def run(self):
for ref in self.func.xrefs:
self.log(4, "[-] checking near " + hex(ref))
self.parseArgs(ref)
self.debugCtrl.start()
self.log(1, "[*] debugger launched")
if (self.func.runUntilEA['end'] !=
BADADDR) and (self.func.runUntilEA['start'] != BADADDR):
idc.SetRegValue(self.func.runUntilEA['start'], 'EIP')
idc.RunTo(self.func.runUntilEA['end'])
self.decRes = None
self.decRes = {}
for ref in self.func.xrefs:
try:
arg = self.params[ref]
except:
self.log(3,
"[-!] Couldn't find arg, skipping call at 0x%x" % ref)
continue
try:
if (self.execute(ref, arg) == -1):
break
except Exception, e:
kprint("Exception!! @decryptor:run, ", e)
pass
def signalClient(self, norev=False):
start_eip = idc.GetRegValue(self.PC)
#print('signalClient eip was at 0x%x, then after rev 1 0x%x call setAndDisable string is %s' % (start_eip, eip, simicsString))
if norev:
idaapi.step_into()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.printRegJson()");')
try:
regs = json.loads(simicsString)
except:
print('failed to get regs from %s' % simicsString)
return
for reg in regs:
r = str(reg.upper())
if r == 'EFLAGS':
r = 'EFL'
#print('set %s to 0x%x' % (r, regs[reg]))
idc.SetRegValue(regs[reg], r)
idc.RefreshDebuggerMemory()
new_eip = idc.GetRegValue(self.PC)
#print('signalClient back from cont new_eip is 0x%x' % new_eip)
if new_eip >= self.kernel_base:
print('in kernel, run to user')
self.updateStackTrace()
def zero_reg(self):
reg = self.get_selected_reg()
if not reg:
return
idc.SetRegValue(0, reg)
self.reload_info()
def dec_reg(self):
reg = self.get_selected_reg()
if not reg:
return
val = dbg.to_uint(self.reg_vals[reg] - 1)
idc.SetRegValue(val, reg)
self.reload_info()
def PreFunctionCall(self, function):
'''
Configure architecture-specific pre-requisites before calling a function.
Called internally by Application.Call.
@function - The address of the function to call.
Returns None.
'''
if self.cpu.has_key('callreg'):
idc.SetRegValue(function, self.cpu['callreg'])
def __reg_value(self, reg, value=None):
if value is not None:
if reg.startswith('*'):
idc.DbgWrite(idc.GetRegValue(reg[1:]), self.ToString(value))
else:
idc.SetRegValue(value, reg)
if reg.startswith('*'):
return idc.DbgDword(idc.GetRegValue(reg[1:]))
else:
return idc.GetRegValue(reg)
def switch_value(self):
lineno = self.GetLineNo()
if lineno > len(dbg.registers.flags):
return
line = self.GetLine(lineno)
line = idaapi.tag_remove(line[0])
flag = line[:4].strip()
new_val = not self.flag_vals[flag]
rc = idc.SetRegValue(int(new_val), flag)
if not rc:
idaapi.warning("Unable to update the register value")
return
self.parent.reload_view()
def to_dbg(self, found_state):
if type(found_state) == StateManager:
return self.to_dbg(found_state.state)
for key in self.symbolics:
try:
if key in load_project().arch.registers:
r = found_state.solver.eval(self.symbolics[key][0],
cast_to=int)
idc.SetRegValue(r, key)
else:
r = found_state.solver.eval(self.symbolics[key][0],
cast_to=str)
for i in xrange(len(r)):
idc.PatchByte(key + i, ord(r[i]))
except Exception as ee:
print " >> failed to write %s to debugger" % key
def modify_value(self):
reg = self.get_selected_reg()
if not reg:
return
reg_val = idc.GetRegValue(reg)
b = idc.AskStr("0x%X" % reg_val, "Modify register value")
if b is not None:
try:
value = int(idaapi.str2ea(b))
idc.SetRegValue(value, reg)
self.reload_info()
if reg == dbg.registers.flags:
self.reload_flags_view()
except:
idaapi.warning("Invalid expression")
def __setattr__(self, name, value):
#print "cpu.set(%s)" % name
return idc.SetRegValue(value, name)
def set_reg_value(reg, value):
if idaapi.IDA_SDK_VERSION <= 699:
idc.SetRegValue(reg, value)
else:
idc.set_reg_value(reg, value)
def set(name, value):
return idc.SetRegValue(value, name)
