Beispiel #1
0
 def type_one_function(self, tinfo_map):
     fn_name = GetFunctionName(here())
     if not fn_name:
         print "you're not in a function lol"
         return
     if fn_name not in tinfo_map:
         print "I don't know of this %s" % fn_name
         return
     tinfo, fields = tinfo_map[fn_name]
     fn_loc = LocByName(fn_name)
     current_tinfo_ = GetTinfo(fn_loc)
     packed = self.unparse_tinfo(tinfo)
     if current_tinfo_ is not None:
         current_tinfo, current_fields = current_tinfo_
         if packed == current_tinfo and fields == current_fields:
             print "already the same"
             return
     ret = ApplyType(fn_loc, (packed, fields))
     if ret:
         print "success: %#x %s" % (fn_loc, fn_name)
         open_pseudocode(fn_loc, False)
     else:
         print "failed :("
         print fn_name
         print packed.encode("string_escape")
         print fields.encode("string_escape")
Beispiel #2
0
    def activate(self, ctx):
        hx_view = idaapi.get_widget_vdui(ctx.widget)
        if not self.check(hx_view):
            return

        data = []
        offset = hx_view.item.e.m
        struct_type = idaapi.remove_pointer(hx_view.item.e.x.type)
        ordinal = helper.get_ordinal(struct_type)
        result = struct_xrefs.XrefStorage().get_structure_info(ordinal, offset)
        for xref_info in result:
            data.append([
                idaapi.get_short_name(xref_info.func_ea) + "+" + hex(int(xref_info.offset)),
                xref_info.type,
                xref_info.line
            ])

        field_name = helper.get_member_name(struct_type, offset)
        chooser = forms.MyChoose(
            data,
            "Cross-references to {0}::{1}".format(struct_type.dstr(), field_name),
            [["Function", 20 | idaapi.CHCOL_PLAIN],
             ["Type", 2 | idaapi.CHCOL_PLAIN],
             ["Line", 40 | idaapi.CHCOL_PLAIN]]
        )
        idx = chooser.Show(True)
        if idx == -1:
            return

        xref = result[idx]
        idaapi.open_pseudocode(xref.func_ea + xref.offset, False)
    def handle(self, event, *args):
        hx_view = args[0]
        item = hx_view.item
        if item.citype == idaapi.VDI_EXPR and item.e.op in (idaapi.cot_memptr, idaapi.cot_memref):
            # Look if we double clicked on expression that is member pointer. Then get tinfo_t of  the structure.
            # After that remove pointer and get member name with the same offset
            if item.e.x.op == idaapi.cot_memref and item.e.x.x.op == idaapi.cot_memptr:
                vtable_tinfo = item.e.x.type.get_pointed_object()
                method_offset = item.e.m
                class_tinfo = item.e.x.x.x.type.get_pointed_object()
                vtable_offset = item.e.x.x.m
            elif item.e.x.op == idaapi.cot_memptr:
                vtable_tinfo = item.e.x.type
                if vtable_tinfo.is_ptr():
                    vtable_tinfo = vtable_tinfo.get_pointed_object()
                method_offset = item.e.m
                class_tinfo = item.e.x.x.type.get_pointed_object()
                vtable_offset = item.e.x.m
            else:
                func_offset = item.e.m
                struct_tinfo = item.e.x.type.get_pointed_object()
                func_ea = helper.choose_virtual_func_address(helper.get_member_name(struct_tinfo, func_offset))
                if func_ea:
                    idaapi.jumpto(func_ea)
                return 0

            func_name = helper.get_member_name(vtable_tinfo, method_offset)
            func_ea = helper.choose_virtual_func_address(func_name, class_tinfo, vtable_offset)
            if func_ea:
                idaapi.open_pseudocode(func_ea, 0)
                return 1
    def open_function(self):
        addresses = self.addresses
        if len(addresses) > 1:
            address = Helper.choose_virtual_func_address(self.name)
        elif len(addresses) == 1:
            address = addresses[0]
        else:
            return

