def start():
process_is_suspended = False
#check if process is suspended
if idaapi.is_debugger_on():
if idaapi.get_process_state() == -1:
process_is_suspended = True
else:
idaapi.warning("Please suspend the debugger!")
else:
idaapi.warning("Please run the process!")
#then start a stack checking
if process_is_suspended:
is_success, call_list, call_addr_list = get_all_calls()
if is_success and call_list is not None:
curr_thread = ida_dbg.get_current_thread()
title = "CallStack - thread: {}".format(curr_thread)
idaapi.close_chooser(title)
c = MyChoose(call_list, call_addr_list, title)
c.Show()
else:
idaapi.warning(
"Something wrong. There is no functions. Set DEBUG flag in the script and check what is going on"
)
def main():
if not idaapi.is_debugger_on():
idc.Warning("Please run the process first!")
return
if idaapi.get_process_state() != -1:
idc.Warning("Please suspend the debugger first!")
return
info = idaapi.get_inf_structure()
if info.is_64bit():
long_size = 8
elif info.is_32bit():
long_size = 4
else:
idc.Warning("Only 32 or 64 bit is supported!")
return
# only avail from IdaPython r232
if hasattr(idaapi, "NearestName"):
# get all debug names
dn = idaapi.get_debug_names(idaapi.cvar.inf.minEA,
idaapi.cvar.inf.maxEA)
# initiate a nearest name search (using debug names)
nn = idaapi.NearestName(dn)
else:
nn = None
RetAddrStackWalk(nn, long_size)
def __call__(self):
target_pid = -1
if idaapi.is_debugger_on():
idaapi.msg("[%s] the debugger is currently running\n" % PLUGNAME)
return -1
if not self.times%5:
idaapi.msg("[%s] waiting for the process (%ds left)...\n" % \
(PLUGNAME, self.times))
filename = ida_nalt.get_root_filename()
pis = ida_idd.procinfo_vec_t()
ida_dbg.get_processes(pis)
for proc in pis:
proc_name = proc.name.split(" ")[1]
idx = proc_name.rfind("/")
if idx != -1:
proc_name = proc_name[idx+1:]
if filename == proc_name:
target_pid = proc.pid
break
if target_pid != -1:
idaapi.msg("[%s] found. start debug (PID: %d)\n" % (PLUGNAME, target_pid))
ida_dbg.attach_process(target_pid, -1)
ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
ida_dbg.continue_process()
return -1
self.times -= 1
return -1 if self.times == 0 else self.interval
def main():
if not idaapi.is_debugger_on():
idc.Warning("Please run the process first!")
return
if idaapi.get_process_state() != -1:
idc.Warning("Please suspend the debugger first!")
return
# only avail from IdaPython r232
if hasattr(idaapi, "NearestName"):
# get all debug names
dn = idaapi.get_debug_names(idaapi.cvar.inf.minEA, idaapi.cvar.inf.maxEA)
# initiate a nearest name search (using debug names)
nn = idaapi.NearestName(dn)
else:
nn = None
ret, callstack = CallStackWalk(nn)
if ret:
title = "Call stack walker (thread %X)" % (GetCurrentThreadId())
idaapi.close_chooser(title)
c = CallStackWalkChoose(callstack, title)
c.choose()
else:
idc.Warning("Failed to walk the stack:" + callstack)
def getImportTableData(self):
"""
Update rt_import_table with current import table data.
"""
def imp_cb(ea, name, ord):
"""
Import enumeration callback function. used by idaapi.enum_import_names .
"""
tmpImports.append([self.current_module_name, ea, name, ord])
return True
tmpImports = [
] # Contains static import table data (w\o real function addresses)
imp_num = idaapi.get_import_module_qty() # Number of imported modules
for i in xrange(0, imp_num):
self.current_module_name = idaapi.get_import_module_name(i).lower()
idaapi.enum_import_names(i, imp_cb)
# Get runtime function addresses and store in self.rt_import_table
if not idaapi.is_debugger_on():
raise RuntimeError("Debugger is not currently active.")
for module_name, ea, name, ord in tmpImports:
func_real_adrs = get_adrs_mem(ea)
self.rt_import_table[func_real_adrs] = (module_name, ea, name, ord)
def apply_byte_patch(self, patched_byte_ojb):
"""Applies a byte patch to current debugger memory."""
