Spyder console is showing file path with run file
mdsenelen opened this issue · comments
So when I run file I got this lines on console:
In [1]:runfile('C:/Users/HP/Documents/GitHub/bintropy/bintropy/main.py', wdir='C:/Users/HP/Documents/GitHub/bintropy/bintropy')
In [2]:
I searched for the issue on stackoverflow and saw that someone said "if you're not getting anything, then you're not printing anything in your file, add a print statement." And I'm trying to understand the code to add a print statement but I don't think I should add a print statment. Can you help me on running bintropy?
Also if I can understand the code, I want to update mine in a way it gives an ARFF file so that I can run different classifiers in WEKA afterwards. But I don't know what kind of file bintropy produces yet.
Dear @mdsenelen
Thank you for your question.
Please be advised that :
- Bintropy is aimed to answer True or False respectively if the target executable is packed or not.
- I have no experience with Windows and IPython notebooks, but you should definitely install then import the
bintropypackage and use thebintropy(...)function directly (see its help hereafter). - This package (accompanied by a console tool) does not handle anything related to machine learning. So, the ARFF file question is pure format, unrelated to the output of
bintropy. I can help you adapt your code for setting your ARFF file if you want...
With IDLE, you can easily get help :
>>> from bintropy import bintropy
>>> help(bintropy)
Help on function bintropy in module bintropy:
bintropy(executable, mode=0, blocksize=256, ignore_half_block_zeros=True, decide=True,
threshold_average_entropy=None, threshold_highest_entropy=None, logger=None)
Simple implementation of Bintropy as of https://ieeexplore.ieee.org/document/4140989.
:param executable: path to the executable to be analyzed
:param full: process the executable as a whole or per section only (cfr modes of operation)
:param blocksize: process per block of N bytes (0 means considering the executable as a whole)
:param ignore_half_block_zeros: ignore blocks having more than half of zeros
:param decide: decide if packed or not, otherwise simply return the entropy values
:param threshold_average_entropy: threshold on average entropy for deciding if packed
:param threshold_highest_entropy: threshold on highest entropy for deciding if packed
:param logger: logger instance for debug purpose
:return: if decide is True => bool (whether the input executable is packed or not)
False => (average_entropy, highest_block_entropy)When I tried (for an unpacked exe) 'bintropy program.exe' on command prompt, I got True. But I thought bintropy returns false if the exe isn't packed, and true if the exe is packed. Am I wrong? Then I opened a zip archive and put an exe in it.Named this zip file 'w'. When I tried this zip file with command 'bintropy w' I got
'bintropy: error: argument path: invalid valid_file value: 'w'
Then I tried an online zipping tool and medium compressed an exe as a zip. I got the same error. And yes I'd really love you to help me with the code to produce ARFF file, thank you again your help it is much appreciated.
bintropy program.exe: This tries to determine ifprogram.exeis packed relying on block entropy ; this does not mean it is always right. Furthermore, this is an expected result in some cases. You can use the verbose mode to see the block entropy values and see which conditions match or not.- Bintropy checks for the file type, it can only be a PE, ELF or Mach-O. So, trying it on a ZIP file will necessarily trigger the exception
invalid_file. This is also expected. - For the matter of ARFF file, we can handle this apart. It is unrelated to Bintropy.
I see, I thought packed executables as/were zip files.
A well-known example of packer is UPX. Indeed, it compresses a part of the target executable but it does not convert it to a ZIP archive. The executable just gets "restructured" with an obfuscated compressed part.
You can check this awesome list for more references about this.