def resetHookedColors(self):
for key in self.idbHookMap:
entry = self.idbHookMap[key]
if entry.hook.type == "inst":
SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_Reset)
elif entry.hook.type == "func":
SetColor(entry.hook.id, CIC_FUNC, kIDAViewColor_Reset)
refresh_idaview_anyway()
def syncIdbHooks(self):
# install IDB hooks
for key in self.idbHookMap:
entry = self.idbHookMap[key]
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
if entry.hook.type == "inst":
SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_HookedInst)
elif entry.hook.type == "func":
SetColor(entry.hook.id, CIC_FUNC, kIDAViewColor_HookedFunc)
self.clientSocket.sendto(outJSON, self.clientAddress)
refresh_idaview_anyway()
def handleQuickFuncHook(self, address, once):
# safety checks, can be start of the function
if address in self.idbHookMap and self.idbHookMap[
address].hook.type == "inst":
dlg = AskYN(
0,
"Address contains instruction hook!\nDo you want to remove it?"
)
if dlg != 1:
return
# remove instruction hook
self.handleUnhookInst(address)
offset, moduleName = self.getAddressDetails(address)
hook = FuncHook()
hook.id = address
hook.symbol = get_func_name(address)
hook.address = offset
hook.module = moduleName
hook.once = once
entry = HookEntry(hook)
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
SetColor(address, CIC_FUNC, kIDAViewColor_HookedFunc)
refresh_idaview_anyway()
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[address] = entry
self.idbHooksView.setContent(self.idbHookMap)
def handleQuickInstHook(self, address, once, breakpoint=False):
# safety checks, can be start of the function
if address in self.idbHookMap and self.idbHookMap[
address].hook.type == "func":
dlg = AskYN(
0,
"Address contains function hook!\nDo you want to remove it?")
if dlg != 1:
return
# remove function hook
self.handleUnhookFunc(address)
offset, moduleName = self.getAddressDetails(address)
hook = InstHook()
hook.id = address
hook.mnemonic = GetDisasm(address)
hook.address = offset
hook.module = moduleName
hook.once = once
hook.breakpoint = breakpoint
entry = HookEntry(hook)
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst)
refresh_idaview_anyway()
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[address] = entry
self.idbHooksView.setContent(self.idbHookMap)
def handleReplaceFuncDel(self, screenEA = None):
if screenEA is not None:
func = get_func(screenEA)
else:
func = get_func(ScreenEA())
if func is None:
return
repl_id = func.startEA;
if repl_id not in self.funcReplaceMap:
return
entry = self.funcReplaceMap[repl_id]
outJSON = json.dumps({
"req_id": kFridaLink_DelReplaceRequest,
"data": entry.genDelRequest()
})
del self.funcReplaceMap[repl_id]
self.clientSocket.sendto(outJSON, self.clientAddress)
if entry.moduleImport == False:
SetColor(repl_id, CIC_FUNC, kIDAViewColor_Reset)
refresh_idaview_anyway()
self.funcReplaceView.setContent(self.funcReplaceMap)
def highlight_matches(self):
"""Highlight all the matches."""
for insts in self._matches_colors.itervalues():
for ea, color in insts.iteritems():
try:
set_color(ea, CIC_ITEM, ColorCore.rgb_to_bgr(color['new']))
except:
SetColor(ea, CIC_ITEM, ColorCore.rgb_to_bgr(color['new']))
def handleHookFuncCust(self, screenEA=None):
if screenEA is not None:
func = get_func(screenEA)
else:
func = get_func(ScreenEA())
if func is None:
return
address = func.startEA
# safety checks, can be start of the function
if address in self.idbHookMap and self.idbHookMap[
address].hook.type == "inst":
dlg = AskYN(
0,
"Address contains instruction hook!\nDo you want to remove it?"
