def on_add_module (self, event):
        '''
        Load a PIDA module into memory.
        '''

        dlg = wx.FileDialog(                                    \
            self,                                               \
            message     = "Select PIDA module",                 \
            defaultDir  = os.getcwd(),                          \
            defaultFile = "",                                   \
            wildcard    = "*.PIDA",                             \
            style       = wx.OPEN | wx.CHANGE_DIR | wx.MULTIPLE \
        )

        if dlg.ShowModal() != wx.ID_OK:
            return

        for path in dlg.GetPaths():
            try:
                module_name = path[path.rfind("\\")+1:path.rfind(".pida")].lower()

                if self.top.pida_modules.has_key(module_name):
                    self.top.err("Module %s already loaded ... skipping." % module_name)
                    continue

                # deprecated - replaced by progress dialog.
                #busy = wx.BusyInfo("Loading %s ... stand by." % module_name)
                #wx.Yield()

                start  = time.time()
                module = pida.load(path, progress_bar="wx")

                if not module:
                    self.top.msg("Loading of PIDA module '%s' cancelled by user." % module_name)
                    return

                else:
                    self.top.pida_modules[module_name] = module
                    self.top.msg("Loaded PIDA module '%s' in %.2f seconds." % (module_name, round(time.time() - start, 3)))

                # determine the function and basic block counts for this module.
                function_count    = len(self.top.pida_modules[module_name].nodes)
                basic_block_count = 0

                for function in self.top.pida_modules[module_name].nodes.values():
                    basic_block_count += len(function.nodes)

                idx = len(self.top.pida_modules) - 1
                self.InsertStringItem(idx, "")
                self.SetStringItem(idx, 0, "%d" % function_count)
                self.SetStringItem(idx, 1, "%d" % basic_block_count)
                self.SetStringItem(idx, 2, module_name)

                self.SetColumnWidth(2, wx.LIST_AUTOSIZE)
            except:
                self.top.err("FAILED LOADING MODULE: %s. Possibly corrupt or version mismatch?" % module_name)
                if self.top.pida_modules.has_key(module_name):
                    del(self.top.pida_modules[module_name])
Example #2
0
    def on_add_module (self, event):
        '''
        Load a PIDA module into memory.
        '''

        dlg = wx.FileDialog(                                    \
            self,                                               \
            message     = "Select PIDA module",                 \
            defaultDir  = os.getcwd(),                          \
            defaultFile = "",                                   \
            wildcard    = "*.PIDA",                             \
            style       = wx.OPEN | wx.CHANGE_DIR | wx.MULTIPLE \
        )

        if dlg.ShowModal() != wx.ID_OK:
            return

        for path in dlg.GetPaths():
            try:
                module_name = path[path.rfind("\\")+1:path.rfind(".pida")].lower()

                if self.top.pida_modules.has_key(module_name):
                    self.top.err("Module %s already loaded ... skipping." % module_name)
                    continue

                # deprecated - replaced by progress dialog.
                #busy = wx.BusyInfo("Loading %s ... stand by." % module_name)
                #wx.Yield()

                start  = time.time()
                module = pida.load(path, progress_bar="wx")

                if not module:
                    self.top.msg("Loading of PIDA module '%s' cancelled by user." % module_name)
                    return

                else:
                    self.top.pida_modules[module_name] = module
                    self.top.msg("Loaded PIDA module '%s' in %.2f seconds." % (module_name, round(time.time() - start, 3)))

