def GetDyn():
phoff = idc.get_wide_dword(ida_ida.inf_get_min_ea() +
0x1c) + ida_ida.inf_get_min_ea()
phnum = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x2c)
phentsize = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x2a)
for i in range(phnum):
p_type = idc.get_wide_dword(phoff + phentsize * i)
if p_type == 2: # PY_DYNAMIC
dyn_addr = idc.get_wide_dword(phoff + phentsize * i + 8)
return dyn_addr
def init_nearest_names():
debugNamesList = ida_name.get_debug_names(ida_ida.inf_get_min_ea(),
ida_ida.inf_get_max_ea())
#NearestName definition: <ida_dir>\python\3\ida_name.py, line: 1351
#if your idapython NearestName is unavailable, comment this code
return idaapi.NearestName(debugNamesList)
def __init__(self):
self.storage = {}
self.bt_obj = Utils.get_bitness(ida_ida.inf_get_min_ea())
# self.bt_obj = Utils.get_bitness(idc.BeginEA()) 7.2
self.structCreator = Utils.StructCreator(self.bt_obj)
self.processor = None
self.typer = None
def __init__(self):
self.storage = {}
self.bt_obj = Utils.get_bitness(ida_ida.inf_get_min_ea())
self.structCreator = Utils.StructCreator(self.bt_obj)
self.processor = None
self.typer = None
self.is116 = False
def get_all_byte_chunks() -> Iterable[Tuple[int, int]]:
"""
Iterates all chunks of defined bytes in the sample.
"""
start = ida_ida.inf_get_min_ea()
end = ida_ida.inf_get_max_ea()
yield from get_byte_chunks(start, end - start)
def run(self, arg):
arch = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x12)
if arch == 0x3E: # EM_X86_64
PltResolver64()
elif arch == 0x3: # EM_386
PltResolver32()
else:
print('[-] Only support EM_X86_64 and EM_386')
return 1
def activate(self, ctx):
print(ctx)
arch = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x12)
if arch == 0x3E: # EM_X86_64
PltResolver64(self.debug_mode)
elif arch == 0x3: # EM_386
PltResolver32(self.debug_mode)
else:
print('[-] Only support EM_X86_64 and EM_386')
return 1
def main():
if not ida_dbg.is_debugger_on():
print("Please run the process first!")
return
if ida_dbg.get_process_state() != -1:
print("Please suspend the debugger first!")
return
dn = ida_name.get_debug_names(ida_ida.inf_get_min_ea(),
ida_ida.inf_get_max_ea())
for i in dn:
print("%08x: %s" % (i, dn[i]))
def find_wdf_callback_through_immediate(mnemonic, operand, val):
for i in range(10):
addr, operand_ = ida_search.find_imm(ida_ida.inf_get_min_ea(),
idc.SEARCH_DOWN | idc.SEARCH_NEXT,
val)
if addr != idc.BADADDR:
#print hex(addr), idc.GetDisasm(addr), "Operand ", operand_
if operand_ == operand and idc.print_insn_mnem(addr) == mnemonic:
return addr
else:
break
return None
def dbg_trace(self, tid, ea):
# Log all traced addresses
if ea < ida_ida.inf_get_min_ea() or ea > ida_ida.inf_get_max_ea():
raise Exception(
"Received a trace callback for an address outside this database!"
