def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) var_type = ShallowScanVariable.check(hx_view.item) if var_type == "LOCAL": variable = hx_view.item.get_lvar() # lvar_t index = list(hx_view.cfunc.get_lvars()).index(variable) scanner = ShallowSearchVisitor(hx_view.cfunc, 0, index) elif var_type == "GLOBAL": variable = hx_view.item.it.to_specific_type name = idc.GetTrueName(variable.obj_ea) tinfo = variable.type scanner = ShallowSearchVisitor(hx_view.cfunc, 0, global_variable=(name, tinfo)) else: return scanner.process() structure = TemporaryStructureModel() for field in scanner.candidates: structure.add_row(field) tinfo = structure.get_recognized_shape() if tinfo: tinfo.create_ptr(tinfo) if var_type == "LOCAL": hx_view.set_lvar_type(variable, tinfo) elif var_type == "GLOBAL": idaapi.apply_tinfo2(variable.obj_ea, tinfo, idaapi.TINFO_DEFINITE) hx_view.refresh_view(True)
def ParseAMXNativeInfo(): ida_string = idautils.Strings() last_native = "" for string in ida_string: for native in natives: if (str(string) == native and last_native != native): last_native = native for xref in XrefsTo(string.ea): offset = xref.frm + 4 for native_addr in XrefsFrom(offset): # Rename native handler function n_NativeName idc.MakeNameEx(native_addr.to, "n_" + native, idc.SN_NOWARN) # Setup function prototype & automate setting the native's tinfo = idaapi.tinfo_t() ida_typeinf.guess_tinfo(native_addr.to, tinfo) funcdata = idaapi.func_type_data_t() tinfo.get_func_details(funcdata) tinfo2 = idaapi.tinfo_t() tinfo2.get_named_type(idaapi.get_idati(), "Native" + native + "Params") tinfo3 = idaapi.tinfo_t() tinfo3.create_ptr(tinfo2) if ( len(funcdata) ): # For some reason this is 0 for some natives with params? Not sure why... funcdata[len(funcdata) - 1].type = tinfo3 function_tinfo = idaapi.tinfo_t() function_tinfo.create_func(funcdata) idaapi.apply_tinfo2(native_addr.to, function_tinfo, idaapi.TINFO_DEFINITE)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) result = self.__extract_rename_info(hx_view.cfunc, hx_view.item) if result: func_tinfo, address, arg_index, name = result helper.set_func_arg_name(func_tinfo, arg_index, name) idaapi.apply_tinfo2(address, func_tinfo, idaapi.TINFO_DEFINITE) hx_view.refresh_view(True)
def commit(self): if self.name_modified: self.name_modified = False if self.address: idaapi.set_name(self.address, self.name) if self.tinfo_modified: self.tinfo_modified = False if self.address: idaapi.apply_tinfo2(self.address, self.tinfo.get_pointed_object(), idaapi.TINFO_DEFINITE)
def commit(self): addresses = self.addresses if self.name_modified: self.name_modified = False if len(addresses) == 1: idaapi.set_name(addresses[0], self.name) if self.tinfo_modified: self.tinfo_modified = False if len(addresses) == 1: idaapi.apply_tinfo2(addresses[0], self.tinfo.get_pointed_object(), idaapi.TINFO_DEFINITE)
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) result = self.check(hx_view.cfunc, hx_view.item) if result: func_tinfo, address, arg_index, name = result func_data = idaapi.func_type_data_t() func_tinfo.get_func_details(func_data) func_data[arg_index].name = name new_func_tinfo = idaapi.tinfo_t() new_func_tinfo.create_func(func_data) idaapi.apply_tinfo2(address, new_func_tinfo, idaapi.TINFO_DEFINITE)
