def init(self): act_icon = idaapi.load_custom_icon(data=icon_data, format="png") act_name = "idenLib:action" idaapi.register_action( idaapi.action_desc_t(act_name, "idenLib - Function Identification", idenLib_class(), None, "idenLib", act_icon)) # Insert the action in a toolbar idaapi.attach_action_to_toolbar("DebugToolBar", act_name) idaapi.attach_action_to_menu('Edit/idenLib/', act_name, idaapi.SETMENU_APP) # refresh signatures act_name = "idenLib:refresh" idaapi.register_action( idaapi.action_desc_t(act_name, "Refresh Signatures", RefreshHandler(), None, "idenLib - Refresh")) idaapi.attach_action_to_menu('Edit/idenLib/', act_name, idaapi.SETMENU_APP) # about act_name = "idenLib:about" idaapi.register_action( idaapi.action_desc_t(act_name, "About", AboutHandler(), None, "idenLib - About")) idaapi.attach_action_to_menu('Edit/idenLib/', act_name, idaapi.SETMENU_APP) return idaapi.PLUGIN_OK
def __init__(self): # Load custom icon self.icon_id = idaapi.load_custom_icon(data=MyChooserForm.icon_data) if self.icon_id == 0: raise RuntimeError("Failed to load icon data!") self.main_current_index = -1 self.EChMain = MainChooserClass("MainChooser", self.icon_id) self.EChAux = AuxChooserClass("AuxChooser", self.icon_id) # Link the form to the EChooser self.EChMain.form = self self.EChAux.form = self Form.__init__( self, r"""STARTITEM 0 Form with choosers {FormChangeCb} Select an item in the main chooser: <Main chooser:{ctrlMainChooser}><Auxiliar chooser (multi):{ctrlAuxChooser}> <Selection:{ctrlSelectionEdit}> """, { "ctrlSelectionEdit": Form.StringInput(), "FormChangeCb": Form.FormChangeCb(self.OnFormChange), "ctrlMainChooser": Form.EmbeddedChooserControl(self.EChMain), "ctrlAuxChooser": Form.EmbeddedChooserControl(self.EChAux), }, )
def __init__(self): # Load custom icon self.icon_id = idaapi.load_custom_icon(data=MyChooserForm.icon_data) if self.icon_id == 0: raise RuntimeError("Failed to load icon data!") self.main_current_index = -1 self.EChMain = MainChooserClass("MainChooser", self.icon_id) self.EChAux = AuxChooserClass("AuxChooser", self.icon_id) # Link the form to the EChooser self.EChMain.form = self self.EChAux.form = self Form.__init__( self, r"""STARTITEM 0 Form with choosers {FormChangeCb} Select an item in the main chooser: <Main chooser:{ctrlMainChooser}><Auxiliar chooser (multi):{ctrlAuxChooser}> <Selection:{ctrlSelectionEdit}> """, { 'ctrlSelectionEdit': Form.StringInput(), 'FormChangeCb': Form.FormChangeCb(self.OnFormChange), 'ctrlMainChooser': Form.EmbeddedChooserControl(self.EChMain), 'ctrlAuxChooser': Form.EmbeddedChooserControl(self.EChAux), })
def _install_open_coverage_xref(self): """ Install the right click 'Coverage Xref' context menu entry. """ # create a custom IDA icon icon_path = plugin_resource(os.path.join("icons", "batch.png")) icon_data = open(icon_path, "rb").read() self._icon_id_xref = idaapi.load_custom_icon(data=icon_data) # describe a custom IDA UI action action_desc = idaapi.action_desc_t( self.ACTION_COVERAGE_XREF, # The action name "Xrefs coverage sets...", # The action text IDACtxEntry(self._pre_open_coverage_xref), # The action handler None, # Optional: action shortcut "List coverage sets containing this address", # Optional: tooltip self._icon_id_xref # Optional: the action icon ) # register the action with IDA result = idaapi.register_action(action_desc) if not result: RuntimeError("Failed to register coverage_xref action with IDA") self._ui_hooks.hook() logger.info("Installed the 'Coverage Xref' menu entry")
def _install_load_batch(self): """ Install the 'File->Load->Code coverage batch...' menu entry. """ # create a custom IDA icon icon_path = plugin_resource(os.path.join("icons", "batch.png")) icon_data = str(open(icon_path, "rb").read()) self._icon_id_batch = idaapi.load_custom_icon(data=icon_data) # describe a custom IDA UI action action_desc = idaapi.action_desc_t( self.ACTION_LOAD_BATCH, # The action name. "~C~ode coverage batch...", # The action text. IDACtxEntry(self.interactive_load_batch), # The action handler. None, # Optional: action shortcut "Load and aggregate code coverage files", # Optional: tooltip self._icon_id_batch # Optional: the action icon ) # register the action with IDA result = idaapi.register_action(action_desc) if not result: RuntimeError("Failed to register load_batch action with IDA") # attach the action to the File-> dropdown menu result = idaapi.attach_action_to_menu( "File/Load file/", # Relative path of where to add the action self.ACTION_LOAD_BATCH, # The action ID (see above) idaapi.SETMENU_APP # We want to append the action after ^ ) if not result: RuntimeError("Failed action attach load_batch") logger.info("Installed the 'Code coverage batch' menu entry")
