def _work():
matches = app.dwarf_api('findSymbol', input)
if len(matches) > 0:
panel.setColumnCount(3)
panel.setHorizontalHeaderLabels(['name', 'address', 'module'])
for ptr in matches:
sym = app.dwarf_api('getSymbolByAddress', ptr)
if sym is None:
continue
if sym['name'] == '' or sym['name'] is None:
sym['name'] = sym['address']
row = panel.rowCount()
panel.insertRow(row)
q = NotEditableTableWidgetItem(sym['name'])
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.white)
panel.setItem(row, 0, q)
q = MemoryAddressWidget(sym['address'])
panel.setItem(row, 1, q)
q = NotEditableTableWidgetItem(sym['moduleName'])
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.lightGray)
panel.setItem(row, 2, q)
panel.sortByColumn(0, 0)
if row == 0:
panel.resizeColumnsToContents()
panel.horizontalHeader().setStretchLastSection(True)
def add_context(self, data, library_onload=None):
if self.columnCount() == 0:
self.setColumnCount(3)
self.setHorizontalHeaderLabels(['tid', 'pc', 'symbol'])
row = self.rowCount()
self.insertRow(row)
q = ContextItem(data, str(data['tid']))
q.setForeground(Qt.darkCyan)
self.setItem(row, 0, q)
is_java = data['is_java']
if not is_java:
q = MemoryAddressWidget(data['ptr'])
else:
parts = data['ptr'].split('.')
q = NotEditableTableWidgetItem(parts[len(parts) - 1])
q.setForeground(Qt.red)
q.setFlags(Qt.NoItemFlags)
self.setItem(row, 1, q)
if library_onload is None:
if not is_java:
q = NotEditableTableWidgetItem(
'%s - %s' %
(data['symbol']['moduleName'], data['symbol']['name']))
else:
q = NotEditableTableWidgetItem('.'.join(parts[:len(parts) -
1]))
else:
q = NotEditableTableWidgetItem('loading %s' % library_onload)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(row, 2, q)
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def set_backtrace(self, bt):
if 'type' not in bt:
return
self.setRowCount(0)
if self.columnCount() == 0:
self.setColumnCount(2)
if bt['type'] == 'native':
bt = bt['bt']
self.setHorizontalHeaderLabels(['symbol', 'address'])
for a in bt:
row = self.rowCount()
self.insertRow(row)
name = a['name']
if name is None:
q = NotEditableTableWidgetItem('-')
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(row, 0, q)
else:
q = NotEditableTableWidgetItem(name)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.darkGreen)
self.setItem(row, 0, q)
q = MemoryAddressWidget(a['address'])
self.setItem(row, 1, q)
elif bt['type'] == 'java':
bt = bt['bt']
# Java backtrace
self.setHorizontalHeaderLabels(['method', 'source'])
parts = bt.split('\n')
for i in range(0, len(parts)):
if i == 0:
continue
p = parts[i].replace('\t', '')
p = p.split('(')
if len(p) != 2:
continue
row = self.rowCount()
self.insertRow(row)
q = NotEditableTableWidgetItem(p[0])
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.darkYellow)
self.setItem(row, 0, q)
q = NotEditableTableWidgetItem(p[1].replace(')', ''))
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(row, 1, q)
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def add_watcher_callback(self, ptr):
if self.columnCount() == 0:
self.setColumnCount(1)
self.setHorizontalHeaderLabels(['address'])
self.insertRow(self.rowCount())
q = MemoryAddressWidget(ptr)
self.setItem(self.rowCount() - 1, 0, q)
if self.rowCount() == 1:
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def build_exports_row(table, item):
row = table.rowCount()
table.insertRow(row)
q = NotEditableTableWidgetItem(item['name'])
q.setForeground(Qt.gray)
table.setItem(row, 0, q)
q = MemoryAddressWidget(item['address'])
table.setItem(row, 1, q)
q = NotEditableTableWidgetItem(item['type'])
table.setItem(row, 2, q)
def __set_native_context(self, ptr, context):
self.__initialize_context()
self.context_ptr = ptr
