Example #1
0
    def btn_imp_ghidra_funcs(self, code=0):
        """
        导入Ghidra函数列表
        """
        ghidra_filepath = os.path.join(os.getcwd(), 'ghidra_func_addrs.csv')
        ghidra_path = ida_kernwin.ask_str(ghidra_filepath, 0,
                                          '导入的Ghidra导出函数文件路径')

        func_addrs = list(idautils.Functions())
        make_func_addrs = []
        if ghidra_path and ghidra_path != '':
            if os.path.exists(ghidra_path):
                with open(ghidra_path, 'rb') as f:
                    next(f)
                    reader = csv.reader(f)
                    for row in reader:
                        addr = int(row[0].strip('\"'), 16)
                        if ida_funcs.add_func(addr) == True:
                            make_func_addrs.append(addr)
                        else:
                            if addr not in func_addrs:
                                FELogger.info("创建函数%s失败" % hexstr(addr))
                FELogger.info("Ghidra导出函数文件:%s,已导入" % ghidra_path)
            else:
                FELogger.erro("未找到Ghidra导出函数文件:%s" % ghidra_path)
        else:
            FELogger.warn("请输入Ghidra导出函数文件路径")

        FELogger.info("成功创建%d个新函数" % len(make_func_addrs))
Example #2
0
    def add_or_del_one_xref_bpt(self, is_add):
        if is_add == True:
            action = idc.add_bpt
            act_info = '添加'
        else:
            action = idc.del_bpt
            act_info = '删除'

        tgt_t = ida_kernwin.ask_str('', 0, '请输入危险函数名')
        if tgt_t in SINK_FUNC:
            if not tgt_t in self.sink_func_xref_dict:
                mgr_t = FESinkFuncMgr()
                xref_list = mgr_t.get_one_func_xref(tgt_t)

                if not xref_list:
                    FELogger.warn("未找到函数%s" % tgt_t)
                    return

                tmp_list = []
                for xref_addr in xref_list:
                    tmp_list.append(xref_addr)
                    action(xref_addr)
                self.sink_func_xref_dict[tgt_t] = tmp_list
            else:
                for xref_addr_t in self.sink_func_xref_dict[tgt_t]:
                    action(xref_addr_t)
            FELogger.info("已%s断点:危险函数调用地址(%s)" % (act_info, tgt_t))
        else:
            FELogger.warn("未支持函数")
Example #3
0
    def btn_get_one_sink_func_xref(self, code=0):
        """
        查看某个危险函数调用地址
        """

        tgt_t = ida_kernwin.ask_str('', 0, '请输入要查看的危险函数名')
        if tgt_t in SINK_FUNC:
            cols = [['', 0 | ida_kernwin.Choose.CHCOL_DEC],
                    ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN],
                    ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX]]
            items = []

            mgr_t = FESinkFuncMgr()
            xref_list = mgr_t.get_one_func_xref(tgt_t)

            if not xref_list:
                FELogger.warn("未找到函数%s" % tgt_t)
                return

            tmp_list = []
            for xref_addr in xref_list:
                data = AnalysisChooseData(vuln=0, name=tgt_t, ea=xref_addr)
                items.append(data)
                tmp_list.append(xref_addr)
            self.sink_func_xref_dict[tgt_t] = tmp_list

            chooser = AnalysisChooser(title='危险函数调用地址', cols=cols, item=items)
            chooser.Show()
        else:
            FELogger.warn("未支持函数")
Example #4
0
 def btn_del_one_vuln_bpt(self, code=0):
     """删除断点 某个危险函数漏洞地址"""
     tgt_t = ida_kernwin.ask_str('', 0, '请输入危险函数名')
     if tgt_t in SINK_FUNC:
         if tgt_t in self.vuln_func_fast_dict:
             for xref_addr_t in self.vuln_func_fast_dict[tgt_t]:
                 ida_dbg.del_bpt(xref_addr_t)
         FELogger.info("已删除断点:危险函数漏洞分析(%s)" % tgt_t)
     else:
         FELogger.warn("未支持函数")
Example #5
0
 def btn_del_tmp_func_bpt(self, code=0):
     """删除临时函数断点"""
     tgt_t = ida_kernwin.ask_str('', 0, '请输入任意函数名')
     try:
         if tgt_t in self.tmp_func_dict:
             for xref_addr_t in self.tmp_func_dict[tgt_t]:
                 ida_dbg.del_bpt(xref_addr_t)
             CUSTOM_FUNC.pop(tgt_t)
         FELogger.info("已删除断点:指定函数调用地址 %s" % tgt_t)
     except Exception:
         FELogger.warn("请输入函数名")
Example #6
0
    def jump_in_hex(self):
        ea = self.ea
        if not ea or not ida_bytes.is_loaded(ea):
            FELogger.warn("地址错误")
            return

