def main():
clist = build_color_list()
filepath = idaapi.askfile_c(False, "*.*", "Pin log file")
imagebase = idaapi.get_imagebase()
try:
f = open(filepath, "rb")
except:
print("Need log file to parse data...")
return
buff = f.read()
functions = set()
for index in range(0, len(buff)):
exec_count = ord(buff[index])
if exec_count == 0:
continue
exec_count = exec_count / 10
if exec_count > 11: exec_count = 11
ida_color = clist[exec_count]
if (not (idc.GetFunctionName(imagebase + index) in functions)):
func = idc.GetFunctionName(imagebase + index)
print "hit @ 0x%08x function %s" % (imagebase + index, func)
functions.add(func)
idc.SetColor(imagebase + index, CIC_ITEM, ida_color)
def main():
clist = build_color_list();
filepath = idaapi.askfile_c(False, "*.*", "Pin log file");
imagebase = idaapi.get_imagebase();
try:
f = open(filepath, "rb");
except:
print("Need log file to parse data...");
return;
buff = f.read();
functions = set()
for index in range(0, len(buff)):
exec_count = ord(buff[index]);
if exec_count == 0:
continue;
exec_count = exec_count / 10;
if exec_count > 11: exec_count = 11;
ida_color = clist[exec_count];
if (not (idc.GetFunctionName(imagebase+index) in functions)):
func = idc.GetFunctionName(imagebase+index)
print "hit @ 0x%08x function %s"%(imagebase+index, func)
functions.add(func)
idc.SetColor(imagebase + index, CIC_ITEM, ida_color);
def capture_graph():
path = idaapi.askfile_c(1, 'graph.png', 'Save Graph...')
if not path:
return
image = grab_graph()
try:
image.save(path, format='PNG')
except:
import traceback
traceback.print_exc()
def DetectDOTExe(self): self.DOTExe = None for file in self.DOTExeList: if os.path.exists( file ): self.DOTExe = file break if not self.DOTExe: self.DOTExe = idaapi.askfile_c(1,"*.exe","Select dot.exe file"); if not self.DOTExe: print "You need to install Graphviz. Download from http://graphviz.org"
def DetectDOTExe(self):
self.DOTExe = None
for file in self.DOTExeList:
if os.path.exists(file):
self.DOTExe = file
break
if not self.DOTExe:
self.DOTExe = idaapi.askfile_c(1, "*.exe", "Select dot.exe file")
if not self.DOTExe:
print "You need to install Graphviz. Download from http://graphviz.org"
def ask_user(default_path):
while True:
bap_path = idaapi.askfile_c(False, default_path, 'Path to bap')
if bap_path is None:
if confirm('Are you sure you don\'t want to set path?'):
return None
else:
continue
if not bap_path.endswith('bap'):
if not confirm("Path does not end with bap. Confirm?"):
continue
if not os.path.isfile(bap_path):
if not confirm("Path does not point to a file. Confirm?"):
continue
return bap_path
def ask_user(default_path):
while True:
bap_path = idaapi.askfile_c(False, default_path, 'Path to bap')
if bap_path is None:
if confirm('Are you sure you don\'t want to set path?'):
return None
else:
continue
if not bap_path.endswith('bap'):
if not confirm("Path does not end with bap. Confirm?"):
continue
if not os.path.isfile(bap_path):
if not confirm("Path does not point to a file. Confirm?"):
continue
return bap_path
def LoadInstructionData(self):
global x86InstructionData
if x86InstructionData == None:
path = os.path.realpath(__file__)
path = path[:path.rfind(os.path.sep)+1] + "instructionsDICT.data"
print path
if path == "":
print
path = idaapi.askfile_c(1, "instructionsDICT.data", "Go to optimice dir and select instructionsDICT file")
fp = open(path, "rb")
data = fp.read()
x86InstructionData = pickle.loads(zlib.decompress(data))
fp.close()
def main():
filepath = idaapi.askfile_c(False, "*.*", "Pin log file");
imagebase = idaapi.get_imagebase();
try:
f = open(filepath, "rb");
except:
print("Need log file to parse data...");
return;
buff = f.read();
ida_color = 0xFFFFFFFF;
for index in range(0, len(buff)):
exec_count = ord(buff[index]);
if exec_count == 0:
continue;
exec_count = exec_count / 10;
if exec_count > 11: exec_count = 11;
idc.SetColor(imagebase + index, CIC_ITEM, ida_color);
def config_path():
if config.get('bap_executable_path') is not None:
return
default_bap_path = ''
from subprocess import check_output, CalledProcessError
import os
try:
default_bap_path = check_output(['which', 'bap']).strip()
