def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
var_type = ShallowScanVariable.check(hx_view.item)
if var_type == "LOCAL":
variable = hx_view.item.get_lvar() # lvar_t
index = list(hx_view.cfunc.get_lvars()).index(variable)
scanner = ShallowSearchVisitor(hx_view.cfunc, 0, index)
elif var_type == "GLOBAL":
variable = hx_view.item.it.to_specific_type
name = idc.GetTrueName(variable.obj_ea)
tinfo = variable.type
scanner = ShallowSearchVisitor(hx_view.cfunc, 0, global_variable=(name, tinfo))
else:
return
scanner.process()
structure = TemporaryStructureModel()
for field in scanner.candidates:
structure.add_row(field)
tinfo = structure.get_recognized_shape()
if tinfo:
tinfo.create_ptr(tinfo)
if var_type == "LOCAL":
hx_view.set_lvar_type(variable, tinfo)
elif var_type == "GLOBAL":
idaapi.apply_tinfo2(variable.obj_ea, tinfo, idaapi.TINFO_DEFINITE)
hx_view.refresh_view(True)
def ParseAMXNativeInfo():
ida_string = idautils.Strings()
last_native = ""
for string in ida_string:
for native in natives:
if (str(string) == native and last_native != native):
last_native = native
for xref in XrefsTo(string.ea):
offset = xref.frm + 4
for native_addr in XrefsFrom(offset):
# Rename native handler function n_NativeName
idc.MakeNameEx(native_addr.to, "n_" + native,
idc.SN_NOWARN)
# Setup function prototype & automate setting the native's
tinfo = idaapi.tinfo_t()
ida_typeinf.guess_tinfo(native_addr.to, tinfo)
funcdata = idaapi.func_type_data_t()
tinfo.get_func_details(funcdata)
tinfo2 = idaapi.tinfo_t()
tinfo2.get_named_type(idaapi.get_idati(),
"Native" + native + "Params")
tinfo3 = idaapi.tinfo_t()
tinfo3.create_ptr(tinfo2)
if (
len(funcdata)
): # For some reason this is 0 for some natives with params? Not sure why...
funcdata[len(funcdata) - 1].type = tinfo3
function_tinfo = idaapi.tinfo_t()
function_tinfo.create_func(funcdata)
idaapi.apply_tinfo2(native_addr.to, function_tinfo,
idaapi.TINFO_DEFINITE)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
result = self.__extract_rename_info(hx_view.cfunc, hx_view.item)
if result:
func_tinfo, address, arg_index, name = result
helper.set_func_arg_name(func_tinfo, arg_index, name)
idaapi.apply_tinfo2(address, func_tinfo, idaapi.TINFO_DEFINITE)
hx_view.refresh_view(True)
def commit(self):
if self.name_modified:
self.name_modified = False
if self.address:
idaapi.set_name(self.address, self.name)
if self.tinfo_modified:
self.tinfo_modified = False
if self.address:
idaapi.apply_tinfo2(self.address, self.tinfo.get_pointed_object(), idaapi.TINFO_DEFINITE)
def commit(self):
addresses = self.addresses
if self.name_modified:
self.name_modified = False
if len(addresses) == 1:
idaapi.set_name(addresses[0], self.name)
if self.tinfo_modified:
self.tinfo_modified = False
if len(addresses) == 1:
idaapi.apply_tinfo2(addresses[0], self.tinfo.get_pointed_object(), idaapi.TINFO_DEFINITE)
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
result = self.check(hx_view.cfunc, hx_view.item)
if result:
func_tinfo, address, arg_index, name = result
func_data = idaapi.func_type_data_t()
func_tinfo.get_func_details(func_data)
func_data[arg_index].name = name
new_func_tinfo = idaapi.tinfo_t()
new_func_tinfo.create_func(func_data)
idaapi.apply_tinfo2(address, new_func_tinfo, idaapi.TINFO_DEFINITE)
def map_the_var(lhs_var, rhs_var, type_str_, vdui):
if lhs_var == rhs_var:
return False
rhs_type = rhs_var.type()
if lhs_var.accepts_type(rhs_type):
if lhs_var.width < rhs_var.width:
lhs_var, rhs_var = rhs_var, lhs_var
if lhs_var.is_result_var or lhs_var.is_arg_var:
lhs_var, rhs_var = rhs_var, lhs_var
if (lhs_var.is_result_var
or lhs_var.is_arg_var) and (rhs_var.is_result_var
or rhs_var.is_arg_var):
return False
