def set_enum(name): if (idaapi.get_enum(str(name)) != idaapi.BADADDR): idaapi.del_enum(idaapi.get_enum(str(name))) ok = idc.add_enum(-1, str(name), 1) if not ok: print("Could not add enum {name}".format(name=name))
def activate(self, ctx): # print("ctx.cur_ea : 0x%x" % ctx.cur_ea) # print("ctx.cur_extracted_ea : 0x%x" % ctx.cur_extracted_ea) # Extract selected enum instruction = idc.GetDisasm(ctx.cur_ea) selection = ctx.cur_extracted_ea # correctly parse the selected value as int (hex or decimal) # since ctx.cur_extracted_ea has a bug (IDA always consider # the selected value as hex) if instruction.find("{0:X}h".format(selection)) != -1: # print("hex value found !") selected_value = ctx.cur_extracted_ea elif instruction.find("{0:d}".format(selection)) != -1: # print("int value found !") selected_value = int("%x" % ctx.cur_extracted_ea) else: # print("nothing selected !") return 1 # next power of two for masking selected_value_mask = self.shift_bit_length(selected_value) - 1 # print("selected_value : 0x%X" % selected_value) # print("selected_value mask : 0x%X" % selected_value_mask) # query magnum db url = SearchMagicNumber.MAGNUMDB_QUERY.format( value=selected_value, key=SearchMagicNumber.MAGNUMDB_KEY) answer = urlopen(url) results = json.loads(answer.read()) # Let the user select the best answer c = ChooseMagicNumber(selected_value, results["Items"]) selected_index = c.Show(modal=True) if selected_index < 0: return # Apply the newly found enum selected_item = results["Items"][selected_index] selected_name = selected_item["Title"].encode('ascii') selected_value = int(selected_item["Value"]) # serial is important since several entries can have the same value entryid, serial = self._manager.add_magnumdb_entry( selected_name, selected_value) # locate the operand where to apply the enum insn = idautils.DecodeInstruction(ctx.cur_ea) for op in filter(lambda o: o.type == idaapi.o_imm, insn.Operands): # heuristic : the selected immediate is the first in the instruction with # the same exact value (we are using a mask since IDA loves to set FFFFFFFF to high words) if op.value & selected_value_mask == selected_value: # Apply the enum idc.OpEnumEx(ctx.cur_ea, op.n, idaapi.get_enum("_IDA_MAGNUMDB"), serial) break return 1
def get_flag_and_id(size, type): flag = 0x00000000 typeid = -1 if size == 1: flag = 0x00000000 # byte elif size == 2: flag = 0x10000000 # word elif size == 4: flag = 0x20000000 # dword elif size == 8: flag = 0x30000000 # qword try: typeTable = type.get("table") except AttributeError: return {"flag": flag, "typeid": typeid} if typeTable == "PDOMCStructure" or typeTable == "PDOMCPPClassType": flag = 0x60000000 typeid = idaapi.get_struc_id(str(type.get("name"))) return {"flag": flag, "typeid": typeid} elif typeTable == "PDOMCEnumeration" or typeTable == "PDOMCPPEnumeration": typeid = idaapi.get_enum_size( idaapi.get_enum(str(type.get("name")))) elif typeTable == "PDOMCTypedef" or typeTable == "PDOMCPPTypedef": return IDAtools.get_flag_and_id(size, type.get("type")) return {"flag": flag, "typeid": typeid}
def ensure_magnumdb_enum_type(self): """Ensure we have a valid MAGNUMDB enum""" enum_id = idaapi.get_enum("_IDA_MAGNUMDB") if enum_id == 0xffffffffffffffff: enum_id = idaapi.add_enum(idaapi.BADADDR, "_IDA_MAGNUMDB", 0) return enum_id
def tid_is_enum(tid): # get_enum_name return name for struc or enum tid_name = idaapi.get_enum_name(tid) if idaapi.get_enum(tid_name) != idc.BADADDR: return True return False
def by_name(name): '''Return an enum id with the specified ``name``.''' res = idaapi.get_enum(name) if res == idaapi.BADADDR: raise LookupError( "{:s}.by_name({!r}) : Unable to locate enumeration.".format( __name__, name)) return res
