def has_bookmark(self, bookmark, addr): for i in xrange(1, 1024): ea = idc.GetMarkedPos(i) self.assertNotEqual(ea, idaapi.BADADDR) if ea != addr: continue self.assertEqual(idc.GetMarkComment(i), bookmark) return True return False
def marks(): '''returns all the known marked positions in an .idb''' index = 1 while True: ea = idc.GetMarkedPos(index) if ea == 0xffffffff: break comment = idc.GetMarkComment(index) yield ea, comment index += 1 return
def delete_comment_at_ea(ea, comment_type): logger.debug("Deleting comment at 0x%08X / %d" % (ea, comment_type)) if comment_type == ya.COMMENT_REPEATABLE: idc.MakeRptCmt(ea, "") # TODO: remove the test with "comment" (temporary fix because of cache incoherency) elif comment_type == ya.COMMENT_NON_REPEATABLE or comment_type == "comment": idc.MakeComm(ea, "") elif comment_type == ya.COMMENT_ANTERIOR: for i in xrange(0, idaapi.get_first_free_extra_cmtidx(ea, idaapi.E_PREV)): idaapi.del_extra_cmt(ea, idaapi.E_PREV + i) elif comment_type == ya.COMMENT_POSTERIOR: for i in xrange(0, idaapi.get_first_free_extra_cmtidx(ea, idaapi.E_NEXT)): idaapi.del_extra_cmt(ea, idaapi.E_NEXT + i) elif comment_type == ya.COMMENT_BOOKMARK: # parse marked position for i in xrange(1, 1024): if idc.GetMarkedPos(i) == idc.BADADDR: break elif idc.GetMarkedPos(i) == ea: idc.MarkPosition(ea, 0, 0, 0, i, "")
def __init__(self, yatools, hash_provider, repo_manager, equipement=None, operating_system=None): ''' Constructor ''' self.equipement = equipement self.os = operating_system self.yatools = yatools self.hash_provider = hash_provider self.repo_manager = repo_manager self.ida_model = YaToolIDAModel(self.yatools, self.hash_provider) self.new_marked_pos = set() # load marked pos for i in xrange(1, 1024): if idc.GetMarkedPos(i) == idc.BADADDR: break else: self.new_marked_pos.add(idc.GetMarkedPos(i)) self.flush()
def _get_marked_gadgets(self): rop_gadgets = {} for i in range(1, 1024): marked_pos = idc.GetMarkedPos(i) if marked_pos != idc.BADADDR: marked_comment = idc.GetMarkComment(i) if marked_comment and marked_comment.lower().startswith("rop"): rop_gadgets[marked_comment] = marked_pos else: break return rop_gadgets
def save(self): start_time = time.time() ida_model = ya.MakeModelIncremental(self.hash_provider) """ TODO : improve cache re-generation pb : we should not regenerate the whole cache everytime pb : when we load strucmembers (from the cache) and they are later deleted, we get stalled XML files (they are not referenced in the parent struc/stackframe, which is good, but they still exist) *do not store objects here : store them in the memory exporter *make 3 pass : -delete deleted objects -create updated objects -create new objects """ logger.debug("YaToolIDAHooks.save()") db = ya.MakeModel() memory_exporter = db.visitor if VALIDATE_EXPORTED_XML: memory_exporter = ya.MakeMultiplexerDebugger(db.visitor) memory_exporter.visit_start() """ First, find modified informations : marked positions, comments, ... """ # some marked comment may have been deleted self.new_marked_pos = set() for i in xrange(1, 1024): if idc.GetMarkedPos(i) == idc.BADADDR: break else: self.new_marked_pos.add(idc.GetMarkedPos(i)) # get remove marked comments for removed_marked_pos in (self.marked_pos - self.new_marked_pos): self.addresses_to_process.add(removed_marked_pos) self.repo_manager.add_auto_comment(removed_marked_pos, "Removed marked comment") # process comments for (ea, value) in self.comments_to_process.iteritems(): # do not save comments coming from function prototype # if not idaapi.is_tilcmt(ea): self.addresses_to_process.add(ea) self.repo_manager.add_auto_comment(ea, value) """ Next, export strucs and enums This will also delete unneeded files """ self.save_strucs(ida_model, memory_exporter) self.save_enums(ida_model, memory_exporter) """ explore IDA yacoHooks for logged ea """ for ea in self.addresses_to_process: ida_model.accept_ea(memory_exporter, ea) for seg_ea_start, seg_ea_end in self.updated_segments: ida_model.accept_segment(memory_exporter, seg_ea_start) memory_exporter.visit_end() """ #before saving, we remove all cache (some files may have been deleted) order = ("struc", "strucmember", "enum", "enum_member", "segment", "function", "stackframe", "stackframe_member", "basic_block", "data", "code") for obj_type in order: current_dir = os.path.join(self.idb_directory, "cache", obj_type) if not os.path.isdir(current_dir): continue for f in os.listdir(current_dir): os.remove(os.path.join(current_dir, f)) """ logger.debug("Exporting from memory to XML") # now export to XML xml_exporter = ya.MakeXmlExporter( os.path.join(os.path.dirname(idc.GetIdbPath()), "cache")) if VALIDATE_EXPORTED_XML_2: db.model.accept( ya.MakePathDebuggerVisitor("SaveXMLValidator", ya.MakeExporterValidatorVisitor(), False)) db.model.accept(xml_exporter) end_time = time.time() logger.debug("YaCo saved in %d seconds." % (end_time - start_time))