def get_fileregion_offset(ea): file_offset = idaapi.get_fileregion_offset(ea) if file_offset == -1: raise exceptions.NoFileOffset( "Address 0x{:08X} is not mapped to any file offset.".format(ea)) return file_offset
def run(self, arg): print("Running") PE = peutils_t() print("Image base is %016X" % PE.imagebase) print("Exporting functions...") filename = os.path.splitext(idc.GetIdbPath())[0] + ".sym" rawOffsetsFilename = os.path.splitext(idc.GetIdbPath())[0] + ".raw.sym" f = open(filename, 'w') rawOffsetsFile = open(rawOffsetsFilename, 'w') count = 0 for address, name in Names(): offset = address - PE.imagebase rawOffset = idaapi.get_fileregion_offset(address) if idc.GetFunctionFlags(address) != -1: size = idc.FindFuncEnd(address) - address else: size = 4 #namesList.append((offset, name)) count += 1 f.write("%08X %08X;%s\n" % (offset, size, name)) rawOffsetsFile.write("%08X %08X;%s\n" % (rawOffset, size, name)) f.close() rawOffsetsFile.close() print("%d functions exported" % count)
def map(ea, size, newea, **kwds): """Map `size` bytes of data from `ea` into a new segment at `newea`. The keyword `name` can be used to name the segment. """ # grab the file offset and the data we want fpos, data = idaapi.get_fileregion_offset(ea), database.read(ea, size) if len(data) != size: raise E.ReadOrWriteError( u"{:s}.map({:#x}, {:+#x}, {:#x}{:s}) : Unable to read {:#x} bytes from {:#x}." .format( __name__, ea, size, newea, u", {:s}".format(utils.string.kwargs(kwds)) if kwds else '', size, ea)) # rebase the data to the new address res = idaapi.mem2base(data, newea, fpos) if not res: raise E.DisassemblerError( u"{:s}.map({:#x}, {:+#x}, {:#x}{:s}) : Unable to remap {:#x}:{:+#x} to {:#x}." .format( __name__, ea, size, newea, u", {:s}".format(utils.string.kwargs(kwds)) if kwds else '', ea, size, newea)) # now we can create the new segment return new(newea, size, kwds.get("name", "map_{:x}".format(ea)))
def map(ea, size, newea, **kwds): """Map ``size`` bytes of data from ``ea`` into a new segment at ``newea``. ``name`` can be used to name the segment. """ fpos,data = idaapi.get_fileregion_offset(ea),database.read(ea, size) if len(data) != size: raise ValueError("{:s}.map({:x}, {:#x}, {:x}) : Unable to read {:#x} bytes from {:#x}".format(__name__, ea, size, newea, size, ea)) res = idaapi.mem2base(data, newea, fpos) if not res: raise ValueError("{:s}.map({:x}, {:#x}, {:x}) : Unable to remap {:#x}:{:+#x} to {:#x}".format(__name__, ea, size, newea, ea, size, newea)) return create(newea, size, kwds.get("name', 'map_{:x}".format(ea)))
def output_segments(out): """Dump binary segmentation.""" info = idaapi.get_inf_structure() size = "r32" if info.is_32bit else "r64" out.writelines(('(', info.get_proc_name()[1], ' ', size, ' (')) for seg in idautils.Segments(): out.write("\n({} {} {:d} ({:#x} {:d}))".format( idaapi.get_segm_name(seg), "code" if idaapi.segtype(seg) == idaapi.SEG_CODE else "data", idaapi.get_fileregion_offset(seg), seg, idaapi.getseg(seg).size())) out.write("))\n")
def byte_patched(self, ea): if ea != idaapi.BADADDR: patched_byte = get_byte(ea) orginal_byte = get_original_byte(ea) file_offset = idaapi.get_fileregion_offset(ea) if file_offset != -1: patched_bytes_dict[ea] = [file_offset, orginal_byte, patched_byte] else: patched_bytes_dict[ea] = [-1, orginal_byte, patched_byte] print "[*] Byte patched at (ea %x file_offset %x) : %x -> %x" % (ea, file_offset, orginal_byte, patched_byte) return 0