def map_the_var(lhs_var, rhs_var, type_str_, vdui): if lhs_var == rhs_var: return False rhs_type = rhs_var.type() if lhs_var.accepts_type(rhs_type): if lhs_var.width < rhs_var.width: lhs_var, rhs_var = rhs_var, lhs_var if lhs_var.is_result_var or lhs_var.is_arg_var: lhs_var, rhs_var = rhs_var, lhs_var if (lhs_var.is_result_var or lhs_var.is_arg_var) and (rhs_var.is_result_var or rhs_var.is_arg_var): return False if lhs_var.name == rhs_var.name + "_": return False mapping_result = vdui.map_lvar(lhs_var, rhs_var) size_mismatch = is_size_mismatch(lhs_var, rhs_var) lhs_type = lhs_var.type() if not mapping_result: if not size_mismatch: print "failed to map %s = %s" % (lhs_var.name, rhs_var.name) pass if not lhs_var.has_user_name: vdui.rename_lvar(lhs_var, rhs_var.name + "_", True) else: if rhs_type != lhs_type: print "%s = %s" % (type_str( lhs_type, lhs_var.name), type_str(rhs_type, rhs_var.name)) else: print "%s = %s" % (lhs_var.name, rhs_var.name) if size_mismatch: print "lhs: %d rhs: %d" % (lhs_var.width, rhs_var.width) if lhs_var.width < rhs_var.width: __int64 = simple_type(5) if rhs_type == __int64: cfunc_type = vdui.cfunc.type unsigned_int = simple_type(0x27) print "%s swap" % cfunc_type.swap(unsigned_int) print idaapi.apply_tinfo2(vdui.cfunc.entry_ea, cfunc_type, idaapi.TINFO_DEFINITE) else: print "oh... %s" % rhs_type.dstr() else: assert not size_mismatch if type_str_: print "rhs was cast from %s" % type_str_ return True else: print "incompatible types" return False
def activate(self, ctx): vu = idaapi.get_tform_vdui(ctx.form) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) del_arg = vu.item.get_lvar() # lvar_t function_details.erase(filter(lambda x: x.name == del_arg.name, function_details)[0]) function_tinfo.create_func(function_details) idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) if function_details.rettype.equals_to(const.VOID_TINFO): function_details.rettype = idaapi.tinfo_t(const.PVOID_TINFO) else: function_details.rettype = idaapi.tinfo_t(idaapi.BT_VOID) function_tinfo.create_func(function_details) idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) del_arg = vu.item.get_lvar() function_details.erase( [x for x in function_details if x.name == del_arg.name][0]) function_tinfo.create_func(function_details) idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def fixFuncType(ea): funcEa = GetFunctionAttr(ea, FUNCATTR_START) cfunc = idaapi.decompile(funcEa) old_func_type = idaapi.tinfo_t() cfunc.get_func_type(old_func_type) fi = idaapi.func_type_data_t() if old_func_type.get_func_details(fi): if (fi.cc == idaapi.CM_CC_SPECIAL) or ( fi.cc == idaapi.CM_CC_SPECIALE) or (fi.cc == idaapi.CM_CC_SPECIALP): fi.cc = idaapi.CM_CC_FASTCALL new_func_type = idaapi.tinfo_t() new_func_type.create_func(fi) idaapi.apply_tinfo2(funcEa, new_func_type, idaapi.TINFO_DEFINITE)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) cfunc = hx_view.cfunc if not self._can_be_scanned(cfunc, hx_view.item): return obj = api.ScanObject.create(cfunc, hx_view.item) tmp_struct = TemporaryStructureModel() visitor = NewShallowSearchVisitor(cfunc, 0, obj, tmp_struct) visitor.process() tinfo = tmp_struct.get_recognized_shape() if tinfo: tinfo.create_ptr(tinfo) if obj.id == api.SO_LOCAL_VARIABLE: hx_view.set_lvar_type(obj.lvar, tinfo) elif obj.id == api.SO_GLOBAL_OBJECT: idaapi.apply_tinfo2(obj.obj_ea, tinfo, idaapi.TINFO_DEFINITE) hx_view.refresh_view(True)