def _install_open_coverage_overview(self): """ Install the 'View->Open subviews->Coverage Overview' menu entry. """ # create a custom IDA icon icon_path = plugin_resource(os.path.join("icons", "overview.png")) icon_data = str(open(icon_path, "rb").read()) self._icon_id_overview = idaapi.load_custom_icon(data=icon_data) # describe a custom IDA UI action action_desc = idaapi.action_desc_t( self.ACTION_COVERAGE_OVERVIEW, # The action name. "~C~overage Overview", # The action text. IDACtxEntry(self.open_coverage_overview), # The action handler. None, # Optional: action shortcut "Open database code coverage overview", # Optional: tooltip self._icon_id_overview # Optional: the action icon ) # register the action with IDA result = idaapi.register_action(action_desc) if not result: RuntimeError("Failed to register open coverage overview action with IDA") # attach the action to the View-> dropdown menu result = idaapi.attach_action_to_menu( "View/Open subviews/Hex dump", # Relative path of where to add the action self.ACTION_COVERAGE_OVERVIEW, # The action ID (see above) idaapi.SETMENU_INS # We want to insert the action before ^ ) if not result: RuntimeError("Failed action attach to 'View/Open subviews' dropdown") logger.info("Installed the 'Coverage Overview' menu entry")
def run(self, arg=0): # Load icon from the memory and save its id self.icon_id = idaapi.load_custom_icon(data=VT_ICON, format="png") if self.icon_id == 0: raise RuntimeError("Failed to load icon data!") # Create config object cfg = VirusTotalConfig() # Read previous config cfg.Read() # Create form f = VirusTotalForm(self.icon_id) # Show the form ok = f.Show(cfg) if ok == 0: f.Free() return # Save configuration cfg.Write() # Spawn a non-modal chooser w/ the results if any if ok == 2 and f.EChooser.GetItems(): VirusTotalChooser("VirusTotal results [%s]" % cfg.input, f.EChooser.GetItems(), self.icon_id).Show() f.Free() return
def run(self, arg=0): # Load icon from the memory and save its id self.icon_id = idaapi.load_custom_icon(data=VT_ICON, format="png") if self.icon_id == 0: raise RuntimeError("Failed to load icon data!") # Create config object cfg = VirusTotalConfig() # Read previous config cfg.Read() # Create form f = VirusTotalForm(self.icon_id) # Show the form ok = f.Show(cfg) if ok == 0: f.Free() return # Save configuration cfg.Write() # Spawn a non-modal chooser w/ the results if any if ok == 2 and f.EChooser.GetItems(): VirusTotalChooser( "VirusTotal results [%s]" % cfg.input, f.EChooser.GetItems(), self.icon_id).Show() f.Free() return
def install(self): """ Install the action into the IDA UI. :return: did the install succeed """ # Read and load the icon file iconData = str(open(self._icon, 'rb').read()) self._iconId = idaapi.load_custom_icon(data=iconData) # Create the action description actionDesc = idaapi.action_desc_t(self._ACTION_ID, self._text, self._handler, None, self._tooltip, self._iconId) # Register the action using its description result = idaapi.register_action(actionDesc) if not result: raise RuntimeError("Failed to register action") # Attach the action to the chosen menu result = idaapi.attach_action_to_menu(self._menu, self._ACTION_ID, idaapi.SETMENU_APP) if not result: raise RuntimeError("Failed to attach action") logger.debug("Installed the action") return True
def init( self ): self.icon_id = idaapi.load_custom_icon( data = ReefConfig.PLUGIN_ICON_PNG, format = "png" ) if self.icon_id == 0: raise RuntimeError("Failed to load icon data!") self.finder = XrefsFromFinder() return idaapi.PLUGIN_KEEP
def __init__(self, id, name, tooltip, menuPath, callback, icon): idaapi.action_handler_t.__init__(self) self.id = id self.name = name self.tooltip = tooltip self.menuPath = menuPath self.callback = callback scriptPath = os.path.dirname( os.path.abspath(inspect.getfile(inspect.currentframe()))) self.icon = idaapi.load_custom_icon(scriptPath + "/" + "icon" + ".png")
def init(self): self.icon_id = idaapi.load_custom_icon(data=ReefConfig.PLUGIN_ICON_PNG, format="png") if self.icon_id == 0: raise RuntimeError("Failed to load icon data!") self.finder = XrefsFromFinder() return idaapi.PLUGIN_KEEP
