def emit(self, record):
"""Emit a log record into IDA's output window.
Args:
record (LogRecord): a logging.LogRecord instance
"""
idc.msg("%s\n" % (super(IdaLogHandler, self).format(record)))
def dbg_trace(self, tid, ip):
if ip in self._visited_addrs:
return 1
self._visited_addrs.add(ip)
if idc.is_unknown(ida_bytes.get_flags(ip)):
ida_ua.create_insn(ip)
else:
idc.msg(
'Skipping explored EA at address 0x{0:X}\n'.format(ip)
)
# print idc.generate_disasm_line(ip, 0)
if ida_ua.decode_insn(ip) > 0:
if 'ret' in ida_ua.cmd.get_canon_mnem().lower():
idc.msg('Found ret instruction, suspending execution\n')
ida_dbg.suspend_process()
else:
idc.msg(
'Unable to decode instruction at address 0x{0:X}\n'.format(ip)
)
ida_dbg.suspend_process()
return 0
from __future__ import print_function
import os
import sys
import shutil
from glob import glob
try:
import epydoc.apidoc
import epydoc.cli
except ImportError as e:
import idc
import traceback
idc.msg("Couldn't import module %s\n" % traceback.format_exc())
idc.qexit(-1)
# --------------------------------------------------------------------------
DOC_DIR = 'hr-html'
# --------------------------------------------------------------------------
def log(msg):
#print msg
pass
def add_header(lines):
S1 = 'href="epydoc.css"'
p = lines.find(S1)
if p < 0:
return None
p = lines.find('\n', p)
from __future__ import print_function
import os
import sys
import shutil
from glob import glob
try:
import epydoc.apidoc
import epydoc.cli
except ImportError as e:
import idc
import traceback
idc.msg("Couldn't import module %s\n" % traceback.format_exc())
idc.qexit(-1)
# --------------------------------------------------------------------------
DOC_DIR = 'hr-html'
# --------------------------------------------------------------------------
def log(msg):
#print msg
pass
def add_header(lines):
S1 = 'href="epydoc.css"'
p = lines.find(S1)
if p < 0:
return None
p = lines.find('\n', p)
if p < 0:
return None
def activate(self, ctx):
if self.action in ACTION_MENU_CONVERT:
sel, start, end = lazy_read_selection()
if not sel:
idc.msg("[LazyIDA] Nothing to convert.")
return False
size = end - start
data = idc.get_bytes(start, size)
if isinstance(data, str): # python2 compatibility
data = bytearray(data)
assert size == len(data)
name = idc.get_name(start, idc.GN_VISIBLE)
if not name:
name = "data"
if data:
output = None
plg_print("Dump from 0x%X to 0x%X (%u bytes):" % (start, end - 1, size))
if self.action == ACTION_MENU_CONVERT[0]:
# escaped string
output = '"%s"' % "".join("\\x%02X" % b for b in data)
elif self.action == ACTION_MENU_CONVERT[1]:
# hex string, space
output = " ".join("%02X" % b for b in data)
elif self.action == ACTION_MENU_CONVERT[2]:
# C array
output = "unsigned char %s[%d] = {" % (name, size)
for i in range(size):
if i % 16 == 0:
output += "\n "
output += "0x%02X, " % data[i]
output = output[:-2] + "\n};"
elif self.action == ACTION_MENU_CONVERT[3]:
# C array word
data += b"\x00"
array_size = (size + 1) // 2
output = "unsigned short %s[%d] = {" % (name, array_size)
for i in range(0, size, 2):
if i % 16 == 0:
output += "\n "
output += "0x%04X, " % u16(data[i:i+2])
output = output[:-2] + "\n};"
elif self.action == ACTION_MENU_CONVERT[4]:
# C array dword
data += b"\x00" * 3
array_size = (size + 3) // 4
output = "unsigned int %s[%d] = {" % (name, array_size)
for i in range(0, size, 4):
if i % 32 == 0:
output += "\n "
output += "0x%08X, " % u32(data[i:i+4])
output = output[:-2] + "\n};"
elif self.action == ACTION_MENU_CONVERT[5]:
# C array qword
data += b"\x00" * 7
array_size = (size + 7) // 8
output = "unsigned long %s[%d] = {" % (name, array_size)
for i in range(0, size, 8):
if i % 32 == 0:
output += "\n "
output += "%#018X, " % u64(data[i:i+8])
output = output[:-2] + "\n};"
output = output.replace("0X", "0x")
