def __init__(self):
self.nn_meta = idaapi.netnode("$ dex_meta")
self.nn_cmn = idaapi.netnode("$ dex_cmn")
packed = self.nn_meta.getblob(0, Dex.META_BASEADDRS)
self.baseaddrs = unpack_eavec(packed, 0)
self.nn_vars = []
self.nn_vars.append(idaapi.netnode("$ dex_var"))
for i in range(2, len(self.baseaddrs) + 1):
nn_var_name = "$ dex_var%d" % i
self.nn_vars.append(idaapi.netnode(nn_var_name))
def open_proj_creation_dialog(self):
"""Performs sanity checks and pops up a project creation dialog, if applicable."""
if self.core.client:
print("[continuum] A project is already opened.")
return
if not GetIdbPath():
print("[continuum] Please load an IDB related to the project first.")
return
# Check if auto-analysis is through prior allowing project creation here.
# This probably isn't intended to be done by plugins, but there there seems to be no
# official API to check for this that also works when auto-analysis has temporarily
# been disabled due to an UI action (specifically here: opening menus).
# I found this netnode by reversing IDA.
if not idaapi.exist(idaapi.netnode("$ Auto ready")):
print("[continuum] Please allow auto-analysis to finish first.")
return
dialog = ProjectCreationDialog(GetIdbDir())
chosen_action = dialog.exec_()
if chosen_action == QDialog.Accepted:
project = Project.create(dialog.project_path, dialog.file_patterns)
self.core.open_project(project)
def load_from_idb(self):
node = idaapi.netnode(0x41414141)
node.create(self.nodename)
result = node.getblob(0, "D")
if result:
self.items = pickle.loads(result)
return result
def _netnode(self):
node_name = "$ {org:s}.{application:s}.{plugin_name:s}".format(
org=IDA_SETTINGS_ORGANIZATION,
application=IDA_SETTINGS_APPLICATION,
plugin_name=self._plugin_name)
# namelen: 0, do_create: True
n = idaapi.netnode(node_name, 0, True)
return n
def set_fptrs(d):
nn = idaapi.netnode('$ mips')
for ea, target in d.iteritems():
nn.altset(ea, idc.LocByName(target) + 1)
idaapi.noUsed(ea)
return
def get_meta_netnode():
"""
Get the netnode used to store settings metadata in the current IDB.
Note that this implicitly uses the open IDB via the idc iterface.
"""
node_name = "$ {org:s}.{application:s}".format(
org=IDA_SETTINGS_ORGANIZATION,
application=IDA_SETTINGS_APPLICATION)
# namelen: 0, do_create: True
return idaapi.netnode(node_name, 0, True)
def init(self):
Print("tracer_plugin_t installed")
ExTraces = None
ExTraces = idaapi.netnode("$ ExTraces", 0, False) #Get the execution trace id
data = ExTraces.getblob(0, 'A')
if data is None:
print "This IDB has no TREE Trace. Turn ON TREE Tracer"
return idaapi.PLUGIN_OK
else:
print "This IDB has TREE Trace. Turn OFF TREE Trace"
return idaapi.PLUGIN_SKIP
def init(self):
self.icon_id = 0
ExTraces = None
ExTraces = idaapi.netnode("$ ExTraces", 0, False) #Get the execution trace id
data = ExTraces.getblob(0, 'A') #Get the execution trace data, use str(data) to convert to data to a str
if (data is None):
print "This IDB has no TREE trace. Turn OFF TREE Analyzer"
return idaapi.PLUGIN_SKIP
else:
print "This IDB has TREE trace in. Turn ON TREE Analyzer!"
