Giters

FSecureLABS / win_driver_plugin

A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.

Home Page:https://labs.mwrinfosecurity.com/tools/win-driver-tool/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

FLOSS import issue?

trolloos opened this issue · comments

commented

I was testing the device name finder on the Capcom 64 bit driver and I got this error:
The Device prefixs were found but no full device paths, the device name is likely obsfucated or created on the stack. Unicode device name not found, attempting to find obsfucated and stack based strings. No handlers could be found for logger "vtrace.platforms.win32" Traceback (most recent call last): File "C:/Program Files (x86)/IDA 6.8/plugins/win_driver_plugin.py", line 58, in activate self.callback() File "C:/Program Files (x86)/IDA 6.8/plugins\win_driver_plugin\device_finder.py", line 126, in search stack_strings = floss.stackstrings.extract_stackstrings(vw, functions) TypeError: extract_stackstrings() takes at least 3 arguments (2 given)

So then I added this:
def extract_stackstrings(vw, selected_functions, min_length=4, no_filter=False)

and it just gave me this error:

---------------------------------------------------------------------------------------------
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:42:59) [MSC v.1500 32 bit (Intel)] 
IDAPython 64-bit v1.7.0 final (serial 0) (c) The IDAPython Team <idapython@googlegroups.com>
---------------------------------------------------------------------------------------------
The Device prefixs were found but no full device paths, the device name is likely obsfucated or created on the stack.
Unicode device name not found, attempting to find obsfucated and stack based strings.
No handlers could be found for logger "vtrace.platforms.win32"
Traceback (most recent call last):
  File "C:/Program Files (x86)/IDA 6.8/plugins/win_driver_plugin.py", line 58, in activate
    self.callback()
  File "C:/Program Files (x86)/IDA 6.8/plugins\win_driver_plugin\device_finder.py", line 131, in search
    decoded_strings = floss.main.decode_strings(vw, func_index, dec_func_candidates)
  File "C:\Python27\lib\site-packages\floss\main.py", line 70, in decode_strings
    for fva, _ in decoding_functions_candidates.get_top_candidate_functions(10):
AttributeError: 'InstructionFunctionIndex' object has no attribute 'get_top_candidate_functions'

 

commented

Fixed - floss API changed, have updated the plugin.