                # determine the function and basic block counts for this module.
                function_count    = len(self.top.pida_modules[module_name].nodes)
                basic_block_count = 0

                for function in self.top.pida_modules[module_name].nodes.values():
                    basic_block_count += len(function.nodes)

                idx = len(self.top.pida_modules) - 1
                self.InsertStringItem(idx, "")
                self.SetStringItem(idx, 0, "%d" % function_count)
                self.SetStringItem(idx, 1, "%d" % basic_block_count)
                self.SetStringItem(idx, 2, module_name)

                self.SetColumnWidth(2, wx.LIST_AUTOSIZE)
            except:
                self.top.err("FAILED LOADING MODULE: %s. Possibly corrupt or version mismatch?" % module_name)
                if self.top.pida_modules.has_key(module_name):
                    del(self.top.pida_modules[module_name])
    # remove the breakpoint once we've hit it.
    pydbg.bp_del(exception_address)

    return DBG_CONTINUE

########################################################################################################################

udraw = utils.udraw_connector()
udraw.set_command_handler("node_double_click", udraw_node_double_click)

# thread out the udraw connector message loop.
thread.start_new_thread(udraw.message_loop, (None, None))

start = time.time()
print "loading vonage.exe.pida ...",
vonage = pida.load("vonage.exe.pida")
print "done. completed in %.02f seconds." % (time.time() - start)

dbg = pydbg()
dbg.set_callback(EXCEPTION_BREAKPOINT, breakpoint_handler)
for (pid, proc) in dbg.enumerate_processes():
    if proc.lower().startswith("x-pro-vonage"):
        break

if not proc.lower().startswith("x-pro-vonage"):
    print "vonage not found"
    sys.exit(1)

dbg.attach(pid)

bps = [function.ea_start for function in vonage.nodes.values() if not function.is_import]
Example #4
0
#!c:\\python\\python.exe

import sys
import pida

graphs = []

try:
    mod_name = sys.argv[1]
    entry_point = int(sys.argv[2], 16)
except:
    print "USAGE: module_graphs.py <mod_name> <any function address>"
    sys.exit(1)

print "analyzing %s from entry point 0x%08x" % (mod_name, entry_point)
mod = pida.load(mod_name, progress_bar="ascii")
print

# create the main down graph from the entry point.
main_graph = mod.graph_down(entry_point)
print "%d of %d nodes in main graph" % (len(main_graph.nodes), len(mod.nodes))

# add it to the list of graphs.
graphs.append(main_graph)

# step through every function in the module.
for func_ea in mod.functions.keys():
    # if this function address exists in any known downgraphs, then continue
    found = False
    for graph in graphs:
        if func_ea in graph.nodes.keys():
Example #5
0
    pydbg.bp_del(exception_address)

    return DBG_CONTINUE


########################################################################################################################

udraw = utils.udraw_connector()
udraw.set_command_handler("node_double_click", udraw_node_double_click)

# thread out the udraw connector message loop.
thread.start_new_thread(udraw.message_loop, (None, None))

start = time.time()
print "loading vonage.exe.pida ...",
vonage = pida.load("vonage.exe.pida")
print "done. completed in %.02f seconds." % (time.time() - start)

dbg = pydbg()
dbg.set_callback(EXCEPTION_BREAKPOINT, breakpoint_handler)
for (pid, proc) in dbg.enumerate_processes():
    if proc.lower().startswith("x-pro-vonage"):
        break

if not proc.lower().startswith("x-pro-vonage"):
    print "vonage not found"
    sys.exit(1)

dbg.attach(pid)

bps = [
Example #6
0
    def load_module(self, module_name):
        '''
        Load the specified module into the tree.
        '''
        dlg = wx.FileDialog(                                    \
            self,                                               \
            message     = "Select PIDA module",                 \
            defaultDir  = os.getcwd(),                          \
            defaultFile = "",                                   \
            wildcard    = "*.PIDA",                             \
            style       = wx.OPEN | wx.CHANGE_DIR | wx.MULTIPLE \
        )

        if dlg.ShowModal() != wx.ID_OK:
            return

        for path in dlg.GetPaths():

            module_name = path[path.rfind("\\") +
                               1:path.rfind(".pida")].lower()

            if self.top.pida_modules.has_key(module_name):
                self.top.err("Module %s already loaded ... skipping." %
                             module_name)
                continue

            busy = wx.BusyInfo("Loading module ... stand by.")
            wx.Yield()

            start = time.time()

