def zero_reg(self): reg = self.get_selected_reg() if not reg: return idc.set_reg_value(0, reg) self.reload_info()
def dec_reg(self): reg = self.get_selected_reg() if not reg: return val = dbg.to_uint(self.reg_vals[reg] - 1) idc.set_reg_value(val, reg) self.reload_info()
def toggle_value(self): reg = self.get_selected_reg() if not reg: return val = dbg.to_uint(~self.reg_vals[reg]) idc.set_reg_value(val, reg) self.reload_info()
def force_save_eip_generation(self, eip): if (eip == self.addr["writePrologue"] and self.save_eip): self.is_write_prologue_state = True elif (eip == self.addr["hasReachableExceptionsRet"] and self.save_eip and self.is_write_prologue_state): idc.set_reg_value(1, "EAX") self.is_write_prologue_state = False
def get_dbg_brk_linux32(): ''' Return the current brk value in the debugged process (only x86 Linux) ''' #TODO this method is so weird, find a unused address to inject code not the base address code = "" code += '\xb8-\x00\x00\x00' #mov eax, sys_brk ; 45 code += '1\xdb' #xor ebx, ebx code += '\xcd\x80' #int 0x80 eax = idc.get_reg_value("eax") ebx = idc.get_reg_value("ebx") eip = idc.get_reg_value("eip") efl = idc.get_reg_value("efl") base = idaapi.get_imagebase() #inj = idc.next_head(eip) #skip current instr inj = base save = idc.get_bytes(inj, len(code), use_dbg=True) for i in xrange(len(code)): idc.patch_dbg_byte(inj + i, ord(code[i])) #idc.MakeCode(inj) idc.set_reg_value(inj, "eip") idaapi.step_into() idc.GetDebuggerEvent(idc.WFNE_SUSP, -1) idaapi.step_into() idc.GetDebuggerEvent(idc.WFNE_SUSP, -1) idaapi.step_into() idc.GetDebuggerEvent(idc.WFNE_SUSP, -1) brk_res = idc.get_reg_value("eax") idc.set_reg_value(eax, "eax") idc.set_reg_value(ebx, "ebx") idc.set_reg_value(eip, "eip") idc.set_reg_value(efl, "efl") for i in xrange(len(save)): idc.patch_dbg_byte(inj + i, ord(save[i])) save = idc.get_bytes(inj, len(code), use_dbg=True) #idc.MakeCode(inj) return brk_res
def get_dbg_brk_linux64(): ''' Return the current brk value in the debugged process (only x86_64 Linux) ''' #TODO this method is so weird, find a unused address to inject code not the base address code = "" code += 'H\xc7\xc0\x0c\x00\x00\x00' #mov rax, sys_brk ; 12 code += 'H1\xff' #xor rdi, rdi code += '\x0f\x05' #syscall rax = idc.get_reg_value("rax") rdi = idc.get_reg_value("rdi") rip = idc.get_reg_value("rip") efl = idc.get_reg_value("efl") base = idaapi.get_imagebase() #inj = idc.next_head(rip) #skip current instr inj = base save = idc.get_bytes(inj, len(code), use_dbg=True) for i in xrange(len(code)): idc.patch_dbg_byte(inj + i, ord(code[i])) #idc.MakeCode(inj) idc.set_reg_value(inj, "rip") idaapi.step_into() idc.GetDebuggerEvent(idc.WFNE_SUSP, -1) idaapi.step_into() idc.GetDebuggerEvent(idc.WFNE_SUSP, -1) idaapi.step_into() idc.GetDebuggerEvent(idc.WFNE_SUSP, -1) brk_res = idc.get_reg_value("rax") idc.set_reg_value(rax, "rax") idc.set_reg_value(rdi, "rdi") idc.set_reg_value(rip, "rip") idc.set_reg_value(efl, "efl") for i in xrange(len(save)): idc.patch_dbg_byte(inj + i, ord(save[i])) save = idc.get_bytes(inj, len(code), use_dbg=True) #idc.MakeCode(inj) return brk_res
def modify_value(self): reg = self.get_selected_reg() if not reg: return reg_val = idc.get_reg_value(reg) b = idaapi.ask_str("0x%X" % reg_val, 0, "Modify register value") if b is not None: try: value = int(idaapi.str2ea(b)) idc.set_reg_value(value, reg) self.reload_info() if reg == dbg.registers.flags: self.reload_flags_view() except: idaapi.warning("Invalid expression")
def switch_value(self): lineno = self.GetLineNo() if lineno > len(dbg.registers.flags): return line = self.GetLine(lineno) line = idaapi.tag_remove(line[0]) flag = line[:4].strip() new_val = not self.flag_vals[flag] rc = idc.set_reg_value(int(new_val), flag) if not rc: idaapi.warning("Unable to update the register value") return self.parent.reload_view()
def __setattr__(self, name, value): #print "cpu.set(%s)" % name return idc.set_reg_value(value, name)
def set_reg_value(reg, value): if idaapi.IDA_SDK_VERSION <= 699: idc.SetRegValue(reg, value) else: idc.set_reg_value(reg, value)
def __setattr__(self, name, value): return idc.set_reg_value(value, name)
def set_reg(self, name, value): idc.set_reg_value(value, name)
def __call__(self): try: self.result = idc.set_reg_value(self.value, self.register) except Exception as e: l.debug("write_register exception %s" % (e)) self.exception = True