def symbols(self, output_file_path=None): """ Run find for all SIG files in currently active project. Show an IDA waitbox while doing so :param output_file_path: optional, save found symbols into output file :return: dictionary of found symbols """ self.verify_project() results = {} try: ida_kernwin.show_wait_box('Searching...') results = super(IdaLoader, self).symbols() ida_kernwin.replace_wait_box('Extracting...') ida_symbols = IdaLoader.extract_all_user_names(output_file_path) results.update(ida_symbols) except Exception as e: traceback.print_exc() finally: ida_kernwin.hide_wait_box() return results
def get_python_symbols(self, file_name=None): """ Run all python scripts inside the currently active project. Show an IDA waitbox while doing so :param file_name: filter a specific filename to execute :return: dictionary of all found symbols """ ida_kernwin.replace_wait_box('Running python scripts...') return super(IdaLoader, self).get_python_symbols(file_name=file_name)
def find(self, symbol_name, use_cache=False): """ Find symbol by name (as specified in SIG file) Show an IDA waitbox while doing so :param symbol_name: symbol name :return: output address list """ ida_kernwin.replace_wait_box('Searching symbol: \'{}\'...' .format(symbol_name)) return super(IdaLoader, self).find(symbol_name, use_cache=use_cache)
def _load_img_files(self, files): self.anim = [] i = 1 ida_kernwin.show_wait_box("HIDECANCEL\nLoading files") try: for file in files: ida_kernwin.replace_wait_box("Loading file %d/%d" % (i, len(files))) self.anim.append(QtGui.QPixmap(file)) i += 1 except: print("Failed loading file %d/%d" % (i, len(files))) finally: ida_kernwin.hide_wait_box() return
def update_wait_box(text): """update the IDA wait box""" ida_kernwin.replace_wait_box("capa explorer...%s" % text)
# Note: this try/except block below is just there to # let us (at Hex-Rays) test this script in various # situations. try: perform_decompilation = under_test__perform_decompilation except: pass step_sleep = 0.5 ida_kernwin.show_wait_box("Processing") try: all_eas = list(idautils.Functions()) neas = len(all_eas) for i, ea in enumerate(all_eas): if ida_kernwin.user_cancelled(): break ida_kernwin.replace_wait_box("Processing; step %d/%d" % (i+1, neas)) if perform_decompilation: try: ida_hexrays.decompile(ida_funcs.get_func(ea)) except ida_hexrays.DecompilationFailure as df: print("Decompilation failure: %s" % df) time.sleep(step_sleep * random.random()) finally: ida_kernwin.hide_wait_box()
def cb_btn_run(self): if self.dotnet_version_full == "unknown": ida_kernwin.warning(".NET Native framework could not be identified.\n"\ ".NIET needs it to work properly.") return # self.dotnet_version_full[:3] is "major.minor" if not self.dotnet_version_full[:3] in dotnet_versions_offsets: ida_kernwin.warning(".NIET currently does not support %s, please "\ "create an issue.") return instance = dotNIET(self.dotnet_version_full[:3]) instance.get_modules_info() # if "restore" is checked, everything else is greyed out if self.cb_restore.checkState() == QtCore.Qt.Checked: ida_kernwin.show_wait_box("HIDECANCEL\nClearing symbol names...") for i in range(instance.nb_symbols): # unset name of imports idc.set_name(instance.ordinals + i * 8, "") idaapi.msg("%d symbols removed!\n" % instance.nb_symbols) else: if self.dll_input_path.text() == "": idaapi.msg( "Error: \"SharedLibrary.dll\" path must be selected\n") del instance return # target SharedLibrary.dll .NET framework version is asked to be checked if self.cb_verify.checkState() == QtCore.Qt.Checked: ida_kernwin.show_wait_box("HIDECANCEL\nVerifying target dll "\ ".NET Native framework version...") dll_dotnet_version_full = utils.get_NET_Native_version( self.dll_input_path.text()) ida_kernwin.hide_wait_box() if dll_dotnet_version_full == "unknown" \ or dll_dotnet_version_full != self.dotnet_version_full: answer = ida_kernwin.ask_buttons("", "","", 1, "HIDECANCEL\n"\ "Target dll .NET Native "\ "framework version is '%s' "\ "whereas current binary one "\ "is '%s'.\nProceed anyway?" \ % (dll_dotnet_version_full,\ self.dotnet_version_full)) # "No" or "cancel/escape" if not answer: return # getting target SharedLibrary.dll GUID to verify that the pdb does # exist and is the right one ida_kernwin.show_wait_box("HIDECANCEL\nGetting pdb information...") if not utils.find_pdb(self.dll_input_path.text()): ida_kernwin.hide_wait_box() del instance return # everything is okay, ready to import ida_kernwin.replace_wait_box("HIDECANCEL\nImporting symbols...") instance.resolve_symbols(self.dll_input_path.text()) idaapi.msg("%d symbols imported at 0x%x\n" % (instance.nb_symbols, instance.ordinals)) ida_kernwin.hide_wait_box() del instance