# Copyright (C) 2010-2014 Cuckoo Foundation.# This file is part of Cuckoo Sand

1. # Copyright (C) 2010-2014 Cuckoo Foundation.
2. # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
3. # See the file 'docs/LICENSE' for copying permission.
4.  
5. from lib.common.abstracts import Package
6. from lib.api.process import Process
7. from lib.common.exceptions import CuckooPackageError
8.  
9. class Exe(Package):
10.     """EXE analysis package."""
11.  
12.     def start(self, path):
13.         free = self.options.get("free", False)
14.         args = self.options.get("arguments", None)
15.         dll = self.options.get("dll", None)
16.         suspended = True
17.         if free:
18.             suspended = False
19.  
20.         p = Process()
21.         if not p.execute(path=path, args=args, suspended=suspended):
22.             raise CuckooPackageError("Unable to execute initial process, "
23.                                      "analysis aborted")
24.  
25.         if not free and suspended:
26.             p.inject(dll)
27.             p.resume()
28.             p.close()
29.             return p.pid
30.         else:
31.             return None
32.  
33.     def check(self):
34.         return True
35.  
36.     def finish(self):
37.         if self.options.get("procmemdump", False):
38.             for pid in self.pids:
39.                 p = Process(pid=pid)
40.                 p.dump_memory()
41.  
42.         return True