Beispiel #1
0
 def __init__(self):
     self.nn_meta = idaapi.netnode("$ dex_meta")
     self.nn_cmn = idaapi.netnode("$ dex_cmn")
     packed = self.nn_meta.getblob(0, Dex.META_BASEADDRS)
     self.baseaddrs = unpack_eavec(packed, 0)
     self.nn_vars = []
     self.nn_vars.append(idaapi.netnode("$ dex_var"))
     for i in range(2, len(self.baseaddrs) + 1):
         nn_var_name = "$ dex_var%d" % i
         self.nn_vars.append(idaapi.netnode(nn_var_name))
Beispiel #2
0
    def open_proj_creation_dialog(self):
        """Performs sanity checks and pops up a project creation dialog, if applicable."""
        if self.core.client:
            print("[continuum] A project is already opened.")
            return

        if not GetIdbPath():
            print("[continuum] Please load an IDB related to the project first.")
            return

        # Check if auto-analysis is through prior allowing project creation here.
        # This probably isn't intended to be done by plugins, but there there seems to be no
        # official API to check for this that also works when auto-analysis has temporarily
        # been disabled due to an UI action (specifically here: opening menus).
        # I found this netnode by reversing IDA.
        if not idaapi.exist(idaapi.netnode("$ Auto ready")):
            print("[continuum] Please allow auto-analysis to finish first.")
            return

        dialog = ProjectCreationDialog(GetIdbDir())
        chosen_action = dialog.exec_()

        if chosen_action == QDialog.Accepted:
            project = Project.create(dialog.project_path, dialog.file_patterns)
            self.core.open_project(project)
Beispiel #3
0
 def load_from_idb(self):
     node = idaapi.netnode(0x41414141)
     node.create(self.nodename)
     result = node.getblob(0, "D")
     if result:
         self.items = pickle.loads(result)
     return result
Beispiel #4
0
 def _netnode(self):
     node_name = "$ {org:s}.{application:s}.{plugin_name:s}".format(
         org=IDA_SETTINGS_ORGANIZATION,
         application=IDA_SETTINGS_APPLICATION,
         plugin_name=self._plugin_name)
     # namelen: 0, do_create: True
     n = idaapi.netnode(node_name, 0, True)
     return n
Beispiel #5
0
def set_fptrs(d):
    nn = idaapi.netnode('$ mips')

    for ea, target in d.iteritems():
        nn.altset(ea, idc.LocByName(target) + 1)
        idaapi.noUsed(ea)

    return
Beispiel #6
0
def get_meta_netnode():
    """
    Get the netnode used to store settings metadata in the current IDB.
    Note that this implicitly uses the open IDB via the idc iterface.
    """
    node_name = "$ {org:s}.{application:s}".format(
        org=IDA_SETTINGS_ORGANIZATION,
        application=IDA_SETTINGS_APPLICATION)
    # namelen: 0, do_create: True
    return idaapi.netnode(node_name, 0, True)
Beispiel #7
0
 def init(self):
     Print("tracer_plugin_t installed")
     ExTraces = None
     ExTraces = idaapi.netnode("$ ExTraces", 0, False) #Get the execution trace id
     data = ExTraces.getblob(0, 'A')
     if data is None:
         print "This IDB has no TREE Trace. Turn ON TREE Tracer"
         return idaapi.PLUGIN_OK
     else:
         print "This IDB has TREE Trace. Turn OFF TREE Trace"
         return idaapi.PLUGIN_SKIP
Beispiel #8
0
 def init(self):
     self.icon_id = 0
     ExTraces = None
     ExTraces = idaapi.netnode("$ ExTraces", 0, False) #Get the execution trace id
     data = ExTraces.getblob(0, 'A') #Get the execution trace data, use str(data) to convert to data to a str
     if (data is None):
         print "This IDB has no TREE trace. Turn OFF TREE Analyzer"        
         return idaapi.PLUGIN_SKIP
     else:
         print "This IDB has TREE trace in. Turn ON TREE Analyzer!" 
         return idaapi.PLUGIN_OK
Beispiel #9
0
    def __init__(self):
        self.vu = None

        self.node = idaapi.netnode()
        if not self.node.create(NETNODE_NAME):
            # node exists
            self.load()
        else:
            self.stored = []

        return
Beispiel #10
0
def get_fptrs():
    d = {}
    nn = idaapi.netnode('$ mips')

    for fn in idautils.Functions():
        for ea in idautils.FuncItems(fn):
            if not idc.isCode(idaapi.getFlags(ea)):
                continue
            target = nn.altval(ea) - 1
            if target != -1:
                d[ea] = idc.Name(target)