def map(ea, size, newea, **kwds): '''Map /size/ bytes of data from /ea/ into a new segment at /newea/ /name/ can be used to name the segment. ''' fpos, data = idaapi.get_fileregion_offset(ea), database.read(ea, size) if len(data) != size: raise Exception, "Unable to read %x bytes from %x" % (size, ea) res = idaapi.mem2base(data, newea, fpos) if not res: raise Exception, "Unable to remap %x:+%x to %x" % (ea, size, newea) return create(newea, size, kwds.get('name', 'map_%x' % ea))
def map(ea, size, newea, **kwds): '''Map /size/ bytes of data from /ea/ into a new segment at /newea/ /name/ can be used to name the segment. ''' fpos,data = idaapi.get_fileregion_offset(ea),database.read(ea, size) if len(data) != size: raise Exception, "Unable to read %x bytes from %x"% (size, ea) res = idaapi.mem2base(data, newea, fpos) if not res: raise Exception, "Unable to remap %x:+%x to %x"% (ea, size, newea) return create(newea, size, kwds.get('name', 'map_%x'% ea))
def output_segments(out): """Dump binary segmentation.""" info = idaapi.get_inf_structure() size = "r32" if info.is_32bit else "r64" out.writelines(('(', info.get_proc_name()[1], ' ', size, ' (')) for seg in idautils.Segments(): out.write("\n({} {} {:d} ({:#x} {:d}))".format( get_segm_name(seg), "code" if idaapi.segtype(seg) == idaapi.SEG_CODE else "data", idaapi.get_fileregion_offset(seg), seg, idaapi.getseg(seg).size())) out.write("))\n")
def get_file_range(): image_begin = -1 image_end = -1 for seg in idautils.Segments(): begin_offset = idaapi.get_fileregion_offset(seg) end_offset = begin_offset + idaapi.getseg(seg).size() if image_begin == -1: image_begin = begin_offset image_end = end_offset #print("// image 0x%x-0x%x" % (image_begin, image_end)) print("// extract image: dd skip=$((0x%x)) count=$((0x%x-0x%x)) if=%s of=%s.data bs=1" % \ (image_begin, image_end, image_begin, idaapi.get_input_file_path(), basename))
def map(ea, size, newea, **kwds): """Map `size` bytes of data from `ea` into a new segment at `newea`. The keyword `name` can be used to name the segment. """ fpos, data = idaapi.get_fileregion_offset(ea), database.read(ea, size) if len(data) != size: raise E.ReadOrWriteError( "{:s}.map({:#x}, {:+#x}, {:#x}) : Unable to read {:#x} bytes from {:#x}." .format(__name__, ea, size, newea, size, ea)) res = idaapi.mem2base(data, newea, fpos) if not res: raise E.DisassemblerError( "{:s}.map({:#x}, {:+#x}, {:#x}) : Unable to remap {:#x}:{:+#x} to {:#x}." .format(__name__, ea, size, newea, ea, size, newea)) return new(newea, size, kwds.get("name', 'map_{:x}".format(ea)))
def patch_file(data, changed_bytes): for ea, byte, original_byte in changed_bytes: print '%08x: %02x original(%02x)' % (ea, byte, original_byte) file_offset = idaapi.get_fileregion_offset(ea) original_char = chr(original_byte) char = chr(byte) if data[file_offset] == original_char: data[file_offset] = char patched_file = idc.AskFile(1, '*.*', 'Choose new file') if patched_file: with file(patched_file, 'wb') as f: f.write(''.join(data))
def patch_file(data, changed_bytes): for ea, byte, original_byte in changed_bytes: print '%08x: %02x original(%02x)' % (ea, byte, original_byte) file_offset = idaapi.get_fileregion_offset( ea ) original_char = chr( original_byte ) char = chr( byte ) if data[ file_offset ] == original_char: data[ file_offset ] = char patched_file = idc.AskFile( 1, '*.*', 'Choose new file') if patched_file: with file(patched_file, 'wb') as f: f.write( ''.join( data ) )
