def restore_x(unique_name, start=here()): if MD5_hash_data_file and os.path.isfile(MD5_hash_data_file): with open(MD5_hash_data_file, "rb") as ifile: received_data = pickle.loads(ifile.read()) saved_data = received_data # (start_addr, end_addr, names, comms, bpts) if unique_name in saved_data: current_data = saved_data[unique_name] # restore names names = current_data[2] for name in names: # names: (rel_addr, name) ida_name.set_name(start + name[0], name[1]) # restore comments # comms: (rel_addr, TYPE, comment) comms = current_data[3] for comm in comms: # 1:MakeComm and 2:MakeRptCmt if comm[1] == 1: MakeComm(start + comm[0], comm[2]) else: MakeRptCmt(start + comm[0], comm[2]) # restore breakpoints # bpts: (rel_addr, size, type) bpts = current_data[4] for bpt in bpts: ida_dbg.add_bpt(start + bpt[0], bpt[1], bpt[2])
def btn_add_next_inst_bpt(self, code=0): """ 给所有断点的下一条指令下断点 """ bpt_list = self.get_all_bpt_list() for bpt in bpt_list: ida_dbg.add_bpt(ida_bytes.next_head(bpt, ida_idaapi.BADADDR), 0, idc.BPT_DEFAULT)
def btn_add_all_vuln_bpt(self, code=0): """添加断点 所有危险函数漏洞地址""" self.add_fast_dict_from_all_vuln_func() for xref_addr_t in reduce(lambda x, y: x + y, self.vuln_func_fast_dict.values()): ida_dbg.add_bpt(xref_addr_t, 0, idc.BPT_DEFAULT) FELogger.info('已添加断点:危险函数漏洞分析(全部)')
def restore_x(unique_name=None, start=None): ea = ida_kernwin.get_screen_ea() # signature if not unique_name: if not start: seg = ida_segment.getseg(ea) start = seg.start_ea sig_bytes = ida_bytes.get_bytes(start, SIGNATURE_SIZE) sig_hash = hashlib.md5(sig_bytes).hexdigest() unique_name = sig_hash if not start: seg = ida_segment.getseg(ea) start = seg.start_ea if MD5_hash_data_file and os.path.isfile(MD5_hash_data_file): with open(MD5_hash_data_file, "rb") as ifile: received_data = pickle.loads(ifile.read()) saved_data = received_data print("dumpDyn::restore\n\ Name: {}\n\ Restore address: {}\n".format(unique_name, hex(start))) # (start_addr, end_addr, names, comms, bpts, funcs) if unique_name in saved_data: current_data = saved_data[unique_name] # restore names names = current_data[2] for name in names: # names: (rel_addr, name, is_code) ida_name.set_name(start + name[0], name[1]) flags = ida_bytes.get_flags(start + name[0]) if name[2] and not ida_bytes.is_code(flags): ida_auto.auto_make_code(start + name[0]) # restore comments # comms: (rel_addr, TYPE, comment) comms = current_data[3] for comm in comms: # 0:MakeComm and 1:MakeRptCmt ida_bytes.set_cmt(start + comm[0], comm[2], comm[1]) # restore breakpoints # bpts: (rel_addr, size, type) bpts = current_data[4] for bpt in bpts: ida_dbg.add_bpt(start + bpt[0], bpt[1], bpt[2]) # restore functions funcs_addr = current_data[5] for addr in funcs_addr: ida_auto.auto_make_proc(start + addr) # make code & func
def setAndDisable(addr): bptEnabled = ida_dbg.check_bpt(addr) if bptEnabled < 0: # no breakpoint, add one #print 'setAndDisable no bpt at %x, add one' % addr ida_dbg.add_bpt(addr) elif bptEnabled == 0: # breakpoint, but not enabled #print 'found bpt at %x, enable it' % addr ida_dbg.enable_bpt(addr, True) else: #print 'breakpoint exists, use it' pass # disable all breakpoints, excempting the one we just set/enabled disabledSet = disableAllBpts(addr) return bptEnabled, disabledSet
def btn_import_all_bpt_addr(self, code=0): """ 导入离线断点 """ cur_workpath = os.getcwd() csv_filepath = os.path.join( cur_workpath, '%s_bpt.csv' % ida_nalt.get_root_filename()) if os.path.exists(csv_filepath): with open(csv_filepath, 'r') as f: next(f) reader = csv.reader(f) for row in reader: ida_dbg.add_bpt(int(row[0], 16), 0, idc.BPT_DEFAULT) FELogger.info("导入断点完成:%s" % csv_filepath) else: FELogger.warn("文件不存在:%s" % csv_filepath)
