def activate(self, ctx):
if self.action == ACTION_HX_REMOVERETTYPE:
if IDA7:
vdui = idaapi.get_widget_vdui(ctx.widget)
else:
vdui = idaapi.get_tform_vdui(ctx.form)
self.remove_rettype(vdui)
vdui.refresh_ctext()
elif self.action == ACTION_HX_COPYEA:
ea = idaapi.get_screen_ea()
if ea != idaapi.BADADDR:
copy_to_clip("0x%X" % ea)
print "Address 0x%X has been copied to clipboard" % ea
elif self.action == ACTION_HX_COPYNAME:
if IDA7:
name = idaapi.get_highlight(idaapi.get_current_viewer())[0]
else:
name = idaapi.get_highlighted_identifier()
if name:
copy_to_clip(name)
print "%s has been copied to clipboard" % name
else:
return 0
return 1
def activate(self, ctx):
vu = idaapi.get_tform_vdui(ctx.form)
if not vu or not self.sel:
print "No vdui? Strange, since this action should be enabled only for pseudocode views."
return 0
form = XrefsForm(self.sel)
form.Show()
return 1
def refresh_views():
"""
Refresh the IDA views.
"""
# refresh IDA views
idaapi.refresh_idaview_anyway()
# refresh hexrays view, if active
current_tform = idaapi.get_current_tform()
vu = idaapi.get_tform_vdui(current_tform)
if vu:
vu.refresh_ctext()
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
current_tform = idaapi.get_current_tform()
tform_type = idaapi.get_tform_type(current_tform)
# get the hexrays vdui (if available)
vu = idaapi.get_tform_vdui(current_tform)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif tform_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum())
op_func = idaapi.get_func(op_addr)
if op_func and op_func.startEA == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.startEA == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
def update(self, ctx):
vu = idaapi.get_tform_vdui(ctx.form)
if not vu:
return idaapi.AST_DISABLE_FOR_FORM
else:
vu.get_current_item(idaapi.USE_KEYBOARD)
item = vu.item
self.sel = None
if item.citype == idaapi.VDI_EXPR and item.it.to_specific_type.opname in ('obj', 'memref', 'memptr'):
# if an expression is selected. verify that it's either a cot_obj, cot_memref or cot_memptr
self.sel = item.it.to_specific_type
elif item.citype == idaapi.VDI_FUNC:
# if the function itself is selected, show xrefs to it.
self.sel = item.f
return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
def activate(self, ctx):
# ctx - action_activation_ctx_t
vu = idaapi.get_tform_vdui(ctx.form)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
convention = idaapi.CM_CC_MASK & function_details.cc
if convention == idaapi.CM_CC_CDECL:
function_details.cc = idaapi.CM_CC_SPECIAL
elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL,
idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL):
function_details.cc = idaapi.CM_CC_SPECIALP
elif convention == idaapi.CM_CC_ELLIPSIS:
function_details.cc = idaapi.CM_CC_SPECIALE
else:
return
function_tinfo.create_func(function_details)
idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
origin = self.temporary_structure.main_offset
var_type = self.check(hx_view.item)
if var_type == "LOCAL":
variable = hx_view.item.get_lvar() # lvar_t
index = list(hx_view.cfunc.get_lvars()).index(variable)
scanner = ShallowSearchVisitor(hx_view.cfunc, origin, index)
elif var_type == "GLOBAL":
gvar = hx_view.item.it.to_specific_type
name = idc.GetTrueName(gvar.obj_ea)
tinfo = gvar.type
scanner = ShallowSearchVisitor(hx_view.cfunc, origin, global_variable=(name, tinfo))
else:
return
scanner.process()
for field in scanner.candidates:
self.temporary_structure.add_row(field)
scanner.clear()
def get_cursor_func_ref():
current_tform = idaapi.get_current_tform()
tform_type = idaapi.get_tform_type(current_tform)
# get the hexrays vdui (if available)
vu = idaapi.get_tform_vdui(current_tform)
if vu:
cursor_addr = vu.item.get_ea()
elif tform_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum())
op_func = idaapi.get_func(op_addr)
if op_func and op_func.startEA == op_addr:
return op_addr
else:
return idaapi.BADADDR
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.startEA == cursor_addr:
return cursor_addr
return idaapi.BADADDR
def update(self, ctx):
if IDA7:
vdui = idaapi.get_widget_vdui(ctx.widget)
return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET
vdui = idaapi.get_tform_vdui(ctx.form)
return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
def update(self, ctx):
if IDA7:
vdui = idaapi.get_widget_vdui(ctx.widget)
return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET
vdui = idaapi.get_tform_vdui(ctx.form)
return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
def activate(self, ctx):
vdui = idaapi.get_tform_vdui(ctx.form)
self.inverter.invert_if_event(vdui)
return 1
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
result = self.check(hx_view.cfunc, hx_view.item)
if result:
if result[0] == RECAST_LOCAL_VARIABLE:
tinfo, lvar = result[1:]
if hx_view.set_lvar_type(lvar, tinfo):
hx_view.refresh_view(True)
elif result[0] == RECAST_GLOBAL_VARIABLE:
tinfo, address = result[1:]
if idaapi.apply_tinfo2(address, tinfo, idaapi.TINFO_DEFINITE):
hx_view.refresh_view(True)
elif result[0] == RECAST_ARGUMENT:
arg_index, func_tinfo, arg_tinfo, address = result[1:]
func_data = idaapi.func_type_data_t()
func_tinfo.get_func_details(func_data)
func_data[arg_index].type = arg_tinfo
new_func_tinfo = idaapi.tinfo_t()
new_func_tinfo.create_func(func_data)
