def dump_memory(self, file_path=None, ptr=0, length=0):
if ptr == 0:
ptr, inp = InputDialog.input_pointer(self._app_window)
if ptr > 0:
if length == 0:
accept, length = InputDialog.input(
self._app_window, hint='insert length', placeholder='1024')
if not accept:
return
try:
if length.startswith('0x'):
length = int(length, 16)
else:
length = int(length)
except:
return
if file_path is None:
r = QFileDialog.getSaveFileName(self._app_window, caption='Save binary dump to file')
if len(r) == 0 or len(r[0]) == 0:
return
file_path = r[0]
data = self.read_memory(ptr, length)
if data is not None:
with open(file_path, 'wb') as f:
f.write(data)
def handler_find_symbol(self):
accept, input = InputDialog().input(self.app_window,
'find symbol by pattern',
placeholder='*_open*')
if accept:
SearchPanel.debug_symbol_search_panel(
self.app_window.get_app_instance(), input)
def _on_cm_search(self):
from ui.dialog_input import InputDialog
accept, input = InputDialog.input(self,
hint='Search something in this list',
placeholder='search...',
input_content=self._current_search)
if accept:
self._current_search = input
have_result, search_results = self.contains_text(
input, stop_at_match=False)
if not have_result:
return
#rows = {}
#for x in search_results:
# rows[str(x[0])] = x
for row in range(self.model().rowCount()):
item = self.model().item(row, 0)
hide = True
for sr in search_results:
if sr[0] == row:
hide = False
break
self.setRowHidden(row,
self.model().invisibleRootItem().index(),
hide)
def hook_on_load(self):
input = InputDialog.input(hint='insert module name')
if input[0]:
module = input[1]
if not module.endswith('.so'):
module += '.so'
self.insertRow(self.rowCount())
h = Hook()
h.set_ptr(0)
h.set_input(module)
h.set_widget_row(self.rowCount() - 1)
self.onloads[module] = h
q = HookWidget(h.get_input())
q.set_hook_data(h)
q.setForeground(Qt.darkGreen)
self.setItem(self.rowCount() - 1, 0, q)
q = NotEditableTableWidgetItem(hex(0))
q.setForeground(Qt.gray)
self.setItem(self.rowCount() - 1, 1, q)
q = NotEditableTableWidgetItem('-')
q.setForeground(Qt.gray)
self.setItem(self.rowCount() - 1, 2, q)
self.app.get_script().exports.onload(module)
def add_hook(self):
input = InputDialog.input(hint='insert pointer')
if input[0]:
ptr = int(self.app.get_script().exports.getpt(input[1]), 16)
if ptr > 0:
hook = self.app.get_script().exports.hook(ptr)
if hook:
self.insertRow(self.rowCount())
h = Hook()
h.set_ptr(ptr)
h.set_input(input[1])
h.set_widget_row(self.rowCount() - 1)
self.hooks[ptr] = h
q = HookWidget(h.get_input())
q.set_hook_data(h)
q.setForeground(Qt.gray)
self.setItem(self.rowCount() - 1, 0, q)
q = NotEditableTableWidgetItem(hex(ptr))
q.setForeground(Qt.red)
self.setItem(self.rowCount() - 1, 1, q)
q = NotEditableTableWidgetItem('0')
self.setItem(self.rowCount() - 1, 2, q)
self.resizeColumnsToContents()
def hook_onload(self, input=None):
if input is None or not isinstance(input, str):
input = InputDialog.input(hint='insert module name')
if not input[0]:
return
input = input[1]
if not input.endswith('.so'):
input += '.so'
if input in self.onloads:
return
self.insertRow(self.rowCount())
h = Hook()
h.set_ptr(0)
h.set_input(input)
self.onloads[input] = h
q = HookWidget(h.get_input())
q.set_hook_data(h)
q.setForeground(Qt.darkGreen)
self.setItem(self.rowCount() - 1, 0, q)
q = NotEditableTableWidgetItem(hex(0))
q.setForeground(Qt.gray)
self.setItem(self.rowCount() - 1, 1, q)
q = NotEditableTableWidgetItem('-')
q.setForeground(Qt.gray)
self.setItem(self.rowCount() - 1, 2, q)
self.app.get_script().exports.onload(input)
self.resizeRowToContents(0)
self.resizeRowToContents(1)
def hook_onload(self, input=None):
if input is None or not isinstance(input, str):
accept, input = InputDialog.input(self.app,
hint='insert module name',
placeholder='libtarget.so')
if not accept:
return
if len(input) == 0:
return
if not input.endswith('.so'):
input += '.so'
if input in self.app.get_dwarf().on_loads:
return
self.dwarf_api('hookOnLoad', input)
h = Hook(Hook.HOOK_ONLOAD)
h.set_ptr(0)
h.set_input(input)
self.on_loads[input] = h
if self.app.session_ui is not None and self.app.get_hooks_panel(
) is not None:
self.app.get_hooks_panel().hook_onload_callback(h)
def handler_kernel_lookup_symbol(self):
accept, input = InputDialog().input(
self.app_window,
'lookup kernel symbol by exact name',
placeholder='SyS_open')
if accept and len(input) > 0:
self.app_window.get_dwarf().get_kernel().lookup_symbol(input)
def handler_find_bytes(self):
accept, input = InputDialog().input(self.app_window,
'find bytes',
placeholder='ff b3 ac 9d 0f ...')