)
if dlg != 1:
return
# remove instruction hook
self.handleUnhookInst(address)
offset, moduleName = self.getAddressDetails(address)
hookDlg = FunctionHookDialog(moduleName, "%X" % address,
get_func_name(address), None, None)
hookDlg.Compile()
hookDlg.script_enter.value = ""
hookDlg.script_leave.value = ""
ok = hookDlg.Execute()
if ok != 1:
return
hook = FuncHook()
hook.id = address
hook.symbol = get_func_name(address)
hook.address = offset
hook.module = moduleName
hook.once = True if hookDlg.trigger.value == 0 else False
hook.enterRecentSrcFile = hookDlg.recentScriptFileEnter
hook.enterScript = hookDlg.script_enter.value
hook.leaveRecentSrcFile = hookDlg.recentScriptFileLeave
hook.leaveScript = hookDlg.script_leave.value
entry = HookEntry(hook)
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
SetColor(address, CIC_FUNC, kIDAViewColor_HookedFunc)
refresh_idaview_anyway()
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[address] = entry
self.idbHooksView.setContent(self.idbHookMap)
def handleDebugContinue(self):
if self.clientSocket is None:
return
if self.debugBreakId is None:
return
outJSON = json.dumps({
"req_id": kFridaLink_DebugContinue,
})
self.clientSocket.sendto(outJSON, self.clientAddress)
if self.debugBreakId in self.idbHookMap:
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_HookedInst)
else:
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
self.debugBreakId = None
def handleDebugStepOver(self):
if self.clientSocket is None:
return
if self.debugBreakId is None:
return
cur_ea = self.debugBreakId
decode_insn(cur_ea)
next_ea = cur_ea + idaapi.cmd.size
if isCode(getFlags(next_ea)) == False:
return
entry = None
# remove current
if self.debugBreakId in self.idbHookMap:
entry = self.idbHookMap[self.debugBreakId]
outJSON = json.dumps({
"req_id": kFridaLink_DelHookRequest,
"data": entry.genDelRequest()
})
del self.idbHookMap[self.debugBreakId]
self.clientSocket.sendto(outJSON, self.clientAddress)
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
offset, moduleName = self.getAddressDetails(next_ea)
# install next
if entry == None:
hook = InstHook()
hook.id = next_ea
hook.once = once
hook.breakpoint = True
entry = HookEntry(hook)
entry.hook.id = next_ea
entry.hook.mnemonic = GetDisasm(next_ea)
entry.hook.address = offset
entry.hook.module = moduleName
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[next_ea] = entry
self.idbHooksView.setContent(self.idbHookMap)
self.handleDebugContinue()
def handleReplaceFunc(self, screenEA = None):
if screenEA is not None:
func = get_func(screenEA)
else:
func = get_func(ScreenEA())
if func is None:
return
address = func.startEA;
offset, moduleName = self.getAddressDetails(address)
replaceDlg = FunctionReplaceDialog(moduleName, "%X" % address, get_func_name(address), None)
replaceDlg.Compile()
replaceDlg.script.value = ""
ok = replaceDlg.Execute()
if ok != 1:
return
replace = FuncReplace()
replace.id = address
replace.symbol = get_func_name(address)
replace.address = offset
replace.module = moduleName
replace.moduleImport = False
replace.ret_type = "\'" + replaceDlg.ret_type.value + "\'"
replace.recentSrcFile = replaceDlg.recentScriptFile
replace.script = replaceDlg.script.value
replace.args_str = replaceDlg.args.value
replace.arg_types = ""
replace.arg_names = ""
if replace.args_str != "":
args_list = replace.args_str.split(",")
for arg in args_list:
arg_list = arg.split()
replace.arg_types += "\'" + arg_list[0] + "\', "
replace.arg_names += arg_list[1] + ", "
replace.arg_types = replace.arg_types[:-2]
replace.arg_names = replace.arg_names[:-2]
outJSON = json.dumps({
"req_id": kFridaLink_SetReplaceRequest,
"data": replace.genSetRequest()
})
SetColor(address, CIC_FUNC, kIDAViewColor_ReplacedFunc)
refresh_idaview_anyway()
self.clientSocket.sendto(outJSON, self.clientAddress)
self.funcReplaceMap[address] = replace
self.funcReplaceView.setContent(self.funcReplaceMap)
def handleReplaceResponse(self, response): repl_id = int(response['id'], 16) if repl_id not in self.funcReplaceMap: return entry = self.funcReplaceMap[repl_id] # unable to install hook if response['count'] == 0: if entry.moduleImport == False: SetColor(repl_id, CIC_FUNC, kIDAViewColor_Reset) refresh_idaview_anyway() del self.funcReplaceMap[repl_id] self.funcReplaceView.setContent(self.funcReplaceMap)
def handleHookInstCust(self, screenEA=None):
if screenEA is not None:
address = screenEA
else:
address = ScreenEA()
# safety checks, can be start of the function
if address in self.idbHookMap and self.idbHookMap[
address].hook.type == "func":
dlg = AskYN(
0,
"Address contains function hook!\nDo you want to remove it?")
