def init(self):
global p_initialized
# register popup menu handlers
try:
Searcher.register(self, "Findcrypt")
except:
pass
if p_initialized is False:
p_initialized = True
idaapi.register_action(idaapi.action_desc_t(
"Findcrypt",
"Find crypto constants",
self.search,
None,
None,
0))
idaapi.attach_action_to_menu("Edit/Findcrypt", "Findcrypt", idaapi.SETMENU_APP)
print("=" * 80)
print("Findcrypt v{0} by David BERARD, 2017".format(VERSION))
print("Findcrypt search shortcut key is Ctrl-Alt-F")
print("Rules in %s" % YARARULES_CFGFILE)
print("=" * 80)
return idaapi.PLUGIN_KEEP
def init(self):
self.lines = set()
self.settings = IDASettings('HighlightCalls')
try:
self.set_color(self.settings['color'])
except KeyError:
self.settings.user['color'] = HIGHLIGHT_COLOR
self.set_color(HIGHLIGHT_COLOR)
self.ui_hooks = UiHooks(self.lines)
self.toggle_action_desc = idaapi.action_desc_t('HighlightCalls:Toggle',
'Toggle call highlighting',
ToggleHighlightHandler(self.enable_highlights,
self.disable_highlights),
'',
'Toggle call highlighting',
-1)
idaapi.register_action(self.toggle_action_desc)
self.color_selector = idaapi.action_desc_t('HighlightCalls:SelectColor',
'Select highlight color',
SelectColorHandler(set_color=self.set_color),
'',
'Select highlight color',
-1)
idaapi.register_action(self.color_selector)
idaapi.attach_action_to_menu('View/', self.toggle_action_desc.name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu('View/', self.color_selector.name, idaapi.SETMENU_APP)
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
leaf_desc = idaapi.action_desc_t(self.leaf_function_action_name,
self.leaf_function_name,
LeafFunctionAction(),
self.wanted_hotkey,
self.leaf_function_tooltip,
199)
format_string_desc = idaapi.action_desc_t(self.format_string_action_name,
self.format_string_name,
FormatStringFunctionAction(),
self.wanted_hotkey,
self.format_string_tooltip,
199)
idaapi.register_action(leaf_desc)
idaapi.register_action(format_string_desc)
idaapi.attach_action_to_menu(self.menu_tab, self.leaf_function_action_name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_tab, self.format_string_action_name, idaapi.SETMENU_APP)
else:
self.menu_context.append(idaapi.add_menu_item(self.menu_tab, self.leaf_function_name, "", 0, leaf_from_menu, (None,)))
self.menu_context.append(idaapi.add_menu_item(self.menu_tab, self.format_string_name, "", 0, format_from_menu, (None,)))
return idaapi.PLUGIN_KEEP
def init(self):
global p_initialized
# register popup menu handlers
try:
Fluorescence.register(self, "Un/highlight call instructions")
except:
pass
self.highlighted = False
if p_initialized is False:
p_initialized = True
idaapi.register_action(idaapi.action_desc_t(
"Fluorescence",
"Highlights function calls",
self.run,
None,
None,
0))
idaapi.attach_action_to_menu("Options/General...", "Fluorescence", idaapi.SETMENU_APP)
print("=" * 80)
print("Fluorescence v{0} by devttys0, 2017".format(VERSION))
print("=" * 80)
return idaapi.PLUGIN_KEEP
def init(self):
self.handler = SyncHandler()
action_desc = idaapi.action_desc_t(SYNC_ACTION_NAME, 'Ret-Sync', self.handler, '',
'Enable/Disable Debugger Sync', SYNC_OFF_ICON)
idaapi.register_action(action_desc)
idaapi.attach_action_to_toolbar('DebugToolBar', SYNC_ACTION_NAME)
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
fluorescence_desc = idaapi.action_desc_t(self.fluorescence_action_name,
self.menu_name,
FluorescenceActionHandler(),
self.wanted_hotkey,
'Highlights function calls.',
199)
idaapi.register_action(fluorescence_desc)
idaapi.attach_action_to_menu(self.menu_tab, self.fluorescence_action_name, idaapi.SETMENU_APP)
else:
self.context_menu = idaapi.add_menu_item(self.menu_tab, self.menu_name, "", 0, self.highlight, (None,))
return idaapi.PLUGIN_KEEP
def show_win():
x = mycv_t()
if not x.Create():
print "Failed to create!"
return None
x.Show()
tcc = x.GetTCustomControl()
# Register actions
for thing in ["Hello", "World"]:
actname = "custview:say_%s" % thing
idaapi.register_action(idaapi.action_desc_t(actname, "Say %s" % thing, say_something_handler_t(thing)))
idaapi.attach_action_to_popup(tcc, None, actname)
return x
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
# 199 is a default icon.
action_desc = idaapi.action_desc_t(self.action_name,
self.menu_name,
MipsRopHandler(),
self.wanted_hotkey,
self.wanted_tooltip,
199)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(self.root_tab, self.action_name, idaapi.SETMENU_APP)
else:
self.menu_context = idaapi.add_menu_item("Search/", self.menu_name, "", 0, self.run, (None,))
return idaapi.PLUGIN_KEEP
def register(cls):
"""Register the action.