def dump_loader_info(output_filename): """Dump information for BAP's loader into output_filename.""" from idautils import Segments import idc idaapi.autoWait() with open(output_filename, 'w+') as out: info = idaapi.get_inf_structure() size = "r32" if info.is_32bit else "r64" out.write("(%s %s (" % (info.get_proc_name()[1], size)) for seg in Segments(): out.write("\n(%s %s %d (0x%X %d))" % ( idaapi.get_segm_name(seg), "code" if idaapi.segtype(seg) == idaapi.SEG_CODE else "data", idaapi.get_fileregion_offset(seg), seg, idaapi.getseg(seg).size())) out.write("))\n")
def map(ea, size, newea, **kwds): """Map `size` bytes of data from `ea` into a new segment at `newea`. The keyword `name` can be used to name the segment. """ # grab the file offset and the data we want fpos, data = idaapi.get_fileregion_offset(ea), database.read(ea, size) if len(data) != size: raise E.ReadOrWriteError(u"{:s}.map({:#x}, {:+#x}, {:#x}{:s}) : Unable to read {:#x} bytes from {:#x}.".format(__name__, ea, size, newea, u", {:s}".format(utils.string.kwargs(kwds)) if kwds else '', size, ea)) # rebase the data to the new address res = idaapi.mem2base(data, newea, fpos) if not res: raise E.DisassemblerError(u"{:s}.map({:#x}, {:+#x}, {:#x}{:s}) : Unable to remap {:#x}:{:+#x} to {:#x}.".format(__name__, ea, size, newea, u", {:s}".format(utils.string.kwargs(kwds)) if kwds else '', ea, size, newea)) # now we can create the new segment return new(newea, size, kwds.get("name", "map_{:x}".format(ea)))
def show_edit_form(self): selection, start_ea, end_ea = idaapi.read_selection() if not selection: start_ea = idaapi.get_screen_ea() end_ea = start_ea + 1 if start_ea != idaapi.BADADDR and end_ea != idaapi.BADADDR: if end_ea > start_ea: buf_len = end_ea - start_ea buf = get_many_bytes(start_ea, buf_len) or "\xFF"*buf_len buf_str = " ".join(["%02X" % ord(x) for x in buf]) fpos = idaapi.get_fileregion_offset(start_ea) addr_str = "%#X" % start_ea fpos_str = "%#x" % fpos if fpos != -1 else "N/A" f = PatchEditForm(addr_str, fpos_str, buf_str, buf_str) # Execute the form ok = f.Execute() if ok == 1: # Convert hex bytes to binary buf = f.strPatch.value buf = buf.replace(' ','') # remove spaces buf = buf.replace('\\x','') # remove '\x' prefixes buf = buf.replace('0x','') # remove '0x' prefixes try: buf = binascii.unhexlify(buf) # convert to bytes except Exception, e: idaapi.warning("Invalid input: %s" % e) f.Free() return # Now apply newly patched bytes idaapi.patch_many_bytes(start_ea, buf) # Refresh all IDA views self.patch_view.refreshitems() idaapi.refresh_idaview_anyway() # Dispose the form f.Free()
def show_edit_form(self): selection, start_ea, end_ea = idaapi.read_selection() if not selection: start_ea = idaapi.get_screen_ea() end_ea = start_ea + 1 buf_len = end_ea - start_ea buf = idaapi.get_many_bytes(start_ea, buf_len) or "\xFF"*buf_len buf_str = " ".join(["%02X" % x for x in buf]) fpos = idaapi.get_fileregion_offset(start_ea) addr_str = "%#X" % start_ea fpos_str = "%#x" % fpos if fpos != -1 else "N/A" f = PatchEditForm(addr_str, fpos_str, buf_str, buf_str) # Execute the form ok = f.Execute() if ok == 1: # Convert hex bytes to binary buf = f.strPatch.value buf = buf.replace(' ','') # remove spaces buf = buf.replace('\\x','') # remove '\x' prefixes buf = buf.replace('0x','') # remove '0x' prefixes try: buf = binascii.unhexlify(buf) # convert to bytes except Exception as e: idaapi.warning("Invalid input: %s" % e) f.Free() return # Now apply newly patched bytes idaapi.patch_many_bytes(start_ea, buf) # Refresh all IDA views self.patch_view.Refresh() # Dispose the form f.Free()
