CUCKOO Sandbox Source Code Analysis(Chapter 2)

in just •  4 years ago 

We continue from the previous article (https://steemit.com/just/@bzd/cuckoo-sandbox-source-code-analysis-chapter-1 ),for those who are interested Continue reading,Ok,let's go!!!

class ResultServer

Constructors
def __init__(self):
It is mainly used for data transfer with the client host.
# Get the information from the cuckoo.conf configuration file
ip = config("cuckoo:resultserver:ip")
port = config("cuckoo:resultserver:port")
pool_size = config('cuckoo:resultserver:pool_size')

# Bind the port
# gevent official description.
# gevent is a concatenation-based Python networking library that uses greenlet to provide a high-level synchronization API on top of the libev or libuv event loop
sock = gevent.socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind((ip, port))

# http service
self.thread = threading.Thread(target=self.create_server,
args=(sock, pool_size))
self.thread.daemon = True
self.thread.start()

Next is create_server()
create_server creates an http service, providing a channel for the client side to communicate with the host. create_server uses GeventResultServerWorker, a class that inherits from gevent.server.StreamServer(http server )
截屏2020-12-31下午2.46.51.png

Scheduler class, responsible for task scheduling

After cuckoo_main executes ResultServer(), initialize Scheduler, max analysis count is set by max_analysis_count

initialize function
截屏2020-12-31下午3.03.09.png

start function
# Key code sections
# Omitted code, including: output of errors, output of debug messages,
# and the use of semaphores and locks to synchronize the running of the virtual machine.
# The above function, which initializes the virtual machine software (virtualbox , vmware, xenserver)
self.initialize()

# Check if the host has enough space
# Only Linux is currently implemented
截屏2020-12-31下午3.15.33.png

# Select the appropriate virtual machine for each task to be executed, the idle state, and the web interface to select the appropriate virtual machine for the sample execution.
截屏2020-12-31下午3.16.14.png

# After receiving, start the analysis, start the virtual machine
截屏2020-12-31下午3.17.58.png

To be continued。。。

just cuckoo
4 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$32.02
  • Past Payouts $32.02
  • - Author $16.01
  • - Curators $16.01
5 votes
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!