Each action MUST be registered before it can be used. To remove the action
use the `unregister` method.
"""
action_desc = cls.get_desc()
return idaapi.register_action(action_desc)
def register(self, plugin, label):
self.plugin = plugin
self.label = label
instance = self()
return idaapi.register_action(idaapi.action_desc_t(
self.get_name(), # Name. Acts as an ID. Must be unique.
instance.get_label(), # Label. That's what users see.
instance # Handler. Called when activated, and for updating
))
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
action_desc = idaapi.action_desc_t(self.action_name,
self.menu_name,
MipsSavedRegistersAction(),
self.wanted_hotkey,
self.wanted_tooltip,
199)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(self.menu_tab, self.action_name, idaapi.SETMENU_APP)
else:
self.menu_context = idaapi.add_menu_item(self.menu_tab,
self.menu_name,
"",
0,
name_saved_registers,
(None,))
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION <= 695:
self.menu_context_1 = idaapi.add_menu_item(
"Search/", "binwalk opcodes", "", 0, self.opcode_scan, (None,))
self.menu_context_2 = idaapi.add_menu_item(
"Search/", "binwalk signatures", "", 0, self.signature_scan, (None,))
if idaapi.IDA_SDK_VERSION >= 700:
# populate action menus
action_desc = idaapi.action_desc_t(
'my:opaction', # action name. This acts like an ID and must be unique
'Binwalk opcodes', # text for this action
OpHandler(), # the action handler
'', # optional shortcut key
'Binwalk opcodes', # optional action tooltip for menus/toolbar
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Search/',
'my:opaction',
idaapi.SETMENU_APP)
# populate action menus
action_desc = idaapi.action_desc_t(
'my:sigaction',
'Binwalk signatures',
SigHandler(),
'',
'Binwalk signatures',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Search/',
'my:sigaction',
idaapi.SETMENU_APP)
else:
pass
return idaapi.PLUGIN_KEEP
def init(self):
self._last_enum = ""
self.rename_action_desc = idaapi.action_desc_t('AutoEnum:RenameImmediate',
'Rename immediate value',
RenameImmediateHandler(),
'Ctrl+Shift+M',
'Rename immediate value',
-1)
idaapi.register_action(self.rename_action_desc)
self.autoenum_action_desc = idaapi.action_desc_t('AutoEnum:AutoEnum',
'Automatically create enum',
AutoEnumHandler(),
'Shift+M',
'Automatically create enum',
-1)
idaapi.register_action(self.autoenum_action_desc)
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
produce_desc = idaapi.action_desc_t(self.produce_action_name,
self.menu_name,
ProduceRizzoAction(),
self.wanted_hotkey,
self.produce_tooltip,
199)
load_desc = idaapi.action_desc_t(self.load_action_name,
self.menu_name,
LoadRizzoAction(),
self.wanted_hotkey,
self.load_tooltip,
199)
idaapi.register_action(produce_desc)
idaapi.register_action(load_desc)
idaapi.attach_action_to_menu(os.path.join(self.menu_tab, 'Produce file/'),
self.produce_action_name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(os.path.join(self.menu_tab, 'Load file/'),
self.load_action_name,
idaapi.SETMENU_APP)
else:
self.menu_context.append(
idaapi.add_menu_item(os.path.join(self.menu_tab, 'Load file/'),
"Rizzo signature file...",
"",
0,
rizzo_load,
(None,)))
self.menu_context.append(
idaapi.add_menu_item(os.path.join(self.menu_tab, 'Produce file/'),
"Rizzo signature file...",
"",
0,
rizzo_produce,
(None,)))
return idaapi.PLUGIN_KEEP
def _add_menus(self):
ret = []
if idaapi.IDA_SDK_VERSION <= 695:
menu_path = MENU_PATH if idaapi.IDA_SDK_VERSION > 660 else ALTERNATIVE_MENU_PATH
ret.append(self._add_menu(menu_path, 'Stop IdaRef', '', 1, self.stop, tuple()))
ret.append(self._add_menu(menu_path, 'Start IdaRef', '', 1, self.start, tuple()))
if idaapi.IDA_SDK_VERSION >= 700:
action_desc = idaapi.action_desc_t(
'idaref:stop', # The action name. Must be unique
'Stop Idaref', # Action Text
StopHandler(), # Action handler
'', # Optional shortcut
'Stop Idaref' # Action tooltip
)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
MENU_PATH,
'idaref:stop',
idaapi.SETMENU_APP
)
action_desc = idaapi.action_desc_t(
'idaref:start', # The action name. Must be unique
'Start Idaref', # Action Text
StartHandler(), # Action handler
'', # Optional shortcut
'Start Idaref' # Action tooltip
)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
MENU_PATH,
'idaref:start',
idaapi.SETMENU_APP
)
if False in ret:
return idaapi.PLUGIN_SKIP
else:
return idaapi.PLUGIN_KEEP
def ui_init(self):
"""Initializes the plugins interface extensions."""