def btn_add_one_vuln_bpt(self, code=0): """添加断点 某个危险函数漏洞地址""" tgt_t = ida_kernwin.ask_str('', 0, '请输入危险函数名') if tgt_t in SINK_FUNC: if not tgt_t in self.vuln_func_fast_dict: mgr_t = FESinkFuncMgr() xref_list = mgr_t.get_one_func_xref(tgt_t) tag = SINK_FUNC[tgt_t]['tag'] if not xref_list: FELogger.warn("未找到函数%s" % tgt_t) return if tag == FUNC_TAG['PRINTF']: items = printf_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['STRING']: items = str_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['SCANF']: items = scanf_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['SYSTEM']: items = system_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['MEMORY']: items = mem_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) else: FELogger.info("未支持函数%s" % tgt_t) if tgt_t in self.vuln_func_fast_dict: for xref_addr_t in self.vuln_func_fast_dict[tgt_t]: ida_dbg.add_bpt(xref_addr_t, 0, idc.BPT_DEFAULT) FELogger.info('已添加断点:危险函数漏洞分析(%s)' % tgt_t) else: FELogger.warn("未支持函数")
def add_tmp_func(self, info_only=False): """ 添加临时sink函数 info_only: 在添加函数信息的同时是否添加断点 """ input_str = ida_kernwin.ask_text( 0, '', "请输入任意函数名/函数地址,及各参数类型(none, int, str),可输入多行\n例如:\nstrcmp str str") try: rules = [x.strip() for x in input_str.strip().split('\n')] for rule in rules: tgt_t = rule.split(' ')[0].strip() args_rule = [x.strip() for x in rule.split(' ')[1:]] if not tgt_t in self.tmp_func_dict: if tgt_t.startswith('0x'): addr_t = int(tgt_t, 16) addr_hexstr = hexstr(addr_t) CUSTOM_FUNC[addr_hexstr] = {'args_rule': args_rule} self.tmp_func_dict[addr_hexstr] = [addr_t] if info_only == False: ida_dbg.add_bpt(addr_t, 0, idc.BPT_DEFAULT) else: for func_addr_t in idautils.Functions(): func_name_t = ida_funcs.get_func_name(func_addr_t) if func_name_t == tgt_t: CUSTOM_FUNC[func_name_t] = { 'args_rule': args_rule } self.tmp_func_dict[func_name_t] = [] for xref_addr_t in idautils.CodeRefsTo( func_addr_t, 0): self.tmp_func_dict[func_name_t].append( xref_addr_t) if info_only == False: ida_dbg.add_bpt( xref_addr_t, 0, idc.BPT_DEFAULT) else: continue break else: continue else: CUSTOM_FUNC[tgt_t] = {'args_rule': args_rule} for xref_addr_t in self.tmp_func_dict[tgt_t]: if info_only == False: ida_dbg.add_bpt(xref_addr_t, 0, idc.BPT_DEFAULT) else: continue FELogger.info("已添加断点:%s" % rule) except Exception as e: FELogger.info("输入信息有误:%s" % e)
def do_import(): db = {} module = idaapi.get_root_filename().lower() base = idaapi.get_imagebase() file = ida_kernwin.ask_file(0, "x64dbg database|{}".format(get_file_mask()), "Import database") if not file: return print("Importing database {}".format(file)) with open(file) as dbdata: db = json.load(dbdata) count = 0 labels = db.get("labels", []) for label in labels: try: if label["module"] != module: continue ea = int(label["address"], 16) + base name = label["text"] ida_name.set_name(ea, str(name), 0) count += 1 except: pass print("{:d}/{:d} label(s) imported".format(count, len(labels))) count = 0 comments = db.get("comments", []) for comment in comments: try: if comment["module"] != module: continue ea = int(comment["address"], 16) + base name = comment["text"] ida_bytes.set_cmt(ea, str(name), 1) count += 1 except: pass print("{:d}/{:d} comment(s) imported".format(count, len(comments))) count = 0 breakpoints = db.get("breakpoints", []) for breakpoint in breakpoints: try: if breakpoint["module"] != module: continue ea = int(breakpoint["address"], 16) + base bptype = breakpoint["type"] if bptype == BPNORMAL: count += 1 ida_dbg.add_bpt(ea, 1, BPT_DEFAULT) elif bptype == BPHARDWARE: titantype = int(breakpoint["titantype"], 16) hwtype = (titantype >> 4) & 0xF if hwtype == UE_HARDWARE_EXECUTE: hwtype = BPT_EXEC elif hwtype == UE_HARDWARE_WRITE: hwtype = BPT_WRITE elif hwtype == UE_HARDWARE_READWRITE: hwtype = BPT_RDWR else: continue hwsize = titantype & 0xF if hwsize == UE_HARDWARE_SIZE_1: hwsize = 1 elif hwsize == UE_HARDWARE_SIZE_2: hwsize = 2 elif hwsize == UE_HARDWARE_SIZE_4: hwsize = 4 elif hwsize == UE_HARDWARE_SIZE_8: hwsize = 8 else: continue count += 1 ida_dbg.add_bpt(ea, hwsize, hwtype) except: pass print("{:d}/{:d} breakpoint(s) imported".format(count, len(breakpoints))) print("Done!")
def set_breakpoint(self, address): ida_dbg.add_bpt(address)