def __init__(self, masterGraph, function_data={}):
self.provider = ida.IDA()
self.masterGraph = masterGraph
if function_data == {}:
self.function_data = {}
else:
self.function_data = function_data
def __init__(self, options):
self.segname = options['segment_name']
self.size = options['segment_size']
self.provider = ida.IDA()
self.memhandle = StringIO()
done = False
# (name, start, end)
segs = segment.getSegsInfo()
for s in segs:
# if our segment is already present, use it
if self.segname == s[0]:
print "[*] fs.py: found an existing segment, using it."
# start address
self.addr = s[1]
eof = self.get_eof()
if eof == 0:
done = True
break
# the EOF is the first 4 bytes
# seek to the actual data
ea = self.addr + 4
# get the data
bytes = ""
for i in xrange(0, eof):
bytes += chr(self.provider.getByte(ea))
ea += 1
self.memhandle.write(bytes)
self.memhandle.seek(0)
# save the new size
self.EOF = len(bytes)
self.save_eof()
done = True
break
# otherwise, make a new one
if done == False:
print "[*] fs.py: didn't find an existing segment, making a new one."
self.addr = segment.alloc(self.size, self.segname)
self.EOF = 0
self.save_eof()
zipfs = ZipFile(self.memhandle, mode='w')
zipfs.close()
self.memhandle.seek(0)
def __init__(self, options):
self.provider = ida.IDA()
# show splash screen
#
# this will only really be shown when toolbag is loaded for the first time
# as when we initialize our PluginForm-subclassed object (UI), it wipes it
if options['show_splash']:
splash_image = options[
'ida_user_dir'] + os.sep + "rsrc" + os.sep + "splash.png"
pixmap = QtGui.QPixmap(splash_image)
splash = QtGui.QSplashScreen(pixmap)
splash.show()
if options['file_system_type'] == 'netnode':
from fs_nn import FS
elif options['file_system_type'] == 'segment':
from fs import FS
else:
print "[!] Invalid 'file_system_type' specified in the config options"
return
# file system must be initialized first as db requires it
self.filesystem = FS(options)
print '[*] __init__.py: loading DB file from disk'
# try to see if its on disk already
try:
fh = open(options['full_file_name'], 'rb')
dbfile = fh.read()
fh.close()
self.db = DB(options, create=False, existing=dbfile)
except:
print "[!] Unable to load the database file on disk at %s" % options[
'full_file_name']
print "[*] Creating a new database file on disk"
self.db = DB(options, create=True)
self.reftree = RefTree.RefTree(self.db)
self.ui = UI(self.reftree, self.filesystem, self.db, options)
self.ui.global_hook = self
self.retvals = {}
self.ui.Show("Toolbag")
if options['show_splash']:
try:
_script = __import__("utils")
except Exception as detail:
print detail
def ZadowHigh(self):
from idautils import XrefsFrom
from idaapi import fl_CN as call_near, fl_CF as call_far
from providers import ida
provider = ida.IDA()
startEA = provider.funcStart(provider.currentEA())
endEA = provider.funcEnd(provider.currentEA())
all_addresses = list(provider.iterInstructions(startEA, endEA))
all_addresses.extend(provider.iterFuncChunks(startEA))
all_addresses = list(set(all_addresses))
for head in all_addresses:
for xref in XrefsFrom(head):
if xref.type == call_near or xref.type == call_far:
provider.setColor(head, 0x0000FF)
provider.refreshView()
def __init__(self, analyzer, options):
self.options = options
self.analyzer = analyzer
self.provider = ida.IDA()
def __init__(self, options):
self.options = options
self.provider = ida.IDA()
def __init__(self, options, create=True, existing=None):
self.provider = ida.IDA()
if create:
# create the DB
print "[*] db.py: Creating a new DB file"
db = store.sqlite3.connect(options['full_file_name'])
#db.isolation_level =
self.db_obj = db
store.driver.sqlite.Deploy(db).create()
# mutes the pesky sqlite messages
tmp = sys.stderr
sys.stderr = StringIO()
session = store.driver.sqlite.Session(db,0)
my_store = store.Store(session)
sys.stderr = tmp
all_funcs = database.functions()
opt = {}
opt['database'] = my_store
self.store = my_store
proc = self.provider.getArch()
if proc == "pc":
