def rewind(warning=True):
if warning and config["show_rewind_warning"]:
ea_warning(
"Rewind will restore programme state in the scope of the context shown by EA View.\n"
"Changes made outside this scope (eg. heap, data sections) will not be restored. Continue?",
buttons=(("Yes", lambda: rewind(warning=False), True), ("No", None,
True)),
checkboxes=(("Don't show this warning again", set_warning_display,
False), ))
return
regs, stack = states[form.listWidget.currentRow()]
for i, v in regs:
v = v[0][v[0].find("0x") + 2:]
end = v.find("<")
v = int(v[:end] if end != -1 else v, 16)
set_rg(i, v)
rsp = get_rg("RSP" if get_bits() == 8 else "ESP")
stack_mem = ""
for i, v in stack:
v = v[1][v[1].find("0x") + 2:]
end = v.find("<")
v = "".join(reversed((v[:end] if end != -1 else v).decode("HEX")))
stack_mem += v
dbg_write_memory(rsp, stack_mem)
def restart():
start = time()
timeout = False
while get_process_state() != 0:
sleep(0.5)
if start - time() > 4:
timeout = True
ea_warning("Restart operation timed out")
break
runDebugger(get_input_file_path())
def dump():
global hooked
p_hooks.unhook()
hooked = False
df = pd.DataFrame(trace,columns=["time", "name"] + regs)
df.set_index(pd.DatetimeIndex(df["time"]))
print df
dump_loc = path + "/" + str(int(time.time())) + ".pickle"
df.to_pickle(dump_loc)
ea_warning("Dumped IDA Trace to " + dump_loc)
def ea_trace():
global a
global form
if found_lib:
a = QtGui.QFrame()
form = Trace_UI()
form.setupUi(a)
form.checkBox.click()
form.radioButton_2.click()
form.pushButton.clicked.connect(select_file)
form.pushButton_2.clicked.connect(go)
a.setWindowFlags(a.windowFlags() | QtCore.Qt.WindowStaysOnTopHint)
a.show()
else:
ea_warning("Could not find Pandas in your Python distribution. Install it to use this feature")
def dump():
global hooked
global trace
p_hooks.unhook()
hooked = False
df = pd.DataFrame(trace, columns=["time", "name"] + regs)
df.set_index(pd.DatetimeIndex(df["time"]))
dump_loc = config["trace_dir"] + ("/" if "/" in config["trace_dir"] else
"\\") + str(int(time.time())) + ".pickle"
df.to_pickle(dump_loc)
ea_warning("Dumped IDA Trace to " + dump_loc,
(("Open Folder",
lambda: Popen("explorer " + config["trace_dir"], shell=True)),
("Open In Console", lambda: open_in_console(dump_loc))),
"EA Trace")
trace = []
def go():
if not isdir(config["trace_dir"]):
ea_warning("You must select a valid dump directory")
return
global p_hooks
global general
global floating_point
global dump_on_break
global dump_on_exit
if isinstance(p_hooks, Hook):
p_hooks.unhook()
general = form.checkBox.isChecked()
floating_point = form.checkBox_2.isChecked()
dump_on_break = form.radioButton.isChecked()
dump_on_exit = form.radioButton_2.isChecked()
p_hooks = Hook()
p_hooks.hook()
a.close()
def ea_trace():
global a
global form
if found_lib:
a = QtWidgets.QFrame()
form = Trace_UI()
form.setupUi(a)
form.checkBox.click()
form.radioButton_2.click()
form.pushButton.clicked.connect(select_dir)
form.pushButton_2.clicked.connect(go)
form.pushButton_4.clicked.connect(select_dump)
if config["trace_dir"]:
form.lineEdit.insert(config["trace_dir"])
# a.setWindowFlags(a.windowFlags() | QtCore.Qt.WindowStaysOnTopHint)
a.show()
else:
ea_warning(
"Could not find Pandas in your Python distribution. Install it to use this feature"
)
def ea_heap():
global form
global a
global item_no
global hook
global main_arena_addr
global malloc_addr
if "ELF" not in get_file_type_name():
ea_warning("Executable must be ELF fomat (glibc)")
else:
if main_arena_offset == 0 and malloc_offset == 0:
set_config(True)
else:
if not is_debugger_on():
ea_warning("Application must be running")
else:
base_addr = get_main_arena()
if not base_addr:
ea_warning("Could not find C Library in Segments")
else:
malloc_addr = find_ins("ret", base_addr + malloc_offset)
main_arena_addr = base_addr + main_arena_offset
a = QtWidgets.QWidget()
form = Heap_UI()
form.setupUi(a)
form.textEdit.setReadOnly(True)
form.textEdit_2.setReadOnly(True)
a.show()
hook = Hook()
hook.hook()
a.closeEvent = lambda x: hook.unhook()
form.listWidget.itemClicked.connect(select_bin)
form.listWidget_3.itemClicked.connect(select_bin)
form.listWidget_2.itemClicked.connect(
lambda x: select_chunk(x, chunkmap))
form.listWidget_4.itemClicked.connect(
lambda x: select_chunk(x, chunkmap_2))
form.pushButton_2.clicked.connect(
lambda: set_config(False))
form.pushButton.clicked.connect(get_malloc_state)
form.checkBox.stateChanged.connect(
lambda x: (add_bp(malloc_addr, 10), hook.hook())
if x else (add_bp(malloc_addr, 2), hook.unhook()))
get_malloc_state()
def send(addr=None, code=None):
if get_process_state() != -1:
ea_warning("Process must be paused/suspended")
else:
if not addr:
flags = None
addr = get_rg("RIP")
bp = get_bp(addr, False)
if bp:
flags = bp.flags
bp.flags = 2
update_bpt(bp)
code = dbg_read_memory(addr & 0xfffffffffffff000, 0x1000)
if flags:
bp.flags = flags
update_bpt(bp)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((TCP_IP, TCP_PORT))
except socket.error:
launch_server()
sleep(0.5)
s.connect((TCP_IP, TCP_PORT))
s.send(dumps(("emu", (addr, code, get_bits(), server_print))))
error = False
while True:
data = s.recv(BUFFER_SIZE)
if not data: break
func, args = loads(data)
if func == "result":
break
if func == "error":
ea_warning(args)
error = True
break
s.send(dumps(globals()[func](*args)))
s.close()
if not error and annotate:
rip = get_rg("RIP")
if rip in args:
del args[rip]
for c, v in args.items():
v = [i for i in v if i[0] not in ("rip", "eip")]
comment = GetCommentEx(c, 0)
if v:
annotation = " ".join(a + "=" + hex(b).replace("L", "")
for a, b in v)
if comment and "e:" in comment:
comment = comment[:comment.find("e:")].strip(" ")
MakeComm(c, (comment if comment else "").ljust(10) +
" e: " + annotation)
else:
if comment and "e:" in comment:
comment = comment[:comment.find("e:")].strip(" ")
MakeComm(c, (comment if comment else "").ljust(10) +
" e: " + "No reg changes")