        if idaapi.decompile(address):
            idaapi.open_pseudocode(address, 0)
        else:
            idaapi.jumpto(address)
Beispiel #5
0
    def activated(self, index):
        # Double click on offset, opens window with variables
        if index.column() == 0:
            item = self.items[index.row()]
            scanned_variables = list(item.scanned_variables)
            variable_chooser = MyChoose(
                [x.to_list() for x in scanned_variables], "Select Variable",
                [["Origin", 4], ["Function name", 25], ["Variable name", 25],
                 ["Expression address", 10]])
            row = variable_chooser.Show(modal=True)
            if row != -1:
                idaapi.open_pseudocode(
                    scanned_variables[row].expression_address, 0)

        # Double click on type. If type is virtual table than opens windows with virtual methods
        elif index.column() == 1:
            self.items[index.row()].activate(self)
Beispiel #6
0
 def jump(self, data):
     j = data['address'].split(" : ")
     ea = idaapi.get_name_ea(idc.BADADDR, j[0])
     ln = int(j[1])
     print "JUMPTO", j, ea, ln
     ui = idaapi.open_pseudocode(ea, False)
     (pl, x, y) = idaapi.get_custom_viewer_place(ui.ct, False)
     pl2 = idaapi.place_t_as_simpleline_place_t(pl.clone())
     pl2.n = ln
     idaapi.jumpto(ui.ct, pl2, 0, y)
Beispiel #7
0
    def show_virtual_functions(self):
        function_chooser = MyChoose([
            function.get_information() for function in self.virtual_functions
        ], "Select Virtual Function", [["Address", 10], ["Name", 15],
                                       ["Declaration", 45]], 13)
        function_chooser.OnGetIcon = lambda n: 32 if self.virtual_functions[
            n].visited else 160
        function_chooser.OnGetLineAttr = \
            lambda n: [0xd9d9d9, 0x0] if self.virtual_functions[n].visited else [0xffffff, 0x0]

        # Very nasty, but have no time to make nice QT window instead Ida Choose2 menu.
        # This function creates menu "Scan All"
        function_chooser.popup_names = ["Scan All", "-", "Scan", "-"]
        function_chooser.OnInsertLine = self.scan_virtual_functions
        function_chooser.OnEditLine = self.scan_virtual_function

        idx = function_chooser.Show(True)
        if idx != -1:
            self.virtual_functions[idx].visited = True
            idaapi.open_pseudocode(int(self.virtual_functions[idx]), 1)
Beispiel #8
0
        def Show(self):
            widget = idaapi.get_current_widget()
            if idaapi.get_widget_title(widget) != self.title:
                if idaapi.get_widget_type(widget) != idaapi.BWN_PSEUDOCODE:
                    pseudo_view = idaapi.open_pseudocode(self.ea, 1)
                    pseudo_view.refresh_view(1)
                    widget = pseudo_view.toplevel
                pseudo_title = idaapi.get_widget_title(widget)

                idaapi.display_widget(self.GetWidget(),
                                      idaapi.PluginForm.WOPN_DP_TAB | idaapi.PluginForm.WOPN_RESTORE)
                idaapi.set_dock_pos(self.title, pseudo_title, idaapi.DP_RIGHT)
    def handle(self, event, *args):
        hx_view = args[0]  #vdui_t
        item = hx_view.item  # ctree_item_t #cursor item .e - expression, x - first operand
        if item.citype == idaapi.VDI_EXPR and item.e.op in (idaapi.cot_memptr,
                                                            idaapi.cot_memref):
            if item.e.x.op == idaapi.cot_memptr:
                print("2")
                vtable_tinfo = item.e.x.type
                if vtable_tinfo.is_ptr():
                    vtable_tinfo = vtable_tinfo.get_pointed_object()
                method_offset = item.e.m
                class_tinfo = item.e.x.x.type.get_pointed_object()
                vtable_offset = item.e.x.m

