def on_add_module (self, event): ''' Load a PIDA module into memory. ''' dlg = wx.FileDialog( \ self, \ message = "Select PIDA module", \ defaultDir = os.getcwd(), \ defaultFile = "", \ wildcard = "*.PIDA", \ style = wx.OPEN | wx.CHANGE_DIR | wx.MULTIPLE \ ) if dlg.ShowModal() != wx.ID_OK: return for path in dlg.GetPaths(): try: module_name = path[path.rfind("\\")+1:path.rfind(".pida")].lower() if self.top.pida_modules.has_key(module_name): self.top.err("Module %s already loaded ... skipping." % module_name) continue # deprecated - replaced by progress dialog. #busy = wx.BusyInfo("Loading %s ... stand by." % module_name) #wx.Yield() start = time.time() module = pida.load(path, progress_bar="wx") if not module: self.top.msg("Loading of PIDA module '%s' cancelled by user." % module_name) return else: self.top.pida_modules[module_name] = module self.top.msg("Loaded PIDA module '%s' in %.2f seconds." % (module_name, round(time.time() - start, 3))) # determine the function and basic block counts for this module. function_count = len(self.top.pida_modules[module_name].nodes) basic_block_count = 0 for function in self.top.pida_modules[module_name].nodes.values(): basic_block_count += len(function.nodes) idx = len(self.top.pida_modules) - 1 self.InsertStringItem(idx, "") self.SetStringItem(idx, 0, "%d" % function_count) self.SetStringItem(idx, 1, "%d" % basic_block_count) self.SetStringItem(idx, 2, module_name) self.SetColumnWidth(2, wx.LIST_AUTOSIZE) except: self.top.err("FAILED LOADING MODULE: %s. Possibly corrupt or version mismatch?" % module_name) if self.top.pida_modules.has_key(module_name): del(self.top.pida_modules[module_name])
# remove the breakpoint once we've hit it. pydbg.bp_del(exception_address) return DBG_CONTINUE ######################################################################################################################## udraw = utils.udraw_connector() udraw.set_command_handler("node_double_click", udraw_node_double_click) # thread out the udraw connector message loop. thread.start_new_thread(udraw.message_loop, (None, None)) start = time.time() print "loading vonage.exe.pida ...", vonage = pida.load("vonage.exe.pida") print "done. completed in %.02f seconds." % (time.time() - start) dbg = pydbg() dbg.set_callback(EXCEPTION_BREAKPOINT, breakpoint_handler) for (pid, proc) in dbg.enumerate_processes(): if proc.lower().startswith("x-pro-vonage"): break if not proc.lower().startswith("x-pro-vonage"): print "vonage not found" sys.exit(1) dbg.attach(pid) bps = [function.ea_start for function in vonage.nodes.values() if not function.is_import]
#!c:\\python\\python.exe import sys import pida graphs = [] try: mod_name = sys.argv[1] entry_point = int(sys.argv[2], 16) except: print "USAGE: module_graphs.py <mod_name> <any function address>" sys.exit(1) print "analyzing %s from entry point 0x%08x" % (mod_name, entry_point) mod = pida.load(mod_name, progress_bar="ascii") print # create the main down graph from the entry point. main_graph = mod.graph_down(entry_point) print "%d of %d nodes in main graph" % (len(main_graph.nodes), len(mod.nodes)) # add it to the list of graphs. graphs.append(main_graph) # step through every function in the module. for func_ea in mod.functions.keys(): # if this function address exists in any known downgraphs, then continue found = False for graph in graphs: if func_ea in graph.nodes.keys():
pydbg.bp_del(exception_address) return DBG_CONTINUE ######################################################################################################################## udraw = utils.udraw_connector() udraw.set_command_handler("node_double_click", udraw_node_double_click) # thread out the udraw connector message loop. thread.start_new_thread(udraw.message_loop, (None, None)) start = time.time() print "loading vonage.exe.pida ...", vonage = pida.load("vonage.exe.pida") print "done. completed in %.02f seconds." % (time.time() - start) dbg = pydbg() dbg.set_callback(EXCEPTION_BREAKPOINT, breakpoint_handler) for (pid, proc) in dbg.enumerate_processes(): if proc.lower().startswith("x-pro-vonage"): break if not proc.lower().startswith("x-pro-vonage"): print "vonage not found" sys.exit(1) dbg.attach(pid) bps = [
def load_module(self, module_name): ''' Load the specified module into the tree. ''' dlg = wx.FileDialog( \ self, \ message = "Select PIDA module", \ defaultDir = os.getcwd(), \ defaultFile = "", \ wildcard = "*.PIDA", \ style = wx.OPEN | wx.CHANGE_DIR | wx.MULTIPLE \ ) if dlg.ShowModal() != wx.ID_OK: return for path in dlg.GetPaths(): module_name = path[path.rfind("\\") + 1:path.rfind(".pida")].lower() if self.top.pida_modules.has_key(module_name): self.top.err("Module %s already loaded ... skipping." % module_name) continue busy = wx.BusyInfo("Loading module ... stand by.") wx.Yield() start = time.time() #if they want to diff a new module remove the current module if self.root_module != None: del self.top.pida_modules[self.module_name] self.remove_module() self.top.pida_modules[module_name] = pida.load(path) #if we are tree a then we load the module name into module_a_name and visa versa if self.ctrl_name == "A": self.top.module_a_name = module_name else: self.top.module_b_name = module_name #set the current module name self.module_name = module_name tree_module = self.AppendItem(self.root, module_name) self.root_module = tree_module self.SetPyData(tree_module, self.top.pida_modules[module_name]) self.SetItemImage(tree_module, self.icon_folder, wx.TreeItemIcon_Normal) self.SetItemImage(tree_module, self.icon_folder_open, wx.TreeItemIcon_Expanded) sorted_functions = [ f.id for f in self.top.pida_modules[module_name].nodes.values() if