def format_mem(results, append=True):
global scroll
regs, stack = results
int_size = 4 if get_bits() else 8
string = copy(style[0])
string += "<div>"
string += "".join(
(i + " " * (4 - len(i)) + parse_mem(mem) + "\n") + "<br>"
for i, mem in regs)
string = string[:-4]
string += "</div>"
form.textEdit.clear()
form.textEdit.insertHtml(string)
string = copy(style[0])
string += "<div>"
string += "".join(
(cPrint("red", ("RSP" if int_size == 8 else "ESP") +
"+%s " % "{:03x}".format(i)) + parse_mem(mem)) + "<br>"
for i, mem in stack)
string += "</div>"
form.textEdit_2.clear()
form.textEdit_2.insertHtml(string)
offset = GetFuncOffset(get_rg("RIP" if int_size == 8 else "EIP"))
if append:
form.listWidget.addItem(offset if offset else hex(
cpu.rip if int_size == 8 else cpu.eip).replace("L", ""))
scroll = True
def do_cmd():
int_size = 4 if get_bits() else 8
cmd = form.lineEdit.text()
form.textEdit.append(copy(style) + "<span>▶ " + cmd +"</span><br>")
match_read = match(r"(x\\|x)([0-9]*) *(.*)", cmd)
match_search = match(r"searchmem *(.*)", cmd)
match_step = match(r"si", cmd)
match_continue = match(r"c|r", cmd)
if match_read:
length = to_int(match_read.group(2))
addr = to_int(match_read.group(3))
get(addr, int_size, length)
elif match_search:
cmd = match_search.group(1)
if cmd[0] == "\"" and cmd[-1] == "\"":
cmd = cmd[1:-1]
find(str(cmd), int_size)
elif match_step:
step_into()
elif match_continue:
continue_process()
def rewind(warning=True):
if warning and config["show_rewind_warning"]:
ea_warning(
"Rewind will restore programme state in the scope of the context shown by EA View.\n"
"Changes made outside this scope (eg. heap, data sections) will not be restored. Continue?",
buttons=(("Yes", lambda: rewind(warning=False), True), ("No", None,
True)),
checkboxes=(("Don't show this warning again", set_warning_display,
False), ))
return
regs, stack = states[form.listWidget.currentRow()]
for i, v in regs:
v = v[0][v[0].find("0x") + 2:]
end = v.find("<")
v = int(v[:end] if end != -1 else v, 16)
set_rg(i, v)
rsp = get_rg("RSP" if get_bits() == 8 else "ESP")
stack_mem = ""
for i, v in stack:
v = v[1][v[1].find("0x") + 2:]
end = v.find("<")
v = "".join(reversed((v[:end] if end != -1 else v).decode("HEX")))
stack_mem += v
dbg_write_memory(rsp, stack_mem)
def do_cmd():
int_size = 4 if get_bits() else 8
cmd = form.lineEdit.text()
form.textEdit.append(copy(style) + "<span>▶ " + cmd +"</span><br>")
match_read = match(r"(x\\|x)([0-9]*) *(.*)", cmd)
match_search = match(r"searchmem *(.*)", cmd)
match_step = match(r"step|si", cmd)
match_continue = match(r"continue|c", cmd)
match_run = match(r"run|r", cmd)
match_finish = match(r"finish|fini", cmd)
match_break = match(r"(break|b) *(.*)", cmd)
match_delete = match(r"(delete|delet|del) *(.*)", cmd)
if match_read:
length = to_int(match_read.group(2))
addr = to_int(match_read.group(3))
get(addr, int_size, length)
elif match_search:
cmd = match_search.group(1)
if cmd[0] == "\"" and cmd[-1] == "\"":
cmd = cmd[1:-1]
find(str(cmd), int_size)
elif match_step:
step_into()
elif match_finish:
step_until_ret()
elif match_continue:
continue_process()
elif match_break:
add_bp(to_int(match_break.group(2)))
elif match_delete:
del_bpt(to_int(match_delete.group(2)))
elif match_run:
if get_process_state() != 0:
StopDebugger()
# TODO: find way to asynchronously restart debugger without crashing IDA
# a_sync(restart)
else:
ProcessUiAction("ProcessStart")
def send(addr=None, code=None):
if not addr:
addr = get_rg("RIP")
code = dbg_read_memory(addr & 0xfffffffffffff000, 0x1000)
flags = None
bp = bpt_t()
if get_bpt(addr, bp):
flags = bp.flags
bp.flags = 2
update_bpt(bp)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
s.send(dumps(("emu", (addr, code, get_bits()))))
error = False
while True:
data = s.recv(BUFFER_SIZE)
if not data: break
func, args = loads(data)
if func == "result":
break
if func == "error":
print args
error = True
break
s.send(dumps(globals()[func](*args)))
s.close()
if flags:
bp.flags = flags
update_bpt(bp)
if not error:
for c, v in args.items():
v = [i for i in v if i[0] not in ("rip", "eip")]
if v:
comment = GetCommentEx(c, 0)
annotation = " ".join(a + "=" + hex(b).replace("L", "")
for a, b in v)
if comment and "e:" in comment:
comment = comment[:comment.find("e:")].strip(" ")
MakeComm(c, (comment if comment else "").ljust(10) + " e: " +
annotation)
def deref_mem():