def init(self): # # Ensure symEx and cache dir existed # if not os.path.isdir(symEx_dir): print("[idenLib] default sig directory {} not existed !!!".format(symEx_dir)) os.mkdir(symEx_dir) if not os.path.isdir(symEx_cache_dir): os.mkdir(symEx_cache_dir) act_icon = idaapi.load_custom_icon(data=icon_data, format="png") act_name = "idenLib:action" idaapi.register_action(idaapi.action_desc_t( act_name, "idenLib - Function Identification", idenLibHandler(), None, "idenLib", act_icon)) # Insert the action in a toolbar idaapi.attach_action_to_toolbar("DebugToolBar", act_name) idaapi.attach_action_to_menu( 'Edit/idenLib/', act_name, idaapi.SETMENU_APP) # refresh signatures act_name = "idenLib:refresh" idaapi.register_action(idaapi.action_desc_t( act_name, "Refresh Signatures", RefreshHandler(), None, "idenLib - Refresh")) idaapi.attach_action_to_menu( 'Edit/idenLib/', act_name, idaapi.SETMENU_APP) # about act_name = "idenLib:about" idaapi.register_action(idaapi.action_desc_t( act_name, "About", AboutHandler(), None, "idenLib - About")) idaapi.attach_action_to_menu( 'Edit/idenLib/', act_name, idaapi.SETMENU_APP) return idaapi.PLUGIN_OK
def __init__(self, id, name, tooltip, menuPath, callback, icon): idaapi.action_handler_t.__init__(self) self.id = id self.name = name self.tooltip = tooltip self.menuPath = menuPath self.callback = callback scriptPath = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe()))) self.icon = idaapi.load_custom_icon( scriptPath + "/" + "icon" + ".png" )
def init(self): self.icon_id = idaapi.load_custom_icon( data=ConfigStingray.PLUGIN_ICON_PNG, format="png") if self.icon_id == 0: raise RuntimeError("Failed to load icon data!") self.finder = StringFinder() ConfigStingray.init() return idaapi.PLUGIN_KEEP
def main(): # icon author: https://www.flaticon.com/authors/freepik icon_data = "".join([ "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52\x00\x00\x00\x18\x00\x00\x00\x18\x08\x03\x00\x00\x00\xD7\xA9\xCD\xCA\x00\x00\x00\x4E\x50\x4C\x54\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xC4\xA2\xA6\x59\x00\x00\x00\x19\x74\x52\x4E\x53\x00\x20\xEE\x4F\xC9\x64\xD3\xB3\x32\x99\x88\x17\x0C\xC1\x5C\x28\xF6\x7F\xE6\xDD\xBB\xA2\x47\x41\x90\xCE\x19\x07\xA1\x00\x00\x00\xC8\x49\x44\x41\x54\x28\xCF\x75\xD1\xDB\xAE\x83\x20\x10\x85\xE1\x35\x08\x0E\xCA\x16\x3C\xDB\xF5\xFE\x2F\xBA\xC7\x58\xDB\xB4\xA1\xFF\x8D\xC8\x27\x48\x02\x7E\x26\xD6\xDF\xE7\x58\x70\x46\xAB\x79\x82\x23\x19\xD4\x31\x55\xC1\x93\x47\x75\xAB\xFD\x10\xA9\xAE\x38\x16\xEA\x0B\x36\x6F\x6D\x88\x56\x8A\xE4\xFC\x02\xA5\xA5\x58\x9C\x73\x19\x23\x99\x6E\x88\x12\xA3\x94\x6B\x2B\x78\x9B\xB8\xA1\xA5\x9B\xE9\x9F\xF0\x20\xA7\x37\x58\x37\x64\x52\xAB\x50\x48\x57\x85\xF3\x21\x55\x18\x6C\xA6\x0A\x3D\xD9\x1B\x68\x37\x7E\x41\xD3\x4E\x0A\x2C\x40\xF7\x05\x12\x60\x2B\x5C\xC2\x70\x43\x0E\x21\x14\xD8\x97\xD0\x02\x8E\xB3\xFD\xA3\x1D\xD4\x0F\xD0\x75\x5D\x77\x03\x1D\x99\xD1\x5B\x25\xED\x21\x34\x09\x93\x8D\xA3\x41\x9E\xEC\xA5\xB3\xA2\xBF\xB6\x7A\xD8\xF8\x04\xD9\xDA\xA1\x76\x5C\x24\x3A\xBD\x6E\x4D\xCE\xD2\xFB\x36\x05\xBF\xFB\x07\x19\xFC\x16\xA4\x38\xC6\x08\x3D\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82" ]) act_icon = idaapi.load_custom_icon(data=icon_data, format="png") act_name = "idenLib:action" idaapi.register_action( idaapi.action_desc_t(act_name, "idenLib", idenLib_class(), None, "idenLib", act_icon)) # Insert the action in a toolbar idaapi.attach_action_to_toolbar("DebugToolBar", act_name) print(PLUGIN_VERSION)
def __init__(self, *args, **kwargs): # Main entry for the plugin # When plugin is hooked every function here will be initialized print("[SPIRIT] SpiritMS IDA Plugin succesfully loaded") idaapi.plugin_t.__init__(self) icon_data = str(open(PIC_DIR, "rb").read()) self.icon_id = idaapi.load_custom_icon(data=icon_data) self.load_folders() self.load_actions() self.hooks = Hooks() self.hooks.hook() form = idaapi.get_current_tform() idaapi.attach_action_to_popup(form, None, "my:InHeader", None)
def _createContextActions(self): actions = [ ("grap:pg:set_root", None, "[grap] Set root node", self._onSetRootNode), ("grap:pg:add_target", None, "[grap] Add target node", self._onAddTargetNode), ("grap:pg:match_default", config['icons_path'] + "icons8-asterisk-24.png", "[grap] Default match (apply options)", self._onSetMatchDefault), ("grap:pg:match_full", None, "[grap] Full match", self._onSetMatchFull), ("grap:pg:match_opcode_arg1", None, "[grap] Opcode+arg1", self._onSetMatchOpcodeArg1), ("grap:pg:match_opcode_arg2", None, "[grap] Opcode+arg2", self._onSetMatchOpcodeArg2), ("grap:pg:match_opcode_arg3", None, "[grap] Opcode+arg3", self._onSetMatchOpcodeArg3), ("grap:pg:match_opcode", None, "[grap] Opcode", self._onSetMatchOpcode), ("grap:pg:match_wildcard", None, "[grap] Wildcard: *", self._onSetMatchWildcard), ("grap:pg:remove_target", config['icons_path'] + "icons8-delete.png", "[grap] Remove target node", self._onRemoveTargetNode) ] for actionId, icon_path, text, method in (a for a in actions): if icon_path is not None and icon_path != "": icon_number = idaapi.load_custom_icon(icon_path) # Describe the action action_desc = idaapi.action_desc_t( actionId, # The action name. This acts like an ID and must be unique text, # The action text. PatternGenerationHandler(method), # The action handler. None, None, icon_number) else: # Describe the action action_desc = idaapi.action_desc_t( actionId, # The action name. This acts like an ID and must be unique text, # The action text. PatternGenerationHandler(method)) # The action handler. # Register the action idaapi.register_action(action_desc) self.actionsDefined = True
def register_handlers(): """ Register the handlers for the pop-up menu to interact with the UI """ print("GhIDA:: [DEBUG] Registering handlers") # Load a custom icon icon_path = gl.plugin_resource("ghida.png") icon_data = str(open(icon_path, "rb").read()) icon_ghida = idaapi.load_custom_icon(data=icon_data) idaapi.register_action( idaapi.action_desc_t("my:disasmsaction", "Decompile function with GhIDA", DisasmsHandler(), None, 'IDA plugin for Ghidra decompiler', icon_ghida)) disasmtracker_action = idaapi.action_desc_t( "my:disasmtracker", "Disable decompile view synchronization", DisasmTracker(), None, None, icon_ghida) idaapi.register_action(disasmtracker_action) idaapi.register_action( idaapi.action_desc_t("my:invalidatecache", "Clear cache for current function", InvalidateCache(), None, None, icon_ghida)) # Add the settings item in the menu show_settings_action = idaapi.action_desc_t('my:showsettingsaction', 'GhIDA Settings', ShowSettingsHandler(), None, 'GhIDA Settings', icon_ghida) idaapi.register_action(show_settings_action) idaapi.attach_action_to_menu('Edit/Settings/GhIDA Settings', 'my:showsettingsaction', idaapi.SETMENU_APP) # Add the view decompile window in the menu show_decomp_window_action = idaapi.action_desc_t( 'my:showdecompilewindowaction', 'GhIDA decomp view', ShowDecompWindowHandler(), None, 'GhIDA decomp view', icon_ghida) idaapi.register_action(show_decomp_window_action) idaapi.attach_action_to_menu('View/Open subviews/GhIDA', 'my:showdecompilewindowaction', idaapi.SETMENU_APP) return
def load_icon(self, icon_filename, icon_key_name): """ Load a single custom icon @param icon_filename: Icon file name @param icon_key_name: The key value to store the icon with in the icon_list. """ try: icons_path = self.die_config.icons_path icon_filename = os.path.join(icons_path, icon_filename) icon_num = idaapi.load_custom_icon(icon_filename) self.icon_list[icon_key_name.lower()] = icon_num return True except Exception as ex: self.logger.error("Failed to load icon %s: %s", icon_filename, ex) return False
def _init_action_bulk(self): """ Register the bulk prefix action with IDA. """ # load the icon for this action self._bulk_icon_id = idaapi.load_custom_icon(plugin_resource("bulk.png")) # describe the action action_desc = idaapi.action_desc_t( self.ACTION_BULK, # The action name. "Prefix selected functions", # The action text. IDACtxEntry(bulk_prefix), # The action handler. None, # Optional: action shortcut "Assign a user prefix to the selected functions", # Optional: tooltip self._bulk_icon_id # Optional: the action icon ) # register the action with IDA assert idaapi.register_action(action_desc), "Action registration failed"
def _init_action_sync_menu(self): """ Register the sync_menu action with IDA. """ menu = SyncMenu(controller) # describe the action self._binsync_icon_id = idaapi.load_custom_icon(plugin_resource("ui/binsync.png")) action_desc = idaapi.action_desc_t( "binsync:sync_menu", # The action name. "Binsync action...", # The action text. menu.ctx_menu, # The action handler. None, # Optional: action shortcut "Select actions to sync in Binsync", # Optional: tooltip self._binsync_icon_id ) # register the action with IDA assert idaapi.register_action(action_desc), "Action registration failed"