                #func_name = get_member_name(vtable_tinfo, method_offset)
                name = str(vtable_tinfo)
                #print(type(vtable_tinfo))
                sid = idc.get_name_ea_simple(name)
                #print(sid)

                if sid == idaapi.BADADDR:
                    print("[ERROR] struct {} not found".format(name))
                    return 1

                xrefs = [x for x in idautils.XrefsTo(sid)]
                if len(xrefs) == 0:
                    print(
                        "[ERROR] xrefs to {} not found, please set type in ida view"
                        .format(name))
                    return 1
                #print(xrefs[0], hex(xrefs[0].frm), method_offset)

                func_ea = read_ptr(xrefs[0].frm + method_offset)
                #print(xrefs[0], hex(xrefs[0].frm), method_offset, xrefs[0].frm + method_offset, hex(func_ea))
                if func_ea:
                    idaapi.open_pseudocode(func_ea, 0)
                    return 0

            return 1
Beispiel #10
0
    def apply_type(self, tinfo):
        if not self._applicable:
            return

        hx_view = idaapi.open_pseudocode(self.func_ea, -1)
        if hx_view:
            logger.debug("Applying tinfo to variable {0} in function {1}".format(self.name, self.function_name))
            # Finding lvar of new window that have the same name that saved one and applying tinfo_t
            lvar = [x for x in hx_view.cfunc.get_lvars() if x == self.__lvar]
            if lvar:
                logger.debug("Successful")
                hx_view.set_lvar_type(lvar[0], tinfo)
            else:
                logger.warn("Failed to find previously scanned local variable {} from {}".format(
                    self.name, helper.to_hex(self.expression_address)))
Beispiel #11
0
    def apply_type(self, tinfo):
        """ Finally apply Class'es tinfo to this variable """

        if self.applicable:
            hx_view = idaapi.open_pseudocode(self.function.entry_ea, -1)
            if hx_view:
                print "[Info] Applying tinfo to variable {0} in function {1}".format(
                    self.lvar.name,
                    idaapi.get_short_name(self.function.entry_ea))
                # Finding lvar of new window that have the same name that saved one and applying tinfo_t
                lvar = filter(lambda x: x == self.lvar,
                              hx_view.cfunc.get_lvars())
                if lvar:
                    print "+++++++++++"
                    hx_view.set_lvar_type(lvar[0], tinfo)
                else:
                    print "-----------"
Beispiel #12
0
    def retrieve_function_callback(self, __, ea=None):
        if not self.check_before_use():
            return
        funcset_ids = [self.funcset] if not self.cfg['usepublic'] else None
        func_ea = idaapi.get_screen_ea() if ea is None else ea
        func_name = idaapi.get_func_name(func_ea)
        targets = self.retrieve_function(func_ea, self.cfg['topk'],
                                         funcset_ids)
        succ, skip, fail = 0, 0, 0
        if targets is None:
            print("[{}] {} failed because get function feature error".format(
                self.name, func_name))
            fail += 1
        else:
            if not (self.cview and self.cview.is_alive()):
                self.cview = SourceCodeViewer(self.name)
                # CDVF_STATUSBAR 0x04, keep the status bar in the custom viewer
                idaapi.set_code_viewer_is_source(
                    idaapi.create_code_viewer(self.cview.GetWidget(), 0x4))
            self.cview.set_user_data(func_ea, targets)

            widget = idaapi.get_current_widget()
            if idaapi.get_widget_title(widget) == self.name:
                skip += 1
            else:
                if idaapi.get_widget_type(widget) != idaapi.BWN_PSEUDOCODE:
                    pseudo_view = idaapi.open_pseudocode(func_ea, 1)
                    pseudo_view.refresh_view(1)
                    widget = pseudo_view.toplevel
                pseudo_title = idaapi.get_widget_title(widget)

