def handle_set_vtable_range(self):
if self.edit_class is None:
return
selection = idaapi.read_selection()
# Check selection
if selection[1] == idc.BADADDR or selection[2] == idc.BADADDR:
return
if selection[1] > selection[2]:
return
if selection[1] != idc.ScreenEA() and selection[2] != idc.ScreenEA():
return
# Warning for large ranges
if (selection[2] - selection[1]) > 0x1000:
if not util.ask_yes_no(
'Warning: The VTable range is longer than 0x1000 bytes. Continue?',
False):
return
try:
self.edit_class.set_vtable_range(selection[1], selection[2])
self.update_fields()
except ValueError as e:
idaapi.warning(str(e))
def finish_populating_widget_popup(self, form, popup):
form_type = idaapi.get_widget_type(form)
if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
idaapi.attach_action_to_popup(form, popup, ACTION_PASTE, None)
idaapi.attach_action_to_popup(form, popup, ACTION_DUMPER, None)
idaapi.attach_action_to_popup(form, popup, ACTION_JMP, None)
t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t(
), idaapi.get_current_viewer()
if idaapi.read_selection(
view, t0,
t1) or idc.get_item_size(idc.get_screen_ea()) > 1:
idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA,
None)
idaapi.attach_action_to_popup(form, popup, ACTION_FILLNOP,
None)
for action in ACTION_CONVERT:
idaapi.attach_action_to_popup(form, popup, action,
"Convert/")
if form_type == idaapi.BWN_DISASM and (ARCH, BITS) in [
(idaapi.PLFM_386, 32),
(idaapi.PLFM_386, 64),
(idaapi.PLFM_ARM, 32),
]:
idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def dc_extract(self, arg):
multiple, start, end = idaapi.read_selection()
if multiple:
self.dcu_extract_between_addr(start, end, True)
else:
self.dcu_extract_between_addr(here(), here(), False, True)
return
def show_fill_form(self):
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
end_ea = start_ea + 1
# Default fill value
fill_value = 0x00
# Create the form
f = PatchFillForm(start_ea, end_ea, fill_value)
# Execute the form
ok = f.Execute()
if ok == 1:
# Get updated values
start_ea = f.intStartEA.value
end_ea = f.intEndEA.value
fill_value = f.intPatch.value
# Now apply newly patched bytes
# NOTE: fill_value is expected to be one byte
# so if a user provides a larger patch_byte()
# will trim the value as expected.
for ea in range(start_ea, end_ea):
idaapi.patch_byte(ea, fill_value)
# Refresh all IDA views
self.patch_view.Refresh()
# Dispose the form
f.Free()
def getrange(args):
selection, selfirst, sellast = idaapi.read_selection()
argfirst = args[0] if len(args)>0 and type(args[0])==types.IntType else None
arglast = args[1] if len(args)>1 and type(args[1])==types.IntType else None
"""
afirst alast sel
None None 0 -> here, BADADDR
None None 1 -> selection
None + 0 -> here, BADADDR
None + 1 -> selection
+ None 0 -> afirst, BADADDR
+ None 1 -> afirst, BADADDR
+ + 0 -> afirst, alast
+ + 1 -> afirst, alast
"""
if argfirst is None:
if selection:
return (selfirst, sellast)
else:
return (here(), BADADDR)
if arglast is None:
return (argfirst, BADADDR)
else:
return (argfirst, arglast)
def activate(self, ctx):
selection = idaapi.read_selection()
valid_selection = selection[0]
if (valid_selection):
addr = idc.DbgDword(selection[1])
idaapi.jumpto(addr)
else:
idaapi.msg("Invalid selection!\n")
def selection(cls):
'''Return the current address range of whatever is selected'''
view = idaapi.get_current_viewer()
left, right = idaapi.twinpos_t(), idaapi.twinpos_t()
ok = idaapi.read_selection(view, left, right)
if not ok:
raise internal.exceptions.DisassemblerError("{:s}.selection() : Unable to read the current selection.".format('.'.join((__name__, cls.__name__))))
pl_l, pl_r = left.place(view), right.place(view)
return _database.address.head(pl_l.ea), _database.address.tail(pl_r.ea)
def get_selected_bytes():
selected = idaapi.read_selection()
curr_ea = idc.ScreenEA()
print "[+] Processing range: %x - %x" % (selected[1], selected[2])
if (selection_is_valid(selected, curr_ea)):
return selected
else:
return None
def selection(cls):
'''Return the current address range of whatever is selected'''
view = idaapi.get_current_viewer()
left, right = idaapi.twinpos_t(), idaapi.twinpos_t()
ok = idaapi.read_selection(view, left, right)
if not ok:
raise internal.exceptions.DisassemblerError(u"{:s}.selection() : Unable to read the current selection.".format('.'.join((__name__, cls.__name__))))
pl_l, pl_r = left.place(view), right.place(view)
ea_l, ea_r = internal.interface.address.inside(pl_l.ea, pl_r.ea)
return internal.interface.bounds_t(ea_l, ea_r)
def GetOpcodes():
selected = idaapi.read_selection()
print "[+] Processing range: %x - %x" % (selected[1],selected[2])
opcodes = []
lastInstructionAddr = NextHead(selected[2])
size = lastInstructionAddr-selected[1]
for i in range(size):
opcodes.append(GetOriginalByte(selected[1]+i))
return opcodes
def getrange(args):
"""
Determines a address range.
