def makeInsn(self, addr):
if idc.create_insn(addr) == 0:
idc.del_items(addr, idc.DELIT_EXPAND)
idc.create_insn(addr)
idc.auto_wait()
update_ida_server_port(server_ports_filename, _image_name, None)
finally:
ida_server.shutdown()
ida_server_thread.join()
atexit.register(closeserver, image_name)
update_ida_server_port(server_ports_filename, image_name, ida_server_port)
ida_server_thread.start()
if __name__ == "__main__":
errors = []
batch(1)
import tempfile
temp_base_dir = tempfile.gettempdir()
try:
if not idaapi.init_hexrays_plugin():
load_plugin_decompiler()
idc.auto_wait()
run_ida_server(errors)
except:
try:
import traceback
with open("%s_idaerror.txt" % (os.path.join(temp_base_dir, idaapi.get_root_filename()), ), 'wt') as f:
f.write('cwd = %s\n' % (os.getcwd(),))
f.write('errors:\n' + '\n'.join(errors))
traceback.print_exc(file=f)
finally:
qexit(0) # idc.Exit(1)
else:
try:
os.unlink("%s_idaerror.txt" % (os.path.join(temp_base_dir, idaapi.get_root_filename()), ))
except:
pass
logger.error("Tracer does not extend StringTracer!")
return
# Check that IDA actually knows where the original input file is.
if not find_input_file():
logger.error("Unable to locate the file used to create the IDB: " +
INPUT_FILE_PATH)
return
# Do the decoding.
try:
if inline:
matches = yara.match_strings(yara_rule)
ENCODED_STRINGS = find_encoded_strings_inline(matches, Tracer)
else:
decode_functions = yara_find_decode_functions(yara_rule, func_name)
ENCODED_STRINGS = find_encoded_strings(decode_functions, Tracer)
ENCODED_STRINGS = decode_strings(ENCODED_STRINGS, decode)
ENCODED_STRINGS = sorted(set(ENCODED_STRINGS))
for string in ENCODED_STRINGS:
string.publish(patch=patch)
return ENCODED_STRINGS
except RuntimeError as e:
logger.error(
"The provided YARA rule failed to match. No strings can be decrypted for this YARA rule."
)
return
idc.auto_wait() # Force wait on import just to be sure
def analyse_and_exit():
idc.auto_wait()
idc.qexit(0)