if lhs_var.name == rhs_var.name + "_":
return False
mapping_result = vdui.map_lvar(lhs_var, rhs_var)
size_mismatch = is_size_mismatch(lhs_var, rhs_var)
lhs_type = lhs_var.type()
if not mapping_result:
if not size_mismatch:
print "failed to map %s = %s" % (lhs_var.name, rhs_var.name)
pass
if not lhs_var.has_user_name:
vdui.rename_lvar(lhs_var, rhs_var.name + "_", True)
else:
if rhs_type != lhs_type:
print "%s = %s" % (type_str(
lhs_type, lhs_var.name), type_str(rhs_type, rhs_var.name))
else:
print "%s = %s" % (lhs_var.name, rhs_var.name)
if size_mismatch:
print "lhs: %d rhs: %d" % (lhs_var.width, rhs_var.width)
if lhs_var.width < rhs_var.width:
__int64 = simple_type(5)
if rhs_type == __int64:
cfunc_type = vdui.cfunc.type
unsigned_int = simple_type(0x27)
print "%s swap" % cfunc_type.swap(unsigned_int)
print idaapi.apply_tinfo2(vdui.cfunc.entry_ea, cfunc_type,
idaapi.TINFO_DEFINITE)
else:
print "oh... %s" % rhs_type.dstr()
else:
assert not size_mismatch
if type_str_:
print "rhs was cast from %s" % type_str_
return True
else:
print "incompatible types"
return False
def activate(self, ctx):
vu = idaapi.get_tform_vdui(ctx.form)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
del_arg = vu.item.get_lvar() # lvar_t
function_details.erase(filter(lambda x: x.name == del_arg.name, function_details)[0])
function_tinfo.create_func(function_details)
idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def activate(self, ctx):
vu = idaapi.get_widget_vdui(ctx.widget)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
if function_details.rettype.equals_to(const.VOID_TINFO):
function_details.rettype = idaapi.tinfo_t(const.PVOID_TINFO)
else:
function_details.rettype = idaapi.tinfo_t(idaapi.BT_VOID)
function_tinfo.create_func(function_details)
idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def activate(self, ctx):
vu = idaapi.get_widget_vdui(ctx.widget)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
del_arg = vu.item.get_lvar()
function_details.erase(
[x for x in function_details if x.name == del_arg.name][0])
function_tinfo.create_func(function_details)
idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def fixFuncType(ea):
funcEa = GetFunctionAttr(ea, FUNCATTR_START)
cfunc = idaapi.decompile(funcEa)
old_func_type = idaapi.tinfo_t()
cfunc.get_func_type(old_func_type)
fi = idaapi.func_type_data_t()
if old_func_type.get_func_details(fi):
if (fi.cc == idaapi.CM_CC_SPECIAL) or (
fi.cc == idaapi.CM_CC_SPECIALE) or (fi.cc
== idaapi.CM_CC_SPECIALP):
fi.cc = idaapi.CM_CC_FASTCALL
new_func_type = idaapi.tinfo_t()
new_func_type.create_func(fi)
idaapi.apply_tinfo2(funcEa, new_func_type, idaapi.TINFO_DEFINITE)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
cfunc = hx_view.cfunc
if not self._can_be_scanned(cfunc, hx_view.item):
return
obj = api.ScanObject.create(cfunc, hx_view.item)
tmp_struct = TemporaryStructureModel()
visitor = NewShallowSearchVisitor(cfunc, 0, obj, tmp_struct)
visitor.process()
tinfo = tmp_struct.get_recognized_shape()
if tinfo:
tinfo.create_ptr(tinfo)
if obj.id == api.SO_LOCAL_VARIABLE:
hx_view.set_lvar_type(obj.lvar, tinfo)
elif obj.id == api.SO_GLOBAL_OBJECT:
idaapi.apply_tinfo2(obj.obj_ea, tinfo, idaapi.TINFO_DEFINITE)
hx_view.refresh_view(True)
def activate(self, ctx):
# ctx - action_activation_ctx_t
vu = idaapi.get_tform_vdui(ctx.form)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
convention = idaapi.CM_CC_MASK & function_details.cc
if convention == idaapi.CM_CC_CDECL:
function_details.cc = idaapi.CM_CC_SPECIAL
elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL, idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL):
function_details.cc = idaapi.CM_CC_SPECIALP