self.is_java_context = False
self.setColumnCount(4)
self.setHorizontalHeaderLabels(['reg', 'value', 'decimal', 'telescope'])
if self.app.get_dwarf().get_loading_library() is not None:
self.context_ptr = self.app.get_dwarf().get_loading_library()
for reg in context:
if reg.lower() == 'tojson':
continue
i = self.rowCount()
self.insertRow(i)
q = NotEditableTableWidgetItem(reg)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(i, 0, q)
if context[reg] is not None:
q = NativeRegisterWidget(reg, context[reg])
self.setItem(i, 1, q)
q = NotEditableTableWidgetItem(str(int(context[reg]['value'], 16)))
q.setForeground(Qt.darkCyan)
self.setItem(i, 2, q)
if context[reg]['isValidPointer']:
ts = context[reg]['telescope']
if ts is not None:
if ts[0] == 1:
q = MemoryAddressWidget(str(ts[1]))
else:
q = NotEditableTableWidgetItem(str(ts[1]))
q.setFlags(Qt.NoItemFlags)
if ts[0] == 0:
q.setForeground(Qt.darkGreen)
elif ts[0] == 2:
q.setForeground(Qt.white)
elif ts[0] != 1:
q.setForeground(Qt.darkGray)
self.setItem(i, 3, q)
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def add_trace_event(self, event):
row = self.rowCount()
self.insertRow(row)
q = MemoryAddressWidget(event.location)
q.setText('%s%s' % (' ' * (event.depth * 4), event.location))
self.setItem(row, 0, q)
q = MemoryAddressWidget(event.target)
self.setItem(row, 1, q)
def hook_native_callback(self, hook):
if self.columnCount() == 0:
self.setColumnCount(2)
self.setHorizontalHeaderLabels(['input', 'address'])
self.insertRow(self.rowCount())
q = HookWidget(hook.get_input())
q.set_hook_data(hook)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(self.rowCount() - 1, 0, q)
q = MemoryAddressWidget(hex(hook.get_ptr()))
self.setItem(self.rowCount() - 1, 1, q)
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def set_modules(self, modules):
self.setRowCount(0)
i = 0
for module in sorted(modules, key=lambda x: x['name']):
self.insertRow(i)
q = NotEditableTableWidgetItem(module['name'])
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(i, 0, q)
q = MemoryAddressWidget(module['base'])
self.setItem(i, 1, q)
q = NotEditableTableWidgetItem(str(module['size']))
q.setFlags(Qt.NoItemFlags)
self.setItem(i, 2, q)
q = NotEditableTableWidgetItem(module['path'])
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.lightGray)
self.setItem(i, 3, q)
i += 1
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def add_bytes_match_item(self, address, symbol):
r = self.rowCount()
if r == 0:
self.setColumnCount(2)
self.setHorizontalHeaderLabels(['address', 'symbol'])
self.insertRow(r)
self.setItem(r, 0, MemoryAddressWidget(address))
if symbol['moduleName'] is not None:
sym = symbol['moduleName']
if symbol['name'] is not None:
sym = '%s (%s)' % (symbol['name'], sym)
q = NotEditableTableWidgetItem(sym)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.lightGray)
else:
q = NotEditableTableWidgetItem('-')
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(r, 1, q)
if r == 0:
self.resizeColumnsToContents()
self.horizontalHeader().setStretchLastSection(True)
def hook_native_callback(self, ptr):
self.insertRow(self.rowCount())
h = Hook(Hook.HOOK_NATIVE)
h.set_ptr(ptr)
h.set_input(self.temporary_input)
self.temporary_input = ''
if self.native_pending_args:
h.set_condition(self.native_pending_args['condition'])
h.set_logic(self.native_pending_args['logic'])
self.native_pending_args = {}
self.hooks[ptr] = h
q = HookWidget(h.get_input())
q.set_hook_data(h)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(self.rowCount() - 1, 0, q)
q = MemoryAddressWidget(hex(ptr))
self.setItem(self.rowCount() - 1, 1, q)
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def set_context(self, ptr, is_java, context):