                idaapi.display_widget(
                    self.cview.GetWidget(), idaapi.PluginForm.WOPN_DP_TAB
                    | idaapi.PluginForm.WOPN_RESTORE)
                idaapi.set_dock_pos(self.name, pseudo_title, idaapi.DP_RIGHT)
                succ += 1
        print(
            "[{}] {} functions successfully retrieved, {} functions failed, {} functions skipped"
            .format(self.name, succ, fail, skip))
Beispiel #13
0
 def double_clicked(self, row, column):
     
     ea = self.functions[row]
     idaapi.open_pseudocode(ea, True)
     
     return
Beispiel #14
0
 def show_location(self):
     idaapi.open_pseudocode(self.address, 1)
def DeepDecompileFn(fn, depth, hx_view = None):
    inPseudocode = hx_view and 1 or 0
    for func in get_called_functions_recursive(fn, depth):
        idaapi.decompile(func)
    idaapi.open_pseudocode(fn, inPseudocode)
def hexrays_events_callback(*args):
    global potential_negatives

    hexrays_event = args[0]

    if hexrays_event == idaapi.hxe_populating_popup:
        form, popup, hx_view = args[1:]
        item = hx_view.item  # current ctree_item_t

        if Actions.RecastItemRight.check(hx_view.cfunc, item):
            idaapi.attach_action_to_popup(form, popup, Actions.RecastItemRight.name, None)

        if Actions.RecastItemLeft.check(hx_view.cfunc, item):
            idaapi.attach_action_to_popup(form, popup, Actions.RecastItemLeft.name, None)

        if Actions.RenameOther.check(hx_view.cfunc, item):
            idaapi.attach_action_to_popup(form, popup, Actions.RenameOther.name, None)

        if Actions.RenameInside.check(hx_view.cfunc, item):
            idaapi.attach_action_to_popup(form, popup, Actions.RenameInside.name, None)

        if Actions.RenameOutside.check(hx_view.cfunc, item):
            idaapi.attach_action_to_popup(form, popup, Actions.RenameOutside.name, None)

        if hx_view.item.get_lvar() and Helper.is_legal_type(hx_view.item.get_lvar().type()):
            idaapi.attach_action_to_popup(form, popup, Actions.ShallowScanVariable.name, None)
            idaapi.attach_action_to_popup(form, popup, Actions.DeepScanVariable.name, None)
            idaapi.attach_action_to_popup(form, popup, Actions.RecognizeShape.name, None)

        if item.citype == idaapi.VDI_FUNC:
            # If we clicked on function
            if not hx_view.cfunc.entry_ea == idaapi.BADADDR:  # Probably never happen
                idaapi.attach_action_to_popup(form, popup, Actions.AddRemoveReturn.name, None)
                idaapi.attach_action_to_popup(form, popup, Actions.ConvertToUsercall.name, None)
                idaapi.attach_action_to_popup(form, popup, Actions.DeepScanReturn.name, None)

        elif item.citype == idaapi.VDI_LVAR:
            # If we clicked on argument
            local_variable = hx_view.item.get_lvar()          # idaapi.lvar_t
            if local_variable.is_arg_var:
                idaapi.attach_action_to_popup(form, popup, Actions.RemoveArgument.name, None)

        elif item.citype == idaapi.VDI_EXPR:
            if item.e.op == idaapi.cot_num:
                # number_format = item.e.n.nf                       # idaapi.number_format_t
                # print "(number) flags: {0:#010X}, type_name: {1}, opnum: {2}".format(
                #     number_format.flags,
                #     number_format.type_name,
                #     number_format.opnum
                # )
                idaapi.attach_action_to_popup(form, popup, Actions.GetStructureBySize.name, None)
            elif item.e.op == idaapi.cot_var:
                # Check if we clicked on variable that is a pointer to a structure that is potentially part of
                # containing structure
                if item.e.v.idx in potential_negatives:
                    idaapi.attach_action_to_popup(form, popup, Actions.SelectContainingStructure.name, None)
                if Actions.ResetContainingStructure.check(hx_view.cfunc.get_lvars()[item.e.v.idx]):
                    idaapi.attach_action_to_popup(form, popup, Actions.ResetContainingStructure.name, None)