# XXX: hackish way to fix a crap ton of stuff...
start = self.provider.segByBase(self.provider.segByName(".text"))
end = self.provider.segEnd(self.provider.segByBase(self.provider.segByName(".text")))
succeeded = 0
for instr in self.provider.iterInstructions(start, end):
disasm = self.provider.getDisasm(instr)
tokens = disasm.split(" ")
res = []
for t in tokens:
if len(t) != 0:
res.append(t)
prologues = [['mov', 'edi,', 'edi'], ['push', 'ebp'], ['push', 'rbp']]
if res in prologues and instr not in all_funcs:
try:
prev_ea = self.provider.prevItem(instr, instr-0x20)
if prev_ea not in all_funcs:
if options['verbosity'] > 2:
print "[!] Attempting to create a function at 0x%08x" % instr
ret = self.provider.makeFunc(instr)
else:
continue
if ret:
if options['verbosity'] > 2:
print "[*] Successfully made new function at 0x%08x" % instr
succeeded += 1
except Exception as detail:
print detail
pass
elif "dup(90h)" in disasm:
if options['verbosity'] > 2:
print "Found dup at 0x%08x" % instr
try:
next_ea = self.provider.nextItem(instr, instr+0x20)
if next_ea not in all_funcs:
ret = self.provider.nextItem(next_ea, 0xFFFFFFFF)
else:
continue
if not ret and (next_ea in database.functions()) :
if options['verbosity'] > 2:
print "[*] Successfully made new function at 0x%08x" % next_ea
succeeded += 1
except:
pass
if succeeded != 0:
print "[*] Successfully created %d new functions" % succeeded
print "[*] There are %d funtions to process" % len(all_funcs)
failed = 0
succeeded = 0
for i in xrange(0, len(all_funcs)):
i_actual = i+1
ea = all_funcs[i]
if ((i_actual % 250 == 0) or (i == len(all_funcs)-1)):
print "[*] db.py: Processing 0x%08x (%d of %d)" % (ea, i_actual, len(all_funcs))
analyza = analyze_xrefs(opt)
collecta = collector(analyza, opt)
try:
collecta.go(ea)
succeeded += 1
except ValueError as detail:
failed += 1
if options['verbosity'] > 2:
print "0x%08x - failed to process node, %s" % (ea, detail)
opt['database'].commit()
print "[*] Failed to process %d functions" % failed
print "[*] Successfully processed %d functions" % succeeded
# now loop imports
segs = list(self.provider.getSegments())
if proc in ["arm", "ppc", "mips"]:
idata = "extern"
elif proc == "pc":
idata = ".idata"
for s in segs:
if self.provider.segName(s) == idata:
start = s
end = self.provider.segEnd(s)
for head in self.provider.iterData(start, end):
opt['database'].address(head)['name'] = self.provider.getName(head)
xrefs_to = database.cxup(head)
for x in xrefs_to:
try:
xref_top = function.top(x)
except ValueError:
continue
context = opt['database'].c(xref_top)
context.address(x).edge((head, head))
self.commit()
else:
db = store.sqlite3.connect(options['full_file_name'])
self.db_obj = db
# mutes the pesky sqlite messages
tmp = sys.stderr
sys.stderr = StringIO()
session = store.driver.sqlite.Session(db,0)
sys.stderr = tmp
my_store = store.Store(session)
self.store = my_store
# highlight_calls.py
#
# for public release, 2012
#
# Aaron Portnoy
from providers import ida
provider = ida.IDA()
startEA = provider.funcStart(provider.currentEA())
endEA = provider.funcEnd(provider.currentEA())
all_addresses = list(provider.iterInstructions(startEA, endEA))
all_addresses.extend(provider.iterFuncChunks(startEA))
all_addresses = list(set(all_addresses))
for head in all_addresses:
disasm = provider.getDisasm(head)
if disasm.startswith("call"):
provider.setColor(head, 0x0000FF)
provider.refreshView()
def __init__(self, options):
self.options = options
self.provider = ida.IDA()
self.function_data = {}
self.proc = self.provider.getArch()
self.jmp_mnem = ""
if self.proc == "pc":
self.call_mnem = "call"
self.jmp_mnem = "jmp"
elif self.proc == "arm" or self.proc == "ppc":
self.call_mnem = "bl"
elif self.proc == "mips":
self.call_mnem = "jalr"
all_funcs = database.functions()
if self.proc == "pc":
# XXX: hackish way to fix a crap ton of stuff...
start = self.provider.segByBase(self.provider.segByName(".text"))
end = self.provider.segEnd(
self.provider.segByBase(self.provider.segByName(".text")))
succeeded = 0
for instr in self.provider.iterInstructions(start, end):
disasm = self.provider.getDisasm(instr)
tokens = disasm.split(" ")
res = []
for t in tokens:
if len(t) != 0:
res.append(t)
prologues = [['mov', 'edi,', 'edi'], ['push', 'ebp'],
['push', 'rbp']]
if res in prologues and instr not in all_funcs:
try:
prev_ea = self.provider.prevItem(instr, instr - 0x20)
if prev_ea not in all_funcs:
if options['verbosity'] > 2:
print "[!] Attempting to create a function at 0x%08x" % instr
ret = self.provider.makeFunc(instr)
else:
continue
if ret:
if options['verbosity'] > 2:
print "[*] Successfully made new function at 0x%08x" % instr
succeeded += 1
except Exception as detail:
pass
elif "dup(90h)" in disasm:
if options['verbosity'] > 2:
print "Found dup at 0x%08x" % instr
try:
next_ea = self.provider.nextItem(instr, instr + 0x20)
if next_ea not in all_funcs:
ret = self.provider.nextItem(next_ea, 0xFFFFFFFF)
else:
continue
if not ret and (next_ea in database.functions()):
if options['verbosity'] > 2:
print "[*] Successfully made new function at 0x%08x" % next_ea
succeeded += 1
except:
pass
if succeeded != 0:
print "[*] Successfully created %d new functions" % succeeded
print "[*] There are %d functions to process" % len(all_funcs)
failed = 0
succeeded = 0
for i in xrange(0, len(all_funcs)):
i_actual = i + 1
ea = all_funcs[i]
if ((i_actual % 250 == 0) or (i == len(all_funcs) - 1)):
print "[*] RefTree.py: Processing 0x%08x (%d of %d)" % (
ea, i_actual, len(all_funcs))
props = analysis.properties(ea)
func_props = props.funcProps()
try:
self.add_func(ea, func_props)
succeeded += 1
except Exception as detail:
raise
except ValueError as detail:
failed += 1
if options['verbosity'] > 2:
print "0x%08x - failed to process node, %s" % (ea, detail)
print "[*] Failed to process %d functions" % failed
print "[*] Successfully processed %d functions" % succeeded
# now loop imports
segs = list(self.provider.getSegments())
if self.proc in ["arm", "ppc", "mips"]:
idata = "extern"
elif self.proc == "pc":
idata = ".idata"
for s in segs:
if self.provider.segName(s) == idata:
start = s
end = self.provider.segEnd(s)
for head in self.provider.iterData(start, end):
try:
self.add_func(head)
except Exception:
raise