Some URLs return 404 using wget, but chkurl still reports those as OK. Have you 
noticed this problem?

Original issue reported on code.google.com by [email protected] on 4 Dec 2011 at 10:21

I am starter with this program so this might be newbie mistake.

"""
[0x00000000]> vt
File 002.exe with MD5 ea58eefb31cfc7e866a771bf13294347
------------------------------------------------------

Error: local variable 'match' referenced before assignment
"""

Here is the report if I do send it using browser: 
http://www.virustotal.com/file-scan/report.html?id=7897ce606aac0e8186a68909a51e8
4dd298a5e590e80235000128cf004ff0c2b-1323035150

Am I doing something wrong or is this programming error?

Original issue reported on code.google.com by [email protected] on 4 Dec 2011 at 9:55

File "./vstruct/defs/windows/win_5_1_i386/win32k.py", line 358 class ACCESS_STATE::__unnamed(vstruct.VStruct): ^ SyntaxError: invalid syntax

Please kindly change default migration description, preferrably mentioning that this is the official migration by the author (search github for "pyew" to see why). Also, please capture original https://code.google.com/p/pyew/ page as README, etc, etc.

Thanks.

Hello,

When scanning a directory with gcluster :

---

hash:filename:primes_hash:nodes_total:nodes_max:nodes_avg:nodes_min:edges_total:
edges_max:edges_avg:edges_min:ccs_total:ccs_max:ccs_avg:ccs_min:functions:adjace
ncy_list
Traceback (most recent call last):
  File "./gcluster.py", line 353, in <module>
    compareDirectory(sys.argv[1])
  File "./gcluster.py", line 334, in compareDirectory
    print "%s:%s:%s:%s%d:%s" % (hash, pyew.f.name, str(phash.as_integer_ratio()[0]), data, len(pyew.functions), str(alist.adjacency_lists(pyew)))
TypeError: 'dict' object is not callable

---

Original issue reported on code.google.com by [email protected] on 7 May 2013 at 7:38

What steps will reproduce the problem?
1. Analysis/Deepanalysis calc.exe (win xp sp0)
2. compare basicblocks found with pyew with IDA 

What is the expected output? What do you see instead?
 I found 26 basic blocks. should be 32 (4 which might be hard to catch (SEH blocks))

What version of the product are you using? On what operating system?
PYEW "1.2.0.0", ubuntu 12.04 64bit 

Please provide any additional information below.
it misses a short jump @ addr 0x010124c8 to basicblock @ 0x010124d8
and a short jump @ addr 0x010125cd to basicblock @ 0x010125dd

both jumps have same offset 0x0e: opcode EB 0E

Original issue reported on code.google.com by [email protected] on 7 May 2013 at 1:28

What steps will reproduce the problem?
1. installing using hg
2. ./pyew <pdf file name>


after loading the pdf the pdf filet plugins are not present

im using it on Debian 6 64bit (same results with the 32bit versions as well) 
python 2.7 stock.


during loading i get the following warning:
Error loading file: 'pdf'

when trying to invoke pdfilter i get the following error:

Error: name 'pdfilter' is not defined

Original issue reported on code.google.com by [email protected] on 18 Jan 2012 at 11:19

Hello,
When I try to analyze an ELF binary I get the following traceback (For your 
information: pysqlite and sqlite3 are installed.) :

user@trudy /opt/pyew % python2 pyew.py /usr/bin/ls
ELF Information

Entry Point at 0x1ce0
CodAnalyzing address 0x00011e40 - 0 in queue / 3 total                          
                                Analyzing address 0x0000cc50 - 1 in queue / 2 
total
Traceback (most recent call last):n queue / 1 total                             
  File "pyew.py", line 532, in <module>
    main(sys.argv[1])
  File "pyew.py", line 219, in main
    saveAndCompareInDatabase(pyew)
  File "pyew.py", line 164, in saveAndCompareInDatabase
    db = sqlite3.connect(DATABASE_PATH)

Original issue reported on code.google.com by [email protected] on 7 Aug 2014 at 1:27

Hello every one
i am try to get the function call of pe file
and i want to export this result into text file for my processing later
but i can add the code :
file = open("text.txt", 'w') into pyew_core.py
can i help me?
thank you very much for readling mt isses!
good bye

Original issue reported on code.google.com by [email protected] on 19 Mar 2014 at 7:31

What steps will reproduce the problem?
1.open a malware using pyew
2.try to use vt on it

We should have the result here. Instead we have a 403 forbidden message.


