Exemple #1
0
def add_enums(function):
    """ Add standard enums from parsed MSDN documentation for all imported
    library calls and their arguments.

    Arguments:
    function -- function object
    """
    enum_count = 0
    for argument in function.arguments:
        # Add standard enums
        if not argument.enums:
            g_logger.debug(' No standard constants available for %s' %
                           argument.name)
        else:
            for enum in argument.enums:
                g_logger.debug('  Importing enum %s for argument %s' %
                               (enum, argument.name))
                if idc.Til2Idb(-1, enum) != idaapi.BADADDR:
                    g_logger.debug('  ' + enum + ' ' +
                                   hex(idc.GetEnum(enum)) +
                                   ' added successfully')
                    enum_count = enum_count + 1
                else:
                    g_logger.debug('  Could not add ' + enum)

        if not argument.constants:
            # No constants for this argument
            continue

        argument.name = argument.name.encode('utf-8')
        function.name = function.name.encode('utf-8')

        # Add constant descriptions
        for constant in argument.constants:
            constant.name = constant.name.encode('utf-8')

            if constant.name == 'NULL':
                # Create unique name, so we can add descriptive comment to it
                constant.name = 'NULL_{}_{}'.format(argument.name,
                                                    function.name)
                # Add custom enum for NULL values if it does not exist yet
                enumid = idc.GetEnum(NULL_ENUM_NAME)
                if enumid == idaapi.BADADDR:
                    enumid = idc.AddEnum(-1, NULL_ENUM_NAME, idaapi.hexflag())
                idc.AddConstEx(enumid, constant.name, 0, -1)
                constid = idc.GetConstByName(constant.name)
                idc.SetConstCmt(constid, format_comment(constant.description),
                                False)
            else:
                constid = idc.GetConstByName(constant.name)
                if constid:
                    if idc.SetConstCmt(constid,
                                       format_comment(constant.description),
                                       False):
                        g_logger.debug('    Description added for %s' %
                                       constant.name)
                    else:
                        g_logger.debug('    No description added for %s' %
                                       constant.name)
    return enum_count
Exemple #2
0
def add_enum(name=None, index=None, flags=idaapi.hexflag(), bitfield=False):
    """Create a new enum.

    Args:
        name: Name of the enum to create.
        index: The index of the enum. Leave at default to append the enum as the last enum.
        flags: Enum type flags.
        bitfield: Is the enum a bitfield.

    Returns:
        An `Enum` object.
    """
    if name is not None:
        with ignored(exceptions.EnumNotFound):
            _get_enum(name)
            raise exceptions.EnumAlreadyExists()

    if index is None or index < 0:
        index = idaapi.get_enum_qty()

    eid = idaapi.add_enum(index, name, flags)

    if eid == idaapi.BADADDR:
        raise exceptions.EnumCreationFailed('Failed creating enum "{}"'.format(name))

    if bitfield:
        idaapi.set_enum_bf(eid, bitfield)

    return Enum(eid=eid)
    def createenum(self, symbols):
        """
            Given full symbols and addresses create an enum name with the library name (the string before !)
            Some constants will fail due to weird characters in symbols used by MS. eg( `$)
            symbols: (dict) A set of symbols and addresses that have been cleaned.
        """
        enum_name = symbols.keys()[0].split('!')[0]
        enum = idc.AddEnum(0, enum_name, idaapi.hexflag())
        if enum == idaapi.BADADDR:
            print "[!] Failed to create enum: %s\n" % enum_name
            return 
        for symbol, address in symbols.iteritems():
            # "ADVAPI32!RegCreateKeyExWStub": "0xffff8007be2f89f0"
            org_symb = symbol
            symbol = str(symbol.split('!')[1].encode('utf-8'))
            symbol = symbol.strip()
            symbol = 's_'+symbol 
            address = int(address,16)
            ret = idc.AddConstEx(enum, symbol, address, -1)
            if ret !=0:
                print "[!] Failed to create constant for symbol %s - (%s). %s" % (org_symb,symbol,ENUM_ERRORS[ret])
                continue
            self.enums[address] = enum

        print "[+] Finished adding enum %s\n" % enum_name
Exemple #4
0
def add_enum(name=None, index=None, flags=idaapi.hexflag(), bitfield=False):
    """Create a new enum.

    Args:
        name: Name of the enum to create.
        index: The index of the enum. Leave at default to append the enum as the last enum.
        flags: Enum type flags.
        bitfield: Is the enum a bitfield.