def _init_action_recursive(self): """ Register the recursive rename action with IDA. """ # load the icon for this action self._recursive_icon_id = idaapi.load_custom_icon(plugin_resource("recursive.png")) # describe the action action_desc = idaapi.action_desc_t( self.ACTION_RECURSIVE, # The action name. "Recursive function prefix", # The action text. IDACtxEntry(recursive_prefix_cursor), # The action handler. None, # Optional: action shortcut "Recursively prefix callees of this function", # Optional: tooltip self._recursive_icon_id # Optional: the action icon ) # register the action with IDA assert idaapi.register_action(action_desc), "Action registration failed"
def _init_action_clear(self): """ Register the clear prefix action with IDA. """ # load the icon for this action self._clear_icon_id = idaapi.load_custom_icon(plugin_resource("clear.png")) # describe the action action_desc = idaapi.action_desc_t( self.ACTION_CLEAR, # The action name. "Clear prefixes", # The action text. IDACtxEntry(clear_prefix), # The action handler. None, # Optional: action shortcut "Clear user prefixes from the selected functions", # Optional: tooltip self._clear_icon_id # Optional: the action icon ) # register the action with IDA assert idaapi.register_action(action_desc), "Action registration failed"
def editor_menuaction(self): action_desc = idaapi.action_desc_t( 'my:editoraction', # The action name. This acts like an ID and must be unique 'Python Editor!', # The action text. MyEditorHandler(), # The action handler. 'Ctrl+H', # Optional: the action shortcut DO IT HERE! 'Script editor', # Optional: the action tooltip (available in menus/toolbar) idaapi.load_custom_icon(":/ico/python.png") # hackish load action icon , if no custom icon use number from 1-150 from internal ida ) # 3) Register the action idaapi.register_action(action_desc) idaapi.attach_action_to_menu( 'File/Editor...', # The relative path of where to add the action 'my:editoraction', # The action ID (see above) idaapi.SETMENU_APP) # We want to append the action after the 'Manual instruction... form = ida_kernwin.get_current_widget() idaapi.attach_action_to_popup(form, None, "my:editoraction", None)
def _init_action_bulk(self): """ Register the bulk prefix action with IDA. """ icon_data = "".join([ "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52\x00\x00\x00\x10\x00\x00\x00\x10\x08\x06\x00\x00\x00\x1F\xF3\xFF\x61\x00\x00\x02\xCA\x49\x44\x41\x54\x78\x5E\x65", "\x53\x6D\x48\x53\x6F\x14\x3F\xBA\xB5\xB7\xA0\x8D\x20\x41\xF2\xBA\x5D\xB6\x0F\x56\xF4\x41\xA2\xC0\x9C\xE9\xB4\x29\x4A\x7D\xB0\x22\x7A\x11\x02\x23\x48\x2A\xD4\x74\x53\x33\x3F\xD4", "\x3E\x4A\x50\x19\xE4\xB0\xD0\x22\xCD\x44\x45\x4A\x31\x8C\x92\xA2\x3E\x65\x0A\x4D\xCB\x96\x7E\xE8\xD5\x97\xCC\xFE\xFE\x37\xA7\x77\xDB\xBD\xA7\xE7\x3C\xBE\x05\x9E\xED\xB7\xB3\xF3", "\x7B\x39\xF7\xEE\x19\x17\xA8\xAC\x56\xDB\x54\x82\x60\x41\xB3\x59\xBC\xFF\xAC\xF9\xCA\xB5\xAE\x86\xCA\xF9\x4E\xAF\x1B\x3B\xEA\x5D\x48\x9D\x66\xE2\x49\x27\x9F\xD5\x66\x9B\xA2\x1C", "\x22\x02\xD0\x40\xE4\x81\x6C\x3B\x76\x37\x56\xE3\x37\x5F\x2F\x62\xE8\x0B\xD3\x66\x19\x7E\x53\xA7\x99\x78\xAE\x1F\x64\x3E\x21\x71\x69\x09\x5F\x20\x98\x2D\x58\x70\x24\x07\x07\x7B", "\x6F\xB0\x79\x82\x61\x81\x21\xCC\xDE\x21\x54\x16\x02\xD4\x69\x26\x9E\x74\xEE\xCB\xCF\x4D\xC7\x44\xB3\x88\x7C\x81\xC5\x22\xFE\x6C\xB9\xE9\x46\x67\x46\x1A\x8A\x16\x2B\x0A\x5B\x05", "\x74\x66\x65\xE1\x98\x6F\x00\x31\x32\x87\x9F\x59\x77\x66\x66\x61\x42\xBC\xC0\xF5\x6C\x47\x1A\x36\xD7\xB9\x51\x14\xC5\x1E\xBE\xA0\xC3\x5B\xD9\x98\x99\xE1\xC0\xCE\xBE\x57\x48\xD7", "\x9A\x63\x68\xEA\x7C\x8A\xF6\x14\x3B\x9F\xF6\xA6\xA4\x60\xEB\xE3\x3E\x9C\x5F\xD6\x5A\x7A\xFA\x71\xBF\xC3\x81\x3D\x4D\x35\x0D\x7C\xC1\xF3\x87\x57\x43\xF9\x87\x8F\x21\x95\x5E\xAB", "\x41\x83\x4E\x83\x54\xDB\x92\x76\x20\xCA\xBF\xD0\x99\x9D\xBB\x4E\xDB\xBD\xC7\x8E\x2F\x5A\x3D\x74\x3D\x50\x03\x80\x7E\x7A\x7A\x06\x46\x47\xFD\xA0\x33\x6C\x84\x18\x46\x0C\xBD\x1F", "\x86\x2D\x71\x71\x00\x52\x10\x16\x17\xE6\xC1\xE7\x1B\x61\x9A\x81\x69\x31\x30\xFC\x61\x14\xB4\x3A\x3D\x20\x82\x1E\x58\xA9\x15\x05\x41\x14\x05\xB8\x58\xEE\x82\x7D\xE9\x99\x20\xCB", "\x32\x94\x95\x95\xC3\xA5\xD2\x53\x00\x51\x09\xAA\x4B\x0B\xA1\xB8\xA4\x0C\x52\x53\x33\x40\xA5\x52\x81\xDB\x5D\x01\xA2\x45\x00\x45\x51\x80\x2A\x36\x12\x8D\x42\x49\x51\x01\x44\xE5", "\x18\x90\x22\x0A\x98\x8C\x46\xF0\x54\x14\x42\x6D\x7D\x3B\xE4\x1C\x75\x41\xAD\xB7\x1D\x3C\x55\x85\x60\x32\x19\x41\x8A\x2A\xDC\x57\x5C\x74\x12\x28\x47\xA5\x8E\x44\xE4\xF0\x76\x5B", "\x82\xA6\xCD\x5B\x0D\xB2\x12\xE6\xE4\x06\xB5\x1A\x66\xA7\x26\x41\x92\xC2\xA0\xD5\x6A\x60\x67\x92\x19\xAE\x7B\xCE\x70\x4D\x15\xAB\x01\xAD\xC1\x08\x3F\x46\x64\x6E\x8E\x9D\xF9\x13", "\xE8\x1A\xFF\xE4\x63\x8A\x0E\xE6\x02\x41\xF8\x3F\x18\x82\x40\x28\x04\xFD\xDD\x75\xF0\xB6\xFF\x2E\x75\x9A\x89\x27\x9D\xFB\xC8\x4F\x39\