if accept:
self.action_find_bytes.setEnabled(False)
SearchPanel.bytes_search_panel(self.app_window.get_app_instance(),
input)
def hook_java(self, input=None, pending_args=None):
if input is None or not isinstance(input, str):
input = InputDialog.input(hint='com.package.class.[method or \'$new\']')
if not input[1]:
return
input = input[1]
self.java_pending_args = pending_args
self.app.get_script().exports.jmh(input)
def set_condition(self):
if len(self.selectedItems()) < 1:
return
item = self.item(self.selectedItems()[0].row(), 0)
inp = InputDialog().input('insert condition', input_content=item.get_hook_data().get_condition())
if inp[0]:
if self.app.get_script().exports.hookcond(item.get_hook_data().get_ptr(), inp[1]):
item.get_hook_data().set_condition(inp[1])
def hook_java(self, input=None, pending_args=None):
if input is None or not isinstance(input, str):
input = InputDialog.input(
hint='com.package.class or com.package.class.method')
if not input[1]:
return
input = input[1]
self.java_pending_args = pending_args
self.app.dwarf_api('hookJava', input)
def hook_native(self, input=None, pending_args=None):
if input is None or not isinstance(input, str):
ptr, input = InputDialog.input_pointer(self.app)
else:
ptr = int(self.app.dwarf_api('evaluatePtr', input), 16)
if ptr > 0:
self.temporary_input = input
self.native_pending_args = pending_args
self.app.dwarf_api('hookNative', ptr)
def handle_start(self):
ph = ''
if self.until_address > 0:
ph = hex(self.until_address)
address, inp = InputDialog.input_pointer(
self.app, input_content=ph, hint='pointer to last instruction')
if address > 0:
self.until_address = address
self.emulator.emulate(self.until_address)
def _create_bookmark(self, index=-1, ptr=''):
note = ''
if ptr == '':
if isinstance(index, int) and index >= 0:
ptr = self._bookmarks_model.item(index, 0).text()
note = self._bookmarks_model.item(index, 1).text()
ptr, _ = InputDialog.input_pointer(parent=self._app_window,
input_content=ptr)
else:
if not isinstance(ptr, int):
try:
if ptr.startswith('0x'):
ptr = int(ptr, 16)
else:
ptr = int(ptr)
except ValueError:
ptr = 0
if ptr > 0:
ptr = hex(ptr)
if self._bookmarks_list.uppercase_hex:
ptr = ptr.upper().replace('0X', '0x')
index = self._bookmarks_model.findItems(ptr, Qt.MatchExactly)
if len(index) > 0:
index = index[0].row()
note = self._bookmarks_model.item(index, 1).text()
else:
index = -1
accept, note = InputDialog.input(hint='Insert notes for %s' % ptr,
input_content=note)
if accept:
if index < 0:
self.insert_bookmark(ptr, note)
else:
item = self._bookmarks_model.item(index, 0)
item.setText(ptr)
item = self._bookmarks_model.item(index, 1)
item.setText(note)
self.bookmarks[ptr] = note
def hook_java(self, input=None, pending_args=None):
if input is None or not isinstance(input, str):
input = InputDialog.input(
self.app,
hint='insert java class or methos',
placeholder='com.package.class or com.package.class.method')
if not input[1]:
return
input = input[1]
self.app.get_dwarf().hook_java(input, pending_args)
def hook_java(self, input_=None, pending_args=None):
if input_ is None or not isinstance(input_, str):
accept, input_ = InputDialog.input(
self._app_window, hint='insert java class or method',
placeholder='com.package.class or com.package.class.method')
if not accept:
return
self.java_pending_args = pending_args
input_ = input_.replace(' ', '')
self.dwarf_api('hookJava', input_)
def set_condition(self, item):
item = self.item(item.row(), 0)
accept, input = InputDialog().input(
self.app, 'insert condition', input_content=item.get_hook_data().get_condition())
if accept:
what = item.get_hook_data().get_ptr()
if what == 0:
what = item.get_hook_data().get_input()
if self.app.dwarf_api('setHookCondition', [what, input]):
item.get_hook_data().set_condition(input)
def set_condition(self, item):
inp = InputDialog().input(
'insert condition',
input_content=item.get_hook_data().get_condition())
if inp[0]:
what = item.get_hook_data().get_ptr()
if what == 0:
what = item.get_hook_data().get_input()
if self.app.dwarf_api('setHookCondition', [what, inp[1]]):
item.get_hook_data().set_condition(inp[1])
def hook_java(self, input=None, pending_args=None):
if input is None or not isinstance(input, str):
accept, input = InputDialog.input(
self.app,
hint='insert java class or methos',
placeholder='com.package.class or com.package.class.method')
if not accept:
return
self.java_pending_args = pending_args
self.app.dwarf_api('hookJava', input)