# Register menu entry.
# @HR: I really preferred the pre-6.5 mechanic.
zelf = self
class MenuEntry(idaapi.action_handler_t):
def activate(self, ctx):
zelf.open_proj_creation_dialog()
return 1
def update(self, ctx):
return idaapi.AST_ENABLE_ALWAYS
action = idaapi.action_desc_t(
'continuum_new_project',
"New continuum project...",
MenuEntry(),
)
idaapi.register_action(action)
idaapi.attach_action_to_menu("File/Open...", 'continuum_new_project', 0)
# Alright, is an IDB loaded? Pretend IDB open event as we miss the callback
# when it was loaded before our plugin was staged.
if GetIdbPath():
self.core.handle_open_idb(None, None)
# Register hotkeys.
idaapi.add_hotkey('Shift+F', self.core.follow_extern)
# Sign up for events.
self.core.project_opened.connect(self.create_proj_explorer)
self.core.project_closing.connect(self.close_proj_explorer)
self.core.client_created.connect(self.subscribe_client_events)
# Project / client already open? Fake events.
if self.core.project:
self.create_proj_explorer(self.core.project)
if self.core.client:
self.subscribe_client_events(self.core.client)
def registerAction(self):
action_desc = idaapi.action_desc_t(
self.id,
self.name,
self,
"",
self.tooltip,
self.icon
)
if not idaapi.register_action(action_desc):
return False
if not idaapi.attach_action_to_menu(self.menuPath, self.id, 0):
return False
if not idaapi.attach_action_to_toolbar("AnalysisToolBar", self.id):
return False
return True
def registerAction(self, addToToolBar = True):
action_desc = idaapi.action_desc_t(
self.id, # The action id
self.name, # The action text.
self, # The action handler.
self.shortcut, # Optional: the action shortcut
self.tooltip, # Optional: the action tooltip (available in menus/toolbar)
self.icon) # Optional: the action icon (shows when in menus/toolbars)
if not idaapi.register_action(action_desc):
return False
if not idaapi.attach_action_to_menu(self.menuPath, self.id, 0):
return False
if addToToolBar:
if not idaapi.attach_action_to_toolbar("SearchToolBar", self.id):
return False
return True
def _init_action_clear(self):
"""
Register the clear prefix action with IDA.
"""
# load the icon for this action
self._clear_icon_id = idaapi.load_custom_icon(plugin_resource("clear.png"))
# describe the action
action_desc = idaapi.action_desc_t(
self.ACTION_CLEAR, # The action name.
"Clear prefixes", # The action text.
IDACtxEntry(clear_prefix), # The action handler.
None, # Optional: action shortcut
"Clear user prefixes from the selected functions", # Optional: tooltip
self._clear_icon_id # Optional: the action icon
)
# register the action with IDA
assert idaapi.register_action(action_desc), "Action registration failed"
def _init_action_bulk(self):
"""
Register the bulk prefix action with IDA.
"""
# load the icon for this action
self._bulk_icon_id = idaapi.load_custom_icon(plugin_resource("bulk.png"))
# describe the action
action_desc = idaapi.action_desc_t(
self.ACTION_BULK, # The action name.
"Prefix selected functions", # The action text.
IDACtxEntry(bulk_prefix), # The action handler.
None, # Optional: action shortcut
"Assign a user prefix to the selected functions", # Optional: tooltip
self._bulk_icon_id # Optional: the action icon
)
# register the action with IDA
assert idaapi.register_action(action_desc), "Action registration failed"
def _init_action_recursive(self):
"""
Register the recursive rename action with IDA.
"""
# load the icon for this action
self._recursive_icon_id = idaapi.load_custom_icon(plugin_resource("recursive.png"))
# describe the action
action_desc = idaapi.action_desc_t(
self.ACTION_RECURSIVE, # The action name.
"Recursive function prefix", # The action text.
IDACtxEntry(recursive_prefix_cursor), # The action handler.
None, # Optional: action shortcut
"Recursively prefix callees of this function", # Optional: tooltip
self._recursive_icon_id # Optional: the action icon
)
# register the action with IDA
assert idaapi.register_action(action_desc), "Action registration failed"
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
# Add ALLEYCAT_LIMIT variable to the global namespace so it can be accessed from the IDA python terminal.
global ALLEYCAT_LIMIT
add_to_namespace('__main__', 'alleycat', 'ALLEYCAT_LIMIT', ALLEYCAT_LIMIT)
