def rename(self, name=None): """ Renames (and comments) the string variable in IDA. :param str name: New name to given encoded string. (defaults to decoded_string) """ name = name or self.display_name if not name: logger.warning( "Unable to rename encoded string due to no decoded string: {!r}" .format(self)) return # Add comment comment = '"{}"'.format(name[:self._MAX_COMMENT_LENGTH]) if len(name) > self._MAX_COMMENT_LENGTH: comment += " (truncated)" if self.string_location is not None: idc.set_cmt(self.string_location, comment, 1) if self.string_reference is not None: idc.set_cmt(self.string_reference, comment, 1) if self.dest is not None: idc.set_cmt(self.dest, comment, 1) # Set variable name # To follow IDA conventions, the decoded string itself will be prefixed with 'a' # If a destination was provided, don't include any prefix, because this # is usually for resolved API functions. name = name[:self._MAX_NAME_LENGTH] if self.string_location is not None: ida_name.force_name(self.string_location, "a" + name) if self.dest is not None: ida_name.force_name(self.dest, name)
def rename(self, name=None): """ Renames (and comments) the string variable in IDA. :param str name: New name to given encoded string. (defaults to decoded_string) """ name = name or self.display_name if not name: logger.warning( 'Unable to rename encoded string due to no decoded string: {!r}'.format(self)) return # Add comment comment = '"{}"'.format(name[:self._MAX_COMMENT_LENGTH]) if len(name) > self._MAX_COMMENT_LENGTH: comment += ' (truncated)' if self.string_location is not None: idc.set_cmt(self.string_location, comment, 1) if self.string_reference is not None: idc.set_cmt(self.string_reference, comment, 1) if self.dest is not None: idc.set_cmt(self.dest, comment, 1) # Set variable name name = name[:self._MAX_NAME_LENGTH] if self.string_location is not None: ida_name.force_name(self.string_location, name) if self.dest is not None: ida_name.force_name(self.dest, '_dest_' + name)
def rename(self, name=None): """ Renames (and comments) the string variable in IDA. :param str name: New name to given encoded string. (defaults to decoded_string) """ name = name or self.display_name if not name: logger.warning( "Unable to rename encoded string due to no decoded string: {!r}".format( self ) ) # Set name and comment in stack variable. comment = '"{}"'.format(name[: self._MAX_COMMENT_LENGTH]) if len(name) > self._MAX_COMMENT_LENGTH: comment += " (truncated)" if self.frame_id and self.stack_offset: idc.set_member_cmt(self.frame_id, self.stack_offset, comment, repeatable=1) var_name = re.sub( "[^_$?@0-9A-Za-z]", "_", name[: self._MAX_NAME_LENGTH] ) # Replace invalid characters if not var_name: raise ValueError("Unable to calculate var_name for : {!r}".format(self)) var_name = "a" + var_name.capitalize() idc.set_member_name(self.frame_id, self.stack_offset, var_name) if self.dest is not None: ida_name.force_name(self.dest, name) # Add a comment where the string is being used. if self.string_reference: idc.set_cmt(self.string_reference, comment, 1)
def paste_highlight_name(): ea = get_ea_from_highlight() if ea != idaapi.BADADDR: name = clip_text() if name: if not ida_name.force_name(ea, name): name = ida_name.validate_name(name, ida_name.VNT_IDENT) if not ida_name.force_name(ea, name): plg_print("FAILED to set name '%s' to 0x%X" % (name, ea)) return False plg_print("Set name '%s' to 0x%X" % (name, ea)) return True else: plg_print("Clipboard is empty") else: plg_print("Invalid ea to paste") return False
def rename(self, name=None): """ Renames (and comments) the string variable in IDA. :param str name: New name to given encoded string. (defaults to decoded_string) """ name = name or self.display_name if not name: logger.warning( "Unable to rename encoded string due to no decoded string: {!r}".format( self ) ) return # Add comment comment = '"{}"'.format(name[: self._MAX_COMMENT_LENGTH]) if len(name) > self._MAX_COMMENT_LENGTH: comment += " (truncated)" if self.string_location is not None: idc.set_cmt(self.string_location, comment, 1) if self.string_reference is not None: idc.set_cmt(self.string_reference, comment, 1) if self.dest is