def import_type(library, name):
if library.name != idaapi.cvar.idati.name:
last_ordinal = idaapi.get_ordinal_qty(idaapi.cvar.idati)
type_id = idaapi.import_type(library, -1, name) # tid_t
if type_id != idaapi.BADNODE:
return last_ordinal
return None
def import_to_structures(self, ask=False):
"""
Imports virtual tables and returns tid_t of new structure
:return: idaapi.tid_t
"""
cdecl_typedef = idaapi.print_tinfo(
None, 4, 5,
idaapi.PRTYPE_MULTI | idaapi.PRTYPE_TYPE | idaapi.PRTYPE_SEMI,
self.create_tinfo(), self.vtable_name, None)
if ask:
cdecl_typedef = idaapi.ask_text(
0x10000, cdecl_typedef,
"The following new type will be created")
if not cdecl_typedef:
return
previous_ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati,
self.vtable_name)
if previous_ordinal:
idaapi.del_numbered_type(idaapi.cvar.idati, previous_ordinal)
ordinal = idaapi.idc_set_local_type(previous_ordinal,
cdecl_typedef, idaapi.PT_TYP)
else:
ordinal = idaapi.idc_set_local_type(-1, cdecl_typedef,
idaapi.PT_TYP)
if ordinal:
print("[Info] Virtual table " + self.vtable_name +
" added to Local Types")
return idaapi.import_type(idaapi.cvar.idati, -1, self.vtable_name)
else:
print("[Error] Failed to create virtual table " + self.vtable_name)
print("*" * 100)
print(cdecl_typedef)
print("*" * 100)
def import_struct(self):
if self.has_name_collisions():
self.resolve_name_collisions()
cdecl_typedef = '#pragma pack(push, 1)\n' + idaapi.print_tinfo(
None, 4, 5, idaapi.PRTYPE_MULTI | idaapi.PRTYPE_TYPE
| idaapi.PRTYPE_SEMI, self.tinfo, self.name, None)
previous_ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati,
self.name)
if previous_ordinal:
idaapi.del_numbered_type(idaapi.cvar.idati, previous_ordinal)
ordinal = idaapi.idc_set_local_type(previous_ordinal,
cdecl_typedef, idaapi.PT_TYP)
else:
ordinal = idaapi.idc_set_local_type(-1, cdecl_typedef,
idaapi.PT_TYP)
if ordinal:
self.ordinal = ordinal
print 'Imported struct \'%s\', ordinal %#x' % (self.name,
self.ordinal)
return idaapi.import_type(idaapi.cvar.idati, -1, self.name)
else:
print 'Error due importing struct \'%s\', ordinal %#x' % (
self.name, ordinal)
return idaapi.BADNODE
def pack(self, start=0, stop=None):
if self.collisions[start:stop].count(True):
print "[Warning] Collisions detected"
return
final_tinfo = idaapi.tinfo_t()
udt_data = idaapi.udt_type_data_t()
origin = self.items[start].offset if start else 0
offset = origin
for item in filter(lambda x: x.enabled, self.items[start:stop]): # Filter disabled members
gap_size = item.offset - offset
if gap_size:
udt_data.push_back(TemporaryStructureModel.get_padding_member(offset - origin, gap_size))
if item.is_array:
array_size = self.calculate_array_size(bisect.bisect_left(self.items, item))
if array_size:
udt_data.push_back(item.get_udt_member(array_size, offset=origin))
offset = item.offset + item.size * array_size
continue
udt_data.push_back(item.get_udt_member(offset=origin))
offset = item.offset + item.size
final_tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
cdecl = idaapi.print_tinfo(None, 4, 5, idaapi.PRTYPE_MULTI | idaapi.PRTYPE_TYPE | idaapi.PRTYPE_SEMI,
final_tinfo, self.structure_name, None)
cdecl = idaapi.asktext(0x10000, '#pragma pack(push, 1)\n' + cdecl, "The following new type will be created")
if cdecl:
structure_name = idaapi.idc_parse_decl(idaapi.cvar.idati, cdecl, idaapi.PT_TYP)[0]
previous_ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, structure_name)
if previous_ordinal:
reply = QtGui.QMessageBox.question(
None,
"HexRaysPyTools",
"Structure already exist. Do you want to overwrite it?",
QtGui.QMessageBox.Yes | QtGui.QMessageBox.No
)
if reply == QtGui.QMessageBox.Yes:
idaapi.del_numbered_type(idaapi.cvar.idati, previous_ordinal)
ordinal = idaapi.idc_set_local_type(previous_ordinal, cdecl, idaapi.PT_TYP)
else:
return
else:
ordinal = idaapi.idc_set_local_type(-1, cdecl, idaapi.PT_TYP)
if ordinal:
print "[Info] New type {0} was added to Local Types".format(structure_name)
tid = idaapi.import_type(idaapi.cvar.idati, -1, structure_name)