return idaapi.PLUGIN_OK
def __init__(self):
self.vu = None
self.node = idaapi.netnode()
if not self.node.create(NETNODE_NAME):
# node exists
self.load()
else:
self.stored = []
return
def get_fptrs():
d = {}
nn = idaapi.netnode('$ mips')
for fn in idautils.Functions():
for ea in idautils.FuncItems(fn):
if not idc.isCode(idaapi.getFlags(ea)):
continue
target = nn.altval(ea) - 1
if target != -1:
d[ea] = idc.Name(target)
return d
def revokeAnalysis():
n = idaapi.netnode("$ initialAnalysis", 0, False)
if (n == idaapi.BADNODE): return
idx = n.alt1st()
while idx != idaapi.BADNODE:
colorize(idx, DEFCOLOR)
idx = n.altnxt(idx)
n.kill()
idaapi.refresh_idaview_anyway()
def get_string_by_index(node, idx, tag):
if idx is None:
return None
val = node.supval(idx, tag)
# check for long line
if len(val) == ctypes.sizeof(longname_director_t):
longname_director = get_struct(val, 0, longname_director_t)
if longname_director.zero == 0:
nn = idaapi.netnode(longname_director.node)
return nn.getblob(0, tag)[:-1]
if len(val) > 0:
return val[:-1]
return ""
def req_bps_set(self, hash):
blob = hash["msg"]
print ("[-] save .bpcmds")
node = idaapi.netnode(NETNODE_INDEX)
if not node:
print ("[-] failed to open netnode store")
self.notice_broker("cmd", '"cmd":" -> failed to save .bpcmds')
return
new = node.create(NETNODE_STORE)
if new == 0:
print (" -> creating new netnode store")
out = node.setblob(str(blob), 0, str(chr(1)))
self.notice_broker("cmd", '"cmd":" -> .bpcmds saved"')
return
def __init__(self, options):
# self.files is a dict() mapping {filename: tag}
self.num = options['netnode_num']
self.nnode = idaapi.netnode(self.num)
# check if we already have an existing files dict() defined
if self.nnode.getblob(0, "\x01"):
# if we do, set self.files to it
self.files = pickle.loads(self.nnode.getblob(0, "\x01"))
else:
# otherwise set it to a dict containing just the \x01 tag reserved
self.files = {"__internal__" : "\x01"}
self.nnode.setblob(pickle.dumps(self.files), 0, "\x01")
self.used = self.files.values()
return
def read_rsds_codeview():
guid = None
penode = idaapi.netnode()
penode.create(peutils_t.PE_NODE)
fpos = penode.altval(peutils_t.PE_ALT_DBG_FPOS)
if fpos == 0:
print "[*] No debug directory"
return guid
input_file = idc.GetInputFilePath()
if not os.path.exists(input_file):
print "[*] input file not available"
else:
with open(input_file, "r") as fd:
fd.seek(fpos)
raw = fd.read(0x1C)
"""
typedef struct _IMAGE_DEBUG_DIRECTORY {
DWORD Characteristics;
DWORD TimeDateStamp;
WORD MajorVersion;
WORD MinorVersion;
DWORD Type;
DWORD SizeOfData;
DWORD AddressOfRawData;
DWORD PointerToRawData;
} IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
"""
dbgdir = struct.unpack("LLHHLLLL", raw)
# 2, IMAGE_DEBUG_TYPE_CODEVIEW
if not (dbgdir[4] == 2):
print "[*] not CODEVIEW data"
else:
fd.seek(dbgdir[7])
if not (fd.read(4) == "RSDS"):
print "[*] unsupported CODEVIEW information format (%s)" % sig
else:
d1, d2, d3 = struct.unpack("LHH", fd.read(0x8))
d4 = struct.unpack(">H", fd.read(0x2))[0]
d5 = binascii.hexlify(fd.read(0x6)).upper()
guid = "%08X-%04X-%04X-%04X-%s" % (d1, d2, d3, d4, d5)
return guid
def req_bps_get(self, hash):
print ("[-] reload .bpcmds")
node = idaapi.netnode(NETNODE_INDEX)
if not node:
print ("[-] failed to open netnode store")
self.notice_broker("cmd", '"cmd":"no blob"')
return
node.create(NETNODE_STORE)
blob = node.getblob(0, str(chr(1)))
if not blob:
print (" -> no blob")
self.notice_broker("cmd", '"cmd":" -> reloading .bpcmds: no blob"')
return
self.notice_broker("cmd", '"cmd":"%s"' % blob)
return
def __init__(self,parent):
QtGui.QMainWindow.__init__(self)
print "[|] loading AnalyzerWidget"
self.parent = parent
self.name = "Taint Analysis"
path = os.path.join(self.parent.iconPath, "trace.png")
self.icon = QIcon(path)
#References to qt-specific modules
self.QtGui = QtGui
self.QtCore = QtCore
self.central_widget = self.QtGui.QWidget()
self.setCentralWidget(self.central_widget)
self._defineAnalyzeTypes()
self._definePropEnum()
self.t_graph = nx.MultiDiGraph()
self.in_taint_chain = []
self.ExTraces = idaapi.netnode("$ ExTraces", 0, False) #Get the execution trace id
self.trace_data = self.ExTraces.getblob(0, 'A') #Get the execution trace data, use str(data) to convert to data to a str
self._createGui()
def IsMazeDataInIDB():
logger = logging.getLogger(__name__)
logger.info("Checking for maze data in idb...")