if idaapi.apply_tinfo2(address, new_func_tinfo,
idaapi.TINFO_DEFINITE):
hx_view.refresh_view(True)
elif result[0] == RECAST_RETURN:
return_type, func_address = result[1:]
try:
cfunc = idaapi.decompile(
func_address) if func_address else hx_view.cfunc
except idaapi.DecompilationFailure:
print "[ERROR] Ida failed to decompile function"
return
function_tinfo = idaapi.tinfo_t()
cfunc.get_func_type(function_tinfo)
func_data = idaapi.func_type_data_t()
function_tinfo.get_func_details(func_data)
func_data.rettype = return_type
function_tinfo.create_func(func_data)
if idaapi.apply_tinfo2(cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE):
hx_view.refresh_view(True)
elif result[0] == RECAST_STRUCTURE:
structure_name, field_offset, new_type = result[1:]
tinfo = idaapi.tinfo_t()
tinfo.get_named_type(idaapi.cvar.idati, structure_name)
ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati,
structure_name)
if ordinal:
udt_member = idaapi.udt_member_t()
udt_member.offset = field_offset * 8
idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET,
udt_member)
if udt_member.offset != field_offset * 8:
print "[Info] Can't handle with arrays yet"
elif udt_member.type.get_size() != new_type.get_size():
print "[Info] Can't recast different sizes yet"
else:
udt_data = idaapi.udt_type_data_t()
tinfo.get_udt_details(udt_data)
udt_data[idx].type = new_type
tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
tinfo.set_numbered_type(idaapi.cvar.idati, ordinal,
idaapi.NTF_REPLACE,
structure_name)
hx_view.refresh_view(True)
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
lvar = hx_view.cfunc.get_lvars()[hx_view.item.e.v.idx]
hx_view.set_lvar_cmt(lvar, re.sub("```.*```", '', lvar.cmt))
hx_view.refresh_view(True)
def update(self, ctx):
vdui = idaapi.get_tform_vdui(ctx.form)
return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
# NOTE / COMPAT:
if using_ida7api:
current_widget = idaapi.get_current_widget()
form_type = idaapi.get_widget_type(current_widget)
vu = idaapi.get_widget_vdui(current_widget)
else:
current_tform = idaapi.get_current_tform()
form_type = idaapi.get_tform_type(current_tform)
vu = idaapi.get_tform_vdui(current_tform)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif form_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
opnum = idaapi.get_opnum()
if opnum != -1:
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
# NOTE/COMPAT:
if using_ida7api:
op_addr = idc.get_operand_value(cursor_addr, opnum)
else:
op_addr = idc.GetOperandValue(cursor_addr, opnum)
op_func = idaapi.get_func(op_addr)
# NOTE/COMPAT:
if using_ida7api:
if op_func and op_func.start_ea == op_addr:
return op_addr
else:
if op_func and op_func.startEA == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
# NOTE/COMPAT:
if using_ida7api:
if cursor_func and cursor_func.start_ea == cursor_addr:
return cursor_addr
else:
if cursor_func and cursor_func.startEA == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
def update(self, ctx):
vdui = idaapi.get_tform_vdui(ctx.form)
if vdui:
return idaapi.AST_ENABLE_FOR_FORM
else:
return idaapi.AST_DISABLE_FOR_FORM
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
variable = hx_view.item.get_lvar() # lvar_t
self.scan(hx_view, variable)
def activate(self, ctx):
vdui = idaapi.get_tform_vdui(ctx.form)
self.inverter.invert_if_event(vdui)
return 1
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.widget)
result = self.check(hx_view.cfunc, hx_view.item)
if result is None:
return
struct_tinfo, offset, idx = result
ordinal = struct_tinfo.get_ordinal()
struct_name = struct_tinfo.dstr()
if (offset + idx) % 2:
default_field_type = "_BYTE"
elif (offset + idx) % 4:
default_field_type = "_WORD"
else:
default_field_type = "_DWORD"
declaration = idaapi.asktext(
0x10000, "{0} field_{1:X}".format(default_field_type, offset + idx), "Enter new structure member:"
)
if declaration is None:
return
result = self.__parse_declaration(declaration)
if result is None:
return
field_tinfo, field_name = result
field_size = field_tinfo.get_size()
udt_data = idaapi.udt_type_data_t()
udt_member = idaapi.udt_member_t()
struct_tinfo.get_udt_details(udt_data)
udt_member.offset = offset * 8
struct_tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)
gap_size = udt_member.size // 8
gap_leftover = gap_size - idx - field_size
if gap_leftover < 0:
print "[ERROR] Too big size for the field. Type with maximum {0} bytes can be used".format(gap_size - idx)
return
iterator = udt_data.find(udt_member)
iterator = udt_data.erase(iterator)
if gap_leftover > 0:
udt_data.insert(iterator, TemporaryStructureModel.get_padding_member(offset + idx + field_size, gap_leftover))
udt_member = idaapi.udt_member_t()
udt_member.offset = offset * 8 + idx
udt_member.name = field_name
udt_member.type = field_tinfo
udt_member.size = field_size
iterator = udt_data.insert(iterator, udt_member)
if idx > 0:
udt_data.insert(iterator, TemporaryStructureModel.get_padding_member(offset, idx))
struct_tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
struct_tinfo.set_numbered_type(idaapi.cvar.idati, ordinal, idaapi.BTF_STRUCT, struct_name)
hx_view.refresh_view(True)
def check(ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
return hx_view.cfunc.get_rettype().equals_to(Const.VOID_TINFO)