if dlg != 1:
return
# remove function hook
self.handleUnhookFunc(address)
offset, moduleName = self.getAddressDetails(address)
hookDlg = InstructionHookDialog(moduleName, "%X" % address,
GetDisasm(address), None)
hookDlg.Compile()
hookDlg.script.value = ""
ok = hookDlg.Execute()
if ok != 1:
return
hook = InstHook()
hook.id = address
hook.mnemonic = GetDisasm(address)
hook.address = offset
hook.module = moduleName
hook.once = True if hookDlg.trigger.value == 0 else False
hook.recentScriptFile = hookDlg.recentScriptFile
hook.script = hookDlg.script.value
entry = HookEntry(hook)
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst)
refresh_idaview_anyway()
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[address] = entry
self.idbHooksView.setContent(self.idbHookMap)
def syncReplacedFuncs(self):
if self.clientSocket is None:
fl_log("FridaLink: Frida not connected\n");
return
for key in self.funcReplaceMap:
entry = self.funcReplaceMap[key]
outJSON = json.dumps({
"req_id": kFridaLink_SetReplaceRequest,
"data": entry.genSetRequest()
})
if entry.moduleImport == False:
SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_ReplacedFunc)
self.clientSocket.sendto(outJSON, self.clientAddress)
refresh_idaview_anyway()
def handleUnhookInst(self, screenEA=None):
if screenEA is not None:
address = screenEA
else:
address = ScreenEA()
if self.hookedInstruction(address) == False:
return
entry = self.idbHookMap[address]
outJSON = json.dumps({
"req_id": kFridaLink_DelHookRequest,
"data": entry.genDelRequest()
})
del self.idbHookMap[address]
self.clientSocket.sendto(outJSON, self.clientAddress)
SetColor(address, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
self.idbHooksView.setContent(self.idbHookMap)
def handleUnhookFunc(self, screenEA=None):
if screenEA is not None:
func = get_func(screenEA)
else:
func = get_func(ScreenEA())
if func is None:
return
address = func.startEA
if self.hookedFunction(address) == False:
return
entry = self.idbHookMap[address]
outJSON = json.dumps({
"req_id": kFridaLink_DelHookRequest,
"data": entry.genDelRequest()
})
del self.idbHookMap[address]
self.clientSocket.sendto(outJSON, self.clientAddress)
SetColor(address, CIC_FUNC, kIDAViewColor_Reset)
refresh_idaview_anyway()
self.idbHooksView.setContent(self.idbHookMap)
def resetReplacedColors(self): for key in self.funcReplaceMap: entry = self.funcReplaceMap[key] SetColor(entry.id, CIC_ITEM, kIDAViewColor_Reset) refresh_idaview_anyway()
def colorNode(self, node, color):
try:
set_color(node, CIC_ITEM, ColorCore.rgb_to_bgr(color))
except:
SetColor(node, CIC_ITEM, ColorCore.rgb_to_bgr(color))
def resetBreakColors(self):
if self.debugBreakId != None:
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset)
def handleHookResponse(self, platform, arch, response):
hook_id = int(response['id'], 16)
if hook_id in self.idbHookMap:
entry = self.idbHookMap[hook_id]