def activate(self, ctx): # ctx - action_activation_ctx_t vu = idaapi.get_tform_vdui(ctx.form) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) convention = idaapi.CM_CC_MASK & function_details.cc if convention == idaapi.CM_CC_CDECL: function_details.cc = idaapi.CM_CC_SPECIAL elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL, idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL): function_details.cc = idaapi.CM_CC_SPECIALP elif convention == idaapi.CM_CC_ELLIPSIS: function_details.cc = idaapi.CM_CC_SPECIALE else: return function_tinfo.create_func(function_details) idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def _rename_function(self, function_ea, class_name, instance_ptr_ea): # type: (int, str, int) -> None i = 0 function_name = "%s::__auto%d" % (class_name, i) while not idc.MakeNameEx(function_ea, function_name, idaapi.SN_NOWARN): i += 1 function_name = "%s::__auto%d" % (class_name, i) func_tinfo = idaapi.tinfo_t() if not idaapi.get_tinfo2(function_ea, func_tinfo): return arg_tinfo = idaapi.tinfo_t() idaapi.get_tinfo2(instance_ptr_ea, arg_tinfo) func_data = idaapi.func_type_data_t() func_tinfo.get_func_details(func_data) func_data[0].type = arg_tinfo new_func_tinfo = idaapi.tinfo_t() new_func_tinfo.create_func(func_data) idaapi.apply_tinfo2(function_ea, new_func_tinfo, idaapi.TINFO_DEFINITE)
def remove_rettype(vu): if vu.item.citype == idaapi.VDI_FUNC: # current function ea = vu.cfunc.entry_ea old_func_type = idaapi.tinfo_t() if not vu.cfunc.get_func_type(old_func_type): return False elif vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr( ) and vu.item.e.type.is_funcptr(): # call xxx ea = vu.item.get_ea() old_func_type = idaapi.tinfo_t() func = idaapi.get_func(ea) if func: try: cfunc = idaapi.decompile(func) except idaapi.DecompilationFailure: return False if not cfunc.get_func_type(old_func_type): return False else: return False else: return False fi = idaapi.func_type_data_t() if ea != idaapi.BADADDR and old_func_type.get_func_details(fi): # Return type is already void if fi.rettype.is_decl_void(): # Restore ret type if ea not in ret_type: return True ret = ret_type[ea] else: # Save ret type and change it to void ret_type[ea] = fi.rettype ret = idaapi.BT_VOID # Create new function info with new rettype fi.rettype = idaapi.tinfo_t(ret) # Create new function type with function info new_func_type = idaapi.tinfo_t() new_func_type.create_func(fi) # Apply new function type if idaapi.apply_tinfo2(ea, new_func_type, idaapi.TINFO_DEFINITE): return vu.refresh_view(True) return False
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) ri = self.extract_recast_info(hx_view.cfunc, hx_view.item) if not ri: return 0 if isinstance(ri, RecastLocalVariable): hx_view.set_lvar_type(ri.local_variable, ri.recast_tinfo) elif isinstance(ri, RecastGlobalVariable): idaapi.apply_tinfo2(ri.global_variable_ea, ri.recast_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastArgument): if ri.recast_tinfo.is_array(): ri.recast_tinfo.convert_array_to_ptr() helper.set_func_argument(ri.func_tinfo, ri.arg_idx, ri.recast_tinfo) idaapi.apply_tinfo2(ri.func_ea, ri.func_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastReturn): cfunc = helper.decompile_function(ri.func_ea) if not cfunc: return 0 func_tinfo = idaapi.tinfo_t() cfunc.get_func_type(func_tinfo) helper.set_func_return(func_tinfo, ri.recast_tinfo) idaapi.apply_tinfo2(cfunc.entry_ea, func_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastStructure): tinfo = idaapi.tinfo_t() tinfo.get_named_type(idaapi.cvar.idati, ri.structure_name) ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, ri.structure_name) if ordinal == 0: return 0 udt_member = idaapi.udt_member_t() udt_member.offset = ri.field_offset * 8 idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member) if udt_member.offset != ri.field_offset * 8: print("[Info] Can't handle with arrays yet") elif udt_member.type.get_size() != ri.recast_tinfo.get_size(): print("[Info] Can't recast different sizes yet") else: udt_data = idaapi.udt_type_data_t() tinfo.get_udt_details(udt_data) udt_data[idx].type = ri.recast_tinfo tinfo.create_udt(udt_data, idaapi.BTF_STRUCT) tinfo.set_numbered_type(idaapi.cvar.idati, ordinal, idaapi.NTF_REPLACE, ri.structure_name) else: raise NotImplementedError hx_view.refresh_view(True) return 0
