def get_chunk_address(self): addr_str = self.t_chunk_addr.text() if sys.version_info < (3, 0): addr_str = addr_str.encode("utf-8") addr = idaapi.str2ea(addr_str) if addr == idc.BADADDR: return None return addr
def resolve_expr(self, expr): res = None try: expr = re.sub(r'[(|)]', '', expr) res = int(expr, 16) except ValueError: segm = idaapi.get_segm_by_name(expr) if segm: res = segm.start_ea else: ea = idaapi.str2ea(expr) if ea != idc.BADADDR: res = ea return res
def modify_value(self): reg = self.get_selected_reg() if not reg: return reg_val = idc.GetRegValue(reg) b = idc.AskStr("0x%X" % reg_val, "Modify register value") if b is not None: try: value = int(idaapi.str2ea(b)) idc.SetRegValue(value, reg) self.reload_info() if reg == dbg.registers.flags: self.reload_flags_view() except: idaapi.warning("Invalid expression")
def modify_value(self): ea = self.get_current_expr_ea() if not ea or not idaapi.is_loaded(ea): return stack_val = 0 if idaapi.inf_is_64bit(): stack_val = ida_bytes.get_qword(ea) else: stack_val = ida_bytes.get_dword(ea) b = idaapi.ask_str("0x%X" % stack_val, 0, "Modify value") if b is not None: try: value = int(idaapi.str2ea(b)) if idaapi.inf_is_64bit(): idc.patch_qword(ea, value) else: idc.patch_dword(ea, value) self.reload_info() except: idaapi.warning("Invalid expression")
def reload_info(self): if not dbg.is_process_suspended(): return False base_addr = None if self.base_expr is None: base_addr = idc.get_reg_value(dbg.registers.stack) else: base_addr = idaapi.str2ea(self.base_expr) if base_addr == idc.BADADDR: idaapi.warning("Invalid base expr: %s" % self.base_expr) return False if not idaapi.is_loaded(base_addr): idaapi.warning("Memory address is not loaded: $#x" % base_addr) return False self.ClearLines() dbg.set_thread_info() try: segm_end = idc.get_segm_end(base_addr) n_entries = config.n_stack_entries or ((segm_end - base_addr) // dbg.ptr_size) for i in range(n_entries): offset = i * dbg.ptr_size ptr = base_addr + offset if not idaapi.is_loaded(ptr): break value = dbg.get_ptr(ptr) self.add_line("%02d:%04X %s" % (i, offset, self.parse_value(ptr))) except Exception as e: idaapi.warning(str(e)) return False return True
def jumpto_expr(expr): ea = idaapi.str2ea(expr) if ea == BADADDR: return False return idaapi.jumpto(ea)
def get_chunk_address(self): addr = idaapi.str2ea(self.t_chunk_addr.text().encode("utf-8")) if addr == idc.BADADDR: return None return addr
def try_parse_ida_ident(ident): """ Returns a tuple of (type, value): (0, addr) -> a memory address (1, offs) -> an EBP offset TODO: arch-independent? (2, name) -> a register name (3, val) -> a constant (4, s) -> a string (5, (arr, idx)) -> atoi of an array with constant index. """ ident = str(ident) if len(ident) == 0: return False # match things like: # atoi(some_global_var[3]) # 0x500[1] (also implicitely means to apply atoi) if (ident.find("[") > 0 and ident[-1] == "]") or (ident[:5] == "atoi(" and ident[-2:] == "])"): ident = ident.replace("atoi(", "").replace("])", "]") idx = ident[ident.find("[") + 1:-1] before_idx = ident[:ident.find("[")] if idx.isdigit(): # if the index part consists of digits res_val = idaapi.str2ea(before_idx) if res_val != idaapi.BADADDR: return (5, (res_val, int(idx))) else: return False else: return False # match things like: # "bla" if len(ident) >= 2 and ident[0] == ident[-1] == '"': return (4, ident[1:-1].decode('string_escape') ) # Decode hex (and other) escapes # match thinfs like: # [0x1337] # [some_global_var] if ident[0] == "[" and ident[-1] == "]": # Try to parse memory address res_val = idaapi.str2ea(ident[1:-1]) if res_val != idaapi.BADADDR: return (0, res_val) return False # match things like: # arg_4 # var_0 [t, res] = idaapi.get_name_value(idaapi.get_screen_ea(), ident) # TODO: or 64? if t == 3: # Local variable (arg (pos) or var (neg): sp offset res_val = ctypes.c_int32(res).value # TODO: 32 bitness #return "[ebp{}{}]".format('+' if res_val >= 0 else '', res_val) return (1, res_val) # match things like: # eax # ebp if idaapi.str2reg(ident) != -1: return (2, ident) # match things like: # 0x1337 # some_global_var res_val = idaapi.str2ea(ident) if res_val != idaapi.BADADDR: return (3, res_val) # Failed return False