xBE\xE0\xB4\xAB\xCE\x35\xFE\x71\x00\x16\x17", "\x25\x76\x50\x26\x76\x6B\x61\x86\x08\xE4\x1D\xAF\x81\xBC\x13\x97\xA9\xD3\x4C\x3C\xE9\xDC\x47\x7E\xCA\xF1\x05\x0C\x5F\x7D\xFE\xEF\x35\x03\xAF\x9F\x00\xB0\x73\x30\x9A\xE2\x81\x0E", "\xF6\xC1\xED\x52\xB8\x77\xAB\x98\x3A\xCD\xC4\x73\x9D\x7C\x6F\xDE\xF9\xCF\x53\x0E\xFE\xA9\xCD\xAE\xB3\x87\xCE\x75\x35\x54\xE1\xD0\xCB\x47\x38\x39\x36\x88\xFF\x4D\xF8\x57\x41\x33", "\xF1\xA4\x93\x0F\x00\x36\xAD\x3E\x4C\x6B\xC5\xC9\x5D\x77\x6A\x2F\xB4\x31\xA3\xC4\x40\x4F\x21\x0F\xD1\x4C\x3C\xE9\x2B\xE1\xF5\x0B\xD6\x90\xC8\x90\x4C\xE6\x35\xD0\xCC\x79\x5E\xFF", "\x2E\xF8\x0B\x2F\x3D\xE5\xC3\x97\x06\xCF\xCF\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82"]) # load the icon for this action self._bulk_icon_id = idaapi.load_custom_icon(data=icon_data, format="png") # describe the action action_desc = idaapi.action_desc_t( self.ACTION_BULK, # The action name. "Copy function pointers to selected function(s)", # The action text. IDACtxEntry(bulk_function), # The action handler. None, # Optional: action shortcut "Copies a function pointer to the selected function(s)", # Optional: tooltip self._bulk_icon_id # Optional: the action icon ) # register the action with IDA assert idaapi.register_action(action_desc), "Action registration failed"
def register_actions_and_handlers_decompile_view(): """ Attach the following actions in the pop-up menu of the decompiled view. """ # Load a custom icon icon_path = gl.plugin_resource("ghida.png") icon_data = str(open(icon_path, "rb").read()) icon_ghida = idaapi.load_custom_icon(data=icon_data) decompiler_widget = idaapi.find_widget('Decompiled Function') # TODO alternative # decompiler_widget = idaapi.get_current_tform() # Add Rename to the pop-up action_renamecustviewer = idaapi.action_desc_t( 'my:renamecustviewerhandler', 'Rename', RenameCustViewerHandler(DECOMP_VIEW), None, None, icon_ghida) decompiler_widget = idaapi.find_widget('Decompiled Function') idaapi.register_action(action_renamecustviewer) idaapi.attach_action_to_popup(decompiler_widget, None, "my:renamecustviewerhandler", None) # Add add-comment to the pop-up action_addcommentcustviewer = idaapi.action_desc_t( 'my:addcommentcustviewer', 'Add comment', AddCommentCustViewerHandler(DECOMP_VIEW), None, None, icon_ghida) idaapi.register_action(action_addcommentcustviewer) idaapi.attach_action_to_popup(decompiler_widget, None, "my:addcommentcustviewer", None) # Add goto to the pop-up action_gotocustviewerhandler = idaapi.action_desc_t( 'my:gotocustviewerhandler', 'Goto', GoToCustViewerHandler(DECOMP_VIEW), None, None, icon_ghida) idaapi.register_action(action_gotocustviewerhandler) idaapi.attach_action_to_popup(decompiler_widget, None, "my:gotocustviewerhandler", None) return
'hbp1': 'xxx ' }, 'x64_dbg': { 'prefix': '', 'si': 'sti', 'so': 'sto', 'go': 'go', 'bp': 'bp ', 'hbp': 'bph ', 'bp1': 'xxx ', 'hbp1': 'xxx ' }, } # TODO: The icons need to be released on termination. SYNC_ON_ICON = idaapi.load_custom_icon( os.path.join(os.path.dirname(__file__), 'sync_on.png')) SYNC_OFF_ICON = idaapi.load_custom_icon( os.path.join(os.path.dirname(__file__), 'sync_off.png')) # -------------------------------------------------------------------------- class RequestHandler(object): # color callback def cb_color(self, ea): idaapi.set_item_color(ea, COL_CBTRACE) # instruction step callback def cb_curline(self, ea): if self.prev_loc: prev_ea, prev_color = self.prev_loc
def AddMenuElements(self): idaapi.add_menu_item("File/", "Screen Recorder", "Shift-R", 0, self.eyes, ()) idaapi.set_menu_item_icon("File/Screen Recorder", idaapi.load_custom_icon(":/ico/python.png"))
def loadIcon(name): scriptPath = os.path.dirname( os.path.abspath(inspect.getfile(inspect.currentframe()))) return idaapi.load_custom_icon(scriptPath + "/imgs/" + name + ".png")
"\x7B\x39\xF7\xEE\x19\x17\xA8\xAC\x56\xDB\x54\x82\x60\x41\xB3\x59\xBC\xFF\xAC\xF9\xCA\xB5\xAE\x86\xCA\xF9\x4E\xAF\x1B\x3B\xEA\x5D\x48\x9D\x66\xE2\x49\x27\x9F\xD5\x66\x9B\xA2\x1C", "\x22\x02\xD0\x40\xE4\x81\x6C\x3B\x76\x37\x56\xE3\x37\x5F\x2F\x62\xE8\x0B\xD3\x66\x19\x7E\x53\xA7\x99\x78\xAE\x1F\x64\x3E\x21\x71\x69\x09\x5F\x20\x98\x2D\x58\x70\x24\x07\x07\x7B", "\x6F\xB0\x79\x82\x61\x81\x21\xCC\xDE\x21\x54\x16\x02\xD4\x69\x26\x9E\x74\xEE\xCB\xCF\x4D\xC7\x44\xB3\x88\x7C\x81\xC5\x22\xFE\x6C\xB9\xE9\x46\x67\x46\x1A\x8A\x16\x2B\x0A\x5B\x05", "\x74\x66\x65\xE1\x98\x6F\x00\x31\x32\x87\x9F\x59\x77\x66\x66\x61\x42\xBC\xC0\xF5\x6C\x47\x1A\x36\xD7\xB9\x51\x14\xC5\x1E\xBE\xA0\xC3\x5B\xD9\x98\x