            #if they want to diff a new module remove the current module
            if self.root_module != None:
                del self.top.pida_modules[self.module_name]
                self.remove_module()

            self.top.pida_modules[module_name] = pida.load(path)

            #if we are tree a then we load the module name into module_a_name and visa versa
            if self.ctrl_name == "A":
                self.top.module_a_name = module_name
            else:
                self.top.module_b_name = module_name

            #set the current module name
            self.module_name = module_name

            tree_module = self.AppendItem(self.root, module_name)

            self.root_module = tree_module

            self.SetPyData(tree_module, self.top.pida_modules[module_name])
            self.SetItemImage(tree_module, self.icon_folder,
                              wx.TreeItemIcon_Normal)
            self.SetItemImage(tree_module, self.icon_folder_open,
                              wx.TreeItemIcon_Expanded)

            sorted_functions = [
                f.id
                for f in self.top.pida_modules[module_name].nodes.values()
                if not f.is_import
            ]
            sorted_functions.sort()

            for func_key in sorted_functions:
                #add our extension into the loaded module
                self.top.pida_modules[module_name].nodes[func_key].ext[
                    "PAIMEIDiffFunction"] = PAIMEIDiffFunction.PAIMEIDiffFunction(
                        self.top.pida_modules[module_name].nodes[func_key],
                        self.top.pida_modules[module_name], self.top)
                function = self.top.pida_modules[module_name].nodes[func_key]
                tree_function = self.AppendItem(
                    tree_module,
                    "%08x - %s" % (function.ea_start, function.name))
                self.SetPyData(
                    tree_function,
                    self.top.pida_modules[module_name].nodes[func_key])
                self.SetItemImage(tree_function, self.icon_folder,
                                  wx.TreeItemIcon_Normal)
                self.SetItemImage(tree_function, self.icon_folder_open,
                                  wx.TreeItemIcon_Expanded)

                sorted_bbs = function.nodes.keys()
                sorted_bbs.sort()

            self.Expand(self.root)
            self.top.msg(
                "Loaded %d function(s) in PIDA module '%s' in %.2f seconds." %
                (len(self.top.pida_modules[module_name].nodes), module_name,
                 round(time.time() - start, 3)))
    def load_module (self, module_name):
        '''
        Load the specified module into the tree.
        '''
        dlg = wx.FileDialog(                                    \
            self,                                               \
            message     = "Select PIDA module",                 \
            defaultDir  = os.getcwd(),                          \
            defaultFile = "",                                   \
            wildcard    = "*.PIDA",                             \
            style       = wx.OPEN | wx.CHANGE_DIR | wx.MULTIPLE \
        )
        
        if dlg.ShowModal() != wx.ID_OK:
            return

        for path in dlg.GetPaths():

            module_name = path[path.rfind("\\")+1:path.rfind(".pida")].lower()
            
            if self.top.pida_modules.has_key(module_name):
                self.top.err("Module %s already loaded ... skipping." % module_name)
                continue
    
            busy = wx.BusyInfo("Loading module ... stand by.")
            wx.Yield()
            
            start = time.time()
       
            #if they want to diff a new module remove the current module
            if self.root_module != None:
                del self.top.pida_modules[self.module_name]
                self.remove_module()
                
            self.top.pida_modules[module_name] = pida.load(path)
            
            #if we are tree a then we load the module name into module_a_name and visa versa
            if self.ctrl_name == "A":
                self.top.module_a_name = module_name
            else:
                self.top.module_b_name = module_name
                