# Add functions to global namespace.
add_to_namespace('__main__', 'alleycat', 'AlleyCatFunctionPaths', AlleyCatFunctionPaths)
add_to_namespace('__main__', 'alleycat', 'AlleyCatCodePaths', AlleyCatCodePaths)
add_to_namespace('__main__', 'alleycat', 'AlleyCatGraph', AlleyCatGraph)
to_curr_from_desc = idaapi.action_desc_t(self.to_from_action_name,
self.to_from_menu_name,
ToCurrentFromAction(),
self.wanted_hotkey,
'Find paths to the current function from...',
199)
from_curr_to_desc = idaapi.action_desc_t(self.from_to_action_name,
self.from_to_menu_name,
FromCurrentToAction(),
self.wanted_hotkey,
'Find paths from the current function to...',
199)
curr_func_to_block_desc = idaapi.action_desc_t(self.curr_func_curr_block_action_name,
self.curr_func_curr_block_menu_name,
InCurrentFunctionToCurrentCodeBlockAction(),
self.wanted_hotkey,
'Find paths in the current function to the current code block',
199)
idaapi.register_action(to_curr_from_desc)
idaapi.register_action(from_curr_to_desc)
idaapi.register_action(curr_func_to_block_desc)
idaapi.attach_action_to_menu(self.menu_name, self.to_from_action_name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_name, self.from_to_action_name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_name, self.curr_func_curr_block_action_name, idaapi.SETMENU_APP)
else:
self.menu_context.append(idaapi.add_menu_item(self.menu_name, self.to_from_menu_name, "", 0, find_paths_from_many, (None,)))
self.menu_context.append(idaapi.add_menu_item(self.menu_name, self.from_to_menu_name, "", 0, find_paths_to_many, (None,)))
self.menu_context.append(idaapi.add_menu_item(self.menu_name, self.curr_func_curr_block_menu_name, "", 0, find_paths_to_code_block, (None,)))
return idaapi.PLUGIN_KEEP
def OnCreate(self, form):
rs_debug("form create")
# get parent widget
parent = self.FormToPyQtWidget(form)
# create global sync checkbox
self.cb_sync = QtWidgets.QCheckBox('Synchronization enable')
self.cb_sync.move(20, 20)
self.cb_sync.stateChanged.connect(self.cb_change_state)
# create hexrays sync checkbox
self.cb_hexrays = QtWidgets.QCheckBox(
'Hex-Rays Synchronization enable')
self.cb_hexrays.move(20, 20)
self.cb_hexrays.stateChanged.connect(self.cb_hexrays_sync_state)
# create label
label = QtWidgets.QLabel('Overwrite idb name:')
name = self.handle_name_aliasing()
# create input field
self.input = QtWidgets.QLineEdit(parent)
self.input.setText(name)
self.input.setMaxLength = 256
self.input.setFixedWidth(300)
# create restart button
self.btn = QtWidgets.QPushButton('restart', parent)
self.btn.setToolTip('Restart broker.')
self.btn.clicked.connect(self.cb_btn_restart)
# create layout
layout = QtWidgets.QGridLayout()
layout.addWidget(self.cb_sync)
layout.addWidget(self.cb_hexrays)
layout.addWidget(label)
layout.addWidget(self.input)
layout.addWidget(self.btn, 2, 2)
layout.setColumnStretch(4, 1)
layout.setRowStretch(4, 1)
parent.setLayout(layout)
self.parser = argparse.ArgumentParser()
self.parser.add_argument('-a', '--address', nargs=1, action='store')
self.parser.add_argument('msg', nargs=argparse.REMAINDER)
# synchronization is enabled by default
self.cb_sync.toggle()
# register action for hexrays sync
action_hex_sync_desc = idaapi.action_desc_t(
'hexrays_sync_toogle:action', 'Toggle Hex-Rays syncing',
CheckBoxActionHandler(self.cb_hexrays), 'Ctrl+H',
'Toggle Hex-Rays syncing', 198)
idaapi.register_action(action_hex_sync_desc)
idaapi.attach_action_to_toolbar("DebugToolBar",
'hexrays_sync_toogle:action')
# register action for global sync
action_g_sync_desc = idaapi.action_desc_t(
'g_sync_toogle:action', 'Toggle syncing',
CheckBoxActionHandler(self.cb_sync), 'Ctrl+Shift+S',
'Toggle syncing', 203)
idaapi.register_action(action_g_sync_desc)
idaapi.attach_action_to_toolbar("DebugToolBar", 'g_sync_toogle:action')
b"\xE8\x1A\xFF\xE4\x63\x8A\x0E\xE6\x02\x41\xF8\x3F\x18\x82\x40\x28\x04\xFD\xDD\x75\xF0\xB6\xFF\x2E\x75\x9A\x89\x27\x9D\xFB\xC8\x4F\x39\xBE\xE0\xB4\xAB\xCE\x35\xFE\x71\x00\x16\x17",
b"\x25\x76\x50\x26\x76\x6B\x61\x86\x08\xE4\x1D\xAF\x81\xBC\x13\x97\xA9\xD3\x4C\x3C\xE9\xDC\x47\x7E\xCA\xF1\x05\x0C\x5F\x7D\xFE\xEF\x35\x03\xAF\x9F\x00\xB0\x73\x30\x9A\xE2\x81\x0E",
b"\xF6\xC1\xED\x52\xB8\x77\xAB\x98\x3A\xCD\xC4\x73\x9D\x7C\x6F\xDE\xF9\xCF\x53\x0E\xFE\xA9\xCD\xAE\xB3\x87\xCE\x75\x35\x54\xE1\xD0\xCB\x47\x38\x39\x36\x88\xFF\x4D\xF8\x57\x41\x33",
b"\xF1\xA4\x93\x0F\x00\x36\xAD\x3E\x4C\x6B\xC5\xC9\x5D\x77\x6A\x2F\xB4\x31\xA3\xC4\x40\x4F\x21\x0F\xD1\x4C\x3C\xE9\x2B\xE1\xF5\x0B\xD6\x90\xC8\x90\x4C\xE6\x35\xD0\xCC\x79\x5E\xFF",
b"\x2E\xF8\x0B\x2F\x3D\xE5\xC3\x97\x06\xCF\xCF\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82"
])
act_icon = idaapi.load_custom_icon(data=icon_data, format="png")
hooks = None
act_name = "example:add_action"
if idaapi.register_action(
idaapi.action_desc_t(
act_name, # Name. Acts as an ID. Must be unique.
