def symbols(self, output_file_path=None):
"""
Run find for all SIG files in currently active project.
Show an IDA waitbox while doing so
:param output_file_path: optional, save found symbols into output file
:return: dictionary of found symbols
"""
self.verify_project()
results = {}
try:
ida_kernwin.show_wait_box('Searching...')
results = super(IdaLoader, self).symbols()
ida_kernwin.replace_wait_box('Extracting...')
ida_symbols = IdaLoader.extract_all_user_names(output_file_path)
results.update(ida_symbols)
except Exception as e:
traceback.print_exc()
finally:
ida_kernwin.hide_wait_box()
return results
def get_python_symbols(self, file_name=None):
"""
Run all python scripts inside the currently active project.
Show an IDA waitbox while doing so
:param file_name: filter a specific filename to execute
:return: dictionary of all found symbols
"""
ida_kernwin.replace_wait_box('Running python scripts...')
return super(IdaLoader, self).get_python_symbols(file_name=file_name)
def find(self, symbol_name, use_cache=False):
"""
Find symbol by name (as specified in SIG file)
Show an IDA waitbox while doing so
:param symbol_name: symbol name
:return: output address list
"""
ida_kernwin.replace_wait_box('Searching symbol: \'{}\'...'
.format(symbol_name))
return super(IdaLoader, self).find(symbol_name, use_cache=use_cache)
def _load_img_files(self, files):
self.anim = []
i = 1
ida_kernwin.show_wait_box("HIDECANCEL\nLoading files")
try:
for file in files:
ida_kernwin.replace_wait_box("Loading file %d/%d" %
(i, len(files)))
self.anim.append(QtGui.QPixmap(file))
i += 1
except:
print("Failed loading file %d/%d" % (i, len(files)))
finally:
ida_kernwin.hide_wait_box()
return
def update_wait_box(text):
"""update the IDA wait box"""
ida_kernwin.replace_wait_box("capa explorer...%s" % text)
# Note: this try/except block below is just there to
# let us (at Hex-Rays) test this script in various
# situations.
try:
perform_decompilation = under_test__perform_decompilation
except:
pass
step_sleep = 0.5
ida_kernwin.show_wait_box("Processing")
try:
all_eas = list(idautils.Functions())
neas = len(all_eas)
for i, ea in enumerate(all_eas):
if ida_kernwin.user_cancelled():
break
ida_kernwin.replace_wait_box("Processing; step %d/%d" % (i+1, neas))
if perform_decompilation:
try:
ida_hexrays.decompile(ida_funcs.get_func(ea))
except ida_hexrays.DecompilationFailure as df:
print("Decompilation failure: %s" % df)
time.sleep(step_sleep * random.random())
finally:
ida_kernwin.hide_wait_box()
def cb_btn_run(self):
if self.dotnet_version_full == "unknown":
ida_kernwin.warning(".NET Native framework could not be identified.\n"\
".NIET needs it to work properly.")
return
# self.dotnet_version_full[:3] is "major.minor"
if not self.dotnet_version_full[:3] in dotnet_versions_offsets:
ida_kernwin.warning(".NIET currently does not support %s, please "\
"create an issue.")
return
instance = dotNIET(self.dotnet_version_full[:3])
instance.get_modules_info()
# if "restore" is checked, everything else is greyed out
if self.cb_restore.checkState() == QtCore.Qt.Checked:
ida_kernwin.show_wait_box("HIDECANCEL\nClearing symbol names...")
for i in range(instance.nb_symbols):
# unset name of imports
idc.set_name(instance.ordinals + i * 8, "")
idaapi.msg("%d symbols removed!\n" % instance.nb_symbols)
else:
if self.dll_input_path.text() == "":
idaapi.msg(
"Error: \"SharedLibrary.dll\" path must be selected\n")
del instance
return
# target SharedLibrary.dll .NET framework version is asked to be checked
if self.cb_verify.checkState() == QtCore.Qt.Checked:
ida_kernwin.show_wait_box("HIDECANCEL\nVerifying target dll "\
".NET Native framework version...")
dll_dotnet_version_full = utils.get_NET_Native_version(
self.dll_input_path.text())
ida_kernwin.hide_wait_box()
if dll_dotnet_version_full == "unknown" \
or dll_dotnet_version_full != self.dotnet_version_full:
answer = ida_kernwin.ask_buttons("", "","", 1, "HIDECANCEL\n"\
"Target dll .NET Native "\
"framework version is '%s' "\
"whereas current binary one "\
"is '%s'.\nProceed anyway?" \
% (dll_dotnet_version_full,\
self.dotnet_version_full))
# "No" or "cancel/escape"
if not answer:
return
# getting target SharedLibrary.dll GUID to verify that the pdb does
# exist and is the right one
ida_kernwin.show_wait_box("HIDECANCEL\nGetting pdb information...")
if not utils.find_pdb(self.dll_input_path.text()):
ida_kernwin.hide_wait_box()
del instance
return
# everything is okay, ready to import
ida_kernwin.replace_wait_box("HIDECANCEL\nImporting symbols...")
instance.resolve_symbols(self.dll_input_path.text())
idaapi.msg("%d symbols imported at 0x%x\n" %
(instance.nb_symbols, instance.ordinals))
ida_kernwin.hide_wait_box()
del instance