    elif hexrays_event == idaapi.hxe_double_click:

        hx_view = args[1]
        item = hx_view.item
        if item.citype == idaapi.VDI_EXPR and item.e.op == idaapi.cot_memptr:
            # Look if we double clicked on expression that is member pointer. Then get tinfo_t of  the structure.
            # After that remove pointer and get member name with the same offset

            if item.e.x.op == idaapi.cot_memref and item.e.x.x.op == idaapi.cot_memptr:
                vtable_tinfo = item.e.x.type.get_pointed_object()
                method_offset = item.e.m
                class_tinfo = item.e.x.x.x.type.get_pointed_object()
                vtable_offset = item.e.x.x.m
            elif item.e.x.op == idaapi.cot_memptr:
                vtable_tinfo = item.e.x.type.get_pointed_object()
                method_offset = item.e.m
                class_tinfo = item.e.x.x.type.get_pointed_object()
                vtable_offset = item.e.x.m
            else:
                return 0

            udt_member = idaapi.udt_member_t()
            udt_member.offset = method_offset * 8
            vtable_tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)

            func_ea = Helper.get_virtual_func_address(udt_member.name, class_tinfo, vtable_offset)
            if func_ea:
                idaapi.open_pseudocode(func_ea, 0)
                return 1

    elif hexrays_event == idaapi.hxe_maturity:
        cfunc, level_of_maturity = args[1:]

        if level_of_maturity == idaapi.CMAT_BUILT:
            # print '=' * 40
            # print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
            # print '=' * 40
            # print cfunc

            # First search for CONTAINING_RECORD made by Ida
            visitor = NegativeOffsets.SearchVisitor(cfunc)
            visitor.apply_to(cfunc.body, None)
            negative_lvars = visitor.result

            # Second get saved information from comments
            lvars = cfunc.get_lvars()
            for idx in xrange(len(lvars)):
                result = NegativeOffsets.parse_lvar_comment(lvars[idx])
                if result and result.tinfo.equals_to(lvars[idx].type().get_pointed_object()):
                    negative_lvars[idx] = result

            # Third make an analysis of local variables that a structure pointers and have reference that pass
            # through structure boundaries. This variables will be considered as potential pointers to substructure
            # and will get a menu on right click that helps to select Containing Structure from different libraries

            structure_pointer_variables = {}
            for idx in set(range(len(lvars))) - set(negative_lvars.keys()):
                if lvars[idx].type().is_ptr():
                    pointed_tinfo = lvars[idx].type().get_pointed_object()
                    if pointed_tinfo.is_udt():
                        structure_pointer_variables[idx] = pointed_tinfo

            if structure_pointer_variables:
                visitor = NegativeOffsets.AnalyseVisitor(structure_pointer_variables, potential_negatives)
                visitor.apply_to(cfunc.body, None)

            if negative_lvars:
                visitor = NegativeOffsets.ReplaceVisitor(negative_lvars)
                visitor.apply_to(cfunc.body, None)

        elif level_of_maturity == idaapi.CMAT_TRANS2:
            # print '=' * 40
            # print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
            # print '=' * 40
            # print cfunc
            visitor = SpaghettiVisitor()
            visitor.apply_to(cfunc.body, None)
    return 0
def hexrays_events_callback(*args):
    if fDebug:
        pydevd.settrace('localhost', port=31337, stdoutToServer=True, stderrToServer=True, suspend=False)
    hexrays_event = args[0]
    from HexRaysPyTools.Config import hex_pytools_config
    if hexrays_event == idaapi.hxe_populating_popup:
        form, popup, hx_view = args[1:]
        item = hx_view.item  # current ctree_item_t

        for ac in hex_pytools_config.actions_refs.values():
            if ac.ForPopup and hex_pytools_config[ac.name] and ac.check(hx_view.cfunc,item):
                idaapi.attach_action_to_popup(form, popup, ac.name, None)