not None: idc.set_cmt(self.dest, comment, 1) # Set variable name # To follow IDA conventions, the decoded string itself will be prefixed with 'a' # If a destination was provided, don't include any prefix, because this # is usually for resolved API functions. name = name[: self._MAX_NAME_LENGTH] if self.string_location is not None: ida_name.force_name(self.string_location, "a" + name) if self.dest is not None: # IDA will sometimes type API function pointers based on code analysis, and it's generic. Unsetting the # type before the rename will cause IDA to properly type API functions if the type is known from the # loaded type libraries. idc.SetType(self.dest, '') ida_name.force_name(self.dest, name)
def rename(self, new_name): """ Attempts to apply new_name to the object at <ea>. If more than one object starts at <ea>, the largest object will be renamed. If that name already exists, let IDA resolve the collision and then return that name. If new_name is "", reset the name to IDA's default. :param str new_name: The desired new name for the function. :return str: The name that ended up getting set (unless no name was set, then return None). """ if new_name == '': if idaapi.set_name(self.start_ea, new_name): return idaapi.get_name(self.function_obj.start_ea) else: logger.warning('Failed to reset name at 0x%X' % self.start_ea) elif ida_name.force_name(self.start_ea, new_name): self.name = idaapi.get_name(self.start_ea) if self.name != new_name: logger.info('IDA changed name "%s" to "%s"' % (new_name, self.name)) return self.name else: logger.warning('Failed to rename at 0x%X' % self.start_ea)
def load_file(f, neflags, format): f.seek(0) ida_idp.set_processor_type("metapc", ida_idp.SETPROC_LOADER) MGROUPStart = 0 magic = f.read(2) if magic == MZ_HEADER_MAGIC: f.seek(0x22) MGROUPStart = DW(f) * 16 f.seek(MGROUPStart) magic = f.read(2) headerSize = DW(f) segmentDataAlignment = DW(f) nextExeOff = DD(f) SegDataOff = DD(f) f.file2base(MGROUPStart, 0, SegDataOff, True) ida_segment.add_segm(0, 0, 0x50, "HEADER", "MODULE") f.seek(MGROUPStart + 2) headerSize = rnDW(f, "headerSize", MGROUPStart) segmentDataAlignment = rnDW(f, "segmentDataAlignment", MGROUPStart) nextExeOff = rnDD(f, "nextExeOff", MGROUPStart) SegDataOff = rnDD(f, "SegDataOff", MGROUPStart) ResDataOff = rnDD(f, "ResDataOff", MGROUPStart) flags = rnDW(f, "flags", MGROUPStart) version = rnDB(f, "version", MGROUPStart) revision = rnDB(f, "revision", MGROUPStart) AutoDataSegNo = rnDW(f, "AutoDataSegNo", MGROUPStart) HeapSize = rnDW(f, "HeapSize", MGROUPStart) StackSize = rnDW(f, "StackSize", MGROUPStart) StartProc = rnDD(f, "StartProc", MGROUPStart) LoadProc = rnDD(f, "LoadProc", MGROUPStart) FreeProc = rnDD(f, "FreeProc", MGROUPStart) nSegments = rnDW(f, "nSegments", MGROUPStart) pSegTable = rnDW(f, "pSegTable", MGROUPStart) cbResTab = rnDW(f, "cbResTab", MGROUPStart) pResTab = rnDW(f, "pResTab", MGROUPStart) cbEntTab = rnDW(f, "cbEntTab", MGROUPStart) pEntTab = rnDW(f, "pEntTab", MGROUPStart) cbNamTab = rnDW(f, "cbNamTab", MGROUPStart) pNamTab = rnDW(f, "pNamTab", MGROUPStart) cbStrTab = rnDW(f, "cbStrTab", MGROUPStart) pStrTab = rnDW(f, "pStrTab", MGROUPStart) cbNRNamTab = rnDW(f, "cbNRNamTab", MGROUPStart) pNRNamTab = rnDW(f, "pNRNamTab", MGROUPStart) ida_segment.add_segm(0, pSegTable, pSegTable + (nSegments * SEG_STRUCT_SIZE), "SEGTABLE", "MODULE") ida_segment.add_segm(0, pResTab, pResTab + cbResTab, "RESOURCES", "MODULE") ida_segment.add_segm(0, pEntTab, pEntTab + cbEntTab, "ENTTABLE", "MODULE") ida_segment.add_segm(0, pNamTab, pNamTab + cbNamTab, "ENTNAME", "MODULE") ida_segment.add_segm(0, pStrTab, pStrTab + cbStrTab, "IMPORTS", "MODULE") ida_segment.add_segm(0, pNRNamTab, pNRNamTab + cbNRNamTab, "NRENTNAME", "MODULE") #parse segtable segentsid = defSEGENT() base = SegDataOff // 16 importCount = 0 for i in range(nSegments): segEntStart = pSegTable + i * SEG_STRUCT_SIZE ida_bytes.create_struct(segEntStart, SEG_STRUCT_SIZE, segentsid) segStart = ida_bytes.get_word(segEntStart + 2) segLen = ida_bytes.get_word(segEntStart + 4) segImports = ida_bytes.get_word(segEntStart + 6) importCount += segImports f.file2base(MGROUPStart + SegDataOff + segStart * 16, SegDataOff + segStart * 16, SegDataOff + (segStart + segLen) * 16, True) segBase = (base + segStart) * 16 #segmentDef = ida_segment.segment_t() #segmentDef.start_ea = segBase #segmentDef.end_ea = (base+segStart+segLen)*16 #ida_segment.set_selector() print(base + segStart) ida_segment.add_segm(base + segStart, segBase, (base + segStart + segLen) * 16, "", "", 0) sel = ida_segment.find_selector(base + segStart) seg = ida_segment.getseg(segBase) ida_segment.set_segm_addressing(seg, 0) segtable[i] = seg segimportstable[i] = segImports if i + 1 == AutoDataSegNo: ida_segment.set_segm_name(seg, "DATA", 0) ida_segment.set_segm_class(seg, "DATA", 0) dataSel = sel else: ida_segment.set_segm_name(seg, "TEXT", 0) ida_segment.set_segm_class(seg, "CODE", 0) if AutoDataSegNo == 0: dataSel = sel ida_segregs.set_default_dataseg(dataSel) #parse enttable pENT = pEntTab currord = 1 while pENT < pEntTab + cbEntTab: bundleCount = ida_bytes.get_byte(pENT) bundleFlags = ida_bytes.get_byte(pENT + 1) if bundleCount == 0 and bundleFlags == 0: break pENT += 2 for i in range(bundleCount): if bundleFlags == 0xFF: ordFlags = ida_bytes.get_byte(pENT) if ordFlags & 0x80: toexport.append(currord) segNo = ida_bytes.get_byte(pENT + 3) segOff = ida_bytes.get_word(pENT + 4) enttable[currord] = (segtable[segNo - 1].start_ea // 16, segOff) pENT += 6 else: ordFlags = ida_bytes.get_byte(pENT) if ordFlags & 0x80: toexport.append(currord) segOff = ida_bytes.get_word(pENT + 1) enttable[currord] = (segtable[bundleFlags - 1].start_ea // 16, segOff) pENT += 3 currord += 1 modulename = readPASSTR(pNamTab) make_entry(StartProc, modulename + "_start") make_entry(LoadProc, modulename + "_load") make_entry(FreeProc, modulename + "_free") #export named ordinals namedordtable = loadExportsF(f) for i in toexport: if i in namedordtable: name = namedordtable[i] else: name = "Ordinal" + str(i) (base, off) = enttable[i] addr = base * 16 + off ida_entry.add_entry(i, addr, name, 1) #process imports ida_segment.add_segm(0xF000, 0xF0000, 0xF0000 + importCount * 2, "IMPORTS", "XTRN", 0) import_ea = 0xF0000 for seg in segtable: segend = segtable[seg].end_ea f.seek(MGROUPStart + segend) for i in range(segimportstable[seg]): count = DB(f) mode = DB(f) relocStart = DW(f) module = DW(f) proc = DW(f) if (module == 0xFFFF): (base, off) = enttable[proc] else: modulestr = readPASSTR(pStrTab + module) if (proc & 0x8000) != 0: # read by ord ordinal = proc & 0x7FFF procname = modulestr + "_Ordinal" + str(ordinal) if not modulestr in importedmodules: if os.path.isfile(modulestr + ".EXE"): importedmodules[modulestr] = loadExports( modulestr + ".EXE") else: filename = ida_kernwin.ask_file( 0, modulestr + ".EXE", "Select file to name exports") if filename is not None and os.path.isfile( filename): importedmodules[modulestr] = loadExports( filename) else: importedmodules[modulestr] = None if modulestr in importedmodules and ( importedmodules[modulestr] is not None ) and ordinal in importedmodules[modulestr]: procname = importedmodules[modulestr][ordinal] else: procname = readPASSTR(pStrTab + proc) ida_bytes.create_data(import_ea, ida_bytes.FF_WORD, 2, ida_idaapi.BADADDR) ida_name.force_name(import_ea, procname) ida_bytes.set_cmt(import_ea, "Imported from " + modulestr, 1) base = 0xF000 off = import_ea - 0xF0000 import_ea += 2 for xx in range(count): next = ida_bytes.get_word(segtable[seg].start_ea + relocStart) if mode == 0x20: ida_bytes.put_word(segtable[seg].start_ea + relocStart + 2, base) ida_bytes.put_word(segtable[seg].start_ea + relocStart, off) elif mode == 0x10: ida_bytes.put_word(segtable[seg].start_ea + relocStart, off) elif mode == 0x0: ida_bytes.put_word(segtable[seg].start_ea + relocStart, base) relocStart = next #print "import %d: seg %d mode %s count %d relocStart %s module %s proc %s" % (i, seg, hex(mode), count, hex(relocStart), modulestr, hex(proc)) return 1
def NameCanonical(f, mod_name, func_name): n = "%s_%s_%08x" % (mod_name, func_name, f) print("Renaming %s to %s\n" % (idc.get_func_name(f), n)) ida_name.force_name(f, n)
def name(self, value): if force_name(self.__ea, value) != 1: print("force_name(0x%X, '%s') has failed" % (self.__ea, value))