"Say hi!", # Label. That's what users see.
SayHi("developer"
), # Handler. Called when activated, and for updating
"Ctrl+F12", # Shortcut (optional)
"Greets the user", # Tooltip (optional)
act_icon)): # Icon ID (optional)
print("Action registered. Attaching to menu.")
# Insert the action in the menu
if idaapi.attach_action_to_menu("Edit/Export data", act_name,
idaapi.SETMENU_APP):
print("Attached to menu.")
else:
print("Failed attaching to menu.")
# Insert the action in a toolbar
if idaapi.attach_action_to_toolbar("AnalysisToolBar", act_name):
def register(action, *args):
idaapi.register_action(
idaapi.action_desc_t(action.name, action.description, action(*args),
action.hotkey))
def init(self):
self.hexrays_inited = False
self.registered_actions = []
self.registered_hx_actions = []
global ARCH
global BITS
ARCH = idaapi.ph_get_id()
info = idaapi.get_inf_structure()
if info.is_64bit():
BITS = 64
elif info.is_32bit():
BITS = 32
else:
BITS = 16
print "LazyIDA (v1.0.0.3) plugin has been loaded."
# Register menu actions
menu_actions = (
idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80),
idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8),
idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201),
idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9),
idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9),
idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160),
)
for action in menu_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Register hotkey actions
hotkey_actions = (
idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0),
)
for action in hotkey_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Add ui hook
self.ui_hook = UI_Hook()
self.ui_hook.hook()
# Add hexrays ui callback
if idaapi.init_hexrays_plugin():
addon = idaapi.addon_info_t()
addon.id = "tw.l4ys.lazyida"
addon.name = "LazyIDA"
addon.producer = "Lays"
addon.url = "https://github.com/L4ys/LazyIDA"
addon.version = "1.0.0.3"
idaapi.register_addon(addon)
hx_actions = (
idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"),
idaapi.action_desc_t(ACTION_HX_COPYEA, "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"),
idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"),
)
for action in hx_actions:
idaapi.register_action(action)
self.registered_hx_actions.append(action.name)
self.hx_hook = HexRays_Hook()
idaapi.install_hexrays_callback(self.hx_hook.callback)
self.hexrays_inited = True
return idaapi.PLUGIN_KEEP
def initialize(self):
for action in self.__actions:
idaapi.register_action(
idaapi.action_desc_t(action.name, action.description, action,
action.hotkey))
"\x18\x90\x22\x0A\x98\x8C\x46\xF0\x54\x14\x42\x6D\x7D\x3B\xE4\x1C\x75\x41\xAD\xB7\x1D\x3C\x55\x85\x60\x32\x19\x41\x8A\x2A\xDC\x57\x5C\x74\x12\x28\x47\xA5\x8E\x44\xE4\xF0\x76\x5B",
"\x82\xA6\xCD\x5B\x0D\xB2\x12\xE6\xE4\x06\xB5\x1A\x66\xA7\x26\x41\x92\xC2\xA0\xD5\x6A\x60\x67\x92\x19\xAE\x7B\xCE\x70\x4D\x15\xAB\x01\xAD\xC1\x08\x3F\x46\x64\x6E\x8E\x9D\xF9\x13",
"\xE8\x1A\xFF\xE4\x63\x8A\x0E\xE6\x02\x41\xF8\x3F\x18\x82\x40\x28\x04\xFD\xDD\x75\xF0\xB6\xFF\x2E\x75\x9A\x89\x27\x9D\xFB\xC8\x4F\x39\xBE\xE0\xB4\xAB\xCE\x35\xFE\x71\x00\x16\x17",
"\x25\x76\x50\x26\x76\x6B\x61\x86\x08\xE4\x1D\xAF\x81\xBC\x13\x97\xA9\xD3\x4C\x3C\xE9\xDC\x47\x7E\xCA\xF1\x05\x0C\x5F\x7D\xFE\xEF\x35\x03\xAF\x9F\x00\xB0\x73\x30\x9A\xE2\x81\x0E",
"\xF6\xC1\xED\x52\xB8\x77\xAB\x98\x3A\xCD\xC4\x73\x9D\x7C\x6F\xDE\xF9\xCF\x53\x0E\xFE\xA9\xCD\xAE\xB3\x87\xCE\x75\x35\x54\xE1\xD0\xCB\x47\x38\x39\x36\x88\xFF\x4D\xF8\x57\x41\x33",
"\xF1\xA4\x93\x0F\x00\x36\xAD\x3E\x4C\x6B\xC5\xC9\x5D\x77\x6A\x2F\xB4\x31\xA3\xC4\x40\x4F\x21\x0F\xD1\x4C\x3C\xE9\x2B\xE1\xF5\x0B\xD6\x90\xC8\x90\x4C\xE6\x35\xD0\xCC\x79\x5E\xFF",
"\x2E\xF8\x0B\x2F\x3D\xE5\xC3\x97\x06\xCF\xCF\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82"])
act_icon = idaapi.load_custom_icon(data=icon_data, format="png")
hooks = None
act_name = "example:add_action"
if idaapi.register_action(idaapi.action_desc_t(
act_name, # Name. Acts as an ID. Must be unique.