        # if Actions.RecastStructMember.check(hx_view.cfunc,item):
        #     if hex_pytools_config[Actions.RecastStructMember.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.RecastStructMember.name, None)
        #
        # if Actions.SimpleCreateStruct.check(hx_view.cfunc,item):
        #     if hex_pytools_config[Actions.SimpleCreateStruct.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.SimpleCreateStruct.name, None)
        #
        # if Actions.RecastItemRight.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.RecastItemRight.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.RecastItemRight.name, None)
        #
        # if Actions.RecastItemLeft.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.RecastItemLeft.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.RecastItemLeft.name, None)
        #
        # if Actions.RenameOther.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.RenameOther.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.RenameOther.name, None)
        #
        # if Actions.RenameInside.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.RenameInside.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.RenameInside.name, None)
        #
        # if Actions.RenameOutside.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.RenameOutside.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.RenameOutside.name, None)
        #
        # if Actions.SwapThenElse.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.SwapThenElse.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.SwapThenElse.name, None)
        #
        # if Actions.ShallowScanVariable.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.ShallowScanVariable.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.ShallowScanVariable.name, None)
        #     if hex_pytools_config[Actions.DeepScanVariable.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.DeepScanVariable.name, None)
        #     if hex_pytools_config[Actions.RecognizeShape.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.RecognizeShape.name, None)
        #
        # if Actions.CreateNewField.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.CreateNewField.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.CreateNewField.name, None)
        #
        # if Actions.CreateVtable.check(hx_view.cfunc, item):
        #     if hex_pytools_config[Actions.CreateVtable.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.CreateVtable.name, None)
        #
        # if Actions.AddRemoveReturn.check(hx_view.cfunc, item) and hex_pytools_config[Actions.AddRemoveReturn.name]:
        #     idaapi.attach_action_to_popup(form, popup, Actions.AddRemoveReturn.name, None)
        # if Actions.ConvertToUsercall.check(hx_view.cfunc, item) and hex_pytools_config[Actions.ConvertToUsercall.name]:
        #     idaapi.attach_action_to_popup(form, popup, Actions.ConvertToUsercall.name, None)
        # if Actions.DeepScanReturn.check(hx_view.cfunc, item) and hex_pytools_config[Actions.DeepScanReturn.name]:
        #     idaapi.attach_action_to_popup(form, popup, Actions.DeepScanReturn.name, None)
        #
        # if Actions.RemoveArgument.check(hx_view.cfunc,item) and hex_pytools_config[Actions.RemoveArgument.name]:
        #     idaapi.attach_action_to_popup(form, popup, Actions.RemoveArgument.name, None)
        #
        # if Actions.GetStructureBySize.check(hx_view.cfunc,item) and hex_pytools_config[Actions.GetStructureBySize.name]:
        #     idaapi.attach_action_to_popup(form, popup, Actions.GetStructureBySize.name, None)
        #
        # if Actions.SelectContainingStructure.check(hx_view.cfunc,item) and hex_pytools_config[Actions.SelectContainingStructure.name]:
        #     idaapi.attach_action_to_popup(form, popup, Actions.SelectContainingStructure.name, None)
        #
        # if Actions.ResetContainingStructure.check(hx_view.cfunc,item):
        #     if hex_pytools_config[Actions.ResetContainingStructure.name]:
        #         idaapi.attach_action_to_popup(form, popup, Actions.ResetContainingStructure.name, None)

    elif hexrays_event == idaapi.hxe_double_click:

        hx_view = args[1]
        item = hx_view.item
        if item.citype == idaapi.VDI_EXPR and item.e.op == idaapi.cot_memptr:
            # Look if we double clicked on expression that is member pointer. Then get tinfo_t of  the structure.
            # After that remove pointer and get member name with the same offset