@param args: the argument list passed to the caller
@return: a pair of addresses
args can contain one of the following:
1) a tuple containing (first, last)
2) an area_t, containing (start_ea, end_ea)
3) nothing
* if the user made a selection ( using Alt-L ), that selection is returned
* otherwise from the cursor line until endoffile
4) one address: from address until the end of file
5) two addresses: the range between those addresses
The range is specified as (first,last)
meaning all addresses satisfying first <= addr < last
"""
selection, selfirst, sellast = idaapi.read_selection()
if isinstance(args, idaapi.area_t):
return (args.start_ea, args.end_ea)
if len(args) and type(args[0]) == types.TupleType:
return args[0]
if len(args) and isinstance(args[0], idaapi.area_t):
return (args[0].start_ea, args[0].end_ea)
argfirst = args[0] if len(args) > 0 and type(
args[0]) == types.IntType else None
arglast = args[1] if len(args) > 1 and type(
args[1]) == types.IntType else None
"""
afirst alast sel
None None 0 -> here, BADADDR
None None 1 -> selection
None + 0 -> here, BADADDR
None + 1 -> selection
+ None 0 -> afirst, BADADDR
+ None 1 -> afirst, BADADDR
+ + 0 -> afirst, alast
+ + 1 -> afirst, alast
"""
if argfirst is None:
if selection:
return (selfirst, sellast)
else:
return (idc.here(), BADADDR)
if arglast is None:
return (argfirst, BADADDR)
else:
return (argfirst, arglast)
def query_fragment(self, *_):
selection = idaapi.read_selection()
content = ""
if selection[0] is True:
content = IDAUtils.get_selected_code(selection[1], selection[2])
if self._get_connector() is not None:
self.connector.search_func(
queries=content,
topk=self.get_conf_topk(),
threshold=self.get_conf_threshold(),
avoid_same_binary=self.get_conf_avoidSameBinary())
def finish_populating_widget_popup(self, form, popup):
form_type = idaapi.get_widget_type(form)
if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t(
), idaapi.get_current_viewer()
if idaapi.read_selection(view, t0, t1) \
or idc.get_item_size(idc.get_screen_ea()) > 1:
idaapi.attach_action_to_popup(form, popup, GOLANG_FUNC, None)
idaapi.attach_action_to_popup(form, popup, GOLANG_STRING, None)
idaapi.attach_action_to_popup(form, popup, RENAME_POINTER,
None)
def main():
is_selected, sel_start, sel_end = idaapi.read_selection()
if not is_selected:
logger.error('range must be selected')
return -1
sel_end = idc.NextHead(sel_end)
buf = ida_bytes.get_bytes(sel_start, sel_end - sel_start)
if buf is None:
logger.error('failed to fetch instruction bytes')
return -1
f = idaapi.get_func(sel_start)
if f != idaapi.get_func(sel_end):
logger.error('range must be within a single function')
return -1
# find mappings from "$localN" to "custom_name"
regvars = {}
for i in range(0x1000):
regvar = idaapi.find_regvar(f, sel_start, '$local%d' % (i))
if regvar is None:
continue
regvars[regvar.canon] = regvar.user
if len(regvars) >= f.regvarqty:
break
globals_ = {}
for i, offset in netnode.Netnode('$ wasm.offsets').get('globals', {}).items():
globals_['$global' + i] = ida_name.get_name(offset)
frame = {}
if f.frame != idc.BADADDR:
names = set([])
for i in range(idc.GetStrucSize(f.frame)):
name = idc.GetMemberName(f.frame, i)
if not name:
continue
if name in names:
continue
frame[i] = name
names.add(name)
emu = Emulator(buf)
emu.run()
print(emu.render(ctx={
'regvars': regvars,
'frame': frame,
'globals': globals_,
}))
def queryFragment(self, ctx):
selection = idaapi.read_selection()
content = ""
if (selection[0] == True):
content = IDAutils.GetSelectedCode(selection[1], selection[2])
frag = self.openFragmentInputForm(content=content)
if (frag is not None):
self.createProgressFormRaw([frag],
self.getConfThreshold(),
self.getConfTopK(),
cnn=self.connector)
else:
print "No input/Input cancelled."