self.setRowCount(0)
self.setColumnCount(0)
i = 0
self.context_ptr = ptr
if self.app.get_dwarf().get_loading_library() is not None:
self.context_ptr = self.app.get_dwarf().get_loading_library()
if is_java:
self.setColumnCount(3)
self.setHorizontalHeaderLabels(['argument', 'class', 'value'])
else:
self.setColumnCount(4)
self.setHorizontalHeaderLabels(
['reg', 'value', 'decimal', 'telescope'])
for reg in context:
self.insertRow(i)
q = NotEditableTableWidgetItem(reg)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(i, 0, q)
if is_java:
q = NotEditableTableWidgetItem(context[reg]['className'])
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.white)
self.setItem(i, 1, q)
if context[reg] is not None:
if is_java:
if context[reg]['arg'] is None:
q = QTableWidgetItem('null')
q.setForeground(Qt.gray)
else:
q = QTableWidgetItem(str(context[reg]['arg']))
else:
q = NativeRegisterWidget(self.app, reg, context[reg])
if is_java:
q.setFlags(Qt.NoItemFlags)
self.setItem(i, 2, q)
else:
self.setItem(i, 1, q)
q = NotEditableTableWidgetItem(str(int(context[reg], 16)))
q.setForeground(Qt.darkCyan)
q.setFlags(Qt.NoItemFlags)
self.setItem(i, 2, q)
data = self.app.dwarf_api('getAddressTs', context[reg])
if data is not None:
if data[0] == 1:
q = MemoryAddressWidget(str(data[1]))
else:
q = NotEditableTableWidgetItem(str(data[1]))
q.setFlags(Qt.NoItemFlags)
if data[0] == 0:
q.setForeground(Qt.darkGreen)
elif data[0] == 2:
q.setForeground(Qt.white)
elif data[0] != 1:
q.setForeground(Qt.darkGray)
self.setItem(i, 3, q)
i += 1
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def _add_mem_address_item_if_needed(self, row):
if not isinstance(self.memory_panel.item(row, 0), MemoryAddressWidget):
address = self.memory_panel.range.base + (row * 16)
q = MemoryAddressWidget(hex(address))
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.red)
self.memory_panel.setItem(row, 0, q)
col = 0
offset = address - self.memory_panel.range.base
while col < 16:
q = ByteWidget()
if offset + col >= self.memory_panel.range.size:
break
try:
q.set_value(self.memory_panel.range.data[offset + col])
except:
self.work = False
break
q.set_ptr(address + col)
q.set_offset(offset + col)
self.memory_panel.setItem(row, col + 1, q)
col += 1
tail = offset + 16
if tail > self.memory_panel.range.tail:
tail = self.memory_panel.range.tail
t = ''
for byte in self.memory_panel.range.data[offset:tail]:
if not PY3K:
byte = ord(byte)
if 0x20 <= byte <= 0x7E:
t += chr(byte)
else:
t += '.'
q = NotEditableTableWidgetItem(t)
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.darkYellow)
self.memory_panel.setItem(row, 17, q)
def set_context(self, ptr, is_java, context):
self.context_ptr = ptr
self.is_java_context = is_java
self.setRowCount(0)
self.setColumnCount(0)
i = 0
if self.app.get_dwarf().get_loading_library() is not None:
self.context_ptr = self.app.get_dwarf().get_loading_library()
if self.is_java_context:
self.setColumnCount(3)
self.setHorizontalHeaderLabels(['argument', 'class', 'value'])
else:
self.setColumnCount(4)
self.setHorizontalHeaderLabels(
['reg', 'value', 'decimal', 'telescope'])
for reg in context:
if reg.lower() == 'tojson':
continue
self.insertRow(i)
q = NotEditableTableWidgetItem(reg)
if not self.is_java_context:
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.gray)
self.setItem(i, 0, q)
if self.is_java_context:
q = NotEditableTableWidgetItem(context[reg]['className'])
if isinstance(context[reg]['handle'], str):
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.lightGray)
self.item(i, 0).setFlags(Qt.NoItemFlags)
self.item(i, 0).setForeground(Qt.lightGray)
self.setItem(i, 1, q)
if context[reg] is not None:
if self.is_java_context:
if context[reg]['arg'] is None:
q = QTableWidgetItem('null')
q.setForeground(Qt.gray)
else:
q = NotEditableTableWidgetItem(str(
context[reg]['arg']))
else:
q = NativeRegisterWidget(self.app, reg, context[reg])
if self.is_java_context:
q.setForeground(Qt.gray)
self.setItem(i, 2, q)
else:
self.setItem(i, 1, q)
q = NotEditableTableWidgetItem(
str(int(context[reg]['value'], 16)))
q.setForeground(Qt.darkCyan)
self.setItem(i, 2, q)
if context[reg]['isValidPointer']:
ts = context[reg]['telescope']
if ts is not None:
if ts[0] == 1:
q = MemoryAddressWidget(str(ts[1]))
else:
q = NotEditableTableWidgetItem(str(ts[1]))
q.setFlags(Qt.NoItemFlags)
if ts[0] == 0:
q.setForeground(Qt.darkGreen)
elif ts[0] == 2:
q.setForeground(Qt.white)
elif ts[0] != 1:
q.setForeground(Qt.darkGray)
self.setItem(i, 3, q)
i += 1
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def disasm(self, _range=None):
self.setRowCount(0)
if _range:
self.range = _range
if self.range is None:
return 1
if len(self.history) == 0 or self.history[
len(self.history) - 1] != self.range.start_address:
self.history.append(self.range.start_address)
if len(self.history) > 25:
self.history.pop(0)
md = Cs(self.cs_arch, self.cs_mode)
md.detail = True
insts = 0
for i in md.disasm(self.range.data[self.range.start_offset:],
self.range.start_address):
if insts > 128:
break
instruction = Instruction(self.dwarf, i)
row = self.rowCount()
self.insertRow(row)
w = MemoryAddressWidget('0x%x' % i.address)
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.red)
w.set_offset(self.range.base - i.address)
self.setItem(row, 0, w)
w = NotEditableTableWidgetItem(
binascii.hexlify(instruction.bytes).decode('utf8'))
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.darkYellow)
self.setItem(row, 1, w)
if instruction.is_jump and instruction.jump_address != 0:
w = MemoryAddressWidget(instruction.op_str)
w.set_address(instruction.jump_address)
else:
w = NotEditableTableWidgetItem(instruction.op_str)
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.lightGray)
self.setItem(row, 3, w)
w = NotEditableTableWidgetItem(instruction.mnemonic.upper())
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.white)
w.setTextAlignment(Qt.AlignCenter)
w.setFont(QFont(None, 11, QFont.Bold))
self.setItem(row, 2, w)
if instruction.symbol_name is not None:
w = NotEditableTableWidgetItem(
'%s (%s)' %
(instruction.symbol_name, instruction.symbol_module))
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.lightGray)
self.setItem(row, 4, w)
insts += 1
self.scrollToTop()
return 0
def add_hook(self, emulator, instruction):
# check if the previous hook is waiting for a register result
if self._require_register_result is not None:
res = '%s = %s' % (
self._require_register_result[1],
hex(emulator.uc.reg_read(self._require_register_result[0])))
self.setItem(self.rowCount() - 1, 4,
NotEditableTableWidgetItem(res))
# invalidate
self._require_register_result = None
# check if the code jumped
if self._last_instruction_address > 0:
if instruction.address > self._last_instruction_address + self.app.get_dwarf().pointer_size or\
instruction.address < self._last_instruction_address:
# insert an empty line
self.insertRow(self.rowCount())
self._last_instruction_address = instruction.address
row = self.rowCount()
self.insertRow(row)
address = instruction.address
if instruction.thumb:
address = address | 1
w = MemoryAddressWidget('0x%x' % address)
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.red)
self.setItem(row, 0, w)
w = NotEditableTableWidgetItem(
binascii.hexlify(instruction.bytes).decode('utf8'))
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.darkYellow)
self.setItem(row, 1, w)
if instruction.is_jump and instruction.jump_address != 0:
w = MemoryAddressWidget(instruction.op_str)
w.set_address(instruction.jump_address)
else:
w = NotEditableTableWidgetItem(instruction.op_str)
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.lightGray)
self.setItem(row, 3, w)
w = NotEditableTableWidgetItem(instruction.mnemonic.upper())
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.white)
w.setTextAlignment(Qt.AlignCenter)
w.setFont(QFont(None, 11, QFont.Bold))
self.setItem(row, 2, w)
# implicit regs read are notified later through mem access
if len(instruction.regs_read) == 0:
if len(instruction.operands) > 0:
for i in instruction.operands:
if i.type == CS_OP_REG:
self._require_register_result = [
i.value.reg,
instruction.reg_name(i.value.reg)
]
break
if instruction.symbol_name is not None:
w = NotEditableTableWidgetItem(
'%s (%s)' %
(instruction.symbol_name, instruction.symbol_module))
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.lightGray)
self.setItem(row, 4, w)
self.scrollToBottom()
def set_ranges(self, ranges):
self.setRowCount(0)
i = 0
for range in sorted(ranges, key=lambda x: x['base'], reverse=True):
self.insertRow(i)
q = MemoryAddressWidget(range['base'])
self.setItem(i, 0, q)
q = NotEditableTableWidgetItem(str(range['size']))
q.setFlags(Qt.NoItemFlags)
self.setItem(i, 1, q)
q = NotEditableTableWidgetItem(range['protection'])
q.setFlags(Qt.NoItemFlags)
q.setTextAlignment(Qt.AlignCenter)
self.setItem(i, 2, q)
if 'file' in range:
q = NotEditableTableWidgetItem(range['file']['path'])
q.setFlags(Qt.NoItemFlags)
q.setForeground(Qt.lightGray)
self.setItem(i, 3, q)
else:
self.setItem(i, 3, NotEditableTableWidgetItem(''))
i += 1
self.resizeRowsToContents()
self.horizontalHeader().setStretchLastSection(True)
def disasm(self, range, offset):
self.setRowCount(0)
self.range = range
self.offset = offset
md = Cs(self.cs_arch, self.cs_mode)
md.detail = True
insts = 0
for i in md.disasm(self.range.data[self.offset:],
self.range.base + self.offset):
if insts > 128:
break
row = self.rowCount()
self.insertRow(row)
if insts == 0:
sym = self.app.dwarf_api('getSymbolByAddress', i.address)
if sym:
module = ''
if 'moduleName' in sym:
module = '- %s' % sym['moduleName']
w = NotEditableTableWidgetItem('%s %s' %
(sym['name'], module))
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.lightGray)
self.setItem(row, 4, w)
w = MemoryAddressWidget('0x%x' % i.address)
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.red)
w.set_address(i.address)
w.set_offset(self.range.base - i.address)
self.setItem(row, 0, w)
w = NotEditableTableWidgetItem(
binascii.hexlify(i.bytes).decode('utf8'))
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.darkYellow)
self.setItem(row, 1, w)
is_jmp = False
op_imm_value = 0
if CS_GRP_JUMP in i.groups or CS_GRP_CALL in i.groups:
is_jmp = False
if len(i.operands) > 0:
for op in i.operands:
if op.type == CS_OP_IMM:
if len(i.operands) == 1:
is_jmp = True
if is_jmp:
op_imm_value = op.value.imm
sym = self.app.dwarf_api('getSymbolByAddress',
op_imm_value)
module = ''
if 'moduleName' in sym:
module = '- %s' % sym['moduleName']
w = NotEditableTableWidgetItem(
'%s %s' % (sym['name'], module))
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.lightGray)
self.setItem(row, 4, w)
if is_jmp:
w = MemoryAddressWidget(i.op_str)
w.set_address(op_imm_value)
w.setForeground(Qt.red)
else:
w = NotEditableTableWidgetItem(i.op_str)
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.lightGray)
self.setItem(row, 3, w)
w = NotEditableTableWidgetItem(i.mnemonic.upper())
w.setFlags(Qt.NoItemFlags)
w.setForeground(Qt.white)
w.setTextAlignment(Qt.AlignCenter)
w.setFont(QFont(None, 11, QFont.Bold))
self.setItem(row, 2, w)
insts += 1
self.resizeColumnsToContents()
self.scrollToTop()