            #set the current module name
            self.module_name = module_name
            
            tree_module = self.AppendItem(self.root, module_name)
            
            self.root_module = tree_module
            
            self.SetPyData(tree_module, self.top.pida_modules[module_name])
            self.SetItemImage(tree_module, self.icon_folder,      wx.TreeItemIcon_Normal)
            self.SetItemImage(tree_module, self.icon_folder_open, wx.TreeItemIcon_Expanded)
        
            sorted_functions = [f.id for f in self.top.pida_modules[module_name].nodes.values() if not f.is_import]
            sorted_functions.sort()
        
            for func_key in sorted_functions:
                #add our extension into the loaded module
                self.top.pida_modules[module_name].nodes[func_key].ext["PAIMEIDiffFunction"] = PAIMEIDiffFunction.PAIMEIDiffFunction(self.top.pida_modules[module_name].nodes[func_key], self.top.pida_modules[module_name], self.top)
                function = self.top.pida_modules[module_name].nodes[func_key]
                tree_function = self.AppendItem(tree_module, "%08x - %s" % (function.ea_start, function.name))
                self.SetPyData(tree_function, self.top.pida_modules[module_name].nodes[func_key])
                self.SetItemImage(tree_function, self.icon_folder,      wx.TreeItemIcon_Normal)
                self.SetItemImage(tree_function, self.icon_folder_open, wx.TreeItemIcon_Expanded)
                
                sorted_bbs = function.nodes.keys()
                sorted_bbs.sort()
        

            self.Expand(self.root)
            self.top.msg("Loaded %d function(s) in PIDA module '%s' in %.2f seconds." % (len(self.top.pida_modules[module_name].nodes), module_name, round(time.time() - start, 3)))
Example #8
0
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with this program; if not, write to the Free
# Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

"""
@author:       Pedram Amini
@license:      GNU General Public License 2.0 or later
@contact:      [email protected]
@organization: www.openrce.org
"""

import time
import pida

pida_name = AskFile(0, GetInputFile() + ".pida", "Load PIDA file from?")

if not pida_name:
    Warning("Cancelled.")
else:
    start = time.time()
    print "Loading %s" % pida_name
    module = pida.load(pida_name, progress_bar="ascii")
    print "Done. Completed in %f seconds." % round(time.time() - start, 3)
        #
        # ENSURE UDRAW IS PRESENT
        #
        
        if not udraw:
            continue

        # if we haven't already loaded the specified module, do so now.
        if not modules.has_key(module):
            for name in os.listdir("."):
                name = name.lower()

                if name.startswith(module) and name.endswith(".pida"):
                    start = time.time()
                    print "loading %s ..." % name
                    modules[module] = pida.load(name, progress_bar="ascii")
                    print "done. completed in %.02f" % (time.time() - start)

        # if the module wasn't found, ignore the command.
        if not modules.has_key(module):
            continue

        module  = modules[module]
        ea      = module.base + offset

        # determine which function the address lies in.
        function = module.find_function(ea)

        if not function:
            print "unrecognized address: %08x" % ea
            continue
Example #10
0
#
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with this program; if not, write to the Free
# Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
'''
@author:       Pedram Amini
@license:      GNU General Public License 2.0 or later
@contact:      [email protected]
@organization: www.openrce.org
'''

import time
import pida

pida_name = AskFile(0, GetInputFile() + ".pida", "Load PIDA file from?")

if not pida_name:
    Warning("Cancelled.")
else:
    start = time.time()
    print "Loading %s" % pida_name
    module = pida.load(pida_name, progress_bar="ascii")
    print "Done. Completed in %f seconds." % round(time.time() - start, 3)
Example #11
0
        #
        # ENSURE UDRAW IS PRESENT
        #

        if not udraw:
            continue

        # if we haven't already loaded the specified module, do so now.
        if not modules.has_key(module):
            for name in os.listdir("."):
                name = name.lower()

                if name.startswith(module) and name.endswith(".pida"):
                    start = time.time()
                    print "loading %s ..." % name
                    modules[module] = pida.load(name, progress_bar="ascii")
                    print "done. completed in %.02f" % (time.time() - start)

        # if the module wasn't found, ignore the command.
        if not modules.has_key(module):
            continue

        module = modules[module]
        ea = module.base + offset

        # determine which function the address lies in.
        function = module.find_function(ea)

        if not function:
            print "unrecognized address: %08x" % ea
            continue