def react_operator(idx, ctx):
print '%x' % (idx.ea)
fcn_object = ctx.get_obj("function")
"""next line was working on ELF"""
demangled = ida_name.demangle_name(
ida_name.get_name(fcn_object.addr)[1:], 0)
"""next line was working on MACH-O"""
#demangled = ida_name.demangle_name(ida_name.get_name(fcn_object.addr), 0)
print demangled
if "operator<<" in demangled:
arg2 = ctx.get_expr('arg2')[0]
arg1 = ctx.get_expr('arg1')[0]
arg1_repr = get_string_repr(arg1, ctx)
arg2_repr = get_string_repr(arg2, ctx)
var = ctx.get_var("res")
#varname = ctx.get_var_name(var.idx)
varexp = make_var_expr(var.idx, var.typ, var.mba)
#varexp = make_var_expr(var2.idx, var2.typ, var2.mba, arg=True)
arglist = ida_hexrays.carglist_t()
arglist.push_back(arg2)
helper = ida_hexrays.call_helper(ida_hexrays.dummy_ptrtype(4, False),
arglist, "{} << ".format(arg1_repr))
insn = make_cexpr_insn(idx.ea, make_asgn_expr(varexp, helper))
idx.cleanup()
idaapi.qswap(idx, insn)
# del original inst because we swapped them on previous line
del insn
def inverse_if(cif):
idaapi.qswap(cif.ithen, cif.ielse)
cit_if_condition = cif.expr
if cit_if_condition.op == idaapi.cot_lnot:
new_if_condition = idaapi.cexpr_t(cit_if_condition.x)
else:
new_if_condition = idaapi.cexpr_t(idaapi.lnot(cit_if_condition))
new_if_condition.thisown = False
cif.expr = new_if_condition
del cit_if_condition
def replacer_strlen_global(idx, ctx):
var = ctx.get_var("res")
varname = ctx.get_var_name(var.idx)
obj = ctx.get_obj("strlenarg")
varexp = make_var_expr(var.idx, var.typ, var.mba)
arg1 = make_obj_expr(obj.addr, obj.type, arg=True)
arglist = ida_hexrays.carglist_t()
arglist.push_back(arg1)
val = ida_hexrays.call_helper(ida_hexrays.dummy_ptrtype(4, False), arglist, "strlen_inlined")
insn = make_cexpr_insn(idx.ea, make_asgn_expr(varexp, val))
idx.cleanup()
idaapi.qswap(idx, insn)
# del original inst because we swapped them on previous line
del insn
def replace_item(self, item, new_item, is_forced=False):
tmc = TreeModificationContext(self, item)
if not is_forced and not self.is_replacing_possible(tmc):
return
if new_item.ea == idaapi.BADADDR and item.ea != idaapi.BADADDR:
new_item.ea = item.ea
if new_item.label_num == -1 and item.label_num != -1:
new_item.label_num = item.label_num
try:
idaapi.qswap(item, new_item)
self.is_tree_modified = True
except Exception as e:
print("[!] Got an exception during ctree instr replacing")
def invert_if(self, cfunc, insn):
if insn.opname != 'if':
return False
cif = insn.details
if not cif.ithen or not cif.ielse:
return False
idaapi.qswap(cif.ithen, cif.ielse)
cond = idaapi.cexpr_t(cif.expr)
notcond = idaapi.lnot(cond)
cif.expr.swap(notcond)
return True
def invert_if(self, cfunc, insn):
if insn.opname != 'if':
return False
cif = insn.details
if not cif.ithen or not cif.ielse:
return False
idaapi.qswap(cif.ithen, cif.ielse)
cond = idaapi.cexpr_t(cif.expr)
notcond = idaapi.lnot(cond)
cond.thisown = 0 # the new wrapper 'notcond' now holds the reference to the cexpr_t
cif.expr.swap(notcond)
return True
def invert_if(self, cfunc, insn):
if insn.opname != 'if':
return False
cif = insn.details
if not cif.ithen or not cif.ielse:
return False
idaapi.qswap(cif.ithen, cif.ielse)
cond = idaapi.cexpr_t(cif.expr)
notcond = idaapi.lnot(cond)
cond.thisown = 0 # the new wrapper 'notcond' now holds the reference to the cexpr_t
cif.expr.swap(notcond)
return True
def handle_string_destr(idx, ctx):
print '%x' % (idx.ea)
var = ctx.get_var('len')
var2 = ctx.get_var('ptr')
print var
off1 = get_var_offset(ctx.fcn, var.idx)
off2 = get_var_offset(ctx.fcn, var2.idx)
print off1 - off2
if off1 - off2 == 20:
print "[+] Found string destructor"
varexp = make_var_expr(var2.idx, var2.typ, var2.mba, arg=True)
arglist = ida_hexrays.carglist_t()
arglist.push_back(varexp)
val = ida_hexrays.call_helper(ida_hexrays.dummy_ptrtype(4, False),
arglist, "std::string::destructor")
insn = make_cexpr_insn(idx.ea, val)
idx.cleanup()
idaapi.qswap(idx, insn)
del insn
def invert_if(self, cfunc, insn):
if insn.opname != 'if':
return False
cif = insn.details
if not cif.ithen or not cif.ielse:
return False
idaapi.qswap(cif.ithen, cif.ielse)