store = idaapi.netnode(Config().idb_store, 0, True)
return not (store.getblob(0, 'N') is None)
def netnode(self, ident):
return idaapi.netnode(ident)
def __init__(self):
self.__penode = idaapi.netnode()
self.__penode.create(peutils_t.PE_NODE)
def setEaInfo(ea, info=""):
n = idaapi.netnode("$ initialAnalysis", 0, True)
n.set(info)
def queryIdbNetnode(key):
n = idaapi.netnode(NETNODE_NAME, len(NETNODE_NAME), True)
return n.hashval(key)
def setEaInfo(ea, info=""):
n = idaapi.netnode("$ initialAnalysis", 0, True)
n.set(info)
import idaapi
nn = idaapi.netnode("$ kernel")
sc = cpu.rax
cpu.rax = 0
#rather than building a big dict of handlers, this is
#a binary search based on system call #
if sc < 177:
if sc < 89:
if sc < 45:
if sc < 23:
if sc < 12:
if sc < 6:
if sc < 3:
if sc == 0: #read
pass
elif sc == 1: #write
pass
else: #2, open
msg("open(\"%s\", 0x%x, 0x%x)\n" % (idaapi.get_strlit_contents(cpu.rdi, -1, STRTYPE_C), cpu.rsi, cpu.rdx))
cpu.rax = 3
elif sc > 3:
if sc == 4: #stat
pass
else: #5, fstat
idaapi.patch_dword(cpu.rsi, 0x4000)
idaapi.patch_qword(cpu.rsi + 0x20, 0x1000)
else: #3, close
pass
elif sc > 6:
if sc < 9:
def load_file(li, netflags, format):
nsis = nsisfile.NSIS.from_path(idaapi.get_input_file_path())
# Create NSIS netnode.
nsis_netnode = idaapi.netnode("$ NSIS", 0, True)
nsis_netnode.hashset("VERSION_MAJOR", nsis.version_major)
nsis_netnode.hashset("VERSION_MINOR", nsis.version_minor)
# Create blocks segments.
for name, n, sclass in BLOCKS:
offset = nsis.header.blocks[n].offset
if offset == 0:
continue
content = nsis.block(n)
# Create block segment
seg = idaapi.segment_t()
seg.startEA = offset
seg.endEA = offset + len(content)
idaapi.add_segm_ex(seg, name, sclass, 0)
idaapi.mem2base(content, offset)
# Add one virtual segment to hold variables.
var_seg = idaapi.segment_t()
var_start = align(nsis.size())
var_seg.startEA = var_start
var_seg.endEA = var_start + 0x1000 # Size chosen arbitrarily, should be enough.
idaapi.add_segm_ex(var_seg, "VARS", "BSS", 0)
# Create standard vars.
for i, v in enumerate(nrs.strings.SYSVAR_NAMES.values()):
idaapi.do_name_anyway(var_seg.startEA + i + 20, "$" + v)
code_base = nsis.header.blocks[fileform.NB_ENTRIES].offset
# Create sections functions.
for i, section in enumerate(nsis.sections):
if section.code == PTR_NONE:
continue
name = nsis.get_string(section.name_ptr)
if not name:
name = "_section" + str(i)
ea = code_base + nrs.entry_to_offset(section.code)
cname = canonize_name(name)
AddEntryPoint(ea, ea, cname, 1)
