def idb_creator(self, idb_sample_full_path):
with idb.from_file(idb_sample_full_path) as db:
api = idb.IDAPython(db)
basic_block_result_list, constant_result_list, distance_result_list = Integrated_idb.main(
api, idb_sample_full_path)
return basic_block_result_list, constant_result_list, distance_result_list
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
parser = argparse.ArgumentParser(description="Extract the names of functions within the given IDA Pro database.")
parser.add_argument("idbpath", type=str,
help="Path to input idb file")
parser.add_argument("-v", "--verbose", action="store_true",
help="Enable debug logging")
parser.add_argument("-q", "--quiet", action="store_true",
help="Disable all output but errors")
args = parser.parse_args(args=argv)
if args.verbose:
logging.basicConfig(level=logging.DEBUG)
logging.getLogger().setLevel(logging.DEBUG)
elif args.quiet:
logging.basicConfig(level=logging.ERROR)
logging.getLogger().setLevel(logging.ERROR)
else:
logging.basicConfig(level=logging.INFO)
logging.getLogger().setLevel(logging.INFO)
with idb.from_file(args.idbpath) as db:
root = idb.analysis.Root(db)
api = idb.IDAPython(db)
for fva in api.idautils.Functions():
print('%s:0x%x:%s' % (root.md5, fva, api.idc.GetFunctionName(fva)))
return 0
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
parser = argparse.ArgumentParser(
description="Extract the original file MD5 from an IDA Pro database.")
parser.add_argument("idbpath", type=str, help="Path to input idb file")
parser.add_argument("-v",
"--verbose",
action="store_true",
help="Enable debug logging")
parser.add_argument("-q",
"--quiet",
action="store_true",
help="Disable all output but errors")
args = parser.parse_args(args=argv)
if args.verbose:
logging.basicConfig(level=logging.DEBUG)
logging.getLogger().setLevel(logging.DEBUG)
elif args.quiet:
logging.basicConfig(level=logging.ERROR)
logging.getLogger().setLevel(logging.ERROR)
else:
logging.basicConfig(level=logging.INFO)
logging.getLogger().setLevel(logging.INFO)
with idb.from_file(args.idbpath) as db:
root = idb.analysis.Root(db)
print(root.md5)
return 0
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
parser = argparse.ArgumentParser(
description="Parse and display license information from an IDA Pro database."
)
parser.add_argument("idbpath", type=str, help="Path to input idb file")
parser.add_argument(
"-v", "--verbose", action="store_true", help="Enable debug logging"
)
parser.add_argument(
"-q", "--quiet", action="store_true", help="Disable all output but errors"
)
args = parser.parse_args(args=argv)
if args.verbose:
logging.basicConfig(level=logging.DEBUG)
logging.getLogger().setLevel(logging.DEBUG)
elif args.quiet:
logging.basicConfig(level=logging.ERROR)
logging.getLogger().setLevel(logging.ERROR)
else:
logging.basicConfig(level=logging.INFO)
logging.getLogger().setLevel(logging.INFO)
with idb.from_file(args.idbpath) as db:
api = idb.IDAPython(db)
print_userdata(api)
print_userdata(api, "$ user1")
return 0
def create_section_dynstr(elf, path_idb=None, path_map=None):
section = Section()
section.name = ".dynstr"
section.type = lief.ELF.SECTION_TYPES.STRTAB
section.flags = lief.ELF.SECTION_FLAGS.ALLOC
section.link = 0
section.information = 0
section.alignment = 1
section.offset = 0
section.entry_size = 0
section.size = 0
section.virtual_address = 0
if path_idb:
section.content = b"\x00"
with idb.from_file(path_idb) as db:
api = idb.IDAPython(db)
for ea in api.idautils.Functions():
section.content += api.idc.GetFunctionName(ea).encode('ascii')