def OnCreate(self, form): try: f = open(GetInputFilePath().decode("utf-8"), "rb") except: f = open(GetInputFilePath(), "rb") self.data = f.read() f.close() self.Seg = [[idaapi.get_fileregion_offset(i), i] for i in Segments()] self.Seg.append([len(self.data), 0]) try: self.parent = self.FormToPyQtWidget(form) except: self.parent = self.FormToPySideWidget(form) self.path = QLineEdit() self.label1 = QLabel("Yara Path : ") self.PathButton = QPushButton("Yara File") self.PathButton.clicked.connect(self.choose_path) self.label2 = QLabel("Hyara Rule") self.CheckButton = QCheckBox() self.SearchButton = QPushButton("Search") self.SearchButton.clicked.connect(self.Search) self.layout = QVBoxLayout() GL1 = QGridLayout() GL1.addWidget(self.label1, 0, 0) GL1.addWidget(self.path, 0, 1) GL1.addWidget(self.PathButton, 0, 2) GL1.addWidget(self.label2, 0, 3) GL1.addWidget(self.CheckButton, 0, 4) self.layout.addLayout(GL1) self.layout.addWidget(self.SearchButton) self.tableWidget = QTableWidget() self.tableWidget.cellClicked.connect(self.jump_addr) self.tableWidget.setRowCount(0) self.tableWidget.setColumnCount(4) self.tableWidget.setHorizontalHeaderLabels(["Address", "Rule name", "Variable name", "String"]) self.layout.addWidget(self.tableWidget) self.parent.setLayout(self.layout)
def get_upload_func_info(ea): """ get function upload info by IDA Pro Args: ea(ea_t): function address Returns: func_info(dict): function info """ func_info = {} try: hf = idaapi.hexrays_failure_t() if idaapi.IDA_SDK_VERSION >= 730: cfunc = idaapi.decompile(ea, hf, idaapi.DECOMP_NO_WAIT) else: cfunc = idaapi.decompile(ea, hf) func_info['feature'] = str(cfunc) func_info['pseudo_code'] = str(cfunc) except Exception as e: print(str(e)) return None func_info['binary_file'] = idaapi.get_root_filename() binary_sha256 = idaapi.retrieve_input_file_sha256() binary_sha256 = binary_sha256.hex() if isinstance(binary_sha256, bytes) else binary_sha256 func_info['binary_sha256'] = binary_sha256 func_info['binary_offset'] = idaapi.get_fileregion_offset(ea) func_info['platform'] = get_platform_info() func_info['name'] = idaapi.get_func_name(ea) func_bytes = b'' for start, end in idautils.Chunks(idaapi.get_func(ea).start_ea): fb = idaapi.get_bytes(start, end - start) func_bytes += fb func_bytes = func_bytes.hex() if isinstance(func_bytes, bytes) else func_bytes func_info['func_bytes'] = func_bytes return func_info
def extract_vtable_pac_codes(vtable_ea): pac_codes = [] # Open the file. path = idc.get_input_file_path() with open(path, "rb") as kernelcache_file: # Seek to the offset of the vtable. offset = idaapi.get_fileregion_offset(vtable_ea) kernelcache_file.seek(offset) # Loop over each entry in the vtable. ea = vtable_ea while True: # Break if we've reached the end of the vtable. vmethod = idc.get_qword(ea) if vmethod == 0: break # Get the original value from the original file. original = kernelcache_file.read(8) value, = struct.unpack("<Q", original) # Extract the type code and add it to the list. pac_code = (value & 0x0000ffff00000000) >> 32 pac_codes.append(pac_code) # Advance. ea += 8 return pac_codes
def format_bb(bb): return ( "0x%x,0x%x" % (bb.start_ea - baseaddr, idaapi.get_fileregion_offset(bb.start_ea)))