elif convention == idaapi.CM_CC_ELLIPSIS:
function_details.cc = idaapi.CM_CC_SPECIALE
else:
return
function_tinfo.create_func(function_details)
idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def _rename_function(self, function_ea, class_name, instance_ptr_ea): # type: (int, str, int) -> None
i = 0
function_name = "%s::__auto%d" % (class_name, i)
while not idc.MakeNameEx(function_ea, function_name, idaapi.SN_NOWARN):
i += 1
function_name = "%s::__auto%d" % (class_name, i)
func_tinfo = idaapi.tinfo_t()
if not idaapi.get_tinfo2(function_ea, func_tinfo):
return
arg_tinfo = idaapi.tinfo_t()
idaapi.get_tinfo2(instance_ptr_ea, arg_tinfo)
func_data = idaapi.func_type_data_t()
func_tinfo.get_func_details(func_data)
func_data[0].type = arg_tinfo
new_func_tinfo = idaapi.tinfo_t()
new_func_tinfo.create_func(func_data)
idaapi.apply_tinfo2(function_ea, new_func_tinfo, idaapi.TINFO_DEFINITE)
def remove_rettype(vu):
if vu.item.citype == idaapi.VDI_FUNC:
# current function
ea = vu.cfunc.entry_ea
old_func_type = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(old_func_type):
return False
elif vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr(
) and vu.item.e.type.is_funcptr():
# call xxx
ea = vu.item.get_ea()
old_func_type = idaapi.tinfo_t()
func = idaapi.get_func(ea)
if func:
try:
cfunc = idaapi.decompile(func)
except idaapi.DecompilationFailure:
return False
if not cfunc.get_func_type(old_func_type):
return False
else:
return False
else:
return False
fi = idaapi.func_type_data_t()
if ea != idaapi.BADADDR and old_func_type.get_func_details(fi):
# Return type is already void
if fi.rettype.is_decl_void():
# Restore ret type
if ea not in ret_type:
return True
ret = ret_type[ea]
else:
# Save ret type and change it to void
ret_type[ea] = fi.rettype
ret = idaapi.BT_VOID
# Create new function info with new rettype
fi.rettype = idaapi.tinfo_t(ret)
# Create new function type with function info
new_func_type = idaapi.tinfo_t()
new_func_type.create_func(fi)
# Apply new function type
if idaapi.apply_tinfo2(ea, new_func_type, idaapi.TINFO_DEFINITE):
return vu.refresh_view(True)
return False
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
ri = self.extract_recast_info(hx_view.cfunc, hx_view.item)
if not ri:
return 0
if isinstance(ri, RecastLocalVariable):
hx_view.set_lvar_type(ri.local_variable, ri.recast_tinfo)
elif isinstance(ri, RecastGlobalVariable):
idaapi.apply_tinfo2(ri.global_variable_ea, ri.recast_tinfo,
idaapi.TINFO_DEFINITE)
elif isinstance(ri, RecastArgument):
if ri.recast_tinfo.is_array():
ri.recast_tinfo.convert_array_to_ptr()
helper.set_func_argument(ri.func_tinfo, ri.arg_idx,
ri.recast_tinfo)
idaapi.apply_tinfo2(ri.func_ea, ri.func_tinfo,
idaapi.TINFO_DEFINITE)
elif isinstance(ri, RecastReturn):
cfunc = helper.decompile_function(ri.func_ea)
if not cfunc:
return 0
func_tinfo = idaapi.tinfo_t()
cfunc.get_func_type(func_tinfo)
helper.set_func_return(func_tinfo, ri.recast_tinfo)
idaapi.apply_tinfo2(cfunc.entry_ea, func_tinfo,
idaapi.TINFO_DEFINITE)
elif isinstance(ri, RecastStructure):
tinfo = idaapi.tinfo_t()
tinfo.get_named_type(idaapi.cvar.idati, ri.structure_name)
ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati,
ri.structure_name)
if ordinal == 0:
return 0
udt_member = idaapi.udt_member_t()
udt_member.offset = ri.field_offset * 8
idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)
if udt_member.offset != ri.field_offset * 8:
print("[Info] Can't handle with arrays yet")
elif udt_member.type.get_size() != ri.recast_tinfo.get_size():
print("[Info] Can't recast different sizes yet")
else:
udt_data = idaapi.udt_type_data_t()
tinfo.get_udt_details(udt_data)
udt_data[idx].type = ri.recast_tinfo
tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
tinfo.set_numbered_type(idaapi.cvar.idati, ordinal,
idaapi.NTF_REPLACE, ri.structure_name)
else:
raise NotImplementedError
hx_view.refresh_view(True)
return 0
def remove_rettype(self, vu):
if vu.item.citype == idaapi.VDI_FUNC:
# current function
ea = vu.cfunc.entry_ea
old_func_type = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(old_func_type):
return False
elif vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr() and vu.item.e.type.is_funcptr():
# call xxx
ea = vu.item.get_ea()
old_func_type = idaapi.tinfo_t()
func = idaapi.get_func(ea)
if func:
try:
cfunc = idaapi.decompile(func)
except idaapi.DecompilationFailure:
return False
if not cfunc.get_func_type(old_func_type):
return False
else:
return False
else:
return False
fi = idaapi.func_type_data_t()
if ea != idaapi.BADADDR and old_func_type.get_func_details(fi):
# Return type is already void
if fi.rettype.is_decl_void():
# Restore ret type
if ea not in self.ret_type:
return True
ret = self.ret_type[ea]
else:
# Save ret type and change it to void
self.ret_type[ea] = fi.rettype
ret = idaapi.BT_VOID
# Create new function info with new rettype
fi.rettype = idaapi.tinfo_t(ret)
# Create new function type with function info
new_func_type = idaapi.tinfo_t()
new_func_type.create_func(fi)
# Apply new function type
if idaapi.apply_tinfo2(ea, new_func_type, idaapi.TINFO_DEFINITE):
return vu.refresh_view(True)
return False
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
result = self.check(hx_view.cfunc, hx_view.item)
if result:
if result[0] == RECAST_LOCAL_VARIABLE:
tinfo, lvar = result[1:]
if hx_view.set_lvar_type(lvar, tinfo):
hx_view.refresh_view(True)
elif result[0] == RECAST_GLOBAL_VARIABLE:
tinfo, address = result[1:]
if idaapi.apply_tinfo2(address, tinfo, idaapi.TINFO_DEFINITE):
hx_view.refresh_view(True)
elif result[0] == RECAST_ARGUMENT:
arg_index, func_tinfo, arg_tinfo, address = result[1:]
func_data = idaapi.func_type_data_t()
func_tinfo.get_func_details(func_data)
func_data[arg_index].type = arg_tinfo
new_func_tinfo = idaapi.tinfo_t()
new_func_tinfo.create_func(func_data)
if idaapi.apply_tinfo2(address, new_func_tinfo,
idaapi.TINFO_DEFINITE):
hx_view.refresh_view(True)
elif result[0] == RECAST_RETURN:
return_type, func_address = result[1:]
try:
cfunc = idaapi.decompile(
func_address) if func_address else hx_view.cfunc
except idaapi.DecompilationFailure:
print "[ERROR] Ida failed to decompile function"
return
function_tinfo = idaapi.tinfo_t()
cfunc.get_func_type(function_tinfo)
func_data = idaapi.func_type_data_t()
function_tinfo.get_func_details(func_data)
func_data.rettype = return_type
function_tinfo.create_func(func_data)
if idaapi.apply_tinfo2(cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE):
hx_view.refresh_view(True)
elif result[0] == RECAST_STRUCTURE:
structure_name, field_offset, new_type = result[1:]
tinfo = idaapi.tinfo_t()
tinfo.get_named_type(idaapi.cvar.idati, structure_name)
ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati,
structure_name)
if ordinal:
udt_member = idaapi.udt_member_t()
udt_member.offset = field_offset * 8
idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET,
udt_member)
if udt_member.offset != field_offset * 8:
print "[Info] Can't handle with arrays yet"
elif udt_member.type.get_size() != new_type.get_size():
print "[Info] Can't recast different sizes yet"
else:
udt_data = idaapi.udt_type_data_t()
tinfo.get_udt_details(udt_data)
udt_data[idx].type = new_type
tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
tinfo.set_numbered_type(idaapi.cvar.idati, ordinal,
idaapi.NTF_REPLACE,
structure_name)
hx_view.refresh_view(True)