    return d
def revokeAnalysis():
	n = idaapi.netnode("$ initialAnalysis", 0, False)
	
	if (n == idaapi.BADNODE):	return
	
	idx = n.alt1st()
	while idx != idaapi.BADNODE:
		colorize(idx, DEFCOLOR)
		idx = n.altnxt(idx)
	
	n.kill()
	
	idaapi.refresh_idaview_anyway()
Beispiel #12
0
 def get_string_by_index(node, idx, tag):
     if idx is None:
         return None
     val = node.supval(idx, tag)
     # check for long line
     if len(val) == ctypes.sizeof(longname_director_t):
         longname_director = get_struct(val, 0, longname_director_t)
         if longname_director.zero == 0:
             nn = idaapi.netnode(longname_director.node)
             return nn.getblob(0, tag)[:-1]
     if len(val) > 0:
         return val[:-1]
     return ""
Beispiel #13
0
    def req_bps_set(self, hash):
        blob = hash["msg"]
        print ("[-] save .bpcmds")
        node = idaapi.netnode(NETNODE_INDEX)
        if not node:
            print ("[-] failed to open netnode store")
            self.notice_broker("cmd", '"cmd":"    -> failed to save .bpcmds')
            return

        new = node.create(NETNODE_STORE)
        if new == 0:
            print ("    -> creating new netnode store")

        out = node.setblob(str(blob), 0, str(chr(1)))
        self.notice_broker("cmd", '"cmd":"    -> .bpcmds saved"')
        return
Beispiel #14
0
    def __init__(self, options):
        # self.files is a dict() mapping {filename: tag}
        self.num = options['netnode_num']
        self.nnode = idaapi.netnode(self.num)

        # check if we already have an existing files dict() defined
        if self.nnode.getblob(0, "\x01"):
            # if we do, set self.files to it
            self.files = pickle.loads(self.nnode.getblob(0, "\x01"))            
        else:
            # otherwise set it to a dict containing just the \x01 tag reserved
            self.files = {"__internal__" : "\x01"}
            self.nnode.setblob(pickle.dumps(self.files), 0, "\x01")

        self.used = self.files.values()

        return
Beispiel #15
0
    def read_rsds_codeview():
        guid = None
        penode = idaapi.netnode()
        penode.create(peutils_t.PE_NODE)
        fpos = penode.altval(peutils_t.PE_ALT_DBG_FPOS)

        if fpos == 0:
            print "[*] No debug directory"
            return guid

        input_file = idc.GetInputFilePath()
        if not os.path.exists(input_file):
            print "[*] input file not available"
        else:
            with open(input_file, "r") as fd:
                fd.seek(fpos)
                raw = fd.read(0x1C)

                """
                typedef struct _IMAGE_DEBUG_DIRECTORY {
                  DWORD Characteristics;
                  DWORD TimeDateStamp;
                  WORD  MajorVersion;
                  WORD  MinorVersion;
                  DWORD Type;
                  DWORD SizeOfData;
                  DWORD AddressOfRawData;
                  DWORD PointerToRawData;
                } IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
                """
                dbgdir = struct.unpack("LLHHLLLL", raw)
                #  2, IMAGE_DEBUG_TYPE_CODEVIEW
                if not (dbgdir[4] == 2):
                    print "[*] not CODEVIEW data"
                else:
                    fd.seek(dbgdir[7])
                    if not (fd.read(4) == "RSDS"):
                        print "[*] unsupported CODEVIEW information format (%s)" % sig
                    else:
                        d1, d2, d3 = struct.unpack("LHH", fd.read(0x8))
                        d4 = struct.unpack(">H", fd.read(0x2))[0]
                        d5 = binascii.hexlify(fd.read(0x6)).upper()
                        guid = "%08X-%04X-%04X-%04X-%s" % (d1, d2, d3, d4, d5)

        return guid
Beispiel #16
0
    def req_bps_get(self, hash):
        print ("[-] reload .bpcmds")
        node = idaapi.netnode(NETNODE_INDEX)
        if not node:
            print ("[-] failed to open netnode store")
            self.notice_broker("cmd", '"cmd":"no blob"')
            return

        node.create(NETNODE_STORE)
        blob = node.getblob(0, str(chr(1)))

        if not blob:
            print ("  -> no blob")
            self.notice_broker("cmd", '"cmd":"    -> reloading .bpcmds: no blob"')
            return

        self.notice_broker("cmd", '"cmd":"%s"' % blob)
        return
Beispiel #17
0
 def __init__(self,parent):
     QtGui.QMainWindow.__init__(self)
     print "[|] loading AnalyzerWidget"
     self.parent = parent
     self.name = "Taint Analysis"
     path = os.path.join(self.parent.iconPath, "trace.png")
     self.icon = QIcon(path)
     