def ReplaceFile(self, FileItem,BundleFilePath,NewFilePath): print "Start replace file: {}".format(NewFilePath) if not os.path.exists(BundleFilePath): print "BundleFilePath error!" return if not os.path.isfile(NewFilePath): print "NewFilePath error!" return f = open(NewFilePath, 'rb') NewFileData = f.read() f.close() if FileItem.IsCompressed == "Y": if FileItem.IsGZip == "Y": compresseddata = self.CompressGzipToData(NewFileData) else: compresseddata = self.CompressZLibToData(NewFileData) sizediff = FileItem.FileCompressedSize - len(compresseddata) print "FileCompressedSize - compresseddata = 0x{:016X} - 0x{:016X} = 0x{:016X}".format(FileItem.FileCompressedSize,len(compresseddata),sizediff) if sizediff < 0: print "FileCompressedSize < compresseddata,can't replace!" return else: compresseddata = NewFileData sizediff = FileItem.FileSize - len(compresseddata) print "FileSize - compresseddata = 0x{:016X} - 0x{:016X} = 0x{:016X}".format(FileItem.FileSize,len(compresseddata),sizediff) if sizediff < 0: print "FileSize < compresseddata,can't replace!" return FileSizeOffset = idaapi.get_fileregion_offset(FileItem.FileSizeOffset) if FileItem.IsCompressed == "Y": FileCompressedSizeOffset = idaapi.get_fileregion_offset(FileItem.FileCompressedSizeOffset) FileDataOffset = idaapi.get_fileregion_offset(FileItem.FileDataOffset) #ea = idaapi.get_fileregion_ea(offset) NewFileDataSize = len(NewFileData) if FileItem.IsCompressed == "Y": NewCompressedDataSize = len(compresseddata) print "FileSizeOffset = 0x{:016X},FileCompressedSizeOffset = 0x{:016X},FileDataOffset = 0x{:016X}".format(FileSizeOffset,FileCompressedSizeOffset,FileDataOffset) else: print "FileSizeOffset = 0x{:016X},FileDataOffset = 0x{:016X}".format(FileSizeOffset,FileDataOffset) input_file_dir = os.path.dirname(BundleFilePath) input_file_fullname = os.path.basename(BundleFilePath) input_file_name,input_file_extname = os.path.splitext(input_file_fullname) #分离扩展名:os.path.splitext(r"c:\python\hello.py") --> ("c:\\python\\hello", #".py") output_file_fullname = '{}_{:%Y%m%d%H%M%S%f}{}'.format(input_file_name, datetime.now(),input_file_extname) output_file_fullpath = os.path.join(input_file_dir,output_file_fullname) #shutil.copy(BundleFilePath, output_file_fullpath) print "new BundleFilePath path:{}".format(output_file_fullpath) fp = open(BundleFilePath,"rb") data = fp.read() #读出文件内容 fp.close() if self.Is64Bit == True: NewFileDataSizeData = struct.pack("q",NewFileDataSize) if FileItem.IsCompressed == "Y": NewCompressedDataSizeData = struct.pack("q",NewCompressedDataSize) else: NewFileDataSizeData = struct.pack("l",NewFileDataSize) if FileItem.IsCompressed == "Y": NewCompressedDataSizeData = struct.pack("l",NewCompressedDataSize) #data 不可更改元素,是固定的,必须转成可对元素操作的list data = list(data) #try: # data[0] = 'a' # data[1] = 'a' # data[2] = 'a' #except Exception,e: # print Exception,":",e #range(m, n)这里,range()函数产生的是一个从 m至n-1的整数列表 #update FileSize for i in range(0, len(NewFileDataSizeData)): data[FileSizeOffset + i] = NewFileDataSizeData[i] ##update FileCompressedSize if FileItem.IsCompressed == "Y": for i in range(0, len(NewCompressedDataSizeData)): data[FileCompressedSizeOffset + i] = NewCompressedDataSizeData[i] ##clear FileData if FileItem.IsCompressed == "Y": for i in range(0, FileItem.FileCompressedSize): data[FileDataOffset + i] = chr(0x0) pass else: for i in range(0, FileItem.FileSize): data[FileDataOffset + i] = chr(0x0) pass ##update FileData for i in range(0, len(compresseddata)): data[FileDataOffset + i] = compresseddata[i] pass fp2 = open(output_file_fullpath,"wb") #把data的list转为str并写入文件 fp2.write(''.join(data))#重写 fp2.close() print "replace ok!"