            if item.e.x.op == idaapi.cot_memref and item.e.x.x.op == idaapi.cot_memptr:
                vtable_tinfo = item.e.x.type.get_pointed_object()
                method_offset = item.e.m
                class_tinfo = item.e.x.x.x.type.get_pointed_object()
                vtable_offset = item.e.x.x.m
            elif item.e.x.op == idaapi.cot_memptr:
                vtable_tinfo = item.e.x.type.get_pointed_object()
                method_offset = item.e.m
                class_tinfo = item.e.x.x.type.get_pointed_object()
                vtable_offset = item.e.x.m
            else:
                return 0
            #print vtable_tinfo.get_type_name()
            #print method_offset
            udt_member = idaapi.udt_member_t()
            udt_member.offset = method_offset * 8
            vtable_tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)

            func_ea = Helper.get_virtual_func_address(udt_member.name, class_tinfo, vtable_offset)
            if func_ea:
                idaapi.open_pseudocode(func_ea, 0)
                return 1
            n = Netnode("$ VTables")
            vt_name = vtable_tinfo.get_type_name()
            if vt_name in n:
                l = n[vt_name]
                #print l
                info = idaapi.get_inf_structure()
                if info.is_32bit():
                    ptr_size = 4
                elif info.is_64bit():
                    ptr_size = 8
                else:
                    ptr_size = 2
                if method_offset%ptr_size == 0 and method_offset/ptr_size < len(l):
                    idaapi.open_pseudocode(l[method_offset/ptr_size] + idaapi.get_imagebase(), 0)


    elif hexrays_event == idaapi.hxe_maturity:
        cfunc, level_of_maturity = args[1:]

        if level_of_maturity == idaapi.CMAT_BUILT:
            # print '=' * 40
            # print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
            # print '=' * 40
            # print cfunc

            # First search for CONTAINING_RECORD made by Ida
            visitor = NegativeOffsets.SearchVisitor(cfunc)
            visitor.apply_to(cfunc.body, None)
            negative_lvars = visitor.result

            # Second get saved information from comments
            lvars = cfunc.get_lvars()
            for idx in xrange(len(lvars)):
                result = NegativeOffsets.parse_lvar_comment(lvars[idx])
                if result and result.tinfo.equals_to(lvars[idx].type().get_pointed_object()):
                    negative_lvars[idx] = result

            # Third make an analysis of local variables that a structure pointers and have reference that pass
            # through structure boundaries. This variables will be considered as potential pointers to substructure
            # and will get a menu on right click that helps to select Containing Structure from different libraries

            structure_pointer_variables = {}
            for idx in set(range(len(lvars))) - set(negative_lvars.keys()):
                if lvars[idx].type().is_ptr():
                    pointed_tinfo = lvars[idx].type().get_pointed_object()
                    if pointed_tinfo.is_udt():
                        structure_pointer_variables[idx] = pointed_tinfo

            if structure_pointer_variables:
                visitor = NegativeOffsets.AnalyseVisitor(structure_pointer_variables, potential_negatives)
                visitor.apply_to(cfunc.body, None)

            if negative_lvars:
                visitor = NegativeOffsets.ReplaceVisitor(negative_lvars)
                visitor.apply_to(cfunc.body, None)

        elif level_of_maturity == idaapi.CMAT_TRANS1:

            visitor = SwapThenElseVisitor(cfunc.entry_ea)
            visitor.apply_to(cfunc.body, None)

        elif level_of_maturity == idaapi.CMAT_TRANS2:
            return 0
            # print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
            # print '=' * 40
            # print cfunc
            visitor = SpaghettiVisitor()
            visitor.apply_to(cfunc.body, None)
    return 0
Beispiel #18
0
    def double_clicked(self, row, column):

        ea = self.functions[row]
        idaapi.open_pseudocode(ea, True)

        return
Beispiel #19
0
 def open_function(self):
     if self.address:
         if idaapi.decompile(self.address):
             idaapi.open_pseudocode(self.address, 0)
         else:
             idaapi.jumpto(self.address)