        widget = self.find_hex_view()
        if not widget:
            FELogger.warn("无法找到十六进制窗口")
            return

        self.jumpto_in_view(widget, ea)
Example #7
0
    def jump_in_new_window(self):
        ea = self.ea
        if not ea or not ida_bytes.is_loaded(ea):
            FELogger.warn("地址错误")
            return

        window_name = "D-0x%x" % ea
        widget = ida_kernwin.open_disasm_window(window_name)
        if widget:
            self.jumpto_in_view(widget, ea)
        else:
            FELogger.warn("创建新窗口失败")
Example #8
0
    def jump_in_disassembly(self):
        ea = self.ea
        if not ea or not ida_bytes.is_loaded(ea):
            FELogger.warn("地址错误")
            return

        widget = self.find_disass_view()
        if not widget:
            FELogger.warn("无法找到反汇编窗口")
            return

        self.jumpto_in_view(widget, ea)
Example #9
0
    def btn_dfs_test_1(self, code=0):
        addr_t = ida_kernwin.ask_str('', 0, '请输入回溯起点地址')
        reg_t = ida_kernwin.ask_str('', 0, '请输入回溯寄存器')
        if (addr_t and addr_t != '') and (reg_t and reg_t != ''):
            try:
                addr_t = int(addr_t, 16)
            except Exception:
                FELogger.warn("无效地址")
                return

            FELogger.info("从地址%s回溯寄存器%s" % (hexstr(addr_t), reg_t))
            tracer = FEArgsTracer(addr_t, reg_t)
            source_addr = tracer.run()
            print('source_addr: ', source_addr)
        else:
            FELogger.warn("请输入起点地址和寄存器")
Example #10
0
        def do_export():
            st = ida_auto.set_ida_state(idc.IDA_STATUS_WORK)
            xml = XmlExporter(1)

            try:
                try:
                    xml.export_xml()
                    FELogger.info("已导出IDA数据到XML")
                except Cancelled:
                    ida_kernwin.hide_wait_box()
                    FELogger.warn("已取消XML导出")
                except Exception as e:
                    ida_kernwin.hide_wait_box()
                    FELogger.warn("导出XML失败 %s" % e)
            finally:
                xml.cleanup()
                ida_auto.set_ida_state(st)
Example #11
0
    def btn_import_all_bpt_addr(self, code=0):
        """
        导入离线断点
        """
        cur_workpath = os.getcwd()
        csv_filepath = os.path.join(
            cur_workpath, '%s_bpt.csv' % ida_nalt.get_root_filename())

        if os.path.exists(csv_filepath):
            with open(csv_filepath, 'r') as f:
                next(f)
                reader = csv.reader(f)
                for row in reader:
                    ida_dbg.add_bpt(int(row[0], 16), 0, idc.BPT_DEFAULT)
            FELogger.info("导入断点完成:%s" % csv_filepath)
        else:
            FELogger.warn("文件不存在:%s" % csv_filepath)
Example #12
0
 def btn_dfs_test_2(self, code=0):
     tgt_t = ida_kernwin.ask_str('', 0, '请输入函数名')
     reg_t = ida_kernwin.ask_str('', 0, '请输入回溯寄存器')
     if (tgt_t and tgt_t != '') and (reg_t and reg_t != ''):
         for func_addr_t in idautils.Functions():
             func_name_t = ida_funcs.get_func_name(func_addr_t)
             if func_name_t == tgt_t:
                 for xref_addr_t in idautils.CodeRefsTo(func_addr_t, 0):
                     if ida_funcs.get_func(xref_addr_t):
                         FELogger.info("从地址%s回溯寄存器%s" %
                                       (hexstr(xref_addr_t), reg_t))
                         tracer = FEArgsTracer(xref_addr_t,
                                               reg_t,
                                               max_node=256)
                         source_addr = tracer.run()
                         print('source_addr: ', source_addr)
                 break
         else:
             FELogger.warn("请输入函数名和寄存器")
Example #13
0
    def btn_add_one_vuln_bpt(self, code=0):
        """添加断点 某个危险函数漏洞地址"""
        tgt_t = ida_kernwin.ask_str('', 0, '请输入危险函数名')
        if tgt_t in SINK_FUNC:
            if not tgt_t in self.vuln_func_fast_dict:
                mgr_t = FESinkFuncMgr()
                xref_list = mgr_t.get_one_func_xref(tgt_t)
                tag = SINK_FUNC[tgt_t]['tag']