elif self.action == ACTION_MENU_CONVERT[6]:
# python list
output = "[%s]" % ", ".join("0x%02X" % b for b in data)
elif self.action == ACTION_MENU_CONVERT[7]:
# python list word
data += b"\x00"
output = "[%s]" % ", ".join("0x%04X" % u16(data[i:i+2]) for i in range(0, size, 2))
elif self.action == ACTION_MENU_CONVERT[8]:
# python list dword
data += b"\x00" * 3
output = "[%s]" % ", ".join("0x%08X" % u32(data[i:i+4]) for i in range(0, size, 4))
elif self.action == ACTION_MENU_CONVERT[9]:
# python list qword
data += b"\x00" * 7
output = "[%s]" % ", ".join("%#018X" % u64(data[i:i+8]) for i in range(0, size, 8)).replace("0X", "0x")
elif self.action == ACTION_MENU_CONVERT[10]:
# MASM byte array
header = "%s db " % name
output = header
for i in range(size):
if i and i % 16 == 0:
output += "\n"
output += " " * len(header)
output += "0%02Xh, " % data[i]
output = output[:-2]
elif self.action == ACTION_MENU_CONVERT[11]:
# GNU ASM byte array
header = "%s: .byte " % name
output = header
for i in range(size):
if i and i % 16 == 0:
output += "\n"
output += " " * len(header)
output += "0x%02X, " % data[i]
output = output[:-2]
if output:
print(output)
copy_to_clip(output)
output = None
elif self.action == ACTION_MENU_COPY_DATA:
# added by merc, modified by HTC
sel, start, end = lazy_read_selection()
if not sel:
return 0
data = idaapi.get_bytes(start, end - start)
if isinstance(data, str):
data = bytearray(data)
output = "".join("%02X" % b for b in data)
copy_to_clip(output)
plg_print("Hex string '%s' copied" % output)
elif self.action == ACTION_MENU_DUMP_DATA:
# add by HTC
sel, start, end = lazy_read_selection()
if not sel:
return 0
size = end - start
data = idaapi.get_bytes(start, size)
assert len(data) == size
if data and len(data) == size:
dump_data_to_file("Dump_At_%X_Size_%d.dump" % (start, size), data)
else:
plg_print("0x%X: unable to get %d bytes" % (start, size))
elif self.action == ACTION_MENU_XOR_DATA:
sel, start, end = lazy_read_selection()
if not sel:
return 0
size = end - start
key = idaapi.ask_str("AA BB CC DD", 0, "Xor with hex values (or a string begin and end with\" or ')...")
if not key:
return 0
bytes_key = bytearray()
if is_str(key):
bytes_key = str_to_bytes(key)
else:
bytes_key = hex_to_bytes(key)
if not bytes_key:
return 0
data = idc.get_bytes(start, end - start)
if isinstance(data, str): # python2 compatibility
data = bytearray(data)
output = xor_data(data, bytes_key)
if not output:
plg_print("Sorry, error occurred. My bug :( Please report.")
return 0
assert size == len(output)
plg_print("Xor result from 0x%X to 0x%X (%d bytes) with %s:" % (start, end, end - start, key))
process_data_result(start, output)
elif self.action == ACTION_MENU_FILL_NOP:
sel, start, end = lazy_read_selection()
if not sel:
return 0
idaapi.patch_bytes(start, b"\x90" * (end - start))
idc.create_insn(start)
plg_print("Fill 0x%X to 0x%X (%u bytes) with NOPs" % (start, end, end - start))
elif self.action == ACTION_MENU_B64STD:
base64_decode(True)
elif self.action == ACTION_MENU_B64URL:
base64_decode(False)
elif self.action == ACTION_MENU_SCAN_VUL:
plg_print("Finding Format String Vulnerability...")
found = []
for addr in idautils.Functions():
name = idc.get_func_name(addr)
if "printf" in name and "v" not in name and idc.get_segm_name(addr) in (".text", ".plt", ".idata"):
xrefs = idautils.CodeRefsTo(addr, False)
for xref in xrefs:
vul = self.check_fmt_function(name, xref)
if vul:
found.append(vul)
if found:
plg_print("Done! %d possible vulnerabilities found." % len(found))
ch = VulnChoose("Vulnerability", found, None, False)
ch.Show()
else:
plg_print("No format string vulnerabilities found.")
else:
return 0
return 1
def activate(self, ctx):
if self.action in ACTION_CONVERT:
sel, start, end = lazy_read_selection()
if not sel:
idc.msg("[LazyIDA] Nothing to convert.")