elif hook_id in self.importHookMap:
entry = self.importHookMap[hook_id]
# unable to install hook
if response['count'] == 0:
if entry.hook.type == "inst":
del self.idbHookMap[hook_id]
SetColor(hook_id, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
elif entry.hook.type == "func":
if entry.hook.moduleImport == False:
del self.idbHookMap[hook_id]
SetColor(hook_id, CIC_FUNC, kIDAViewColor_Reset)
refresh_idaview_anyway()
return
else:
del self.importHookMap[hook_id]
return
# get backtrace and CPU context
entry.setResponse(platform, arch, response)
# get memory dumps
for memory in response['memory']:
self.updateMemoryContent(memory['mem_id'], memory['content'])
# update backtrace content
entry.backtrace = self.processBacktrace(entry.backtrace)
if self.backtraceViews.hasView(entry.hook.id) == True:
self.backtraceViews.setContent(entry.hook.id, entry.backtrace)
# update CPU context content
if self.cpuContextViews.hasView(entry.hook.id) == True:
self.cpuContextViews.setContent(entry.hook.id, {
"arch": entry.arch,
"context": entry.cpu_ctx
})
# update stack content
if self.stackViews.hasView(entry.hook.id) == True:
self.stackViews.setContent(entry.hook.id, entry.stack)
# remove hook if 'once'
if entry.hook.once == True:
if entry.hook.type == "inst":
if entry.hook.breakpoint == True:
self.debugBreakId = hook_id
SetColor(hook_id, CIC_ITEM, kIDAViewColor_Break)
else:
SetColor(hook_id, CIC_ITEM, kIDAViewColor_Reset)
del self.idbHookMap[hook_id]
refresh_idaview_anyway()
self.idbHooksView.setContent(self.importHookMap)
elif entry.hook.type == "func":
if entry.hook.moduleImport == False:
SetColor(hook_id, CIC_FUNC, kIDAViewColor_Reset)
del self.idbHookMap[hook_id]
refresh_idaview_anyway()
self.idbHooksView.setContent(self.importHookMap)
else:
del self.importHookMap[hook_id]
self.importHooksView.setContent(self.importHookMap)
elif entry.hook.type == "inst" and entry.hook.breakpoint == True:
self.debugBreakId = hook_id
SetColor(hook_id, CIC_ITEM, kIDAViewColor_Break)
refresh_idaview_anyway()
# from PySide import QtGui, QtGui as QtWidgets, QtCore
# from PySide.QtCore import Qt
from PySide import QtGui as QtWidgets
except ImportError:
try:
# For IDA 6.9 and newer using PyQt5
# from PyQt5 import QtGui, QtWidgets, QtCore
# from PyQt5.QtCore import Qt
from PyQt5 import QtWidgets
except ImportError:
print 'Cannot import required Qt Modules'
info = get_inf_structure()
if info.is_64bit():
from mw_monitor.coverage_reader_64 import read_coverage
elif info.is_32bit():
from mw_monitor.coverage_reader_32 import read_coverage
fname = QtWidgets.QFileDialog.getOpenFileName(None, 'Open file',
'C:\\')
# Load the file with the coverage
f_in = open(fname[0], "rb")
cov = read_coverage(f_in)
print "Data read, painting blocks..."
for addr in cov:
for i in range(addr, addr + cov[addr]):
SetColor(i, CIC_ITEM, 0xc6e2ff)
f_in.close()