def setMatchType(self, type):
try:
selection, begin, end = idaapi.read_selection()
if selection:
for ea in range(begin, end + 1):
self.cc.PatternGenerator.setMatchType(ea, type)
else:
self.cc.PatternGenerator.setMatchType(idc.get_screen_ea(),
type)
except:
self.cc.PatternGenerator.setMatchType(idc.ScreenEA(), type)
self._render_if_real_time()
def finish_populating_tform_popup(self, form, popup):
form_type = idaapi.get_tform_type(form)
if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
if idaapi.read_selection() or ItemSize(ScreenEA()) > 1:
idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None)
for action in ACTION_CONVERT:
idaapi.attach_action_to_popup(form, popup, action, "Convert/")
if form_type == idaapi.BWN_DISASM and (arch, bits) in [(idaapi.PLFM_386, 32),
(idaapi.PLFM_386, 64),
(idaapi.PLFM_ARM, 32),]:
idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def getrange(args):
"""
Determines a address range.
@param args: the argument list passed to the caller
@return: a pair of addresses
args can contain one of the following:
1) a tuple containing (first, last)
2) an area_t, containing (startEA, endEA)
3) nothing
* if the user made a selection ( using Alt-L ), that selection is returned
* otherwise from the cursor line until endoffile
4) one address: from address until the end of file
5) two addresses: the range between those addresses
The range is specified as (first,last)
meaning all addresses satisfying first <= addr < last
"""
selection, selfirst, sellast = idaapi.read_selection()
if len(args) and type(args[0])==types.TupleType:
return args[0]
if len(args) and isinstance(args[0], idaapi.area_t):
return (args[0].startEA, args[0].endEA)
argfirst = args[0] if len(args)>0 and type(args[0])==types.IntType else None
arglast = args[1] if len(args)>1 and type(args[1])==types.IntType else None
"""
afirst alast sel
None None 0 -> here, BADADDR
None None 1 -> selection
None + 0 -> here, BADADDR
None + 1 -> selection
+ None 0 -> afirst, BADADDR
+ None 1 -> afirst, BADADDR
+ + 0 -> afirst, alast
+ + 1 -> afirst, alast
"""
if argfirst is None:
if selection:
return (selfirst, sellast)
else:
return (idc.here(), BADADDR)
if arglast is None:
return (argfirst, BADADDR)
else:
return (argfirst, arglast)
def activate(self, ctx):
info = idaapi.get_inf_structure()
selection = idaapi.read_selection()
start = selection[1]
end = selection[2]
if selection[0] == False:
start = idaapi.get_screen_ea()
if start == idaapi.BADADDR:
print 'Easy Nop :: Screen EA == idaapi.BADADDR'
return 0
end = start + idaapi.get_item_size(start)
else:
end += idaapi.get_item_size(end)
if start == idaapi.BADADDR:
print 'Easy Nop :: Selection EA == idaapi.BADADDR'
return 0
if start == end:
print 'Easy Nop :: Nothing to nop'
return 0
for x in range(start, end):
# Maybe theres a smarter way to get the nop value for different archs e.g. Assemble('nop') -> 0x90
idaapi.patch_byte(x, 0x90)
for x in range(start + 1, end):
idaapi.hide_item(x)
# Must do this else it bugs out on 2x 1 byte instructions being nopped
idaapi.hide_item(start)
idaapi.unhide_item(start)
# Search for hidden nops and add to count
while idaapi.get_byte(end) == 0x90 and idaapi.is_hidden_item(
end) == True:
end += 1
count = end - start
if count > 1:
idaapi.set_cmt(start, "truncated nops (%d)" % (count), False)
print end
print start
return 1
def x86_nop_region(self):
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
end_ea = start_ea + 1
fill_value = 0x90
for ea in range(start_ea, end_ea):
idaapi.patch_byte(ea, fill_value)
# Refresh all IDA views
self.patch_view.Refresh()
def activate(self, ctx):
sel = idaapi.read_selection()
if not sel[0]:
print 'Please select something'
return
import capstone
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
md.details = True
data = idaapi.get_many_bytes(sel[1], sel[2] - sel[1])
for insn in md.disasm(data, sel[1]):
# print "0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)
idaapi.set_cmt(insn.address,
str('%s %s' % (insn.mnemonic, insn.op_str)), False)
def finish_populating_tform_popup(self, form, popup):
form_type = idaapi.get_tform_type(form)
if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
if idaapi.read_selection() or ItemSize(ScreenEA()) > 1:
idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None)
idaapi.attach_action_to_popup(form, popup, ACTION_FILLNOP, None)
for action in ACTION_CONVERT:
idaapi.attach_action_to_popup(form, popup, action, "Convert/")
if form_type == idaapi.BWN_DISASM and (ARCH, BITS) in [(idaapi.PLFM_386, 32),
(idaapi.PLFM_386, 64),
(idaapi.PLFM_ARM, 32),]:
idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def activate(self, ctx):
try:
