def prepare_debug_noui():
target_pid = -1
idaapi.msg("[%s] waiting...\n" % (PLUGNAME))
filename = ida_nalt.get_root_filename()
pis = ida_idd.procinfo_vec_t()
ida_dbg.get_processes(pis)
for proc in pis:
proc_name = proc.name.split(" ")[1]
idx = proc_name.rfind("/")
if idx != -1:
proc_name = proc_name[idx + 1:]
if filename == proc_name:
target_pid = proc.pid
break
if target_pid != -1:
idaapi.msg("[%s] start debug (PID: %d)\n" % (PLUGNAME, target_pid))
ida_dbg.attach_process(target_pid, -1)
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
ida_dbg.continue_process()
else:
idaapi.msg("[%s] exit waiting\n" % (PLUGNAME))
def __call__(self):
target_pid = -1
if idaapi.is_debugger_on():
idaapi.msg("[%s] the debugger is currently running\n" % PLUGNAME)
return -1
if not self.times%5:
idaapi.msg("[%s] waiting for the process (%ds left)...\n" % \
(PLUGNAME, self.times))
filename = ida_nalt.get_root_filename()
pis = ida_idd.procinfo_vec_t()
ida_dbg.get_processes(pis)
for proc in pis:
proc_name = proc.name.split(" ")[1]
idx = proc_name.rfind("/")
if idx != -1:
proc_name = proc_name[idx+1:]
if filename == proc_name:
target_pid = proc.pid
break
if target_pid != -1:
idaapi.msg("[%s] found. start debug (PID: %d)\n" % (PLUGNAME, target_pid))
ida_dbg.attach_process(target_pid, -1)
ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
ida_dbg.continue_process()
return -1
self.times -= 1
return -1 if self.times == 0 else self.interval
def prepare_debug_ui(self):
wd = WaitDialog()
idaapi.msg("[%s] waiting...\n" % (PLUGNAME))
wd.thread.start()
wd.exec_()
target_pid = wd.get_target_pid()
if target_pid != -1:
ida_dbg.attach_process(target_pid, -1)
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
ida_dbg.continue_process()
else:
idaapi.msg("[%s] exit waiting\n" % (PLUGNAME))
def dbg_bpt(self, tid, ea):
"""
触发断点时的处理函数
"""
func_name_t = idc.print_operand(ea, 0)
point_hit_count = self.inc_break_point_hit_count(ea)
if is_func_call(ea):
# 如果当前地址是函数调用(即调用前)
args_rule = self.get_args_rule(func_name_t, ea)
if args_rule == False:
FELogger.console('临时断点%s' % hexstr(ea))
else:
up_func_name = ida_funcs.get_func_name(ea)
func_hit_count = self.inc_break_func_hit_count(up_func_name)
FELogger.console(func_name_t + ' - ' + up_func_name + '-' * 60)
FELogger.console(
'tid - %d - %d, pointHit: %d, funcHit: %d' %
(tid, time.time(), point_hit_count, func_hit_count))
FELogger.console(('%s - before' + '-' * 30) % func_name_t)
ida_dbg.refresh_debugger_memory()
before_info = self.get_before_run_info(args_rule)
elif is_func_call(ida_bytes.prev_head(ea, 0)):
# 如果当前地址的上一条地址是函数调用(即调用后)
func_ea = ida_bytes.prev_head(ea, 0)
func_name = idc.print_operand(func_ea, 0)
args_rule = self.get_args_rule(func_name, func_ea)
FELogger.console(('%s - after ' + '-' * 30) % func_name)
# ida_dbg.refresh_debugger_memory()
after_info = self.get_after_run_info(args_rule)
else:
FELogger.console('临时断点%s' % hexstr(ea))
# 是否单步调试
if self.step_dbg == False:
ida_dbg.continue_process()
return 0
def findFlag(addrToContinue, passwordString):
listOfBptAddr = []
toRunDbg = True
currentInstr = addrToContinue
# iterate through the rest of main() to set breakpoint after each subroutine call
while 1:
currentInstr = next_head(currentInstr)
# go to the instruction after subroutine to set breakpoint
if "call" in print_insn_mnem(currentInstr):
# go to the next instruction after the call subroutine to set breakpoint
currentInstr = next_head(currentInstr)
# set breakpoint and store in a list so later and know where are all the breakpoints to clear them
add_bpt(currentInstr)
listOfBptAddr.append(currentInstr)
# stop looking for more subroutine cause reached return statement
elif "retn" in print_insn_mnem(currentInstr):
# stop the debugger (async)
exit_process()
print("Fail to find flags!")
break
# start running the debugger (async)
start_process(None, passwordString)
# start to look at the TEMP folder for the files whenever a breakpoint is reached
while 1:
# blocking to wait till exception event occurs since start_process() is async
wait_for_next_event(WFNE_SUSP | WFNE_CONT, -1)
# try to get the dropTemp.jpg and part#.jpg
if getFlags():
# stop the debugger (async)
exit_process()
print("Found the flags!")
break
# continue the debugger's execution (sync)
ida_dbg.continue_process()
# delete all the breakpoints set earlier
for bptAddr in listOfBptAddr:
del_bpt(bptAddr)
def prepare_debug_ui(self):
if idaapi.is_debugger_on():
idaapi.warning("[%s] the debugger is currently running" % PLUGNAME)
return
wd = WaitDialog()
idaapi.msg("[%s] waiting...\n" % (PLUGNAME))
wd.thread.start()
wd.exec_()
target_pid = wd.get_target_pid()
if target_pid != -1:
ida_dbg.attach_process(target_pid,-1)
ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
ida_dbg.continue_process()
else:
idaapi.msg("[%s] exit waiting\n" % (PLUGNAME))