99\xE1\xC0\xCE\xBE\x57\x48\xD7", "\x9A\x63\x68\xEA\x7C\x8A\xF6\x14\x3B\x9F\xF6\xA6\xA4\x60\xEB\xE3\x3E\x9C\x5F\xD6\x5A\x7A\xFA\x71\xBF\xC3\x81\x3D\x4D\x35\x0D\x7C\xC1\xF3\x87\x57\x43\xF9\x87\x8F\x21\x95\x5E\xAB", "\x41\x83\x4E\x83\x54\xDB\x92\x76\x20\xCA\xBF\xD0\x99\x9D\xBB\x4E\xDB\xBD\xC7\x8E\x2F\x5A\x3D\x74\x3D\x50\x03\x80\x7E\x7A\x7A\x06\x46\x47\xFD\xA0\x33\x6C\x84\x18\x46\x0C\xBD\x1F", "\x86\x2D\x71\x71\x00\x52\x10\x16\x17\xE6\xC1\xE7\x1B\x61\x9A\x81\x69\x31\x30\xFC\x61\x14\xB4\x3A\x3D\x20\x82\x1E\x58\xA9\x15\x05\x41\x14\x05\xB8\x58\xEE\x82\x7D\xE9\x99\x20\xCB", "\x32\x94\x95\x95\xC3\xA5\xD2\x53\x00\x51\x09\xAA\x4B\x0B\xA1\xB8\xA4\x0C\x52\x53\x33\x40\xA5\x52\x81\xDB\x5D\x01\xA2\x45\x00\x45\x51\x80\x2A\x36\x12\x8D\x42\x49\x51\x01\x44\xE5", "\x18\x90\x22\x0A\x98\x8C\x46\xF0\x54\x14\x42\x6D\x7D\x3B\xE4\x1C\x75\x41\xAD\xB7\x1D\x3C\x55\x85\x60\x32\x19\x41\x8A\x2A\xDC\x57\x5C\x74\x12\x28\x47\xA5\x8E\x44\xE4\xF0\x76\x5B", "\x82\xA6\xCD\x5B\x0D\xB2\x12\xE6\xE4\x06\xB5\x1A\x66\xA7\x26\x41\x92\xC2\xA0\xD5\x6A\x60\x67\x92\x19\xAE\x7B\xCE\x70\x4D\x15\xAB\x01\xAD\xC1\x08\x3F\x46\x64\x6E\x8E\x9D\xF9\x13", "\xE8\x1A\xFF\xE4\x63\x8A\x0E\xE6\x02\x41\xF8\x3F\x18\x82\x40\x28\x04\xFD\xDD\x75\xF0\xB6\xFF\x2E\x75\x9A\x89\x27\x9D\xFB\xC8\x4F\x39\xBE\xE0\xB4\xAB\xCE\x35\xFE\x71\x00\x16\x17", "\x25\x76\x50\x26\x76\x6B\x61\x86\x08\xE4\x1D\xAF\x81\xBC\x13\x97\xA9\xD3\x4C\x3C\xE9\xDC\x47\x7E\xCA\xF1\x05\x0C\x5F\x7D\xFE\xEF\x35\x03\xAF\x9F\x00\xB0\x73\x30\x9A\xE2\x81\x0E", "\xF6\xC1\xED\x52\xB8\x77\xAB\x98\x3A\xCD\xC4\x73\x9D\x7C\x6F\xDE\xF9\xCF\x53\x0E\xFE\xA9\xCD\xAE\xB3\x87\xCE\x75\x35\x54\xE1\xD0\xCB\x47\x38\x39\x36\x88\xFF\x4D\xF8\x57\x41\x33", "\xF1\xA4\x93\x0F\x00\x36\xAD\x3E\x4C\x6B\xC5\xC9\x5D\x77\x6A\x2F\xB4\x31\xA3\xC4\x40\x4F\x21\x0F\xD1\x4C\x3C\xE9\x2B\xE1\xF5\x0B\xD6\x90\xC8\x90\x4C\xE6\x35\xD0\xCC\x79\x5E\xFF", "\x2E\xF8\x0B\x2F\x3D\xE5\xC3\x97\x06\xCF\xCF\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82"]) act_icon = idaapi.load_custom_icon(data=icon_data, format="png") hooks = None act_name = "example:add_action" if idaapi.register_action(idaapi.action_desc_t( act_name, # Name. Acts as an ID. Must be unique. "Say hi!", # Label. That's what users see. SayHi("developer"), # Handler. Called when activated, and for updating "Ctrl+F12", # Shortcut (optional) "Greets the user", # Tooltip (optional) act_icon)): # Icon ID (optional) print("Action registered. Attaching to menu.") # Insert the action in the menu if idaapi.attach_action_to_menu("Edit/Export data", act_name, idaapi.SETMENU_APP):
NETNODE_STORE = "$ SYNC_STORE" NETNODE_INDEX = 0xFFC0DEFF DBG_DIALECTS = { 'windbg': {'prefix': '!', 'si': 't', 'so': 'p', 'go': 'g', 'bp': 'bp ', 'hbp': 'ba e 1 ', 'bp1': 'bp /1 ', 'hbp1': 'ba e 1 /1 '}, 'gdb': {'prefix': '', 'si': 'si', 'so': 'ni', 'go': 'continue', 'bp': 'b *', 'hbp': 'hb *', 'bp1': 'tb *', 'hbp1': 'thb *'}, 'ollydbg2': {'prefix': '', 'si': 'si', 'so': 'so', 'go': 'go', 'bp': 'bp ', 'hbp': 'xxx ', 'bp1': 'xxx ', 'hbp1': 'xxx '}, 'x64_dbg': {'prefix': '', 'si': 'sti', 'so': 'sto', 'go': 'go', 'bp': 'bp ', 'hbp': 'bph ', 'bp1': 'xxx ', 'hbp1': 'xxx '}, } # TODO: The icons need to be released on termination. SYNC_ON_ICON = idaapi.load_custom_icon(os.path.join(os.path.dirname(__file__), 'sync_on.png')) SYNC_OFF_ICON = idaapi.load_custom_icon(os.path.join(os.path.dirname(__file__), 'sync_off.png')) # -------------------------------------------------------------------------- class RequestHandler(object): # color callback def cb_color(self, ea): idaapi.set_item_color(ea, COL_CBTRACE) # instruction step callback def cb_curline(self, ea): if self.prev_loc: prev_ea, prev_color = self.prev_loc
def AddMenuElements(self): idaapi.add_menu_item("File/", "Code editor", "Alt-E", 0, self.popeye, ()) idaapi.set_menu_item_icon("File/Code editor", idaapi.load_custom_icon(":/ico/python.png"))
def __init__(self, cc): idaapi.UI_Hooks.__init__(self) self.cc = cc self.selected_icon_number = idaapi.load_custom_icon( config['icons_path'] + "icons8-asterisk-24.png")
def loadIcon(name): scriptPath = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe()))) return idaapi.load_custom_icon(scriptPath + "/imgs/" + name + ".png")
