def init(self):
try:
self._install_plugin()
except Exception as e:
form = idaapi.get_current_widget()
pass
return idaapi.PLUGIN_KEEP
def screen_ea_changed(self, curr_ea, prev_ea):
"""called after screen location is changed
@param curr_ea: current location
@param prev_ea: prev location
"""
self.screen_ea_changed_hook(idaapi.get_current_widget(), curr_ea, prev_ea)
def _touch_ida_window(self, target):
"""
Touch a window/widget/form to ensure it gets drawn by IDA.
XXX/HACK:
We need to ensure that widget we will analyze actually gets drawn
so that there are colors for us to steal.
To do this, we switch to it, and switch back. I tried a few different
ways to trigger this from Qt, but could only trigger the full
painting by going through the IDA routines.
"""
# get the currently active widget/form title (the form itself seems transient...)
twidget = idaapi.get_current_widget()
title = idaapi.get_widget_title(twidget)
# touch the target window by switching to it
idaapi.activate_widget(target, True)
flush_qt_events()
# locate our previous selection
previous_twidget = idaapi.find_widget(title)
# return us to our previous selection
idaapi.activate_widget(previous_twidget, True)
flush_qt_events()
def get_window():
"""Get IDA's top level window."""
tform = idaapi.get_current_widget()
# Required sometimes when closing IDBs and not IDA.
if not tform:
tform = idaapi.find_widget("Output window")
widget = idaapi.PluginForm.FormToPyQtWidget(tform)
window = widget.window()
return window
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
current_widget = idaapi.get_current_widget()
form_type = idaapi.get_widget_type(current_widget)
vu = idaapi.get_widget_vdui(current_widget)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif form_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
opnum = idaapi.get_opnum()
if opnum != -1:
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
op_addr = idc.get_operand_value(cursor_addr, opnum)
op_func = idaapi.get_func(op_addr)
if op_func and op_func.start_ea == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.start_ea == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
def Show(self):
widget = idaapi.get_current_widget()
if idaapi.get_widget_title(widget) != self.title:
if idaapi.get_widget_type(widget) != idaapi.BWN_PSEUDOCODE:
pseudo_view = idaapi.open_pseudocode(self.ea, 1)
pseudo_view.refresh_view(1)
widget = pseudo_view.toplevel
pseudo_title = idaapi.get_widget_title(widget)
idaapi.display_widget(self.GetWidget(),
idaapi.PluginForm.WOPN_DP_TAB | idaapi.PluginForm.WOPN_RESTORE)
idaapi.set_dock_pos(self.title, pseudo_title, idaapi.DP_RIGHT)
def refresh_views():
"""
Refresh the IDA views.
"""
# refresh IDA views
idaapi.refresh_idaview_anyway()
# refresh hexrays
current_widget = idaapi.get_current_widget()
vu = idaapi.get_widget_vdui(current_widget)
if vu:
vu.refresh_ctext()
def touch_window(target):
"""
Touch a window/widget/form to ensure it gets drawn by IDA.
XXX/HACK:
We need to ensure that widget we will analyze actually gets drawn
so that there are colors for us to steal.
To do this, we switch to it, and switch back. I tried a few different
ways to trigger this from Qt, but could only trigger the full
painting by going through the IDA routines.
"""
# get the currently active widget/form title (the form itself seems transient...)
if using_ida7api:
twidget = idaapi.get_current_widget()
title = idaapi.get_widget_title(twidget)
else:
form = idaapi.get_current_tform()
title = idaapi.get_tform_title(form)
# touch/draw the widget by playing musical chairs
if using_ida7api:
# touch the target window by switching to it
idaapi.activate_widget(target, True)
flush_ida_sync_requests()
# locate our previous selection
previous_twidget = idaapi.find_widget(title)
# return us to our previous selection
idaapi.activate_widget(previous_twidget, True)
flush_ida_sync_requests()
else:
# touch the target window by switching to it
idaapi.switchto_tform(target, True)
flush_ida_sync_requests()
# locate our previous selection
previous_form = idaapi.find_tform(title)
# lookup our original form and switch back to it
idaapi.switchto_tform(previous_form, True)
flush_ida_sync_requests()
def refresh_views():
"""
Refresh the IDA views.