# from is a reserved keyword in python...
cur_sel_from = getattr(ctx.cur_sel, "from")
start, end = (x.at.toea()
for x in [cur_sel_from, ctx.cur_sel.to])
except AttributeError:
_, start, end = idaapi.read_selection()
length = end - start
if self._action == ACTION_ADD_ANNOTATION:
ali.ida_add_lineinfo_comment_to_range(ali_plugin.dia, start,
length)
elif self._action == ACTION_DEL_ANNOTATION:
ali.ida_del_lineinfo_comment_from_range(start, length)
def get_selected_lines(vdui):
vdui.get_current_item(idaapi.USE_KEYBOARD)
line_numbers = []
w = vdui.ct
p0 = idaapi.twinpos_t()
p1 = idaapi.twinpos_t()
if idaapi.read_selection(w, p0, p1):
place0 = p0.place(w)
place1 = p1.place(w)
a = place0.as_simpleline_place_t(place0).n
b = place1.as_simpleline_place_t(place1).n
line_numbers = [i for i in range(a, b + 1)]
else:
line_numbers = [vdui.cpos.lnnum]
return line_numbers
def activate(self, ctx):
t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t(
), idaapi.get_current_viewer()
if idaapi.read_selection(view, t0, t1):
start, end = t0.place(view).toea(), t1.place(view).toea()
end += idaapi.get_item_size(end)
else:
start = idaapi.get_screen_ea()
if start == idaapi.BADADDR:
print('Easy Nop :: Screen EA == idaapi.BADADDR')
return 0
end = start + idaapi.get_item_size(start)
if start == idaapi.BADADDR:
print('Easy Nop :: Selection EA == idaapi.BADADDR')
return 0
if start == end:
print('Easy Nop :: Nothing to nop')
return 0
for x in range(start, end):
# Maybe theres a smarter way to get the nop value for different archs e.g. Assemble('nop') -> 0x90
idaapi.patch_byte(x, 0x90)
for x in range(start + 1, end):
idaapi.hide_item(x)
# Must do this else it bugs out on 2x 1 byte instructions being nopped
idaapi.hide_item(start)
idaapi.unhide_item(start)
# Search for hidden nops and add to count
while idaapi.get_byte(end) == 0x90 and idaapi.is_hidden_item(
end) == True:
end += 1
count = end - start
if count > 1:
idaapi.set_cmt(start, "truncated nops (%d)" % (count), False)
print(end)
print(start)
return 1
def get_selected_bytes():
"""Highlight a range and turn it into dwords
NOTE: read_selection appears to be a fickle bitch. You absolutely have to
select more than one line at a time in order for it to work as expected.