"Say hi!", # Label. That's what users see.
SayHi("developer"), # Handler. Called when activated, and for updating
"Ctrl+F12", # Shortcut (optional)
"Greets the user", # Tooltip (optional)
act_icon)): # Icon ID (optional)
print("Action registered. Attaching to menu.")
# Insert the action in the menu
if idaapi.attach_action_to_menu("Edit/Export data", act_name, idaapi.SETMENU_APP):
print("Attached to menu.")
else:
print("Failed attaching to menu.")
# Insert the action in a toolbar
if idaapi.attach_action_to_toolbar("AnalysisToolBar", act_name):
print("Attached to toolbar.")
else:
def init(self):
global initialized
if initialized == False:
initialized = True
if idaapi.IDA_SDK_VERSION <= 695 and idaapi.IDA_SDK_VERSION >= 680:
menu = idaapi.add_menu_item("Edit/x64dbgida/", "About", "", 0,
self.about, None)
idaapi.add_menu_item("Edit/x64dbgida/", "Export database", "",
0, self.exportdb, None)
idaapi.add_menu_item("Edit/x64dbgida/",
"Import (uncompressed) database", "", 0,
self.importdb, None)
elif idaapi.IDA_SDK_VERSION < 680:
idaapi.add_menu_item("File/Produce file/",
"Export x64dbg database", "", 0,
self.exportdb, None)
idaapi.add_menu_item("File/Load file/",
"Import x64dbg database", "", 0,
self.importdb, None)
if idaapi.IDA_SDK_VERSION >= 700:
#populating action menus
action_desc = idaapi.action_desc_t(
'my:aboutaction', # The action name. This acts like an ID and must be unique
'About!', # The action text.
AboutHandler(), # The action handler.
'', # Optional: the action shortcut
'About X64dbg ida', # Optional: the action tooltip (available in menus/toolbar)
) # Optional: the action icon (shows when in menus/toolbars) use numbers 1-255
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu('Edit/x64dbgida/',
'my:aboutaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:eksportaction',
'Export x64dbg database',
EksportHandler(),
'',
'Export x64dbg database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu('Edit/x64dbgida/',
'my:eksportaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:importaction',
'Import (uncompressed) database',
ImportHandler(),
'',
'Import (uncompressed) database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu('Edit/x64dbgida/',
'my:importaction',
idaapi.SETMENU_APP)
else:
pass
return idaapi.PLUGIN_KEEP
def populate_form(self):
'''
Populate form contents
'''
# Main layout
# ---------------------
main_layout = QtWidgets.QVBoxLayout()
self.parent.setLayout(main_layout)
# Choose file group box
# ---------------------
choose_file_groupbox = QtWidgets.QGroupBox(
"Choose file to load (interproc or apitracer binary file)")
choose_file_groupbox_layout = QtWidgets.QHBoxLayout()
choose_file_groupbox.setLayout(choose_file_groupbox_layout)
main_layout.addWidget(choose_file_groupbox)
# Line edit
self.choose_file_lineedit = QtWidgets.QLineEdit("")
self.choose_file_lineedit.setReadOnly(True)
# Select button
btn_selectfile = QtWidgets.QPushButton('Select', self.parent)
width = btn_selectfile.fontMetrics().boundingRect(
'Select').width() + 30
btn_selectfile.setMaximumWidth(width)
btn_selectfile.clicked.connect(self.show_file_dialog)
# Load functions button
self.btn_loadfile = QtWidgets.QPushButton(
'Load functions', self.parent)
width = self.btn_loadfile.fontMetrics().boundingRect(
'Load functions').width() + 30
self.btn_loadfile.setMaximumWidth(width)
self.btn_loadfile.setEnabled(False)
self.btn_loadfile.clicked.connect(self.load_file)
choose_file_groupbox_layout.addWidget(self.choose_file_lineedit)
choose_file_groupbox_layout.addWidget(btn_selectfile)
choose_file_groupbox_layout.addWidget(self.btn_loadfile)
# Choose PID groupbox
# ---------------------
choose_pid_groupbox = QtWidgets.QGroupBox("Choose PID to visualize")
choose_pid_groupbox_layout = QtWidgets.QHBoxLayout()
choose_pid_groupbox.setLayout(choose_pid_groupbox_layout)
main_layout.addWidget(choose_pid_groupbox)
# Combobox
self.combo_pids = QtWidgets.QComboBox()
self.combo_pids.setEditable(False)
self.combo_pids.currentIndexChanged[
'QString'].connect(self.combo_pids_changed)