def handle_start(self):
ph = ''
if self.until_address > 0:
ph = hex(self.until_address)
address, inp = InputDialog.input_pointer(self.app, input_content=ph, hint='pointer to last instruction')
if address > 0:
self.until_address = address
self.app.console_panel.show_console_tab('emulator')
self.emulator.emulate(self.until_address, user_arch=self._uc_user_arch,
user_mode=self._uc_user_mode, cs_arch=self._cs_user_arch,
cs_mode=self._cs_user_mode)
def hook_native(self, input_=None, pending_args=None, own_input=None):
if input_ is None or not isinstance(input_, str):
ptr, input_ = InputDialog.input_pointer(self._app_window)
else:
ptr = utils.parse_ptr(self._app_window.dwarf.dwarf_api('evaluatePtr', input_))
if ptr > 0:
self.temporary_input = input_
if own_input is not None:
self.temporary_input = own_input
self.native_pending_args = pending_args
self.dwarf_api('hookNative', ptr)
def hook_native(self, input=None, pending_args=None):
if input is None or not isinstance(input, str):
input = InputDialog.input(hint='insert pointer')
if not input[0]:
return
input = input[1]
ptr = int(self.app.get_script().exports.getpt(input), 16)
if ptr > 0:
self.temporary_input = input
self.native_pending_args = pending_args
self.app.get_script().exports.hook(ptr)
def hook_native_on_load(self, input_=None):
if input_ is None or not isinstance(input_, str):
accept, input_ = InputDialog.input(self._app_window, hint='insert module name', placeholder='libtarget.so')
if not accept:
return
if len(input_) == 0:
return
if input_ in self._app_window.dwarf.native_on_loads:
return
self.dwarf_api('hookNativeOnLoad', input_)
def trigger_write_string(self):
item = self.selectedItems()[0]
if item.column() == 0:
item = self.item(item.row(), 1)
if isinstance(item, ByteWidget):
ptr = item.get_ptr()
content = InputDialog.input(hint='write utf8 string @%s' %
hex(ptr))
if content[0]:
if self.app.get_script().exports.writeutf8(ptr, content[1]):
self.read_memory(ptr, self.data['len'], self.data['sub'])
def _create_bookmark(self, index=-1, ptr=''):
note = ''
if ptr == '':
if isinstance(index, int) and index >= 0:
ptr = self._bookmarks_model.item(index, 0).text()
note = self._bookmarks_model.item(index, 1).text()
ptr, input_ = InputDialog.input_pointer(parent=self._app_window,
input_content=ptr)
else:
try:
ptr = int(ptr, 16)
except:
ptr = 0
if ptr > 0:
index = self._bookmarks_model.findItems(hex(ptr), Qt.MatchExactly)
if len(index) > 0:
index = index[0].row()
note = self._bookmarks_model.item(index, 1).text()
else:
index = -1
accept, note = InputDialog.input(hint='Insert notes for %s' %
hex(ptr),
input_content=note)
if accept:
if index < 0:
self._bookmarks_model.appendRow(
[QStandardItem(hex(ptr)),
QStandardItem(note)])
else:
item = self._bookmarks_model.item(index, 0)
item.setText(hex(ptr))
item = self._bookmarks_model.item(index, 1)
item.setText(note)
self.bookmarks[hex(ptr)] = note
def handle_start(self):
ph = ''
if self.until_address > 0:
ph = hex(self.until_address)
address, inp = InputDialog.input_pointer(
self.app, input_content=ph, hint='pointer to last instruction')
if address > 0:
self.until_address = address
err = self.emulator.start(self.until_address)
if err > 0:
self.until_address = 0
self.console.log('cannot start emulator. err: %d' % err)
return
def trigger_write_string(self):
item = self.selectedItems()[0]
if item.column() == 0:
item = self.item(item.row(), 1)
if isinstance(item, ByteWidget):
ptr = item.get_ptr()
accept, content = InputDialog.input(hint='write utf8 string @%s' %
hex(ptr))
if accept:
if self.app.dwarf_api('writeUtf8', [ptr, content]):
self.range.invalidate()
self.read_memory(ptr)
def hook_java_on_load(self, input_=None):
if input_ is None or not isinstance(input_, str):
accept, input_ = InputDialog.input(
self._app_window, hint='insert class name', placeholder='com.android.mytargetclass')
if not accept:
return
if len(input_) == 0:
return
if input_ in self._app_window.dwarf.native_on_loads:
return
self.dwarf_api('hookJavaOnLoad', input_)
def handler_find_bytes(self):
# invalidate modules list filter
self._bytes_find_modules_list = None
accept, input = InputDialog().input(self.app_window, 'find bytes',
placeholder='ff b3 ac 9d 0f ...',
options_callback=self.handler_find_bytes_options)
if accept:
self.action_find_bytes.setEnabled(False)
SearchPanel.bytes_search_panel(self.app_window.get_app_instance(), input,
self._bytes_find_modules_list)
# invalidate it once again
self._bytes_find_modules_list = None