# check if debugger is even running
if not idaapi.is_debugger_on():
dap_warn("Cannot apply patch - debugger is not currently on!")
return 0
try:
# patched byte in debugger memory
if not self.old_ida:
result = idc.patch_dbg_byte(patched_byte_ojb.addr,
patched_byte_ojb.patched)
else:
result = idc.PatchDbgByte(patched_byte_ojb.addr,
patched_byte_ojb.patched)
if result > 0:
idaapi.invalidate_dbgmem_contents(patched_byte_ojb.addr,
1) # addr, size
return result
except Exception as e:
dap_err("Error encountered while applying byte patch to memory!",
str(e))
except:
dap_err(
"Unknown error encountered while applying byte patch to memory!"
)
return 0
def attach(self, arg):
try:
import idaapi
if idaapi.is_debugger_on():
print "Already in debug mode."
return
is_running = self.android_server is not None and self.android_server.poll(
) is None
if self.device is None or not is_running:
self._chooseDevice()
config = self.load_config()
av = utils.AttachView(
self.device.getPackageNames(),
config["packageName"] if config.has_key("packageName") else "")
ret = av.show(
config["idaDebugPort"] if config.has_key("idaDebugPort") else
23946, config["debug"] if config.has_key("debug") else False)
if not ret:
return
(packageName, idaDebugPort, debug) = ret
if idaDebugPort < 1024:
print "Attach %s failed with ida debug port: %s" % (
packageName, idaDebugPort)
return
self.save_config({
"packageName": packageName,
"idaDebugPort": idaDebugPort,
"debug": debug
})
if self.launchActivity is None or self.packageName != packageName:
self.launchActivity = self._chooseLaunchActivity(packageName)
self.packageName = packageName
if not self.launchActivity:
return
print "Request attach: %s with arg %s" % (packageName, arg)
if is_running:
self._attach(debug)
return
self._startAndroidServer(idaDebugPort)
self._attach(debug)
except BaseException, e:
if self.android_server and self.android_server.poll() is None:
self.android_server.terminate()
print 'Terminated android_server.'
self.android_server = None
print e
def main():
if not idaapi.is_debugger_on():
print("Please run the process first!")
return
if idaapi.get_process_state() != -1:
print("Please suspend the debugger first!")
return
dn = idaapi.get_debug_names(idaapi.cvar.inf.min_ea, idaapi.cvar.inf.max_ea)
for i in dn:
print("%08x: %s" % (i, dn[i]))
def run(self, arg=0):
try:
if "ELF" not in idaapi.get_file_type_name():
raise Exception("Executable must be ELF fomat")
if not idaapi.is_debugger_on() or not is_process_suspended():
raise Exception("The debugger must be active and suspended before using this plugin")
f = plugin_gui.HeapPluginForm()
f.Show()
except Exception as e:
idaapi.warning("[%s] %s" % (PLUGNAME, str(e)))
def run(self, arg=0):
try:
if "ELF" not in idaapi.get_file_type_name():
raise Exception("Executable must be ELF fomat")
if not idaapi.is_debugger_on() or not idaapi.dbg_can_query():
raise Exception("The debugger must be active and suspended before using this plugin")
f = HeapPluginForm()
f.Show()
except Exception as e:
idaapi.warning("[%s] %s" % (PLUGNAME, e.message))
def attach(self):
try:
logging.info("start to attach")
import idaapi
if idaapi.is_debugger_on():
logging.info("Already in debug mode.")
