| 60 | } |
| 61 | |
| 62 | func checkStatic(binaryPath string, conf map[string]string) (string, error) { |
| 63 | // Read the files content |
| 64 | data, err := os.ReadFile(binaryPath) |
| 65 | if err != nil { |
| 66 | return "", fmt.Errorf("failed to read file: %v", err) |
| 67 | } |
| 68 | |
| 69 | // Set the initial values |
| 70 | lastGood, mid, upperBound := 0, len(data)/2, len(data) |
| 71 | threatFound := false |
| 72 | |
| 73 | // Binary search for the malicious content |
| 74 | for upperBound-lastGood > 1 { |
| 75 | // Check the slice for malware |
| 76 | scanResult , err := scanSlice(data[0:mid], conf) |
| 77 | if err != nil { |
| 78 | return "", err |
| 79 | } |
| 80 | |
| 81 | if scanResult { |
| 82 | threatFound = true |
| 83 | upperBound = mid |
| 84 | } else { |
| 85 | lastGood = mid |
| 86 | } |
| 87 | |
| 88 | mid = lastGood + (upperBound-lastGood)/2 |
| 89 | } |
| 90 | |
| 91 | // Return the result |
| 92 | if threatFound { |
| 93 | |
| 94 | // Get the start and end of the malicious content |
| 95 | start := lastGood - 32 |
| 96 | if start < 0 { |
| 97 | start = 0 |
| 98 | } |
| 99 | |
| 100 | // Get the start and end of the malicious content |
| 101 | end := mid + 32 |
| 102 | if end > len(data) { |
| 103 | end = len(data) |
| 104 | } |
| 105 | |
| 106 | return fmt.Sprintf("Malicious content found (offset: %08x). \n%s\n", lastGood, hex.Dump(data[start:end])), nil |
| 107 | } |
| 108 | |
| 109 | return "", nil |
| 110 | } |
| 111 | |
| 112 | func CheckMal(binaryPath string, conf map[string]string) (string, error) { |
| 113 | // Check for Detection |