if tid:
tinfo = idaapi.create_typedef(structure_name)
ptr_tinfo = idaapi.tinfo_t()
ptr_tinfo.create_ptr(tinfo)
for scanned_var in self.get_unique_scanned_variables(origin):
scanned_var.apply_type(ptr_tinfo)
return tinfo
else:
print "[ERROR] Structure {0} probably already exist".format(structure_name)
def pack(self, start=0, stop=None):
if self.collisions[start:stop].count(True):
print "[Warning] Collisions detected"
return
final_tinfo = idaapi.tinfo_t()
udt_data = idaapi.udt_type_data_t()
origin = self.items[start].offset
offset = origin
for item in filter(lambda x: x.enabled,
self.items[start:stop]): # Filter disabled members
gap_size = item.offset - offset
if gap_size:
udt_data.push_back(
TemporaryStructureModel.get_padding_member(
offset - origin, gap_size))
if item.is_array:
array_size = self.calculate_array_size(
bisect.bisect_left(self.items, item))
if array_size:
udt_data.push_back(
item.get_udt_member(array_size, offset=origin))
offset = item.offset + item.size * array_size
continue
udt_data.push_back(item.get_udt_member(offset=origin))
offset = item.offset + item.size
final_tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
cdecl = idaapi.print_tinfo(
None, 4, 5,
idaapi.PRTYPE_MULTI | idaapi.PRTYPE_TYPE | idaapi.PRTYPE_SEMI,
final_tinfo, self.structure_name, None)
cdecl = idaapi.asktext(0x10000, cdecl,
"The following new type will be created")
if cdecl:
structure_name = idaapi.idc_parse_decl(idaapi.cvar.idati, cdecl,
idaapi.PT_TYP)[0]
ordinal = idaapi.idc_set_local_type(-1, cdecl, idaapi.PT_TYP)
if ordinal:
print "[Info] New type {0} was added to Local Types".format(
structure_name)
tid = idaapi.import_type(idaapi.cvar.idati, -1, structure_name)
if tid:
tinfo = idaapi.create_typedef(structure_name)
ptr_tinfo = idaapi.tinfo_t()
ptr_tinfo.create_ptr(tinfo)
for scanned_var in self.get_scanned_variables(origin):
scanned_var.apply_type(ptr_tinfo)
return tinfo
else:
print "[ERROR] Structure {0} probably already exist".format(
structure_name)
return None
def create(tinfo, class_):
ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, tinfo.dstr())
if ordinal == 0:
if idaapi.import_type(idaapi.cvar.idati, -1, tinfo.dstr(), 0) == idaapi.BADNODE:
raise ImportError("unable to import type to idb ({})".format(tinfo.dstr()))
ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, tinfo.dstr())
result = all_virtual_tables.get(ordinal)
if result:
result.class_.append(class_)
else:
udt_data = idaapi.udt_type_data_t()
tinfo.get_udt_details(udt_data)
result = VirtualTable(ordinal, tinfo, class_)
virtual_functions = [VirtualMethod.create(func.type, func.name, result) for func in udt_data]
result.virtual_functions = virtual_functions
all_virtual_functions[ordinal] = result
return result
def import_name(self, type_name):
"""
helper do import a type by name into local types
"""
# print "import_name : "+type_name
idaapi.import_type(idaapi.cvar.idati, -1, type_name, 0)
import idc
import idaapi
import ida_idd
import ida_name
import ida_bytes
import ida_kernwin
import ida_dbg
# import types for the given macros
idaapi.import_type(idaapi.cvar.idati, 0, "MACRO_NULL") # for NULL
idaapi.import_type(idaapi.cvar.idati, 0,
"MACRO_PAGE") # for PAGE_EXECUTE_READWRITE
idaapi.import_type(idaapi.cvar.idati, 0, "MACRO_MEM") # for MEM_COMMIT
# shortcut to constants
c = ida_idd.Appcall.Consts
def allocate_rwx(size):
# this is the explicit way to create an Appcall callable
# see also: `Appcall.proto`
VirtualAlloc = ida_idd.Appcall.typedobj(
"int __stdcall VirtualAlloc( int lpAddress, DWORD dwSize, DWORD flAllocationType, DWORD flProtect);"
)
VirtualAlloc.ea = ida_name.get_name_ea(0, "kernel32_VirtualAlloc")
ptr = VirtualAlloc(c.NULL, int(size), c.MEM_COMMIT,
c.PAGE_EXECUTE_READWRITE)
if ptr == 0:
print("VirtualAlloc failed: 0x%x" % GetLastError())
raise ValueError("VirtualAlloc failed: 0x%x" % GetLastError())
ida_dbg.refresh_debugger_memory()
def add_type(t):
print "adding type:", t
idaapi.import_type(idaapi.cvar.idati, 0, t)