"""
selected = idaapi.read_selection()
curr_ea = idc.ScreenEA()
print "[+] Processing range: %x - %x" % (selected[1], selected[2])
# refer to selection_is_valid comments regarding the need for this check
if (selection_is_valid(selected, curr_ea)):
return selected
else:
return None
def show_import_form(self):
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
end_ea = start_ea + 1
# Create the form
f = DataImportForm(start_ea, end_ea)
# Execute the form
ok = f.Execute()
if ok == 1:
start_ea = f.intStartEA.value
end_ea = f.intEndEA.value
if f.rFile.selected:
imp_file = f.impFile.value
try:
f_imp_file = open(imp_file, 'rb')
except Exception, e:
idaapi.warning("File I/O error({0}): {1}".format(
e.errno, e.strerror))
return
else:
buf = f_imp_file.read()
f_imp_file.close()
else:
buf = f.strPatch.value
# Hex values, unlike string literal, needs additional processing
if f.rHex.selected:
buf = buf.replace(' ', '') # remove spaces
buf = buf.replace('\\x', '') # remove '\x' prefixes
buf = buf.replace('0x', '') # remove '0x' prefixes
try:
buf = binascii.unhexlify(buf) # convert to bytes
except Exception, e:
idaapi.warning("Invalid input: %s" % e)
f.Free()
return
def show_import_form(self):
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
end_ea = start_ea + 1
# Create the form
f = DataImportForm(start_ea, end_ea);
# Execute the form
ok = f.Execute()
if ok == 1:
start_ea = f.intStartEA.value
end_ea = f.intEndEA.value
if f.rFile.selected:
imp_file = f.impFile.value
try:
f_imp_file = open(imp_file,'rb+')
except Exception, e:
idaapi.warning("File I/O error({0}): {1}".format(e.errno, e.strerror))
return
else:
buf = f_imp_file.read()
f_imp_file.close()
else:
buf = f.strPatch.value
# Hex values, unlike string literal, needs additional processing
if f.rHex.selected:
buf = buf.replace(' ','') # remove spaces
buf = buf.replace('\\x','') # remove '\x' prefixes
buf = buf.replace('0x','') # remove '0x' prefixes
try:
buf = binascii.unhexlify(buf) # convert to bytes
except Exception, e:
idaapi.warning("Invalid input: %s" % e)
f.Free()
return
def show_edit_form(self):
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
end_ea = start_ea + 1
if start_ea != idaapi.BADADDR and end_ea != idaapi.BADADDR:
if end_ea > start_ea:
buf_len = end_ea - start_ea
buf = get_many_bytes(start_ea, buf_len) or "\xFF"*buf_len
buf_str = " ".join(["%02X" % ord(x) for x in buf])
fpos = idaapi.get_fileregion_offset(start_ea)
addr_str = "%#X" % start_ea
fpos_str = "%#x" % fpos if fpos != -1 else "N/A"
f = PatchEditForm(addr_str, fpos_str, buf_str, buf_str)
# Execute the form
ok = f.Execute()
if ok == 1:
# Convert hex bytes to binary
buf = f.strPatch.value
buf = buf.replace(' ','') # remove spaces
buf = buf.replace('\\x','') # remove '\x' prefixes
buf = buf.replace('0x','') # remove '0x' prefixes
try:
buf = binascii.unhexlify(buf) # convert to bytes
except Exception, e:
idaapi.warning("Invalid input: %s" % e)
f.Free()
return
# Now apply newly patched bytes
idaapi.patch_many_bytes(start_ea, buf)
# Refresh all IDA views
self.patch_view.refreshitems()
idaapi.refresh_idaview_anyway()
# Dispose the form
f.Free()
def finish_populating_tform_popup(self, form, popup):
tft = idaapi.get_tform_type(form)
if tft == idaapi.BWN_DISASM: # Disassembly view
descs = []
# Choose either selection or function annotation depending on cursor
selection = idaapi.read_selection()
if selection[0] == True:
descs.append(
idaapi.action_desc_t(
None, 'Annotate selection with line info',
ALI_DISASM_SelectionHandler(
ACTION_ADD_ANNOTATION)))
descs.append(
idaapi.action_desc_t(
None, 'Remove annotations from selection',
ALI_DISASM_SelectionHandler(
ACTION_DEL_ANNOTATION)))
else:
func = idaapi.get_func(ScreenEA())
if func is not None:
descs.append(
idaapi.action_desc_t(
None, 'Annotate function with line info',
ALI_DISASM_FunctionHandler(
ACTION_ADD_ANNOTATION)))
descs.append(
idaapi.action_desc_t(
None, 'Remove annotations from function',
ALI_DISASM_FunctionHandler(
ACTION_DEL_ANNOTATION)))
# Add corresponding action to popup menu
for d in descs:
idaapi.attach_dynamic_action_to_popup(form, popup, d, None)
elif tft == idaapi.BWN_FUNCS: # Functions view
