def init(self): try: self._install_plugin() except Exception as e: form = idaapi.get_current_widget() pass return idaapi.PLUGIN_KEEP
def screen_ea_changed(self, curr_ea, prev_ea): """called after screen location is changed @param curr_ea: current location @param prev_ea: prev location """ self.screen_ea_changed_hook(idaapi.get_current_widget(), curr_ea, prev_ea)
def _touch_ida_window(self, target): """ Touch a window/widget/form to ensure it gets drawn by IDA. XXX/HACK: We need to ensure that widget we will analyze actually gets drawn so that there are colors for us to steal. To do this, we switch to it, and switch back. I tried a few different ways to trigger this from Qt, but could only trigger the full painting by going through the IDA routines. """ # get the currently active widget/form title (the form itself seems transient...) twidget = idaapi.get_current_widget() title = idaapi.get_widget_title(twidget) # touch the target window by switching to it idaapi.activate_widget(target, True) flush_qt_events() # locate our previous selection previous_twidget = idaapi.find_widget(title) # return us to our previous selection idaapi.activate_widget(previous_twidget, True) flush_qt_events()
def get_window(): """Get IDA's top level window.""" tform = idaapi.get_current_widget() # Required sometimes when closing IDBs and not IDA. if not tform: tform = idaapi.find_widget("Output window") widget = idaapi.PluginForm.FormToPyQtWidget(tform) window = widget.window() return window
def get_cursor_func_ref(): """ Get the function reference under the user cursor. Returns BADADDR or a valid function address. """ current_widget = idaapi.get_current_widget() form_type = idaapi.get_widget_type(current_widget) vu = idaapi.get_widget_vdui(current_widget) # # hexrays view is active # if vu: cursor_addr = vu.item.get_ea() # # disassembly view is active # elif form_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() opnum = idaapi.get_opnum() if opnum != -1: # # if the cursor is over an operand value that has a function ref, # use that as a valid rename target # op_addr = idc.get_operand_value(cursor_addr, opnum) op_func = idaapi.get_func(op_addr) if op_func and op_func.start_ea == op_addr: return op_addr # unsupported/unknown view is active else: return idaapi.BADADDR # # if the cursor is over a function definition or other reference, use that # as a valid rename target # cursor_func = idaapi.get_func(cursor_addr) if cursor_func and cursor_func.start_ea == cursor_addr: return cursor_addr # fail return idaapi.BADADDR
def Show(self): widget = idaapi.get_current_widget() if idaapi.get_widget_title(widget) != self.title: if idaapi.get_widget_type(widget) != idaapi.BWN_PSEUDOCODE: pseudo_view = idaapi.open_pseudocode(self.ea, 1) pseudo_view.refresh_view(1) widget = pseudo_view.toplevel pseudo_title = idaapi.get_widget_title(widget) idaapi.display_widget(self.GetWidget(), idaapi.PluginForm.WOPN_DP_TAB | idaapi.PluginForm.WOPN_RESTORE) idaapi.set_dock_pos(self.title, pseudo_title, idaapi.DP_RIGHT)
def refresh_views(): """ Refresh the IDA views. """ # refresh IDA views idaapi.refresh_idaview_anyway() # refresh hexrays current_widget = idaapi.get_current_widget() vu = idaapi.get_widget_vdui(current_widget) if vu: vu.refresh_ctext()
def touch_window(target): """ Touch a window/widget/form to ensure it gets drawn by IDA. XXX/HACK: We need to ensure that widget we will analyze actually gets drawn so that there are colors for us to steal. To do this, we switch to it, and switch back. I tried a few different ways to trigger this from Qt, but could only trigger the full painting by going through the IDA routines. """ # get the currently active widget/form title (the form itself seems transient...) if using_ida7api: twidget = idaapi.get_current_widget() title = idaapi.get_widget_title(twidget) else: form = idaapi.get_current_tform() title = idaapi.get_tform_title(form) # touch/draw the widget by playing musical chairs if using_ida7api: # touch the target window by switching to it idaapi.activate_widget(target, True) flush_ida_sync_requests() # locate our previous selection previous_twidget = idaapi.find_widget(title) # return us to our previous selection idaapi.activate_widget(previous_twidget, True) flush_ida_sync_requests() else: # touch the target window by switching to it idaapi.switchto_tform(target, True) flush_ida_sync_requests() # locate our previous selection previous_form = idaapi.find_tform(title) # lookup our original form and switch back to it idaapi.switchto_tform(previous_form, True) flush_ida_sync_requests()