     #References to qt-specific modules
     self.QtGui = QtGui
     self.QtCore = QtCore
     self.central_widget = self.QtGui.QWidget()
     self.setCentralWidget(self.central_widget)
     self._defineAnalyzeTypes()
     self._definePropEnum()
     self.t_graph = nx.MultiDiGraph()
     self.in_taint_chain = []
     self.ExTraces = idaapi.netnode("$ ExTraces", 0, False) #Get the execution trace id
     self.trace_data = self.ExTraces.getblob(0, 'A') #Get the execution trace data, use str(data) to convert to data to a str
     self._createGui()
Beispiel #18
0
def IsMazeDataInIDB():
    logger = logging.getLogger(__name__)
    logger.info("Checking for maze data in idb...")
    store = idaapi.netnode(Config().idb_store, 0, True)
    return not (store.getblob(0, 'N') is None)
Beispiel #19
0
 def netnode(self, ident):
     return idaapi.netnode(ident)
Beispiel #20
0
 def __init__(self):
     self.__penode = idaapi.netnode()
     self.__penode.create(peutils_t.PE_NODE)
def setEaInfo(ea, info=""):
	n = idaapi.netnode("$ initialAnalysis", 0, True)
	n.set(info)
Beispiel #22
0
def queryIdbNetnode(key):
    n = idaapi.netnode(NETNODE_NAME, len(NETNODE_NAME), True)
    return n.hashval(key)
Beispiel #23
0
def setEaInfo(ea, info=""):
    n = idaapi.netnode("$ initialAnalysis", 0, True)
    n.set(info)
import idaapi

nn = idaapi.netnode("$ kernel")
sc = cpu.rax
cpu.rax = 0
#rather than building a big dict of handlers, this is
#a binary search based on system call #
if sc < 177:
   if sc < 89:
      if sc < 45:
         if sc < 23:
            if sc < 12:
               if sc < 6:
                  if sc < 3:
                     if sc == 0:     #read
                        pass
                     elif sc == 1:   #write
                        pass
                     else:  #2, open
                        msg("open(\"%s\", 0x%x, 0x%x)\n" % (idaapi.get_strlit_contents(cpu.rdi, -1, STRTYPE_C), cpu.rsi, cpu.rdx))
                        cpu.rax = 3
                  elif sc > 3:
                     if sc == 4: #stat
                        pass
                     else:   #5, fstat
                        idaapi.patch_dword(cpu.rsi, 0x4000)
                        idaapi.patch_qword(cpu.rsi + 0x20, 0x1000)
                  else:  #3, close
                     pass
               elif sc > 6:
                  if sc < 9:
Beispiel #25
0
def load_file(li, netflags, format):
    nsis = nsisfile.NSIS.from_path(idaapi.get_input_file_path())

    # Create NSIS netnode.
    nsis_netnode = idaapi.netnode("$ NSIS", 0, True)
    nsis_netnode.hashset("VERSION_MAJOR", nsis.version_major)
    nsis_netnode.hashset("VERSION_MINOR", nsis.version_minor)

    # Create blocks segments.
    for name, n, sclass in BLOCKS:
        offset = nsis.header.blocks[n].offset
        if offset == 0:
            continue
        content = nsis.block(n)
        # Create block segment
        seg = idaapi.segment_t()
        seg.startEA = offset
        seg.endEA = offset + len(content)
        idaapi.add_segm_ex(seg, name, sclass, 0)
        idaapi.mem2base(content, offset)

    # Add one virtual segment to hold variables.
    var_seg = idaapi.segment_t()
    var_start = align(nsis.size())
    var_seg.startEA = var_start
    var_seg.endEA = var_start + 0x1000  # Size chosen arbitrarily, should be enough.
    idaapi.add_segm_ex(var_seg, "VARS", "BSS", 0)
    # Create standard vars.
    for i, v in enumerate(nrs.strings.SYSVAR_NAMES.values()):
        idaapi.do_name_anyway(var_seg.startEA + i + 20, "$" + v)

    code_base = nsis.header.blocks[fileform.NB_ENTRIES].offset
    # Create sections functions.
    for i, section in enumerate(nsis.sections):
        if section.code == PTR_NONE:
            continue
        name = nsis.get_string(section.name_ptr)
        if not name:
            name = "_section" + str(i)
        ea = code_base + nrs.entry_to_offset(section.code)
        cname = canonize_name(name)
        AddEntryPoint(ea, ea, cname, 1)

