Published on March 11th, 2016 📆 | 3846 Views ⚑0
Binmap — System Scanner
Binmap is a system scanner; it takes a system or system image and walks through all files, looking for programs and libraries and collecting various information such as dependencies, symbols etc. It supports ELF and PE formats.
binmap builds a database of hashes and informations for systems. One of the goal is to provide a kind of warehouse with the database for several systems, and update the databases to track the systems as they evolve. This is very useful when one wants to diff not only a binary but systems as a whole, to see what binaries have changed, which are new or removed. The files produced by binmap could be piped to gpg to ensure some kind of authentication and integrity of the various databases.
System Scanner: Binmap Installation
The following packages are needed:
$ mkdir _build $ cd _build $ cmake .. $ make $ make install
You need Visual Studio installed & ready. Then:
- Install cmake (https://www.cmake.org/cmake/resources/software.html) and make sure it’s in your path.
- Get zlib (https://www.zlib.net/)
- Get boost (get precompiled binaries https://boost.teeks99.com/)
Then run something like the following:
$ cmake -DBoost_DEBUG=ON -G "Visual Studio 12" -DBoost_USE_STATIC_LIBS=ON -DBOOST_ROOT=D:\Programming\Libraries\boost_1_55_0 -DBOOST_LIBRARYDIR=D:\Programming\Libraries\boost_1_55_0\lib32-msvc-12.0 -DZLIB_LIBRARY=D:\Programming\Libraries\zlib-1.2.8 -DZLIB_INCLUDE_DIR=D:\Programming\Libraries\zlib-1.2.8
Using binmap is a two step process:
- Scan a directory, for instance:
$ ./binmap scan -v1 /usr/local -o local.dat
or, if you want to scan an extracted file system and only include references to this chroot:
$ ./binmap scan -v1 --chroot ./extracted_fs -o local.dat
This creates a database containing informations about the binaries that lie in this directory.
- Dump the database to the dot format:
$ ./binmap view -i local.dat -o local.dot
or inspect the database using the Python API described below.