def remove_rettype(self, vu): if vu.item.citype == idaapi.VDI_FUNC: # current function ea = vu.cfunc.entry_ea old_func_type = idaapi.tinfo_t() if not vu.cfunc.get_func_type(old_func_type): return False elif vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr() and vu.item.e.type.is_funcptr(): # call xxx ea = vu.item.get_ea() old_func_type = idaapi.tinfo_t() func = idaapi.get_func(ea) if func: try: cfunc = idaapi.decompile(func) except idaapi.DecompilationFailure: return False if not cfunc.get_func_type(old_func_type): return False else: return False else: return False fi = idaapi.func_type_data_t() if ea != idaapi.BADADDR and old_func_type.get_func_details(fi): # Return type is already void if fi.rettype.is_decl_void(): # Restore ret type if ea not in self.ret_type: return True ret = self.ret_type[ea] else: # Save ret type and change it to void self.ret_type[ea] = fi.rettype ret = idaapi.BT_VOID # Create new function info with new rettype fi.rettype = idaapi.tinfo_t(ret) # Create new function type with function info new_func_type = idaapi.tinfo_t() new_func_type.create_func(fi) # Apply new function type if idaapi.apply_tinfo2(ea, new_func_type, idaapi.TINFO_DEFINITE): return vu.refresh_view(True) return False
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) result = self.check(hx_view.cfunc, hx_view.item) if result: if result[0] == RECAST_LOCAL_VARIABLE: tinfo, lvar = result[1:] if hx_view.set_lvar_type(lvar, tinfo): hx_view.refresh_view(True) elif result[0] == RECAST_GLOBAL_VARIABLE: tinfo, address = result[1:] if idaapi.apply_tinfo2(address, tinfo, idaapi.TINFO_DEFINITE): hx_view.refresh_view(True) elif result[0] == RECAST_ARGUMENT: arg_index, func_tinfo, arg_tinfo, address = result[1:] func_data = idaapi.func_type_data_t() func_tinfo.get_func_details(func_data) func_data[arg_index].type = arg_tinfo new_func_tinfo = idaapi.tinfo_t() new_func_tinfo.create_func(func_data) if idaapi.apply_tinfo2(address, new_func_tinfo, idaapi.TINFO_DEFINITE): hx_view.refresh_view(True) elif result[0] == RECAST_RETURN: return_type, func_address = result[1:] try: cfunc = idaapi.decompile( func_address) if func_address else hx_view.cfunc except idaapi.DecompilationFailure: print "[ERROR] Ida failed to decompile function" return function_tinfo = idaapi.tinfo_t() cfunc.get_func_type(function_tinfo) func_data = idaapi.func_type_data_t() function_tinfo.get_func_details(func_data) func_data.rettype = return_type function_tinfo.create_func(func_data) if idaapi.apply_tinfo2(cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE): hx_view.refresh_view(True) elif result[0] == RECAST_STRUCTURE: structure_name, field_offset, new_type = result[1:] tinfo = idaapi.tinfo_t() tinfo.get_named_type(idaapi.cvar.idati, structure_name) ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, structure_name) if ordinal: udt_member = idaapi.udt_member_t() udt_member.offset = field_offset * 8 idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member) if udt_member.offset != field_offset * 8: print "[Info] Can't handle with arrays yet" elif udt_member.type.get_size() != new_type.get_size(): print "[Info] Can't recast different sizes yet" else: udt_data = idaapi.udt_type_data_t() tinfo.get_udt_details(udt_data) udt_data[idx].type = new_type tinfo.create_udt(udt_data, idaapi.BTF_STRUCT) tinfo.set_numbered_type(idaapi.cvar.idati, ordinal, idaapi.NTF_REPLACE, structure_name) hx_view.refresh_view(True)