results = [[], []]
int_size = 4 if get_bits() else 8
for i, reg in [(i, getattr(cpu, i)) for i in registers]:
regions = []
get_mem_recursive(reg, regions, int_size=int_size)
results[0].append((i, regions))
for i in range(0, config["stack_display_length"]):
regions = []
get_mem_recursive(cpu.rsp + (i*int_size), regions, int_size=int_size)
results[1].append((i*int_size, regions))
return results
def deref_mem():
results = [[], []]
int_size = 4 if get_bits() else 8
for i, reg in [(i, getattr(cpu, i.strip(" "))) for i in registers]:
regions = []
get_mem_recursive(reg, regions, int_size=int_size)
results[0].append((i, regions))
for i in range(0, 100, 4):
regions = []
get_mem_recursive(cpu.rsp + i, regions, int_size=int_size)
results[1].append((i, regions))
return results
def do_cmd():
int_size = 4 if get_bits() else 8
cmd = form.lineEdit.text()
form.textEdit.append(copy(style) + "<span>▶ " + cmd + "</span><br>")
match_read = match(r"(x\\|x)([0-9]*) *(.*)", cmd)
match_search = match(r"searchmem *(.*)", cmd)
match_step = match(r"si", cmd)
match_continue = match(r"continue|run|c|r", cmd)
match_finish = match(r"finish|fini", cmd)
match_break = match(r"(break|b) *(.*)", cmd)
match_delete = match(r"(delete|delet|del) *(.*)", cmd)
if match_read:
length = to_int(match_read.group(2))
addr = to_int(match_read.group(3))
get(addr, int_size, length)
elif match_search:
cmd = match_search.group(1)
if cmd[0] == "\"" and cmd[-1] == "\"":
cmd = cmd[1:-1]
find(str(cmd), int_size)
elif match_step:
step_into()
elif match_finish:
step_until_ret()
elif match_continue:
continue_process()
elif match_break:
add_bp(to_int(match_break.group(2)))
elif match_delete:
del_bpt(to_int(match_delete.group(2)))
def deref_mem():
results = [[], []]
int_size = 4 if get_bits() else 8
for i, reg in [(i, get_rg(i))
for i in (x64_registers if int_size == 8 else x86_registers)
]:
regions = []
get_mem_recursive(reg, regions, int_size=int_size)
results[0].append((i, regions))
for i in range(0, config["stack_display_length"]):
regions = []
get_mem_recursive(get_rg("RSP" if int_size == 8 else "ESP") +
(i * int_size),
regions,
int_size=int_size)
results[1].append((i * int_size, regions))
return results
def send(addr=None, code=None):
if get_process_state() != -1:
ea_warning("Process must be paused/suspended")
else:
if not addr:
flags = None
addr = get_rg("RIP")
bp = get_bp(addr, False)
if bp:
flags = bp.flags
bp.flags = 2
update_bpt(bp)
code = dbg_read_memory(addr & 0xfffffffffffff000, 0x1000)
if flags:
bp.flags = flags
update_bpt(bp)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((TCP_IP, TCP_PORT))
except socket.error:
launch_server()
sleep(0.5)
s.connect((TCP_IP, TCP_PORT))
s.send(dumps(("emu", (addr, code, get_bits(), server_print))))
error = False
while True:
data = s.recv(BUFFER_SIZE)
if not data: break
func, args = loads(data)
if func == "result":
break
if func == "error":
ea_warning(args)
error = True
break
s.send(dumps(globals()[func](*args)))
s.close()
if not error and annotate:
rip = get_rg("RIP")
if rip in args:
del args[rip]
for c, v in args.items():
v = [i for i in v if i[0] not in ("rip", "eip")]
comment = GetCommentEx(c, 0)
if v:
annotation = " ".join(a + "=" + hex(b).replace("L", "")
for a, b in v)
if comment and "e:" in comment:
comment = comment[:comment.find("e:")].strip(" ")
MakeComm(c, (comment if comment else "").ljust(10) +
" e: " + annotation)
else:
if comment and "e:" in comment:
comment = comment[:comment.find("e:")].strip(" ")
MakeComm(c, (comment if comment else "").ljust(10) +
" e: " + "No reg changes")
form.listWidget_3.itemClicked.connect(select_bin)
form.listWidget_2.itemClicked.connect(
lambda x: select_chunk(x, chunkmap))
form.listWidget_4.itemClicked.connect(
lambda x: select_chunk(x, chunkmap_2))
form.pushButton_2.clicked.connect(
lambda: set_config(False))
form.pushButton.clicked.connect(get_malloc_state)
form.checkBox.stateChanged.connect(
lambda x: (add_bp(malloc_addr, 10), hook.hook())
if x else (add_bp(malloc_addr, 2), hook.unhook()))
get_malloc_state()
chunk_template = read(root_dir + "chunk_template.html")
int_size = 4 if get_bits() else 8
main_arena_offset, malloc_offset = config[
"libc_offsets"][:2] if int_size == 4 else config["libc_offsets"][2:]
chunkmap = {}
chunkmap_2 = {}
binmap = {}
form = None
a = None
b = None
hook = None
base_addr = None
main_arena_addr = None
malloc_addr = None