not f.is_import ] sorted_functions.sort() for func_key in sorted_functions: #add our extension into the loaded module self.top.pida_modules[module_name].nodes[func_key].ext[ "PAIMEIDiffFunction"] = PAIMEIDiffFunction.PAIMEIDiffFunction( self.top.pida_modules[module_name].nodes[func_key], self.top.pida_modules[module_name], self.top) function = self.top.pida_modules[module_name].nodes[func_key] tree_function = self.AppendItem( tree_module, "%08x - %s" % (function.ea_start, function.name)) self.SetPyData( tree_function, self.top.pida_modules[module_name].nodes[func_key]) self.SetItemImage(tree_function, self.icon_folder, wx.TreeItemIcon_Normal) self.SetItemImage(tree_function, self.icon_folder_open, wx.TreeItemIcon_Expanded) sorted_bbs = function.nodes.keys() sorted_bbs.sort() self.Expand(self.root) self.top.msg( "Loaded %d function(s) in PIDA module '%s' in %.2f seconds." % (len(self.top.pida_modules[module_name].nodes), module_name, round(time.time() - start, 3)))
def load_module (self, module_name): ''' Load the specified module into the tree. ''' dlg = wx.FileDialog( \ self, \ message = "Select PIDA module", \ defaultDir = os.getcwd(), \ defaultFile = "", \ wildcard = "*.PIDA", \ style = wx.OPEN | wx.CHANGE_DIR | wx.MULTIPLE \ ) if dlg.ShowModal() != wx.ID_OK: return for path in dlg.GetPaths(): module_name = path[path.rfind("\\")+1:path.rfind(".pida")].lower() if self.top.pida_modules.has_key(module_name): self.top.err("Module %s already loaded ... skipping." % module_name) continue busy = wx.BusyInfo("Loading module ... stand by.") wx.Yield() start = time.time() #if they want to diff a new module remove the current module if self.root_module != None: del self.top.pida_modules[self.module_name] self.remove_module() self.top.pida_modules[module_name] = pida.load(path) #if we are tree a then we load the module name into module_a_name and visa versa if self.ctrl_name == "A": self.top.module_a_name = module_name else: self.top.module_b_name = module_name #set the current module name self.module_name = module_name tree_module = self.AppendItem(self.root, module_name) self.root_module = tree_module self.SetPyData(tree_module, self.top.pida_modules[module_name]) self.SetItemImage(tree_module, self.icon_folder, wx.TreeItemIcon_Normal) self.SetItemImage(tree_module, self.icon_folder_open, wx.TreeItemIcon_Expanded) sorted_functions = [f.id for f in self.top.pida_modules[module_name].nodes.values() if not f.is_import] sorted_functions.sort() for func_key in sorted_functions: #add our extension into the loaded module self.top.pida_modules[module_name].nodes[func_key].ext["PAIMEIDiffFunction"] = PAIMEIDiffFunction.PAIMEIDiffFunction(self.top.pida_modules[module_name].nodes[func_key], self.top.pida_modules[module_name], self.top) function = self.top.pida_modules[module_name].nodes[func_key] tree_function = self.AppendItem(tree_module, "%08x - %s" % (function.ea_start, function.name)) self.SetPyData(tree_function, self.top.pida_modules[module_name].nodes[func_key]) self.SetItemImage(tree_function, self.icon_folder, wx.TreeItemIcon_Normal) self.SetItemImage(tree_function, self.icon_folder_open, wx.TreeItemIcon_Expanded) sorted_bbs = function.nodes.keys() sorted_bbs.sort() self.Expand(self.root) self.top.msg("Loaded %d function(s) in PIDA module '%s' in %.2f seconds." % (len(self.top.pida_modules[module_name].nodes), module_name, round(time.time() - start, 3)))
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public # License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later # version. # # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with this program; if not, write to the Free # Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # """ @author: Pedram Amini @license: GNU General Public License 2.0 or later @contact: [email protected] @organization: www.openrce.org """ import time import pida pida_name = AskFile(0, GetInputFile() + ".pida", "Load PIDA file from?") if not pida_name: Warning("Cancelled.") else: start = time.time() print "Loading %s" % pida_name module = pida.load(pida_name, progress_bar="ascii") print "Done. Completed in %f seconds." % round(time.time() - start, 3)
# # ENSURE UDRAW IS PRESENT # if not udraw: continue # if we haven't already loaded the specified module, do so now. if not modules.has_key(module): for name in os.listdir("."): name = name.lower() if name.startswith(module) and name.endswith(".pida"): start = time.time() print "loading %s ..." % name modules[module] = pida.load(name, progress_bar="ascii") print "done. completed in %.02f" % (time.time() - start) # if the module wasn't found, ignore the command. if not modules.has_key(module): continue module = modules[module] ea = module.base + offset # determine which function the address lies in. function = module.find_function(ea) if not function: print "unrecognized address: %08x" % ea continue
# # This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public # License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later # version. # # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with this program; if not, write to the Free # Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # ''' @author: Pedram Amini @license: GNU General Public License 2.0 or later @contact: [email protected] @organization: www.openrce.org ''' import time import pida pida_name = AskFile(0, GetInputFile() + ".pida", "Load PIDA file from?") if not pida_name: Warning("Cancelled.") else: start = time.time() print "Loading %s" % pida_name module = pida.load(pida_name, progress_bar="ascii") print "Done. Completed in %f seconds." % round(time.time() - start, 3)