# Make a copy of 'cif.expr': 'lnot' might destroy its toplevel
# cexpr_t and return a pointer to its direct child (but we'll want to
# 'swap' it later, the 'cif.expr' cexpr_t object must remain valid.)
cond = idaapi.cexpr_t(cif.expr)
notcond = idaapi.lnot(cond)
cif.expr.swap(notcond)
return True
def react_operator2(idx, ctx):
print '%x' % (idx.ea)
fcn_object = ctx.get_obj("function")
"""next line was working on ELF"""
demangled = ida_name.demangle_name(
ida_name.get_name(fcn_object.addr)[1:], 0)
"""next line was working on MACH-O"""
#demangled = ida_name.demangle_name(ida_name.get_name(fcn_object.addr), 0)
print demangled
if "operator<<" in demangled:
arg1 = ctx.get_expr('arg1')[0]
arg1_repr = get_string_repr(arg1, ctx)
arg2 = ctx.get_expr('arg2')[0]
#varexp = make_var_expr(var2.idx, var2.typ, var2.mba, arg=True)
arglist = ida_hexrays.carglist_t()
arglist.push_back(arg2)
val = ida_hexrays.call_helper(ida_hexrays.dummy_ptrtype(4, False),
arglist, "{} << ".format(arg1_repr))
insn = make_cexpr_insn(idx.ea, val)
idx.cleanup()
idaapi.qswap(idx, insn)
del insn
def inverse_if(cif):
inverse_if_condition(cif)
idaapi.qswap(cif.ithen, cif.ielse)
def replace_dword_in_struct(idx, ctx):
print '%x' % idx.ea
struct_expr = ctx.get_expr('struct_part')[0]
var = ctx.get_var("struct_var")
values = ctx.get_expr('values')[0]
offset = struct_expr.m
vals = []
N = extract_number(values)
typename = struct_expr.x.type.dstr()
s_id = ida_struct.get_struc_id(typename)
if s_id == idc.BADADDR:
return
sptr = ida_struct.get_struc(s_id)
is_suits = True
fields = []
inner_offset = 0
while inner_offset < 4:
memb = ida_struct.get_member(sptr, offset + inner_offset)
if memb is None:
print "Not enought members!"
is_suits = False
break
size = ida_struct.get_member_size(memb)
if inner_offset + size > 4:
print "Size fail!(%d bytes lenft but member size is %d)" % (
4 - inner_offset, size)
is_suits = False
break
if size == 1:
val = N & 0xff
N = N >> 8
elif size == 2:
val = N & 0xffff
N = N >> 16
else:
print "Unkn size"
is_suits = False
break
fields.append((inner_offset, val))
inner_offset += size
if is_suits is False:
print "Not suitable!"
return
inslist = []
for i in fields:
ins = make_asgn_refvar_number(idx.ea, var, offset + i[0], i[1])
inslist.append(ins)
#########
# Not foldable
#########
blk = make_cblk(inslist)
cblk = make_cblock_insn(idx.ea, blk)
idx.cleanup()
idaapi.qswap(idx, cblk)
del cblk
##########################
# Foldable - not working - IDA crashes at exit idk why;[
##########################
#fake_cond = make_helper_expr("fold")
#blk = make_cblk(inslist)
#cblk = make_cblock_insn(idx.ea, blk)
#cif = make_if(idx.ea, fake_cond, cblk)
#idx.cleanup()
#idaapi.qswap(idx, cif)
#del cif
return True