def refresh_views(): """ Refresh the IDA views. """ # refresh IDA views idaapi.refresh_idaview_anyway() # NOTE/COMPAT: refresh hexrays view, if active if using_ida7api: current_widget = idaapi.get_current_widget() vu = idaapi.get_widget_vdui(current_widget) else: current_tform = idaapi.get_current_tform() vu = idaapi.get_tform_vdui(current_tform) if vu: vu.refresh_ctext()
def retrieve_function_callback(self, __, ea=None): if not self.check_before_use(): return funcset_ids = [self.funcset] if not self.cfg['usepublic'] else None func_ea = idaapi.get_screen_ea() if ea is None else ea func_name = idaapi.get_func_name(func_ea) targets = self.retrieve_function(func_ea, self.cfg['topk'], funcset_ids) succ, skip, fail = 0, 0, 0 if targets is None: print("[{}] {} failed because get function feature error".format( self.name, func_name)) fail += 1 else: if not (self.cview and self.cview.is_alive()): self.cview = SourceCodeViewer(self.name) # CDVF_STATUSBAR 0x04, keep the status bar in the custom viewer idaapi.set_code_viewer_is_source( idaapi.create_code_viewer(self.cview.GetWidget(), 0x4)) self.cview.set_user_data(func_ea, targets) widget = idaapi.get_current_widget() if idaapi.get_widget_title(widget) == self.name: skip += 1 else: if idaapi.get_widget_type(widget) != idaapi.BWN_PSEUDOCODE: pseudo_view = idaapi.open_pseudocode(func_ea, 1) pseudo_view.refresh_view(1) widget = pseudo_view.toplevel pseudo_title = idaapi.get_widget_title(widget) idaapi.display_widget( self.cview.GetWidget(), idaapi.PluginForm.WOPN_DP_TAB | idaapi.PluginForm.WOPN_RESTORE) idaapi.set_dock_pos(self.name, pseudo_title, idaapi.DP_RIGHT) succ += 1 print( "[{}] {} functions successfully retrieved, {} functions failed, {} functions skipped" .format(self.name, succ, fail, skip))
def lvar_type_changed(self, vu, v, tif): if (vu.cfunc): func_tif = ida_typeinf.tinfo_t() vu.cfunc.get_func_type(func_tif) funcdata = idaapi.func_type_data_t() got_data = func_tif.get_func_details(funcdata) if (not got_data): # self._log("Didnt get the data") pass lvars = vu.cfunc.get_lvars() for j in range(len(vu.cfunc.argidx)): # for i in vu.cfunc.argidx: i = vu.cfunc.argidx[j] if (lvars[i].name == v.name): #self._log("lvar_type_changed: function argument changed = %s, index = %s, atype = %s" % (lvars[i].name, i, funcdata[j].argloc.atype())) if (funcdata[i].argloc.atype() == 3): # self._log("lvar_type_changed: reg is : %s" %(funcdata[i].argloc.reg1())) pass if (funcdata[i].argloc.atype() != 3 or funcdata[i].argloc.reg1() != RCX_REG): break #self._log("applyName = %s" % (applyName)) firstPtrRemove = ida_typeinf.remove_pointer(tif) #self._log("type name = %s" % (firstPtrRemove._print())) #self._log("remove_pointer.is_ptr = %s" % (firstPtrRemove.is_ptr())) #self._log("remove_pointer.is_struct = %s" % (firstPtrRemove.is_struct())) if (firstPtrRemove.is_struct() and not firstPtrRemove.is_ptr()): currentFuncName = ida_name.get_ea_name( vu.cfunc.entry_ea) # self._log("before demangle current func name = %s" % (currentFuncName)) demangled = idc.demangle_name( currentFuncName, idc.get_inf_attr(idc.INF_SHORT_DN)) if (demangled != None): self._log("Overriding mangled name = %s" % (currentFuncName)) currentFuncName = demangled # self._log("after demangle current func name = %s" % (currentFuncName)) tokens = currentFuncName.split("::") if len(tokens) > 1: currentFuncName = tokens[1] currentFuncName = currentFuncName.split("(")[0] # self._log("current func name = %s" % (currentFuncName)) idc.set_name( vu.cfunc.entry_ea, firstPtrRemove._print() + "::" + currentFuncName, idc.SN_NOWARN) idaapi.auto_wait() # self._log("Decomp Res : %s" % idaapi.decompile(vu.cfunc.entry_ea)) idaapi.refresh_idaview_anyway() vu.refresh_ctext() idaapi.refresh_idaview_anyway() vu.refresh_ctext() vu.refresh_view(True) current_widget = idaapi.get_current_widget() vu1 = idaapi.get_widget_vdui(current_widget) if vu1: vu1.refresh_ctext() break #self._log("lvar_type_changed: vu=%s, v=%s, tinfo=%s" % (vu, self._format_lvar(v), tif._print())) return 1