def attach_app(self, pid):
idc.LoadDebugger("armlinux", 1)
idc.SetRemoteDebugger("localhost", "", self.port)
status = idc.AttachProcess(pid, -1)
if status == 1:
print 'Attaching to pid %s... Done' % pid
else:
print 'Attaching to pid %s... Failed: %s' % (pid, status)
def __init__(self, headless=False, binary_path=None):
'''
Initialize the IdaConcreteTarget. Nothing has to be done if the target is used inside the IDA Debugger but when
using IDA in headless mode (without the GUI) we need to start the debugger by ourselves.
:param :bool headless: headless mode is used when IDA is launched without the GUI
:param :str binary_path: optional path to the binary needed only
Example
To run a script in IDA headless mode use:
> idat.exe -c -A -S"angr_script.py" -t
> idat -c -A -S"angr_script.py" -t
'''
self.headless = headless
if binary_path and not self.headless:
l.warn(
"The binary path is needed only when using IDA in headless mode"
)
if self.headless:
if binary_path is None:
l.warn(
"You should provide a binary path when running IDA in headless mode"
)
self.exit()
idc.SetInputFilePath(binary_path)
l.debug("Running IDA in headless mode. Initializing the debugger")
idaapi.autoWait()
if sys.platform is "win32":
idc.LoadDebugger("win32", 0)
else:
idc.LoadDebugger("linux", 0)
# entry_point = idc.GetLongPrm(INF_START_IP)
# print("adding breakpoint at %x"%(entry_point))
idc.SetInputFilePath(binary_path)
# idc.AddBpt(entry_point)
idc.SetDebuggerOptions(idc.DOPT_START_BPT)
idc.StartDebugger("", "", "")
idc.ResumeProcess()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
l.debug("Debugger initialized")
super(IDAConcreteTarget, self).__init__()
def attach_app(self, pid, process, debug):
idc.LoadDebugger("armlinux", use_remote=1)
idc.SetRemoteDebugger("localhost", "", self.port)
status = idc.AttachProcess(pid, -1)
if status == 1:
print 'Attaching process %s[%s]... Done' % (process, pid)
if debug:
try:
self.adb.forward('tcp:' + str(JDWP_PORT),
'jdwp:' + str(pid))
self.dbg_hook = ResumeDebugHook()
self.dbg_hook.hook()
except BaseException, e:
print e
def setDebuggerOptions(self, processConfig, interactiveMode):
if processConfig.getOsArch() == 'ARM':
from dispatcher.core.structures.Tracer.ETDbgHookMobile import ETDbgHookMobile as ETDbgHook
port = 23946
host = "localhost"
_pass = ""
else:
from dispatcher.core.structures.Tracer.ETDbgHook import ETDbgHook as ETDbgHook
port = 0
host = ""
_pass = ""
path = processConfig.getPath()
application = processConfig.getApplication()
args = processConfig.getArgs()
sdir = processConfig.getSdir()
debugger = processConfig.getDebugger()
remote = processConfig.getRemote() == "True"
if remote:
port = int(processConfig.getPort())
host = processConfig.getHost()
_pass = processConfig.getPass()
#Use the win32 debugger as our debugger of choice
#You can can between these debuggers: win32, linux, mac
idc.LoadDebugger(debugger, remote)
#Set the process parameters, dont know if this actually worked (Should test it)
idc.SetInputFilePath(path)
idaapi.set_process_options(application, args, sdir, host, _pass, port)
if interactiveMode:
Print("Using interactive mode.")
else:
Print("Using non-interactive mode.")
EThook = ETDbgHook(self.tracefile, self.treeTracefile, self.logger,
interactiveMode)
EThook.hook()
EThook.steps = 0
return EThook
def _sync_loadDebugger(self):
return idc.LoadDebugger('linux', 0)
import idc
import idaapi
sEA = 0x0000000140001000
eEA = sEA + 0x1
ea = GetEntryPoint(1)
ea2 = MaxEA
idc.LoadDebugger("windbg", 1)
LoadDebugger("windbg", 1)
AddBptEx(0x0000000140001000, 0x1, BPT_BRK)
SetDebuggerOptions(DOPT_BPT_MSGS)
path = GetInputFilePath()
args = ''
sdir = ''
StartDebugger(path, args, sdir)
enable_extlang_python(True)
MakeCode(0x0000000140001000)
PauseProcess()
enable_extlang_python(True)
analyze_area(sEA, eEA)
StopDebugger()
print "##################################################\n" \
" What just HAppend your asked ? \n" \
" While you blinked. \n" \
" IDA Python did the work for you \n" \
" \n" \
" WinLicense Easy settings checker \n" \
"#############################################\n" \