    Returns:
        An `Enum` object.
    """
    if name is not None:
        with ignored(exceptions.EnumNotFound):
            _get_enum(name)
            raise exceptions.EnumAlreadyExists()

    if index is None or index < 0:
        index = idaapi.get_enum_qty()

    eid = idaapi.add_enum(index, name, flags)

    if eid == idaapi.BADADDR:
        raise exceptions.EnumCreationFailed(
            'Failed creating enum "{}"'.format(name))

    if bitfield:
        idaapi.set_enum_bf(eid, bitfield)

    return Enum(eid=eid)
Exemple #5
0
def add_enums(function):
    """ Add standard enums from parsed MSDN documentation for all imported
    library calls and their arguments.

    Arguments:
    function -- function object
    """
    enum_count = 0
    for argument in function.arguments:
        # Add standard enums
        if not argument.enums:
            g_logger.debug(' No standard constants available for %s' %
                           argument.name)
        else:
            for enum in argument.enums:
                g_logger.debug('  Importing enum %s for argument %s' %
                               (enum, argument.name))
                if idc.Til2Idb(-1, enum) != idaapi.BADADDR:
                    g_logger.debug('  ' + enum + ' ' + hex(idc.GetEnum(enum)) +
                                   ' added successfully')
                    enum_count = enum_count + 1
                else:
                    g_logger.debug('  Could not add ' + enum)

        if not argument.constants:
            # No constants for this argument
            continue

        argument.name = argument.name.encode('utf-8')
        function.name = function.name.encode('utf-8')

        # Add constant descriptions
        for constant in argument.constants:
            constant.name = constant.name.encode('utf-8')

            if constant.name == 'NULL':
                # Create unique name, so we can add descriptive comment to it
                constant.name = 'NULL_{}_{}'.format(argument.name,
                                                    function.name)
                # Add custom enum for NULL values if it does not exist yet
                enumid = idc.GetEnum(NULL_ENUM_NAME)
                if enumid == idaapi.BADADDR:
                    enumid = idc.AddEnum(-1, NULL_ENUM_NAME, idaapi.hexflag())
                idc.AddConstEx(enumid, constant.name, 0, -1)
                constid = idc.GetConstByName(constant.name)
                idc.SetConstCmt(constid, format_comment(constant.description),
                                False)
            else:
                constid = idc.GetConstByName(constant.name)
                if constid:
                    if idc.SetConstCmt(constid,
                                       format_comment(constant.description),
                                       False):
                        g_logger.debug('    Description added for %s' %
                                       constant.name)
                    else:
                        g_logger.debug('    No description added for %s' %
                                       constant.name)
    return enum_count
Exemple #6
0
def add_enum(name=None, index=idaapi.BADADDR, flags=idaapi.hexflag(), bitfield=False):
    """Create a new enum."""
    if name is not None:
        with ignored(exceptions.EnumNotFound):
            _get_enum(name)
            raise exceptions.EnumAlreadyExists()

    eid = idaapi.add_enum(index, name, flags)

    if eid == idaapi.BADADDR:
        raise exceptions.EnumCreationFailed('Failed creating enum "{}"'.format(name))

    if bitfield:
        idaapi.set_enum_bf(eid, bitfield)

    return Enum(eid=eid)
Exemple #7
0
def define_consts():
    enum = AddEnum(-1, 'YARA_CONST', idaapi.hexflag())
    if enum == BADADDR:
        print 'Unable to create enum YARA_CONST'
        return

    if idc.AddConst(enum, 'UNDEFINED_32', UNDEFINED_MAGIC & 0xFFFFffff):
        print 'Unable to create UNDEFINED_32 value'
        return

    const_id = GetConstByName('UNDEFINED_32')
    if const_id == -1:
        print 'Unable to get id of UNDEFINED_32'
        return

    if not SetConstCmt(const_id, 'internal UNDEFINED value for YARA VM', 1):
        print 'failed setting comment for UNDEFINED_32'
        return

    return True
Exemple #8
0
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program.  If not, see <http://www.gnu.org/licenses/>.

import idaapi
import idautils
import idc
import unittest
import yaunit

flags = [
    idaapi.hexflag(),
    idaapi.charflag(),
    idaapi.decflag(),
    idaapi.octflag(),
    idaapi.binflag(),
]

# name, enum_width 0->default, is bitfield, num_fields
tests = [
    ('std',         0, False, 0),
    ('std',         4, False, 0),
    ('bit',         0, True,  0),
    ('std_fields',  0, False, 0x20),
    ('bit_fields',  0, True,  0x20),
]