def main(): print("\nUsage:\n\ save_x(\"unique_name\", start_addr, size) - save names, comments, breakpoints, functions\n\ restore_x(\"unique_name\", start_addr) - restore names, comments, breakpoints, functions\n\ Example:\n\t\ save_x(\"first_shellcode\", 0x12340000, 0x1000)\n\t\ restore_x(\"first_shellcode\", 0x12340000)\n\t\ save_x(\"f1\", here(), 0x1000)\n\t\ restore_x(\"f1\", here())\n\ \nBONUS: useful if a process allocated a new segment (e.g. VirtualAlloc) otherwise (HeapAlloc, new, etc.) use the first way\n\t\ save_x() == save_x(FIRST_0x10_BYTES_HASH_FROM_EA_SEGMENT, START_OF_EA_SEGMENT, SIZEOF_EA_SEGMENT)\n\t\ restore_x() == restore(FIRST_0x10_BYTES_HASH_FROM_EA_SEGMENT, START_OF_EA_SEGMENT)\n\ ") icon_data_save = "".join([ "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52\x00\x00\x00\x10\x00\x00\x00\x10\x04\x03\x00" "\x00\x00\xED\xDD\xE2\x52\x00\x00\x00\x1E\x50\x4C\x54\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xB7\x28\x6F\x6A\x00\x00\x00\x09\x74\x52" "\x4E\x53\x00\xE0\x08\xB8\xD0\x58\x98\x85\x25\x4C\x7E\x68\xAA\x00\x00\x00\x49\x49\x44\x41\x54\x08\xD7\x63\x60" "\x60\x60\x99\x39\xD3\x01\x48\x11\xC3\xE0\x08\x0D\x9C\x39\x53\x34\xB4\x81\x81\xC9\x72\x26\x10\x4C\x56\x60\x60" "\x50\x06\x31\x8C\x80\x72\x40\x21\xB0\x00\x50\x08\x2C\x00\x16\x02\x09\x80\x85\x80\x02\x10\x21\x90\x00\x02\xB0" "\x0B\x82\x41\x01\x03\xDB\x4C\x30\x48\x00\x00\xA9\xC1\x1A\x09\x2E\x8B\x71\x91\x00\x00\x00\x00\x49\x45\x4E\x44" "\xAE\x42\x60\x82 " ]) icon_data_restore = "".join([ "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52\x00\x00\x00\x10\x00\x00\x00\x10\x04\x03\x00" "\x00\x00\xED\xDD\xE2\x52\x00\x00\x00\x1E\x50\x4C\x54\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xB7\x28\x6F\x6A\x00\x00\x00\x09\x74\x52" "\x4E\x53\x00\x81\xE0\xD0\x98\x40\xEC\x34\x2D\xD9\x04\x16\x77\x00\x00\x00\x46\x49\x44\x41\x54\x08\xD7\x63\x00" "\x02\x46\x01\x06\x08\x90\x9C\x08\xA1\x19\x67\xCE\x14\x80\x08\xCC\x9C\x39\x11\x2A\x00\x14\x82\x08\x80\x85\x38" "\x5C\xDC\x66\xCE\x4C\x71\x69\x00\x0A\x31\xCF\x9C\x69\x00\xA4\x88\x63\xB0\x87\x86\x16\x30\x20\x01\x46\x25\x30" "\x10\x60\x60\x99\x09\x06\x0E\x00\xB5\x68\x19\x1B\xBF\xF3\x8F\x71\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60" "\x82 " ]) act_icon_save = idaapi.load_custom_icon(data=icon_data_save, format="png") act_icon_restore = idaapi.load_custom_icon(data=icon_data_restore, format="png") act_name_save = "dumpDyn_save:action" act_name_restore = "dumpDyn_restore:action" if idaapi.register_action( idaapi.action_desc_t(act_name_save, "save_x", save_class(), None, "save_x", act_icon_save)): # Insert the action in a toolbar idaapi.attach_action_to_toolbar("DebugToolBar", act_name_save) if idaapi.register_action( idaapi.action_desc_t(act_name_restore, "restore_x", restore_class(), None, "restore_x", act_icon_restore)): # Insert the action in a toolbar idaapi.attach_action_to_toolbar("DebugToolBar", act_name_restore) else: idaapi.unregister_action(act_name_save) idaapi.unregister_action(act_name_restore) global MD5_hash_data_file input_filepath = ida_nalt.get_input_file_path() hasher = hashlib.md5() with open(input_filepath, 'rb') as afile: buf = afile.read() hasher.update(buf) MD5_hash = hasher.hexdigest() # str MD5_hash_data_file = input_filepath + "____dumpDyn___" + MD5_hash
def AddMenuElements(self): idaapi.add_menu_item("File/", "Geo", "ALT-G", 0, self.popeye, ()) idaapi.set_menu_item_icon("File/Geo", idaapi.load_custom_icon(":/ico/python.png"))
"\x07\x3D\x9E\xF0\x10\x7C\x3D\x34\x3C\x3B\xA6\x99\xFE\x85\xBB\x7F", "\x95\x0E\x0F\xA6\xA9\xF9\x4A\x52\x5B\x6B\x29\x8C\xB5\xBC\xC0\xB9", "\x05\x0F\x3A\x1D\x84\x7E\xFF\x20\x5E\x85\xA7\xB4\xD3\xFF\xE6\xD0", "\x4D\xC0\xED\xE2\xDD\xCA\x0B\x78\xFE\x80\x49\xB3\x95\x1A\xA9\x7B", "\xB4\x0F\xB1\x5C\x02\x56\xA3\x05\xA1\xD4\x4F\xEC\xAA\x71\xA3\xB7", "\xF5\x38\x18\x7F\x82\x7C\xED\x9B\xF3\x61\x37\x5D\x82\x23\x74\x15", "\xB3\x89\x24\x22\x43\xCE\x4A\x81\x02\x1D\x8F\x7A\xB1\xB4\x1E\x87", "\xCB\x52\x0B\x45\x55\x90\x55\x78\xFE\xDC\x2D\x0A\x46\x98\x8D\x66", "\x64\xB0\x8C\x6F\x8B\x2A\x82\x7D\x93\x70\xD5\x15\x63\x36\xFD\x4C", "\xDE\x99\x87\xB8\xF6\xE6\x2E\x8C\x3C\xC8\x2E\x5A\x78\xF1\x04\xE4", "\x94\x3C\x17\x8E\xE1\xCC\xCE\x23\x18\x39\x71\x9B\x5F\x9D\xA8\xEF", "\xDE\x42\x60\x83\x60\x32\x8C\x8F\xB1\x39\xE4\x55\x09\x3B\x6C\x8D", "\xE8\x6A\xDC\xAB\x7B\xFE\x04\xF8\x0D\x1A\x8F\x87\xFA\x45\xCC\x17", "\x75\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82"]) act_icon = idaapi.load_custom_icon(data=icon_data, format="png") class SearchHandler(idaapi.action_handler_t): def __init__(self): idaapi.action_handler_t.__init__(self) def activate(self, ctx): os.system("START chrome http://www.google.com/search?q=\"" + highlight[0] + "\"") return 1 def update(self, ctx): return idaapi.AST_ENABLE_ALWAYS action_desc = idaapi.action_desc_t('search:action', 'Search Google for \"\"',