def StartDebugger(self):
'''
Starts the debugger (equivalent of pressing F9).
Returns None.
'''
idc.StartDebugger('', '', '')
self.WaitForDebugger()
def setup():
args = r'"C:\Users\benoit\AppData\Roaming\Microsoft\Internet Explorer\browserassist.dll"'
path = r'C:\Users\benoit\work\binstall'
exe = r'C:\Users\benoit\work\binstall\build\firefox.exe'
idc.StopDebugger()
res = idc.StartDebugger(exe, args, path)
print('starting dbugger')
time.sleep(1)
wait_susp()
def setup():
args = r''
exe = r'C:\Users\benoit\work\leet\leet_editr.exe'
path = r'C:\Users\benoit\work\leet'
idc.StopDebugger()
idc.AddBpt(idc.LocByName('main'))
res = idc.StartDebugger(exe, args, path)
print('starting dbugger')
time.sleep(1)
wait_susp()
def setup(num):
path = 'C:/Users/benoit/work/CryptoGraph.exe'
for i in range(10):
res = idc.StartDebugger(path, str(num), 'C:/Users/benoit/work')
print('got res >> ', res)
if res == 1:
break
idc.StopDebugger()
time.sleep(1)
else:
assert False, 'Could not start debugger'
wait_susp()
def setup():
path = '/home/benoit/programmation/hack/csaw/15/reverse/wyvern/wyvern_c85f1be480808a9da350faaa6104a19b'
for i in range(10):
res = idc.StartDebugger(
path, '', '/home/benoit/programmation/hack/csaw/15/reverse/wyvern')
if res == 1:
break
idc.StopDebugger()
time.sleep(1)
else:
assert False, 'Could not start debugger'
wait_susp()
def setup():
path = 'C:/Users/benoit/work/Airlhes_screensaver.scr'
for i in range(10):
idc.StopDebugger()
res = idc.StartDebugger(path, '', 'C:/Users/benoit/work')
print('got res >> ', res)
if res == 1:
break
idc.StopDebugger()
time.sleep(1)
else:
assert False, 'Could not start debugger'
wait_susp()
def __init__(self, headless=False, binary_path=None):
'''
Initialize the IdaConcreteTarget. Nothing has to be done if the target is used inside the IDA Debugger but when
using IDA in headless mode (without the GUI) we need to start the debugger by ourselves.
:param :bool headless: headless mode is used when IDA is launched without the GUI
:param :str binary_path: optional path to the binary needed only
Example
To run a script in IDA headless mode use:
> idat.exe -c -A -S"angr_script.py" -t
> idat -c -A -S"angr_script.py" -t
'''
self.headless = headless
if binary_path and not self.headless:
l.warn(
"The binary path is needed only when using IDA in headless mode"
)
if self.headless:
if binary_path is None:
l.warn(
"You should provide a binary path when running IDA in headless mode"
)
self.exit()
idc.SetInputFilePath(binary_path)
l.debug("Running IDA in headless mode. Initializing the debugger")
idaapi.autoWait()
if sys.platform is "win32":
idc.LoadDebugger("win32", 0)
else:
idc.LoadDebugger("linux", 0)
# entry_point = idc.GetLongPrm(INF_START_IP)
# print("adding breakpoint at %x"%(entry_point))
idc.SetInputFilePath(binary_path)
# idc.AddBpt(entry_point)
idc.SetDebuggerOptions(idc.DOPT_START_BPT)
idc.StartDebugger("", "", "")
idc.ResumeProcess()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
l.debug("Debugger initialized")
super(IDAConcreteTarget, self).__init__()
def setup0(self):
args = r''
exe = r'C:\Users\benoit\work\malware\run2.exe'
path = r'C:\Users\benoit\work\malware'
infile = r'C:\Users\benoit\work\malware\data.bin'
idc.StopDebugger()
idc.SetInputFilePath(infile)
self.run_call_addr = 0x4010df
self.main_addr = 0x401000
self.ret_pad_ea = self.run_call_addr + 0x10
idc.AddBpt(self.run_call_addr)
idc.AddBpt(self.main_addr)
self.add_bpt(self.ret_pad_ea)
res = idc.StartDebugger(exe, args, path)
print('starting dbugger')
time.sleep(1)
wait_susp()
def setup():
path = 'C:/Users/benoit/work/you_are_very_good_at_this.exe'
for i in range(10):
res = idc.StartDebugger(path, '', 'C:/Users/benoit/work')
print('got res >> ', res)
if res == 1:
break
idc.StopDebugger()
time.sleep(1)
else:
assert False, 'Could not start debugger'
wait_susp()
funcs = ida.find_imported_funcs('kernel32')
print(funcs)
read_addr = funcs['ReadFile'][0]
print('read addr >> ', read_addr)
read_pos = idc.DbgDword(read_addr)
idc.AddBpt(read_pos)
print('read pos bpt >> ', hex(read_pos))
go(read_pos)
def _sync_startDebugger(self, args):
idc.StartDebugger('', args, '')
def remote_debug():
remote_path = send_cur_file_to_sandbox()
if remote_path != None:
print("Remote path: ", remote_path)
idc.StartDebugger(remote_path, "", config.SANDBOX_DEBUGGING_FOLDER)
print "[+] Address in code of VirtualAlloc: 0x%08X" % (virtualAllocInCode[0])
placeForBreakPoint = idc.NextHead(virtualAllocInCode[0])
print "[+] Address to Set Breakpoint: 0x%08X" % (placeForBreakPoint)
print "[+] Setting Breakpoint"
idaapi.add_bpt(placeForBreakPoint, 0,
idaapi.BPT_SOFT) # establecemos el breakpoint
idaapi.enable_bpt(placeForBreakPoint, True)
print "[+] Breakpoint set"
while (1):
try:
idc.StartDebugger("", "", "")
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
print "[+] Waiting for the start of debugger..."
time.sleep(15)
eax_value = idc.GetRegValue("EAX")
print "[+] Value of EAX: 0x%08x" % eax_value
if eax_value == VALUE_TO_GET:
break
else:
idc.StopDebugger()
print "[+] Waiting for the stop of debugger"
time.sleep(15)
except Exception as e:
print "[-] Error trying again"