#Prints basic info needed for the Unlinker INI's to IDA Output Window #PROBABLY_TODO #Make it segment sensetive, #SegName(ea) returns #if .text use function format, #if .rdata use rdata format, #if .data use data format. #Get current cursor location cursor = ScreenEA() #Get function name at current cursor location function_name = GetFunctionName(cursor) #Get current Function start address function_address = GetFchunkAttr(cursor, FUNCATTR_START) #Get current function file address file_address = idaapi.get_fileregion_offset(function_address) #Get current function size function_size = GetFchunkAttr(cursor, FUNCATTR_END) - GetFchunkAttr( cursor, FUNCATTR_START) #Print gathered info to output Message("[%s]\n" % function_name) Message("Address=%Xh\n" % function_address) Message("FileAddress=%Xh\n" % file_address) Message("Size=%Xh\n" % function_size)
s.connect((host, port)) d = zlib.compress(pickle.dumps(var)) s.send(d) s.close() return None except Exception, e: return str(e) idaapi.info("Please run the Hiew-Names-Server script and press OK") idaapi.show_wait_box("Gathering and sending names to %s:%d" % (HOST, PORT)) info = [] for ea, name in idautils.Names(): offs = idaapi.get_fileregion_offset(ea) if offs == idaapi.BADADDR: continue is_func = False if idaapi.get_func(ea) is None else True info.append((offs, name, is_func)) ok = pickle_sendz(HOST, PORT, info) idaapi.hide_wait_box() if ok is not None: idaapi.warning("Failed to send names:\n" + ok) else: idaapi.info("Names successfully transfered!")
import idaapi import idc import idautils import json functions = {} for addr_func in idautils.Functions(): if idc.hasUserName(idc.GetFlags(addr_func)): name = idc.GetFunctionName(addr_func) offset = idaapi.get_fileregion_offset(addr_func) functions[name] = {"offset": offset, "va": addr_func} json.dump(functions, open("/tmp/out.json", "wb"))
def getByteOffsetOfEA(self, ea): """Return the file byte offset of ea""" return idaapi.get_fileregion_offset(ea)
def get_fileregion_offset(ea): file_offset = idaapi.get_fileregion_offset(ea) if file_offset == -1: raise exceptions.NoFileOffset("Address 0x{:08X} is not mapped to any file offset.".format(ea)) return file_offset
xrefs = set() def imp_cb(ea, name, ord): if name in ["OutputDebugStringA", "OutputDebugStringW"]: for xref in XrefsTo(ea, 0): xrefs.add((xref.frm, xref.to)) return True nimps = idaapi.get_import_module_qty() print "Found %d import(s)..." % nimps for i in xrange(0, nimps): name = idaapi.get_import_module_name(i) if name.upper() == "KERNEL32": print "Walking-> %s" % name idaapi.enum_import_names(i, imp_cb) break for frm, to in xrefs: offset = idaapi.get_fileregion_offset(frm) print "File location: %08x (%08x -> %08x)" % (offset, frm, to) try: patchFile(frm, offset) except: pass idc.Exit(0)
def get_default_config(analysis_start_va, analysis_stop_va): """ Returns a new AnalyzerConfig for the given entry point & cut """ # this function will use the default parameters config = ConfigParser.RawConfigParser() config.optionxform = str config_path = PluginOptions.config_path # Load default part - XXX move this logic to PluginOptions configfile = os.path.join(config_path, "conf", "default.ini") bc_log.debug("Reading config from %s", configfile) r = config.read(configfile) if len(r) != 1: bc_log.warning("Default config file %s could not be found", configfile) code_start_va, code_end_va = ConfigHelpers.get_code_section( analysis_start_va) code_len = code_end_va - code_start_va # [settings] section config.add_section('settings') config.set('settings', 'mem_model', ConfigHelpers.get_memory_model()) # IDA doesn't really support real mode config.set('settings', 'mode', 'protected') config.set('settings', 