choose_pid_groupbox_layout.addWidget(self.combo_pids)
# Apply button
btn_apply = QtWidgets.QPushButton('Apply', self.parent)
width = btn_apply.fontMetrics().boundingRect('Apply').width() + 30
btn_apply.setMaximumWidth(width)
btn_apply.clicked.connect(self.apply_functions)
choose_pid_groupbox_layout.addWidget(btn_apply)
# Apply and rename button
btn_apply_rename = QtWidgets.QPushButton(
'Apply and rename', self.parent)
width = btn_apply.fontMetrics().boundingRect(
'Apply and rename').width() + 30
btn_apply_rename.setMaximumWidth(width)
btn_apply_rename.clicked.connect(
functools.partial(self.apply_functions, rename=True))
choose_pid_groupbox_layout.addWidget(btn_apply_rename)
# Filters groupbox
# ---------------------
filter_groupbox = QtWidgets.QGroupBox("Filter functions")
filter_groupbox_layout = QtWidgets.QGridLayout()
filter_groupbox_layout.setSpacing(10)
filter_groupbox.setLayout(filter_groupbox_layout)
main_layout.addWidget(filter_groupbox)
# Filter 1 - Function name
filter1_label = QtWidgets.QLabel()
filter1_label.setText("Function name")
filter_groupbox_layout.addWidget(filter1_label, 1, 0)
self.filter_fname_lineedit = QtWidgets.QLineEdit("")
self.filter_fname_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_fname_lineedit, 1, 1)
self.filter_fname_lineedit.textEdited.connect(self.filter_edited)
# Filter 2 - Dll name
filter2_label = QtWidgets.QLabel()
filter2_label.setText("DLL name")
filter_groupbox_layout.addWidget(filter2_label, 2, 0)
self.filter_dll_lineedit = QtWidgets.QLineEdit("")
self.filter_dll_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_dll_lineedit, 2, 1)
self.filter_dll_lineedit.textEdited.connect(self.filter_edited)
# Filter 3 - Caller
filter3_label = QtWidgets.QLabel()
filter3_label.setText("Caller")
filter_groupbox_layout.addWidget(filter3_label, 3, 0)
self.filter_caller_lineedit = QtWidgets.QLineEdit("")
self.filter_caller_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_caller_lineedit, 3, 1)
self.filter_caller_lineedit.textEdited.connect(self.filter_edited)
# Filter 4 - Return
filter4_label = QtWidgets.QLabel()
filter4_label.setText("Return")
filter_groupbox_layout.addWidget(filter4_label, 4, 0)
self.filter_return_lineedit = QtWidgets.QLineEdit("")
self.filter_return_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_return_lineedit, 4, 1)
self.filter_return_lineedit.textEdited.connect(self.filter_edited)
# QTreeView
# ----------------------
self.treeview = QtWidgets.QTreeView()
main_layout.addWidget(self.treeview)
self.treemodel = QtGui.QStandardItemModel()
self.treemodel.setHorizontalHeaderLabels(
["Function", "Dll", "Caller", "Return"])
self.treeview.setModel(self.treemodel)
# Keyboard shortcut, and action handler
# -------------------------------------
handler = MyActionHandler(self.show_func_dialog)
self.menu_action = idaapi.action_desc_t('pyrebox:show_funcs',
'Show function arguments',
handler,
'Ctrl+Alt+S',
'Show function arguments',
0)
idaapi.register_action(self.menu_action)
# Regular menu entry
# -------------------------------------
# The relative path of where to add the action
idaapi.attach_action_to_menu('Edit/Other/Show function arguments...',
'pyrebox:show_funcs',
# The action ID (see above)
idaapi.SETMENU_APP)
_idangr_panel.add_mem(m[0], m[1])
#_idangr_ctx.simmem.append(m)
def update(self, ctx):
return idaapi.AST_ENABLE_ALWAYS
class IDAngrHooks(idaapi.UI_Hooks):
@staticmethod
def finish_populating_tform_popup(form, popup):
idaapi.attach_action_to_popup(form, popup, "Find", "IDAngr/")
idaapi.attach_action_to_popup(form, popup, "Avoid", "IDAngr/")
idaapi.attach_action_to_popup(form, popup, "Symbolic", "IDAngr/")
idaapi.register_action(
idaapi.action_desc_t('Find', 'Find', IDAngrActionHandler("Find")))
idaapi.register_action(
idaapi.action_desc_t('Avoid', 'Avoid', IDAngrActionHandler("Avoid")))
idaapi.register_action(
idaapi.action_desc_t('Symbolic', 'Symbolic',
IDAngrActionHandler("Symbolic")))
_idangr_hooks = IDAngrHooks()
_idangr_hooks.hook()
try:
_idangr_panel
except:
_idangr_panel = IDAngrPanelForm()