)
self._log("trace %08X" % ea)
self.traces += 1
insn = ida_ua.insn_t()
insnlen = ida_ua.decode_insn(insn, ea)
# log disassembly and ESP for call instructions
if insnlen > 0 and insn.itype in [NN_callni, NN_call, NN_callfi]:
self._log("call insn: %s" % generate_disasm_line(
ea, GENDSM_FORCE_CODE | GENDSM_REMOVE_TAGS))
self._log("ESP=%08X" % ida_dbg.get_reg_val("ESP"))
return 1
def apply_iat(self, iat):
min_ea = ida_ida.inf_get_min_ea()
max_ea = ida_ida.inf_get_max_ea()
image_base = ida_nalt.get_imagebase()
idaapi.msg(f"{hex(min_ea)} - {hex(max_ea)} - {hex(image_base)} \n")
for i in range(min_ea, max_ea):
mnemonic = idc.print_insn_mnem(i)
if mnemonic == "call" and str(idc.print_operand(
i, 0)).startswith("dword"):
try:
idc.set_name(
idc.get_operand_value(i, 0),
iat[hex(idc.get_operand_value(i, 0))] +
str(random.randint(0, 1000))
) # I added random.randint() because some functions already in the IAT are dynamically resolved again, so renaming them causes a conflict, if you want remove it. (Sample causing the problem: https://bazaar.abuse.ch/sample/49fd52a3f3d1d46dc065217e588d1d29fba4d978cd8fdb2887fd603320540f71/)
open("resolved_iat.txt",
"a").write(f"{hex(idc.get_operand_value(i, 0))}\n")
except:
open("unresolved_iat.txt",
"a").write(f"{hex(idc.get_operand_value(i, 0))}\n")
def add_rodata_segment(self):
last_seg_end = idc.get_first_seg()
# print(hex(last_seg_end))
for s in idautils.Segments():
start = idc.get_segm_start(s)
end = idc.get_segm_end(s)
if int(start) != int(last_seg_end):
# found
idaapi.add_segm(0, last_seg_end, start, "roooodata", "CONST")
print("Adding segment from 0x%x to 0x%x" %
(last_seg_end, start))
print("OK")
break
else:
last_seg_end = end
idc.plan_and_wait(ida_ida.inf_get_min_ea(), ida_ida.inf_get_max_ea())
# idc.plan_and_wait(idc.MinEA(), idc.MaxEA())
self.start = last_seg_end
self.end = start
return last_seg_end, start
import ida_ida
import ida_idaapi
import ida_problems
for ptype in [
ida_problems.PR_NOBASE,
ida_problems.PR_NONAME,
ida_problems.PR_NOFOP,
ida_problems.PR_NOCMT,
ida_problems.PR_NOXREFS,
ida_problems.PR_JUMP,
ida_problems.PR_DISASM,
ida_problems.PR_HEAD,
ida_problems.PR_ILLADDR,
ida_problems.PR_MANYLINES,
ida_problems.PR_BADSTACK,
ida_problems.PR_ATTN,
ida_problems.PR_FINAL,
ida_problems.PR_ROLLED,
ida_problems.PR_COLLISION,
ida_problems.PR_DECIMP,
]:
plistdesc = ida_problems.get_problem_name(ptype)
ea = ida_ida.inf_get_min_ea()
while True:
ea = ida_problems.get_problem(ptype, ea + 1)
if ea == ida_idaapi.BADADDR:
break
print("0x%08x: %s" % (ea, plistdesc))
def find_a():
ea = ida_ida.inf_get_min_ea()
while ea < max_addr:
ea = idc.FindUnexplored(ea, idc.SEARCH_DOWN)
ida_funcs.add_func(ea)
def make_udefind_func(self):
ea = ida_ida.inf_get_min_ea()
max_addr = ida_ida.inf_get_max_ea()
while ea < max_addr:
ea = idaapi.find_not_func(ea, idc.SEARCH_DOWN)
ida_funcs.add_func(ea)
Run like so:
ida -A "-S...path/to/produce_lst_file.py" <binary-file>
where:
-A instructs IDA to run in non-interactive mode
-S holds a path to the script to run (note this is a single token;
there is no space between '-S' and its path.)
"""
import ida_auto
import ida_fpro
import ida_ida
import ida_loader
import ida_pro
# derive output file name
idb_path = ida_loader.get_path(ida_loader.PATH_TYPE_IDB)
lst_path = "%s.lst" % idb_path
ida_auto.auto_wait() # wait for end of auto-analysis
fptr = ida_fpro.qfile_t() # FILE * wrapper
if fptr.open(lst_path, "wt"):
try:
ida_loader.gen_file( # generate .lst file
ida_loader.OFILE_LST, fptr.get_fp(), ida_ida.inf_get_min_ea(),
ida_ida.inf_get_max_ea(), 0)
finally:
fptr.close()
ida_pro.qexit(0)
def find_b():
ea = ida_ida.inf_get_min_ea()
while ea < max_addr:
ea = idaapi.find_not_func(ea, idc.SEARCH_DOWN)
ida_funcs.add_func(ea)