# Mark pages handlers.
for i, page in enumerate(nsis.pages):
for fn in ["prefunc", "showfunc", "leavefunc"]:
addr = getattr(page, fn)
if addr != PTR_NONE:
name = "_page_{}_{}".format(i, fn)
ea = code_base + nrs.entry_to_offset(addr)
AddEntryPoint(ea, ea, name, 1)
# Mark installer handlers.
for event in [
"Init",
"InstSuccess",
"InstFailed",
"UserAbort",
"GUIInit",
"GUIEnd",
"MouseOverSection",
"VerifyInstDir",
"SelChange",
"RebootFailed",
]:
addr = getattr(nsis.header, "code_on" + event)
if addr != PTR_NONE:
name = "_on" + event
ea = code_base + nrs.entry_to_offset(addr)
AddEntryPoint(ea, ea, name, 1)
# Create strings.
"""
strings_data = nsis.block(fileform.NB_STRINGS)
strings_off = nsis.header.blocks[fileform.NB_STRINGS].offset
i = 0
while i < len(strings_data):
decoded_string, length = \
nrs.strings.decode(strings_data, i, nsis.version_major)
decoded_string = str(decoded_string)
string_name = canonize_name(decoded_string)
idaapi.make_ascii_string(strings_off + i, length, ASCSTR_C)
idaapi.set_cmt(strings_off + i, decoded_string, True)
idaapi.do_name_anyway(strings_off + i, string_name)
i += length
#"""
# Set processor to nsis script.
SetProcessorType("nsis", SETPROC_ALL | SETPROC_FATAL)
return 1
def __init__(self, netnode_name=OUR_NETNODE):
self._netnode_name = netnode_name
# self._n = idaapi.netnode(netnode_name, namelen=0, do_create=True)
self._n = idaapi.netnode(netnode_name, 0, True)
from client import Client
from config import config
from comments import comments, comments_extra, NoChange
ida_reserved_prefix = (
'sub_', 'locret_', 'loc_', 'off_', 'seg_', 'asc_', 'byte_', 'word_',
'dword_', 'qword_', 'byte3_', 'xmmword_', 'ymmword_', 'packreal_',
'flt_', 'dbl_', 'tbyte_', 'stru_', 'custdata_', 'algn_', 'unk_',
)
fhash = None
auto_wait = False
client = Client(**config)
netnode = idaapi.netnode()
NETNODE_NAME = '$ revsync-fhash'
hook1 = hook2 = hook3 = None
### Helper Functions
def cached_fhash():
return netnode.getblob(0, 'I').decode('ascii')
def read_fhash():
filename = idaapi.get_root_filename()
if filename is None:
return None
with open(filename, 'rb') as f:
return hashlib.sha256(f.read()).hexdigest().upper()
def save_to_idb(self):
node = idaapi.netnode(0x41414141)
node.create(self.nodename)
node.setblob(pickle.dumps(self.items), 0, "D")
def is_switch_insn(ea):
'''ea_t -> bool'''
IM_SWITCH = 3 # IDA doesn't export this to python; hope it doesn't change!
nn = idaapi.netnode('$ ignore micro')
return nn.charval(ea, 0) == IM_SWITCH
def __init__(self, cfunc):
idaapi.ctree_visitor_t.__init__(self, idaapi.CV_PARENTS)
self.cfunc = cfunc
self.node = idaapi.netnode()
self.clear_struct_xrefs()
self.xrefs = {}
def setIdbNetnode(key, value):
n = idaapi.netnode(NETNODE_NAME, len(NETNODE_NAME), True)
return n.hashset(key, value)
def kill(self):
self._n.kill()
self._n = idaapi.netnode(self._netnode_name, 0, True)
def __init__(self, name):
self.netn = idaapi.netnode(str(name), 0, True)
def __init__(self, name):
node = idaapi.netnode(name, 0, True)
def read_rsds_pdb():
penode = idaapi.netnode()
PE_SUPSTR_PDBNM = idautils.peutils_t.PE_ALT_DBG_FPOS - 8
penode.create(idautils.peutils_t.PE_NODE)
pdbname = penode.supstr(PE_SUPSTR_PDBNM, 'S')
return pdbname