# if the function itself is selected, show xrefs to it.
self.sel = item.f
return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
class hexrays_callback_info(object):
def __init__(self):
return
def event_callback(self, event, *args):
try:
if event == idaapi.hxe_populating_popup:
form, phandle, vu = args
idaapi.attach_action_to_popup(form, phandle, "vdsxrefs:show", None)
except:
traceback.print_exc()
return 0
if idaapi.init_hexrays_plugin():
adesc = idaapi.action_desc_t('vdsxrefs:show', 'Show xrefs', show_xrefs_ah_t(), "Ctrl+X")
if idaapi.register_action(adesc):
i = hexrays_callback_info()
idaapi.install_hexrays_callback(i.event_callback)
else:
print "Couldn't register action."
else:
print 'hexrays is not available.'
# -----------------------------------------------------------------------
def test_choose2_embedded():
global c
c = MyChoose2("Choose2 - embedded", nb=12, embedded = True, width=123, height=222)
r = c.Embedded()
if r == 1:
try:
if test_embedded:
o, sel = _idaapi.choose2_get_embedded(c)
print("o=%s, type(o)=%s" % (str(o), type(o)))
test_embedded(o)
finally:
c.Close()
# -----------------------------------------------------------------------
if __name__ == '__main__':
# Register actions
for thing in ["A", "B"]:
actname = "choose2:act%s" % thing
idaapi.register_action(
idaapi.action_desc_t(
actname,
"command %s" % thing,
chooser_handler_t(thing)))
#test_choose2_embedded()
test_choose2(False)
#</pycode(py_choose2ex1)>
visitor(self, cfunc).apply_to(cfunc.body, None)
return
def event_callback(self, event, *args):
if event == idaapi.hxe_populating_popup:
form, phandle, vu = args
res = idaapi.attach_action_to_popup(vu.ct, None, inverter_actname)
elif event == idaapi.hxe_maturity:
cfunc, maturity = args
if maturity == idaapi.CMAT_FINAL:
self.restore(cfunc)
return 0
if idaapi.init_hexrays_plugin():
i = hexrays_callback_info()
idaapi.register_action(
idaapi.action_desc_t(
inverter_actname,
"Invert then/else",
invert_action_handler_t(i),
"I"))
idaapi.install_hexrays_callback(i.event_callback)
else:
print 'invert-if: hexrays is not available.'
hooks.hook()
action_expand = idaapi.action_desc_t(
'my:expand',
'Expand',
ActionHandlerExpand(),
'E',
'Expand expression',
50)
action_translate = idaapi.action_desc_t(
'my:translate',
'Translate',
ActionHandlerTranslate(),
'T',
'Translate expression in C/python/z3...',
103)
idaapi.register_action(action_expand)
idaapi.register_action(action_translate)
if __name__ == '__main__':
idaapi.CompileLine('static key_F3() { RunPythonStatement("symbolic_exec()"); }')
idc.AddHotkey("F3", "key_F3")
print "=" * 50
print """Available commands:
symbolic_exec() - F3: Symbolic execution of current selection
"""
view.Show()
# Support ida 6.9 and ida 7
all_views = []
hooks = Hooks()
hooks.hook()
action_expand = idaapi.action_desc_t('my:expand', 'Expand',
ActionHandlerExpand(), 'E',
'Expand expression', 50)
action_translate = idaapi.action_desc_t(
'my:translate', 'Translate', ActionHandlerTranslate(), 'T',
'Translate expression in C/python/z3...', 103)
idaapi.register_action(action_expand)
idaapi.register_action(action_translate)
if __name__ == '__main__':
idaapi.CompileLine(
'static key_F3() { RunPythonStatement("symbolic_exec()"); }')
idc.AddHotkey("F3", "key_F3")
print("=" * 50)
print("""Available commands:
symbolic_exec() - F3: Symbolic execution of current selection
""")
name = demangled_output[0].strip()
demangled_name = demangled_output[1].strip()
if name == demangled_name:
continue
count += 1
self.comment_xrefs(funcea, demangled_name)
print 'Successfully demangled %d functions' % count
def demangle(self, name):
return subprocess.check_output(['/usr/bin/swift-demangle', name])
def comment_xrefs(self, ea, comment):
for xref in XrefsTo(ea):
idaapi.add_long_cmt(xref.frm, 1, comment)
action_desc = idaapi.action_desc_t(
'swift-demangle',
'Demangle swift functions',
SwiftDemangle(),
)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/Plugins/Jump to next fixup',
'swift-demangle',
idaapi.SETMENU_APP,
)