# Add action to popup menu
idaapi.attach_action_to_popup(
form, popup,
type(ali_plugin).action_wfuncs_add_name, None,
idaapi.SETMENU_INS)
idaapi.attach_action_to_popup(
form, popup,
type(ali_plugin).action_wfuncs_del_name, None,
idaapi.SETMENU_INS)
def show_edit_form(self):
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
end_ea = start_ea + 1
buf_len = end_ea - start_ea
buf = idaapi.get_many_bytes(start_ea, buf_len) or "\xFF"*buf_len
buf_str = " ".join(["%02X" % x for x in buf])
fpos = idaapi.get_fileregion_offset(start_ea)
addr_str = "%#X" % start_ea
fpos_str = "%#x" % fpos if fpos != -1 else "N/A"
f = PatchEditForm(addr_str, fpos_str, buf_str, buf_str)
# Execute the form
ok = f.Execute()
if ok == 1:
# Convert hex bytes to binary
buf = f.strPatch.value
buf = buf.replace(' ','') # remove spaces
buf = buf.replace('\\x','') # remove '\x' prefixes
buf = buf.replace('0x','') # remove '0x' prefixes
try:
buf = binascii.unhexlify(buf) # convert to bytes
except Exception as e:
idaapi.warning("Invalid input: %s" % e)
f.Free()
return
# Now apply newly patched bytes
idaapi.patch_many_bytes(start_ea, buf)
# Refresh all IDA views
self.patch_view.Refresh()
# Dispose the form
f.Free()
def show_xor_with_key_form():
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
# Create the form
f = XorWithKeyForm(start_ea)
# Execute the form
ok = f.Execute()
if ok == 1:
start_ea = f.intStartEA.value
target_length = f.intLength.value
key = f.rString.value
if target_length < 0:
slog("target lenth is wrong " + str(target_length))
return
if idaapi.IDA_SDK_VERSION >= 700:
buf = ida_bytes.get_bytes(start_ea, target_length)
else:
buf = ida_bytes.get_many_bytes(start_ea, target_length)
if buf is None:
slog("Failed to get bytes")
return
lbuf = list(buf)
lkey = list(key)
for i in range(target_length):
lbuf[i] = chr(ord(lbuf[i]) ^ ord(lkey[i % len(lkey)]))
# Now apply newly patched bytes
buf = "".join(lbuf)
idaapi.patch_many_bytes(start_ea, buf)
# Dispose the form
f.Free()
def dump_raw_bytes_c_asm():
selection, startea, endea = idaapi.read_selection()
if selection == False:
print("dump_selection : Nothing selected")
return
print("unsigned char raw_data[] = {")
while startea < endea:
output = ""
mnemonic = idc.GetDisasm(startea)
idaapi.decode_insn(startea)
size = idaapi.cmd.size
buff = idaapi.get_many_bytes(startea, size)
data = " " * 8 + "".join(["0x%.02x, " % ord(b) for b in buff])
startea += size
if startea == endea:
data = data[:-2]
#wipe , at the end...
output = data + " " * (64 - len(data)) + "// " + mnemonic
print(output)
print("};")
def __init__(self):
import array
selection, start_ea, end_ea = idaapi.read_selection()
#self.selection = selection
if selection:
self.start = start_ea
self.end = end_ea
arrayType = 'B'
selsize = self.end - self.start
if selsize >= 256:
arrayType = 'H' if selsize < 65536 else 'I'
self.offslist = array.array(arrayType)
position = self.start
while position < end_ea:
self.offslist.append(start_ea - position)
position = nextHead(position)
else:
self.start = screenEA()
self.end = nextHead(self.start)
self.offslist = None
def handle_set_vtable_range(self):
if self.edit_class is None:
return
p0 = idaapi.twinpos_t()
p1 = idaapi.twinpos_t()
view = idaapi.get_current_viewer()
success = idaapi.read_selection(view, p0, p1)
if not success:
idaapi.warning('Please, select region in ida dissasembler')
ea0 = p0.place(view).ea
ea1 = p1.place(view).ea
# Check selection
if ea0 == idc.BADADDR or ea1 == idc.BADADDR:
return
if ea0 > ea1:
return
if ea0 != idc.get_screen_ea() and ea1 != idc.get_screen_ea():
return
# Warning for large ranges
if (ea1 - ea0) > 0x1000:
if not util.ask_yes_no(
'Warning: The VTable range is longer than 0x1000 bytes. Continue?',
False):
return
try:
self.edit_class.set_vtable_range(ea0, ea1)
self.update_fields()
except ValueError as e:
idaapi.warning(str(e))
def show_fill_form(self):
selection, start_ea, end_ea = idaapi.read_selection()
if not selection:
start_ea = idaapi.get_screen_ea()
end_ea = start_ea + 1
# Default fill value
fill_value = 0x90 #nop
# Create the form
f = PatchFillForm(start_ea, end_ea, fill_value)
# Execute the form
ok = f.Execute()
if ok == 1:
# Get updated values
start_ea = f.intStartEA.value
end_ea = f.intEndEA.value
fill_value = f.intPatch.value
# Now apply newly patched bytes
# NOTE: fill_value is expected to be one byte
# so if a user provides a larger patch_byte()
# will trim the value as expected.
for ea in range(start_ea, end_ea):
idaapi.patch_byte(ea, fill_value)
# Refresh all IDA views
self.patch_view.refreshitems()
idaapi.refresh_idaview_anyway()
# Dispose the form
f.Free()
def activate(self, ctx):
if self.action in ACTION_CONVERT:
# convert
selection, start, end = idaapi.read_selection()
if selection:
size = end - start
elif ItemSize(ScreenEA()) > 1:
start = ScreenEA()
size = ItemSize(start)
end = start + size
else:
return False
data = idaapi.get_many_bytes(start, size)
name = Name(start)
if not name:
name = "data"
if data:
print("\n[+] Dump 0x%X - 0x%X (%u bytes) :" % (start, end, size))
if self.action == ACTION_CONVERT[0]:
# escaped string
print('"%s"' % "".join("\\x%02X" % ord(b) for b in data))
elif self.action == ACTION_CONVERT[1]:
# hex string
print("".join("%02X" % ord(b) for b in data))
elif self.action == ACTION_CONVERT[2]:
# C array
output = "unsigned char %s[%d] = {" % (name, size)
for i in range(size):
if i % 16 == 0:
output += "\n "
output += "0x%02X, " % ord(data[i])
output = output[:-2] + "\n};"
print(output)
elif self.action == ACTION_CONVERT[3]:
# C array word
data += "\x00"
array_size = (size + 1) / 2
output = "unsigned short %s[%d] = {" % (name, array_size)
for i in range(0, size, 2):
if i % 16 == 0:
output += "\n "
output += "0x%04X, " % u16(data[i:i+2])
output = output[:-2] + "\n};"
print(output)
elif self.action == ACTION_CONVERT[4]:
# C array dword
data += "\x00" * 3
array_size = (size + 3) / 4
output = "unsigned int %s[%d] = {" % (name, array_size)
for i in range(0, size, 4):
if i % 32 == 0:
output += "\n "
output += "0x%08X, " % u32(data[i:i+4])
output = output[:-2] + "\n};"
print(output)
elif self.action == ACTION_CONVERT[5]:
# C array qword
data += "\x00" * 7
array_size = (size + 7) / 8
output = "unsigned long %s[%d] = {" % (name, array_size)
for i in range(0, size, 8):
if i % 32 == 0:
output += "\n "
output += "%#018X, " % u64(data[i:i+8])
output = output[:-2] + "\n};"
print(output.replace("0X", "0x"))
elif self.action == ACTION_CONVERT[6]:
# python list
print("[%s]" % ", ".join("0x%02X" % ord(b) for b in data))
elif self.action == ACTION_CONVERT[7]:
# python list word
data += "\x00"
print("[%s]" % ", ".join("0x%04X" % u16(data[i:i+2]) for i in range(0, size, 2)))
elif self.action == ACTION_CONVERT[8]:
# python list dword
data += "\x00" * 3
print("[%s]" % ", ".join("0x%08X" % u32(data[i:i+4]) for i in range(0, size, 4)))
elif self.action == ACTION_CONVERT[9]:
# python list qword
data += "\x00" * 7
print("[%s]" % ", ".join("%#018X" % u64(data[i:i+8]) for i in range(0, size, 8)).replace("0X", "0x"))
elif self.action == ACTION_XORDATA:
selection, start, end = idaapi.read_selection()
if not selection:
if ItemSize(ScreenEA()) > 1:
start = ScreenEA()
end = start + ItemSize(start)
else:
return False
data = idaapi.get_many_bytes(start, end - start)
x = AskLong(0, "Xor with...")
if x:
x &= 0xFF
print("\n[+] Xor 0x%X - 0x%X (%u bytes) with 0x%02X:" % (start, end, end - start, x))
print(repr("".join(chr(ord(b) ^ x) for b in data)))
elif self.action == ACTION_FILLNOP:
selection, start, end = idaapi.read_selection()
if selection:
idaapi.patch_many_bytes(start, "\x90" * (end - start))
print("\n[+] Fill 0x%X - 0x%X (%u bytes) with NOPs" % (start, end, end - start))
elif self.action == ACTION_SCANVUL:
print("\n[+] Finding Format String Vulnerability...")
found = []
for addr in idautils.Functions():
name = GetFunctionName(addr)
if "printf" in name and "v" not in name and SegName(addr) in (".text", ".plt", ".idata"):
xrefs = idautils.CodeRefsTo(addr, False)
for xref in xrefs:
vul = self.check_fmt_function(name, xref)
if vul:
found.append(vul)
if found:
print("[!] Done! %d possible vulnerabilities found." % len(found))
ch = VulnChoose("Vulnerability", found, None, False)
ch.Show()
else:
print("[-] No format string vulnerabilities found.")