return False
size = end - start
data = idc.get_bytes(start, size)
if isinstance(data, str): # python2 compatibility
data = bytearray(data)
assert size == len(data)
name = idc.get_name(start, idc.GN_VISIBLE)
if not name:
name = "data"
if data:
print("\n[+] Dump 0x%X - 0x%X (%u bytes) :" % (start, end, size))
if self.action == ACTION_CONVERT[0]:
# escaped string
print('"%s"' % "".join("\\x%02X" % b for b in data))
elif self.action == ACTION_CONVERT[1]:
# hex string
print("".join("%02X" % b for b in data))
elif self.action == ACTION_CONVERT[2]:
# C array
output = "unsigned char %s[%d] = {" % (name, size)
for i in range(size):
if i % 16 == 0:
output += "\n "
output += "0x%02X, " % data[i]
output = output[:-2] + "\n};"
print(output)
elif self.action == ACTION_CONVERT[3]:
# C array word
data += b"\x00"
array_size = (size + 1) // 2
output = "unsigned short %s[%d] = {" % (name, array_size)
for i in range(0, size, 2):
if i % 16 == 0:
output += "\n "
output += "0x%04X, " % u16(data[i:i+2])
output = output[:-2] + "\n};"
print(output)
elif self.action == ACTION_CONVERT[4]:
# C array dword
data += b"\x00" * 3
array_size = (size + 3) // 4
output = "unsigned int %s[%d] = {" % (name, array_size)
for i in range(0, size, 4):
if i % 32 == 0:
output += "\n "
output += "0x%08X, " % u32(data[i:i+4])
output = output[:-2] + "\n};"
print(output)
elif self.action == ACTION_CONVERT[5]:
# C array qword
data += b"\x00" * 7
array_size = (size + 7) // 8
output = "unsigned long %s[%d] = {" % (name, array_size)
for i in range(0, size, 8):
if i % 32 == 0:
output += "\n "
output += "%#018X, " % u64(data[i:i+8])
output = output[:-2] + "\n};"
print(output.replace("0X", "0x"))
elif self.action == ACTION_CONVERT[6]:
# python list
print("[%s]" % ", ".join("0x%02X" % b for b in data))
elif self.action == ACTION_CONVERT[7]:
# python list word
data += b"\x00"
print("[%s]" % ", ".join("0x%04X" % u16(data[i:i+2]) for i in range(0, size, 2)))
elif self.action == ACTION_CONVERT[8]:
# python list dword
data += b"\x00" * 3
print("[%s]" % ", ".join("0x%08X" % u32(data[i:i+4]) for i in range(0, size, 4)))
elif self.action == ACTION_CONVERT[9]:
# python list qword
data += b"\x00" * 7
print("[%s]" % ", ".join("%#018X" % u64(data[i:i+8]) for i in range(0, size, 8)).replace("0X", "0x"))
elif self.action == ACTION_COPYDATA:
# added by merc, modfiy by HTC
sel, start, end = lazy_read_selection()
if not sel:
return 0
data = idaapi.get_bytes(start, end - start)
data = data.encode('hex')
copy_to_clip(data)
print("[LazyIDA] copied hex string '%s'" % data)
elif self.action == ACTION_XORDATA:
sel, start, end = lazy_read_selection()
if not sel:
return 0
data = idc.get_bytes(start, end - start)
if isinstance(data, str): # python2 compatibility
data = bytearray(data)
x = idaapi.ask_long(0, "Xor with...")
if x:
x &= 0xFF
print("\n[+] Xor 0x%X - 0x%X (%u bytes) with 0x%02X:" % (start, end, end - start, x))
print(repr("".join(chr(b ^ x) for b in data)))
elif self.action == ACTION_FILLNOP:
sel, start, end = lazy_read_selection()
if not sel:
return 0
idaapi.patch_bytes(start, b"\x90" * (end - start))
print("\n[+] Fill 0x%X - 0x%X (%u bytes) with NOPs" % (start, end, end - start))
elif self.action == ACTION_SCANVUL:
print("\n[+] Finding Format String Vulnerability...")
found = []
for addr in idautils.Functions():
name = idc.get_func_name(addr)
if "printf" in name and "v" not in name and idc.get_segm_name(addr) in (".text", ".plt", ".idata"):
xrefs = idautils.CodeRefsTo(addr, False)
for xref in xrefs:
vul = self.check_fmt_function(name, xref)
if vul:
found.append(vul)
if found:
print("[!] Done! %d possible vulnerabilities found." % len(found))
ch = VulnChoose("Vulnerability", found, None, False)
ch.Show()
else:
print("[-] No format string vulnerabilities found.")
elif self.action == ACTION_COPYNAME:
copy_highlight_name()
elif self.action == ACTION_PASTENAME:
paste_highlight_name()
else:
return 0
return 1