def by_name(name): '''Return the identifier for the enumeration with the given `name`.''' res = idaapi.get_enum(utils.string.to(name)) if res == idaapi.BADADDR: raise E.EnumerationNotFoundError( u"{:s}.by_name({!r}) : Unable to locate enumeration by the name \"{:s}\"." .format(__name__, name, utils.string.escape(name, '"'))) return res
def __call__(self): if self.is_enum: idaapi.set_enum_name(idaapi.get_enum(self.oldname.encode('utf-8')), self.newname.encode('utf-8')) else: idaapi.set_enum_member_name( idaapi.get_enum_member_by_name(self.oldname.encode('utf-8')), self.newname.encode('utf-8'))
def by_name(name): '''Return the identifier for the enumeration with the given `name`.''' res = idaapi.get_enum(name) if res == idaapi.BADADDR: raise E.EnumerationNotFoundError( "{:s}.by_name({!r}) : Unable to locate enumeration by the name {!r}." .format(__name__, name, name)) return res
def __call__(self): if self.op == 'hex': idc.OpHex(self.ea, self.n) if self.op == 'bin': idc.OpBinary(self.ea, self.n) if self.op == 'dec': idc.OpDecimal(self.ea, self.n) if self.op == 'chr': idc.OpChr(self.ea, self.n) if self.op == 'oct': idc.OpOctal(self.ea, self.n) if self.op == 'enum': id = idaapi.get_enum(self.extra['ename'].encode('utf-8')) idc.OpEnumEx(self.ea, self.n, id, self.extra['serial'])
def get_size(name, type, line): if type == "BasicType": try: return idc.SizeOf(idc.parse_decl(str(name), 0)[1]) except: try: idc.SizeOf( idc.parse_decl(str(line.get("type").get("name")), 0)[1]) except: return 1 elif type == "ArrayType": subType = line.get("type") if not subType: return line.get("size") typeSize = IDAtools.get_size(str(subType.get("name")), subType.get("table"), subType) try: return (typeSize * int(line.get("size"))) except TypeError: return 1 elif type == "PointerType" or type == "ReferenceType" or type == "QualifierType": return 4 elif type == "CFunctionType" or type == "CPPFunctionType": return 4 elif type == "PDOMCEnumeration" or type == "PDOMCPPEnumeration": return idaapi.get_enum_size(idaapi.get_enum(str(name))) elif type == "PDOMCStructure" or type == "PDOMCPPClassType": return idaapi.get_struc_size(idaapi.get_struc_id(str(name))) elif type == "PDOMCTypedef" or type == "PDOMCPPTypedef": subType = line.get("type") if not subType: return 1 return IDAtools.get_size(subType.get("name"), subType.get("table"), subType) else: raise Exception("Missing case", type)
def by_name(name): '''Return the identifier for the enumeration with the given `name`.''' res = idaapi.get_enum(utils.string.to(name)) if res == idaapi.BADADDR: raise E.EnumerationNotFoundError(u"{:s}.by_name({!r}) : Unable to locate enumeration by the name \"{:s}\".".format(__name__, name, utils.string.escape(name, '"'))) return res
def __call__(self): ida_enum.set_enum_bf(idaapi.get_enum(self.ename.encode('utf-8')), self.bf_flag)
def __call__(self): idaapi.add_enum_member(idaapi.get_enum(self.ename.encode('utf-8')), self.name.encode('utf-8'), self.value, self.bmask)
def _get_enum(name): """Get an existing enum ID""" eid = idaapi.get_enum(name) if eid == idaapi.BADADDR: raise exceptions.EnumNotFound('Enum "{}" does not exist.'.format(name)) return eid
def __call__(self): idaapi.del_enum_member(idaapi.get_enum(self.ename.encode('utf-8')), self.value, self.serial, self.bmask)
def byName(name): '''Return an enum id by it's /name/''' res = idaapi.get_enum(name) if res == idaapi.BADADDR: raise Exception, "enum.byName(%r):unable to locate enumeration"% name return res
def __call__(self): idc.del_enum(idaapi.get_enum(self.ename.encode('utf-8')))