    # Mark pages handlers.
    for i, page in enumerate(nsis.pages):
        for fn in ["prefunc", "showfunc", "leavefunc"]:
            addr = getattr(page, fn)
            if addr != PTR_NONE:
                name = "_page_{}_{}".format(i, fn)
                ea = code_base + nrs.entry_to_offset(addr)
                AddEntryPoint(ea, ea, name, 1)

    # Mark installer handlers.
    for event in [
        "Init",
        "InstSuccess",
        "InstFailed",
        "UserAbort",
        "GUIInit",
        "GUIEnd",
        "MouseOverSection",
        "VerifyInstDir",
        "SelChange",
        "RebootFailed",
    ]:
        addr = getattr(nsis.header, "code_on" + event)
        if addr != PTR_NONE:
            name = "_on" + event
            ea = code_base + nrs.entry_to_offset(addr)
            AddEntryPoint(ea, ea, name, 1)

    # Create strings.
    """
    strings_data = nsis.block(fileform.NB_STRINGS)
    strings_off = nsis.header.blocks[fileform.NB_STRINGS].offset
    i = 0
    while i < len(strings_data):
        decoded_string, length = \
            nrs.strings.decode(strings_data, i, nsis.version_major)
        decoded_string = str(decoded_string)
        string_name = canonize_name(decoded_string)
        idaapi.make_ascii_string(strings_off + i, length, ASCSTR_C)
        idaapi.set_cmt(strings_off + i, decoded_string, True)
        idaapi.do_name_anyway(strings_off + i, string_name)
        i += length
    #"""

    # Set processor to nsis script.
    SetProcessorType("nsis", SETPROC_ALL | SETPROC_FATAL)
    return 1
Beispiel #26
0
 def __init__(self, netnode_name=OUR_NETNODE):
     self._netnode_name = netnode_name
     # self._n = idaapi.netnode(netnode_name, namelen=0, do_create=True)
     self._n = idaapi.netnode(netnode_name, 0, True)
from client import Client
from config import config
from comments import comments, comments_extra, NoChange


ida_reserved_prefix = (
    'sub_', 'locret_', 'loc_', 'off_', 'seg_', 'asc_', 'byte_', 'word_',
    'dword_', 'qword_', 'byte3_', 'xmmword_', 'ymmword_', 'packreal_',
    'flt_', 'dbl_', 'tbyte_', 'stru_', 'custdata_', 'algn_', 'unk_',
)

fhash = None
auto_wait = False
client = Client(**config)
netnode = idaapi.netnode()
NETNODE_NAME = '$ revsync-fhash'

hook1 = hook2 = hook3 = None

### Helper Functions

def cached_fhash():
    return netnode.getblob(0, 'I').decode('ascii')

def read_fhash():
    filename = idaapi.get_root_filename()
    if filename is None:
        return None
    with open(filename, 'rb') as f:
        return hashlib.sha256(f.read()).hexdigest().upper()
Beispiel #28
0
 def save_to_idb(self):
     node = idaapi.netnode(0x41414141)
     node.create(self.nodename)
     node.setblob(pickle.dumps(self.items), 0, "D")
Beispiel #29
0
def is_switch_insn(ea):
    '''ea_t -> bool'''
    IM_SWITCH = 3  # IDA doesn't export this to python; hope it doesn't change!
    nn = idaapi.netnode('$ ignore micro')
    return nn.charval(ea, 0) == IM_SWITCH
Beispiel #30
0
 def __init__(self, cfunc):
     idaapi.ctree_visitor_t.__init__(self, idaapi.CV_PARENTS)
     self.cfunc = cfunc
     self.node = idaapi.netnode()
     self.clear_struct_xrefs()
     self.xrefs = {}
Beispiel #31
0
def setIdbNetnode(key, value):
    n = idaapi.netnode(NETNODE_NAME, len(NETNODE_NAME), True)
    return n.hashset(key, value)
Beispiel #32
0
 def kill(self):
     self._n.kill()
     self._n = idaapi.netnode(self._netnode_name, 0, True)
Beispiel #33
0
 def __init__(self, name):
     self.netn = idaapi.netnode(str(name), 0, True)
Beispiel #34
0
 def __init__(self, name):
     node = idaapi.netnode(name, 0, True)
Beispiel #35
0
 def read_rsds_pdb():
     penode = idaapi.netnode()
     PE_SUPSTR_PDBNM = idautils.peutils_t.PE_ALT_DBG_FPOS - 8
     penode.create(idautils.peutils_t.PE_NODE)
     pdbname = penode.supstr(PE_SUPSTR_PDBNM, 'S')
     return pdbname