Example #1
0
    def get_custom_viewer_hint(self, view, place):
        curline = idaapi.get_custom_viewer_curline(view, True)
        _, x, y = idaapi.get_custom_viewer_place(view, True)
        ea = place.toea()

        return ('0x%08X: %s' %
                (place.toea(), datetime.datetime.now().isoformat(' ')), 1)
Example #2
0
    def get_custom_viewer_hint(self, view, place):
        try:
            tform = idaapi.get_current_tform()
            if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM:
                return None

            curline = idaapi.get_custom_viewer_curline(view, True)
            _, x, y = idaapi.get_custom_viewer_place(view, True)
            ea = place.toea()

            # "color" is a bit of misnomer: its the type of the symbol currently hinted
            color = get_color_at_char(curline, x)
            if color != idaapi.COLOR_ADDR:
                return None

            # for COLOR_ADDR tokens, we get something like:
            #   401000sub_401000
            # so we will need to prune the address from the start before we can use it :-(
            token = get_token_at_char(curline, x)

            # enumerate the operands of the instruction at this address
            # and search the token for the operand text
            func_name = None
            for i in range(3):
                o = idc.GetOpnd(ea, i)
                if not o:
                    break

                # if we have `offset sub_401000`, we want: `sub_401000`
                if ' ' in o:
                    o = o.partition(' ')[2]

                if o in token:
                    func_name = o
                    break

            if not func_name:
                return None

            # get the address given the function name
            fva = idc.LocByName(func_name)
            if not fva:
                return None

            # ensure its actually a function
            if not idaapi.get_func(fva):
                return None

            # this magic constant "1" is the number of "important lines" to display by default.
            # the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines.
            return render_function_hint(fva), 1
        except Exception as e:
            print(
                'CallsHintsPlugin: error: %s. Get in touch with @williballenthin.'
                % (str(e)))
            return None
Example #3
0
    def OnViewClick(self, px, py, state):
        widget = pycim_get_tcustom_control(self)
        from_mouse = False

        line = get_custom_viewer_curline(widget, from_mouse)
        line = line[line.find(":") + len(":"):]
        line = binascii.hexlify(line).split("2002")[0]
        line = binascii.unhexlify(line)

        if self.num == "1":
            StartAddress.setText(line)
        elif self.num == "2":
            EndAddress.setText(line)
Example #4
0
    def get_custom_viewer_hint(self, view, place):
        try:
            tform = idaapi.get_current_tform()
            if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM:
                return None

            curline = idaapi.get_custom_viewer_curline(view, True)

            # sometimes get_custom_viewer_place() returns [x, y] and sometimes [place_t, x, y].
            # we want the place_t.
            viewer_place = idaapi.get_custom_viewer_place(view, True)
            if len(viewer_place) != 3:
                return None

            _, x, y = viewer_place
            ea = place.toea()

            # "color" is a bit of misnomer: its the type of the symbol currently hinted
            color = get_color_at_char(curline, x)
            if color != idaapi.COLOR_ADDR:
                return None

            # grab the FAR references to code (not necessarilty a branch/call/jump by itself)
            far_code_references = [
                xref.to for xref in idautils.XrefsFrom(ea, ida_xref.XREF_FAR)
                if idc.isCode(idc.GetFlags(xref.to))
            ]
            if len(far_code_references) != 1:
                return None

            fva = far_code_references[0]

            # ensure its actually a function
            if not idaapi.get_func(fva):
                return None

            # this magic constant is the number of "important lines" to display by default.
            # the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines.
            return render_function_hint(fva), DEFAULT_IMPORTANT_LINES_NUM
        except Exception as e:
            logger.warning(
                'unexpected exception: %s. Get in touch with @williballenthin.',
                e,
                exc_info=True)
            return None