalyzed.ExportNameMap[name] = export