except (OSError, CalledProcessError) as e:
# Cannot run 'which' command OR
# 'which' could not find 'bap'
try:
default_bap_path = os.path.join(
check_output(['opam', 'config', 'var', 'bap:bin']).strip(),
'bap'
)
except OSError:
# Cannot run 'opam'
pass
if not default_bap_path.endswith('bap'):
default_bap_path = ''
def confirm(msg):
from idaapi import askyn_c, ASKBTN_CANCEL, ASKBTN_YES
return askyn_c(ASKBTN_CANCEL, msg) == ASKBTN_YES
while True:
bap_path = idaapi.askfile_c(False, default_bap_path, 'Path to bap')
if bap_path is None:
if confirm('Are you sure you don\'t want to set path?'):
return
else:
continue
if not bap_path.endswith('bap'):
if not confirm("Path does not end with bap. Confirm?"):
continue
if not os.path.isfile(bap_path):
if not confirm("Path does not point to a file. Confirm?"):
continue
break
config.set('bap_executable_path', bap_path)
def LoadInstructionData(self):
global x86InstructionData
if x86InstructionData == None:
path = os.path.realpath(__file__)
path = path[:path.rfind(os.path.sep) + 1] + "instructionsDICT.data"
print path
if path == "":
print
path = idaapi.askfile_c(
1, "instructionsDICT.data",
"Go to optimice dir and select instructionsDICT file")
fp = open(path, "rb")
data = fp.read()
x86InstructionData = pickle.loads(zlib.decompress(data))
fp.close()
def config_path():
if config.get('bap_executable_path') is not None:
return
default_bap_path = ''
from subprocess import check_output, CalledProcessError
import os
try:
default_bap_path = check_output(['which', 'bap']).strip()
except (OSError, CalledProcessError) as e:
# Cannot run 'which' command OR
# 'which' could not find 'bap'
try:
default_bap_path = os.path.join(
check_output(['opam', 'config', 'var', 'bap:bin']).strip(),
'bap')
except OSError:
# Cannot run 'opam'
pass
if not default_bap_path.endswith('bap'):
default_bap_path = ''
def confirm(msg):
from idaapi import askyn_c, ASKBTN_CANCEL, ASKBTN_YES
return askyn_c(ASKBTN_CANCEL, msg) == ASKBTN_YES
while True:
bap_path = idaapi.askfile_c(False, default_bap_path, 'Path to bap')
if bap_path is None:
if confirm('Are you sure you don\'t want to set path?'):
return
else:
continue
if not bap_path.endswith('bap'):
if not confirm("Path does not end with bap. Confirm?"):
continue
if not os.path.isfile(bap_path):
if not confirm("Path does not point to a file. Confirm?"):
continue
break
config.set('bap_executable_path', bap_path)
def OnCommand(self, cmd_id):
if self.cmd_dot == cmd_id:
fname = askfile_c(1, "*.dot", "Export DOT file")
if fname:
f = open(fname, "wb")
buf = "digraph G {\n graph [overlap=scale]; node [fontname=Courier]; rankdir=\"LR\";\n\n"
for c in self.classes.keys():
n = self.classes.keys().index(c)
buf += ' a%s [shape=box, label = "%s", color="blue"]\n' % (
n, c)
buf += "\n"
for c in self.classes.keys():
class_index = self.classes.keys().index(c)
for base in self.classes[c]:
if base in self.classes.keys():
base_index = self.classes.keys().index(base)
buf += ' a%s -> a%s [style = bold]\n' % (
class_index, base_index)
buf += "}"
f.write(buf)
f.close()
def main():
clist = build_color_list()
filepath = idaapi.askfile_c(False, "*.*", "Pin log file")
imagebase = idaapi.get_imagebase()
try:
f = open(filepath, "rb")
except:
print("Need log file to parse data...")
return
buff = f.read()
for index in range(0, len(buff)):
exec_count = ord(buff[index])
if exec_count == 0:
continue
exec_count = exec_count / 10
if exec_count > 11: exec_count = 11
ida_color = clist[exec_count]
idc.SetColor(imagebase + index, CIC_ITEM, ida_color)
def OnCommand(self, n, cmd_id):
# Export CSV
if cmd_id == self.cmd_export_csv:
file_name = idaapi.askfile_c(1, "*.csv",
"Please enter CSV file name")
if file_name:
print("[idarop] Exporting gadgets to %s" % file_name)
with open(file_name, 'wb') as csvfile:
csvwriter = csv.writer(csvfile,
delimiter=',',
quotechar='"',
quoting=csv.QUOTE_MINIMAL)
csvwriter.writerow(["Address", "Gadget", "Size", "Pivot"])
for item in self.items:
csvwriter.writerow(item)
elif cmd_id == self.clear_rop_list:
self.idarop.clear_rop_list()
self.refreshitems()
return 1
"""Convert IDB to mega file."""