"""
# refresh IDA views
idaapi.refresh_idaview_anyway()
# NOTE/COMPAT: refresh hexrays view, if active
if using_ida7api:
current_widget = idaapi.get_current_widget()
vu = idaapi.get_widget_vdui(current_widget)
else:
current_tform = idaapi.get_current_tform()
vu = idaapi.get_tform_vdui(current_tform)
if vu:
vu.refresh_ctext()
def retrieve_function_callback(self, __, ea=None):
if not self.check_before_use():
return
funcset_ids = [self.funcset] if not self.cfg['usepublic'] else None
func_ea = idaapi.get_screen_ea() if ea is None else ea
func_name = idaapi.get_func_name(func_ea)
targets = self.retrieve_function(func_ea, self.cfg['topk'],
funcset_ids)
succ, skip, fail = 0, 0, 0
if targets is None:
print("[{}] {} failed because get function feature error".format(
self.name, func_name))
fail += 1
else:
if not (self.cview and self.cview.is_alive()):
self.cview = SourceCodeViewer(self.name)
# CDVF_STATUSBAR 0x04, keep the status bar in the custom viewer
idaapi.set_code_viewer_is_source(
idaapi.create_code_viewer(self.cview.GetWidget(), 0x4))
self.cview.set_user_data(func_ea, targets)
widget = idaapi.get_current_widget()
if idaapi.get_widget_title(widget) == self.name:
skip += 1
else:
if idaapi.get_widget_type(widget) != idaapi.BWN_PSEUDOCODE:
pseudo_view = idaapi.open_pseudocode(func_ea, 1)
pseudo_view.refresh_view(1)
widget = pseudo_view.toplevel
pseudo_title = idaapi.get_widget_title(widget)
idaapi.display_widget(
self.cview.GetWidget(), idaapi.PluginForm.WOPN_DP_TAB
| idaapi.PluginForm.WOPN_RESTORE)
idaapi.set_dock_pos(self.name, pseudo_title, idaapi.DP_RIGHT)
succ += 1
print(
"[{}] {} functions successfully retrieved, {} functions failed, {} functions skipped"
.format(self.name, succ, fail, skip))
def lvar_type_changed(self, vu, v, tif):
if (vu.cfunc):
func_tif = ida_typeinf.tinfo_t()
vu.cfunc.get_func_type(func_tif)
funcdata = idaapi.func_type_data_t()
got_data = func_tif.get_func_details(funcdata)
if (not got_data):
# self._log("Didnt get the data")
pass
lvars = vu.cfunc.get_lvars()
for j in range(len(vu.cfunc.argidx)):
# for i in vu.cfunc.argidx:
i = vu.cfunc.argidx[j]
if (lvars[i].name == v.name):
#self._log("lvar_type_changed: function argument changed = %s, index = %s, atype = %s" % (lvars[i].name, i, funcdata[j].argloc.atype()))
if (funcdata[i].argloc.atype() == 3):
# self._log("lvar_type_changed: reg is : %s" %(funcdata[i].argloc.reg1()))
pass
if (funcdata[i].argloc.atype() != 3
or funcdata[i].argloc.reg1() != RCX_REG):
break
#self._log("applyName = %s" % (applyName))
firstPtrRemove = ida_typeinf.remove_pointer(tif)
#self._log("type name = %s" % (firstPtrRemove._print()))
#self._log("remove_pointer.is_ptr = %s" % (firstPtrRemove.is_ptr()))
#self._log("remove_pointer.is_struct = %s" % (firstPtrRemove.is_struct()))
if (firstPtrRemove.is_struct()
and not firstPtrRemove.is_ptr()):
currentFuncName = ida_name.get_ea_name(
vu.cfunc.entry_ea)
# self._log("before demangle current func name = %s" % (currentFuncName))
demangled = idc.demangle_name(
currentFuncName,
idc.get_inf_attr(idc.INF_SHORT_DN))
if (demangled != None):
self._log("Overriding mangled name = %s" %
(currentFuncName))
currentFuncName = demangled
# self._log("after demangle current func name = %s" % (currentFuncName))
tokens = currentFuncName.split("::")
if len(tokens) > 1:
currentFuncName = tokens[1]
currentFuncName = currentFuncName.split("(")[0]
# self._log("current func name = %s" % (currentFuncName))
idc.set_name(
vu.cfunc.entry_ea,
firstPtrRemove._print() + "::" + currentFuncName,
idc.SN_NOWARN)
idaapi.auto_wait()
# self._log("Decomp Res : %s" % idaapi.decompile(vu.cfunc.entry_ea))
idaapi.refresh_idaview_anyway()
vu.refresh_ctext()
idaapi.refresh_idaview_anyway()
vu.refresh_ctext()
vu.refresh_view(True)
current_widget = idaapi.get_current_widget()
vu1 = idaapi.get_widget_vdui(current_widget)
if vu1:
vu1.refresh_ctext()
break
#self._log("lvar_type_changed: vu=%s, v=%s, tinfo=%s" % (vu, self._format_lvar(v), tif._print()))
return 1