I'm using the latest mercurial version at this date under GNU linux Sabayon.


I managed to come over the problem using this url string in 
plugins/virustotal.py :
baseUrl = "https://www.virustotal.com/search?query=%s"
instead of :
baseUrl = "http://www.virustotal.com/en/file/%s/analysis/"

Regards.

Original issue reported on code.google.com by [email protected] on 9 Dec 2013 at 10:49

for those who need it

ex :
on linux 64bit

/path/to/distorm3/make/linux % make 
sudo mv libdistorm3.so /usr/lib64

patch :

diff --git a/pydistorm.py b/pydistorm.py
--- a/pydistorm.py
+++ b/pydistorm.py
@@ -32,11 +32,11 @@

 osVer = platform.system()
 if osVer == "Windows":
-    LIB_FILENAME = "distorm64.dll"
+    LIB_FILENAME = "distorm3.dll"
 else:
-    LIB_FILENAME = 'libdistorm64.so'
+    LIB_FILENAME = 'libdistorm3.so'

-distorm = cdll.LoadLibrary(LIB_FILENAME)
+distorm3 = cdll.LoadLibrary(LIB_FILENAME)
 Decode16Bits = 0
 Decode32Bits = 1
 Decode64Bits = 2
@@ -44,11 +44,11 @@

 if osVer == "Windows":
     if SUPPORT_64BIT_OFFSET:
-        decode_func = distorm.distorm_decode64
+        decode_func = distorm3.distorm_decode64
     else:
-        decode_func = distorm.distorm_decode32
+        decode_func = distorm3.distorm_decode32
 else:
-    decode_func = distorm.internal_decode
+    decode_func = distorm3.distorm_decode64

 DECRES_NONE = 0
 DECRES_SUCCESS = 1

Original issue reported on code.google.com by [email protected] on 24 Sep 2012 at 12:45

I will be changing the license of this project to the GNU Affero GPL 3.0. While it means no change for 99,99% of users, I would like to know if you have a strong opinion against the change.

Before pyew was removed from Debian, it had a few patches, it would be great if they could be merged into your version or replaced by other commits:

https://sources.debian.org/src/pyew/2.0-4/debian/patches/

Forwarding https://bugs.debian.org/937434

Python 2 is EOL soon so distros are working on removing all modules that require Python 2. Consequently pyew got removed from Debian and will become unusable on most distributions released in the next few years as they remove Python 2 modules and runtimes. Migrating the codebase to Python 3 so that pyew can be used after 2020 would be a good idea.

https://pythonclock.org/ https://bugs.debian.org/939059

PS:

Forwarding https://bugs.debian.org/688525

When I run pyew /bin/ls I get a cache file (~/pyew-files.sqlite) in sqlite format directly in my home directory. That should be moved to a better place, preferably following the XDG basedir spec:

$ sqlite3 pyew-files.sqlite .schema
CREATE TABLE antidebugs (
                        id integer not null primary key,
                        sample_id, addr, mnemonic
                        );
CREATE TABLE function_stats (
                        id integer not null primary key,
                        sample_id, addr, nodes, edges, cc);
CREATE TABLE samples (id integer not null primary key,
                                       md5, sha1, sha256, filename, type);

Hello, I try to enumerate all basic blocks using the following code:

from pyew import CPyew

def main(f):
    pyew = CPyew(plugins=True, batch=True)
    pyew.loadFile(f)
    ca = pyew._anal
    for _, block in ca.basic_blocks.iteritems():
        for instr in block.instructions:
            print "%s %s" % (instr.mnemonic, instr.operands)
        print '--------------------------------------------'


if __name__ == "__main__":
    if len(sys.argv) == 1:
        print "Usage:", sys.argv[0], "<program file>"
    else:
        main(sys.argv[1])

It get's me basic blocks, but some of them are incorrect because the last instruction in them is not ret, call, jmp and etc. Here the example (here you can see that the last block instruction is mov):