mode = "w"
# File already exists
if os.path.exists(filename):
ask = idaapi.askyn_c(False, "Append result to existing file?")
if ask == -1:
return
elif ask == 0:
if 1 != idaapi.askyn_c(False, "Overwrite existing file?"):
return
elif ask == 1:
mode = "a+"
# Process functions
with open(filename, mode) as f:
for i in range(idaapi.get_func_qty()):
line = process_func(i)
if line:
line += "\n"
f.write(line)
if __name__ == "__main__":
"""TODO: Add/Append ending: ---"""
filename = idaapi.askfile_c(True, "*.mega",
"Enter the name of the mega file:")
if not filename:
idaapi.warning("Save filename not provided!")
else:
idb_to_mega(filename)
idc.Message("idb_to_mega finished!\n")
buggy = True
else:
buggy = False
if buggy:
f = idaapi.qfile_t()
f.open(fname, 'wb+')
segments = [x for x in idautils.Segments()]
max_addr = idc.GetSegmentAttr(segments[-1], idc.SEGATTR_END)
# TODO check max_addr to see if it's sane to write such a big file
idaapi.base2file(f.get_fp(), 0, 0, max_addr)
f.close()
else:
with open(fname, 'wb+') as f:
# over all segments
for s in idautils.Segments():
start = idc.GetSegmentAttr(s, idc.SEGATTR_START)
end = idc.GetSegmentAttr(s, idc.SEGATTR_END)
# print "Start: %x, end: %x, size: %x" % (start, end, end-start)
max_addr = max(max_addr, end)
f.seek(start, 0)
# Only works with fixed IDAPython.
f.write(idaapi.get_many_bytes_ex(start, end - start)[0])
dump_log.debug("section[dump] = 0, 0x%x, 0, 0x%x", max_addr, max_addr)
if __name__ == '__main__':
fname = idaapi.askfile_c(1, "*.*", "Save to binary")
dump_binary(fname)
def run(self, arg):
if not idaapi.autoIsOk():
if idaapi.askyn_c(
ASKBTN_CANCEL, "HIDECANCEL\n",
"The autoanalysis has not finished yet.\n",
"The result might be incomplete. Do you want to continue?"
) < ASKBTN_NO:
return
form_title = "ETM trace"
form = idaapi.find_tform(form_title)
if form != None:
print "ETM trace window already open. Switching to it."
idaapi.switchto_tform(form, True)
return
trace_file_name = idaapi.askfile_c(0, "",
"Select a trace to display...")
if len(trace_file_name) < 1:
return
image_name = idaapi.get_root_filename()
f = open(trace_file_name, "r")
#trace format: filename[0] id[1] type[2] description[3] src_addr[4] src_func_offset[5] src_image[6] =>[7] dst_addr[8] dst_func_offset[9] dst_image[10]
start_branch = f.readline().split()
if not start_branch:
return
while len(start_branch) != 11:
start_branch = f.readline().split()
if not start_branch:
return
self.c = EtmTraceChoose2(form_title, modal=False)
self.c.callgraph.append("start")
while True:
next_branch = f.readline().split()
if not next_branch:
break
start_branch[10] = start_branch[10].replace("(",
"").replace(")", "")
start_branch[6] = start_branch[6].replace("(", "").replace(")", "")
if start_branch[10].split("/")[-1] != image_name and start_branch[
6].split("/")[-1] != image_name:
start_branch = next_branch
continue
if start_branch[10].split("/")[-1] != image_name:
#to external lib
self.c.add_jump_to_external(start_branch[1], start_branch[8],
start_branch[10])
start_branch = next_branch
continue
if start_branch[6].split("/")[-1] != image_name:
#from external lib
self.c.add_jump_from_external(start_branch[1], start_branch[4],
start_branch[6])
self.c.add_instruction_range(start_branch[1],
[start_branch[8], next_branch[4]])
start_branch = next_branch
self.c.show()
def GetOutputFile(self):
return idaapi.askfile_c(1, "*.dot", "Select DOT File to Output")
def GetOutputFile(self): return idaapi.askfile_c(1,"*.dot","Select DOT File to Output");