else:
return 0
return 1
def activate(self, ctx):
if self.action in ACTION_CONVERT:
# convert
selection, start, end = idaapi.read_selection()
if selection:
size = end - start
elif ItemSize(ScreenEA()) > 1:
start = ScreenEA()
size = ItemSize(start)
end = start + size
else:
return False
data = idaapi.get_many_bytes(start, size)
name = Name(start)
if not name:
name = "data"
if data:
print "\n[+] Dump 0x%X - 0x%X (%u bytes) :" % (start, end, size)
if self.action == ACTION_CONVERT[0]:
# escaped string
print '"%s"' % "".join("\\x%02X" % ord(b) for b in data)
elif self.action == ACTION_CONVERT[1]:
# hex string
print "".join("%02X" % ord(b) for b in data)
elif self.action == ACTION_CONVERT[2]:
# C array
output = "unsigned char %s[%d] = {" % (name, size)
for i in range(size):
if i % 16 == 0:
output += "\n "
output += "0x%02X, " % ord(data[i])
output = output[:-2] + "\n};"
print output
elif self.action == ACTION_CONVERT[3]:
# C array word
data += "\x00"
array_size = (size + 1) / 2
output = "unsigned short %s[%d] = {" % (name, array_size)
for i in range(0, size, 2):
if i % 16 == 0:
output += "\n "
output += "0x%04X, " % u16(data[i:i+2])
output = output[:-2] + "\n};"
print output
elif self.action == ACTION_CONVERT[4]:
# C array dword
data += "\x00" * 3
array_size = (size + 3) / 4
output = "unsigned int %s[%d] = {" % (name, array_size)
for i in range(0, size, 4):
if i % 32 == 0:
output += "\n "
output += "0x%08X, " % u32(data[i:i+4])
output = output[:-2] + "\n};"
print output
elif self.action == ACTION_CONVERT[5]:
# C array qword
data += "\x00" * 7
array_size = (size + 7) / 8
output = "unsigned long %s[%d] = {" % (name, array_size)
for i in range(0, size, 8):
if i % 32 == 0:
output += "\n "
output += "%#018X, " % u64(data[i:i+8])
output = output[:-2] + "\n};"
print output.replace("0X", "0x")
elif self.action == ACTION_CONVERT[6]:
# python list
print "[%s]" % ", ".join("0x%02X" % ord(b) for b in data)
elif self.action == ACTION_CONVERT[7]:
# python list word
data += "\x00"
print "[%s]" % ", ".join("0x%04X" % u16(data[i:i+2]) for i in range(0, size, 2))
elif self.action == ACTION_CONVERT[8]:
# python list dword
data += "\x00" * 3
print "[%s]" % ", ".join("0x%08X" % u32(data[i:i+4]) for i in range(0, size, 4))
elif self.action == ACTION_CONVERT[9]:
# python list qword
data += "\x00" * 7
print "[%s]" % ", ".join("%#018X" % u64(data[i:i+8]) for i in range(0, size, 8)).replace("0X", "0x")
elif self.action == ACTION_XORDATA:
selection, start, end = idaapi.read_selection()
if not selection:
if ItemSize(ScreenEA()) > 1:
start = ScreenEA()
end = start + ItemSize(start)
else:
return False
data = idaapi.get_many_bytes(start, end - start)
x = AskLong(0, "Xor with...")
if x:
x &= 0xFF
print "\n[+] Xor 0x%X - 0x%X (%u bytes) with 0x%02X:" % (start, end, end - start, x)
print repr("".join(chr(ord(b) ^ x) for b in data))
elif self.action == ACTION_FILLNOP:
selection, start, end = idaapi.read_selection()
if selection:
idaapi.patch_many_bytes(start, "\x90" * (end - start))
print "\n[+] Fill 0x%X - 0x%X (%u bytes) with NOPs" % (start, end, end - start)
elif self.action == ACTION_SCANVUL:
print "\n[+] Finding Format String Vulnerability..."
found = []
for addr in idautils.Functions():
name = GetFunctionName(addr)
if "printf" in name and "v" not in name and SegName(addr) in (".text", ".plt", ".idata"):
xrefs = idautils.CodeRefsTo(addr, False)
for xref in xrefs:
vul = self.check_fmt_function(name, xref)
if vul:
found.append(vul)
if found:
print "[!] Done! %d possible vulnerabilities found." % len(found)
ch = VulnChoose("Vulnerability", found, None, False)
ch.Show()
else:
print "[-] No format string vulnerabilities found."
else:
return 0
return 1