return
is_running = self.android_server and self.android_server.poll() is None
if self.device is None or not is_running:
self._chooseDevice()
config = self.load_config()
av = utils.AttachView(self.device.getPackageNames(),
config["packageName"] if "packageName" in config else "")
ret = av.show(config["idaDebugPort"] if "idaDebugPort" in config else 23946,
config["debug"] if "debug" in config else False,
config["app_64"] if "app_64" in config else False)
if not ret:
return
(packageName, idaDebugPort, debug ,app_64) = ret
if idaDebugPort < 1024:
logging.info("Attach %s failed with ida debug port: %s" % (packageName, idaDebugPort))
return
self.save_config({"packageName": packageName, "idaDebugPort": idaDebugPort, "debug": debug})
if self.launchActivity is None or self.packageName != packageName:
self.launchActivity = self._chooseLaunchActivity(packageName)
self.packageName = packageName
self.android_server_port = idaDebugPort
if not self.launchActivity:
return
logging.info("Request attach:%s"%packageName)
if is_running:
self._attach(debug)
return
self._startAndroidServer(app_64)
self._attach(debug)
except BaseException as e:
logging.exception(e)
if self.android_server and self.android_server.poll() is None:
self.android_server.terminate()
logging.info('Terminated android_server.')
self.android_server = None
def activate(self, ctx):
print("init array handler activate")
idainfo = idaapi.get_inf_structure()
if idainfo.filetype != idaapi.f_ELF:
print("\tidb isn't elf,skip")
return
if idaapi.is_debugger_on():
print("\tdebugger is on,prepare to bp by linker.")
dynamic_breakpoint(25)
else:
print(
"\tdebugger isn't on ,prepare to bp by search the elf program header"
)
# define DT_INIT_ARRAY 25
static_breakpoint(25)
def prepare_debug_ui(self):
if idaapi.is_debugger_on():
idaapi.warning("[%s] the debugger is currently running" % PLUGNAME)
return
wd = WaitDialog()
idaapi.msg("[%s] waiting...\n" % (PLUGNAME))
wd.thread.start()
wd.exec_()
target_pid = wd.get_target_pid()
if target_pid != -1:
ida_dbg.attach_process(target_pid,-1)
ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
ida_dbg.continue_process()
else:
idaapi.msg("[%s] exit waiting\n" % (PLUGNAME))
def main():
if not idaapi.is_debugger_on():
print "Please run the process first!"
return
filename = AskFile(0,'*','Choose file to load')
if filename:
address = AskAddr(GetRegValue('esp'), 'Memory address')
f = loader_input_t()
fsize = os.path.getsize(filename)
if f.open(filename):
buffer = f.read(fsize)
idaapi.dbg_write_memory(address, buffer)
refresh_debugger_memory()
f.close()
if AskYN(1,"Load file size in EAX? (Size: %d)" % (fsize)) == 1:
SetRegValue(fsize, 'EAX')
def patch_monitor_func(self):
"""Monitors patches and caches patch DB, since IDA has separate DBs for debugged processes and non-debugged
processes."""
# Don't collect patches if debugger is on
try:
if idaapi.is_debugger_on() or idaapi.is_debugger_busy():
return
if not self.patched_bytes_db_lock.acquire(False):
return
else:
try:
was_empty = False
if len(self.patched_bytes_db) < 1:
was_empty = True
patches = self.visit_patched_bytes()
self.patched_bytes_db = patches
if len(patches) > 0 and was_empty:
dap_msg("Byte patch buffer populated!")
finally:
self.patched_bytes_db_lock.release()
except:
pass
def isDebugMode(self):
return idaapi.is_debugger_on()
import sark
import idaapi
import idautils
anim = sark.structure.get_struct('AnimationFrame')
while idaapi.is_debugger_on():
dataseg = sark.Segment(name='dataseg').ea
anim_offset = idaapi.get_word(sark.Line(ea=dataseg + idautils.cpu.di + 2).ea)
anim_addr = dataseg + anim_offset
idaapi.doStruct(anim_addr, 6, anim)
idaapi.jumpto(sark.Segment(name='dataseg').ea + anim_offset)
idaapi.continue_process()
idaapi.wait_for_next_event(2, 10000)
def is_active(self):
return idaapi.is_debugger_on() and idaapi.dbg_can_query()