                if not xref_list:
                    FELogger.warn("未找到函数%s" % tgt_t)
                    return

                if tag == FUNC_TAG['PRINTF']:
                    items = printf_func_analysis(tgt_t, xref_list)
                    self.add_fast_dict_from_items(items)
                elif tag == FUNC_TAG['STRING']:
                    items = str_func_analysis(tgt_t, xref_list)
                    self.add_fast_dict_from_items(items)
                elif tag == FUNC_TAG['SCANF']:
                    items = scanf_func_analysis(tgt_t, xref_list)
                    self.add_fast_dict_from_items(items)
                elif tag == FUNC_TAG['SYSTEM']:
                    items = system_func_analysis(tgt_t, xref_list)
                    self.add_fast_dict_from_items(items)
                elif tag == FUNC_TAG['MEMORY']:
                    items = mem_func_analysis(tgt_t, xref_list)
                    self.add_fast_dict_from_items(items)
                else:
                    FELogger.info("未支持函数%s" % tgt_t)

            if tgt_t in self.vuln_func_fast_dict:
                for xref_addr_t in self.vuln_func_fast_dict[tgt_t]:
                    ida_dbg.add_bpt(xref_addr_t, 0, idc.BPT_DEFAULT)

            FELogger.info('已添加断点:危险函数漏洞分析(%s)' % tgt_t)
        else:
            FELogger.warn("未支持函数")
Example #14
0
    def btn_get_one_vuln_func(self, code=0):
        """查看某个危险函数漏洞地址"""
        tgt_t = ida_kernwin.ask_str('', 0, '请输入要查看的危险函数名')
        if tgt_t in SINK_FUNC:
            mgr_t = FESinkFuncMgr()
            xref_list = mgr_t.get_one_func_xref(tgt_t)
            tag = SINK_FUNC[tgt_t]['tag']

            if not xref_list:
                FELogger.warn("未找到函数%s" % tgt_t)
                return

            # printf系列函数
            if tag == FUNC_TAG['PRINTF']:
                items = printf_func_analysis(tgt_t, xref_list)
                self.add_fast_dict_from_items(items)
                cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC],
                        ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['格式字符串地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['格式字符串', 15 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['长度', 10 | ida_kernwin.Choose.CHCOL_HEX]]
                chooser = AnalysisChooser(title='危险函数漏洞分析',
                                          cols=cols,
                                          item=items)
                chooser.Show()

            # str系列函数
            elif tag == FUNC_TAG['STRING']:
                items = str_func_analysis(tgt_t, xref_list)
                self.add_fast_dict_from_items(items)
                cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC],
                        ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['来源地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['字符串', 15 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['字符串长度', 10 | ida_kernwin.Choose.CHCOL_HEX]]
                chooser = AnalysisChooser(title='危险函数漏洞分析',
                                          cols=cols,
                                          item=items)
                chooser.Show()

            # scanf系列函数
            elif tag == FUNC_TAG['SCANF']:
                items = scanf_func_analysis(tgt_t, xref_list)
                self.add_fast_dict_from_items(items)
                cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC],
                        ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['格式字符串地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['格式字符串', 15 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['长度', 10 | ida_kernwin.Choose.CHCOL_HEX]]
                chooser = AnalysisChooser(title='危险函数漏洞分析',
                                          cols=cols,
                                          item=items)
                chooser.Show()

            # system函数
            elif tag == FUNC_TAG['SYSTEM']:
                items = system_func_analysis(tgt_t, xref_list)
                self.add_fast_dict_from_items(items)
                cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC],
                        ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['来源地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['命令语句', 15 | ida_kernwin.Choose.CHCOL_PLAIN]]
                chooser = AnalysisChooser(title='危险函数漏洞分析',
                                          cols=cols,
                                          item=items)
                chooser.Show()

            # mem系列函数
            elif tag == FUNC_TAG['MEMORY']:
                items = mem_func_analysis(tgt_t, xref_list)
                self.add_fast_dict_from_items(items)
                cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC],
                        ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['来源地址', 10 | ida_kernwin.Choose.CHCOL_HEX],
                        ['', 0 | ida_kernwin.Choose.CHCOL_PLAIN],
                        ['字符串长度', 10 | ida_kernwin.Choose.CHCOL_HEX]]
                chooser = AnalysisChooser(title='危险函数漏洞分析',
                                          cols=cols,
                                          item=items)
                chooser.Show()
            else:
                FELogger.info("未支持函数%s" % tgt_t)
        else:
            FELogger.warn("未支持函数")