'call_conv', ConfigHelpers.get_call_convention()) config.set('settings', 'mem_sz', 32) config.set('settings', 'op_sz', ConfigHelpers.get_bitness(code_start_va)) config.set('settings', 'stack_width', ConfigHelpers.get_stack_width()) config.set('settings', 'ini_version', 1) # [loader section] config.add_section('loader') # code section va config.set('loader', 'code_va', "0x%X" % code_start_va) # code section offset config.set('loader', 'code_phys', hex(idaapi.get_fileregion_offset(code_start_va))) # code section length config.set('loader', 'code_length', "0x%0X" % code_len) config.set('loader', 'analysis_ep', "0x%0X" % analysis_start_va) # Load default GDT/Segment registers according to file type ftype = ConfigHelpers.get_file_type() # XXX move this logic to PluginOptions if ftype == "pe": os_specific = os.path.join(config_path, "conf", "windows.ini") else: # default to Linux config if not windows os_specific = os.path.join(config_path, "conf", "linux.ini") bc_log.debug("Reading OS config from %s", os_specific) config.read(os_specific) # [binary section] config.add_section('binary') input_file = idaapi.get_input_file_path() if not os.path.isfile(input_file): # get_input_file_path returns file path from IDB, which may not # exist locally if IDB has been moved (eg. send idb+binary to # another analyst) guessed_path = idc.GetIdbPath().replace('idb', 'exe') if os.path.isfile(guessed_path): input_file = guessed_path config.set('binary', 'filepath', input_file) config.set('binary', 'format', ftype) # [sections section] config.add_section("sections") for s in ConfigHelpers.get_sections(): config.set("sections", "section[%s]" % s[0], "0x%x, 0x%x, 0x%x, 0x%x" % (s[1], s[2], s[3], s[4])) # [state section] config.add_section("state") regs = ConfigHelpers.get_registers_with_state() for rname, val in regs.iteritems(): if rname != "esp": config.set("state", ("reg[%s]" % rname), val) # Default stack config.set("state", "reg[esp]", "0x2000") config.set("state", "stack[0x1000*8192]", "|00|?0xFF") imports = ConfigHelpers.get_imports() # [import] section config.add_section('imports') for ea, imp in imports.iteritems(): if imp[0]: name = "%s, \"%s\"" % imp else: name = "all,\"%s\"" % imp[1] config.set('imports', ("0x%x" % ea), name) # list all files in config_path/lib/*.{c,no}. # for each lib (same base filename) keep .no if it exists, else .c headers_filenames = glob.glob(os.path.join(config_path, 'lib', '*.no')) # Add .c if there is no associated .no for c in glob.glob(os.path.join(config_path, 'lib', '*.c')): if c[:-2] + '.no' not in headers_filenames: headers_filenames.append(c) # remove duplicates config.set('imports', 'headers', ','.join(headers_filenames)) # [libc section] # config.add_section('libc') # config.set('libc', 'call_conv', 'fastcall') # config.set('libc', '*', 'open(@, _)') # config.set('libc', '*', 'read<stdcall>(@, *, @)') ac = AnalyzerConfig(config) ac.analysis_ep = analysis_start_va ac.stop_address = analysis_stop_va return ac
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) d = zlib.compress(pickle.dumps(var)) s.send(d) s.close() return None except Exception, e: return str(e) idaapi.info("Please run the Hiew-Names-Server script and press OK") idaapi.show_wait_box("Gathering and sending names to %s:%d" % (HOST, PORT)) info = [] for ea, name in idautils.Names(): offs = idaapi.get_fileregion_offset(ea) if offs == idaapi.BADADDR: continue is_func = False if idaapi.get_func(ea) is None else True info.append((offs, name, is_func)) ok = pickle_sendz(HOST, PORT, info) idaapi.hide_wait_box() if ok is not None: idaapi.warning("Failed to send names:\n" + ok) else: idaapi.info("Names successfully transfered!")