section.content += b"\x00"
elif path_map:
section.content = b"\x00"
for name, _, _ in parse_map_symbols(path_map):
section.content += name.encode('ascii')
section.content += b"\x00"
return section
def idb_parse(args):
global outfile
with idb.from_file(args.idb_file) as db:
api = idb.IDAPython(db)
# Compatability check for those who install python-idb from pip
try:
baddr = hex(api.ida_nalt.get_imagebase())
except:
baddr = "[base address]"
outfile = open(args.out_file, "w")
write_header()
print(
"[+] Starting conversion from '%s' to '%s'" % (args.idb_file, args.out_file)
)
if args.is_functions:
idb_to_rizin_functions(api)
if args.is_names:
idb_to_rizin_names(api)
if args.is_comments:
segs = idb.analysis.Segments(db).segments
outfile.write("\n# IDB Comments\n")
for segment in segs.values():
idb_to_rizin_comments(api, segment.startEA)
print("[+] Conversion done.\n")
print("[!] Execute: rizin -i %s -B %s [program]\n" % (args.out_file, baddr))
def main():
''' Gets arguments from the user. Perform convertion of the chosen data from the IDB into a radare2 initialization script
'''
global outfile
args = get_args()
with idb.from_file(args.idb_file) as db:
api = idb.IDAPython(db)
baddr = api.ida_nalt.get_imagebase()
outfile = open(args.out_file, 'w')
print("[+] Starting convertion from '%s' to '%s'" %
(args.idb_file, args.out_file))
if args.is_functions:
idb2r2_functions(api)
if args.is_comments:
segs = idb.analysis.Segments(db).segments
for segment in segs.values():
idb2r2_comments(api, segment.startEA)
print("[+] Convertion done.\n")
print("[!] Execute: r2 -i %s -B %s [program]\n" %
(args.out_file, hex(baddr)))
def create_section_dynstr(elf, path_idb=None, path_map=None):
section = Section()
section.name = ".dynstr"
section.type = lief.ELF.SECTION_TYPES.STRTAB
section.flags = lief.ELF.SECTION_FLAGS.ALLOC
section.link = 0
section.information = 0
section.alignment = 1
section.offset = 0
section.entry_size = 0
section.size = 0
section.virtual_address = 0
if path_idb:
section.content = b"\x00"
with idb.from_file(path_idb) as db:
api = idb.IDAPython(db)
for ea in api.idautils.Functions():
section.content += api.idc.GetFunctionName(ea).encode('ascii')
section.content += b"\x00"
elif path_map:
section.content = b"\x00"
for name, _, _ in parse_map_symbols(path_map):
section.content += name.encode('ascii')
section.content += b"\x00"
return section
def open_idb(FROM_FILE):
global filename
filename = FROM_FILE[FROM_FILE.rfind('/') + 1:-4]
with idb.from_file(FROM_FILE) as db:
api = idb.IDAPython(db)
return api
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
parser = argparse.ArgumentParser(
description="Interactively explore an IDB B-tree like a file system.")
parser.add_argument("idbpath", type=str, help="Path to input idb file")
parser.add_argument("-v",
"--verbose",
action="store_true",
help="Enable debug logging")
parser.add_argument("-q",
"--quiet",
action="store_true",
help="Disable all output but errors")
args = parser.parse_args(args=argv)
if args.verbose:
logging.basicConfig(level=logging.DEBUG)
logging.getLogger().setLevel(logging.DEBUG)
elif args.quiet:
logging.basicConfig(level=logging.ERROR)
logging.getLogger().setLevel(logging.ERROR)
else:
logging.basicConfig(level=logging.INFO)
logging.getLogger().setLevel(logging.INFO)
with idb.from_file(args.idbpath) as db:
explorer = BTreeExplorer(db)
explorer.cmdloop()
return 0
def load_idb(self, fname, load_segments=False, load_functions=True):
import idb
with idb.from_file(fname) as db:
api = idb.IDAPython(db)
#load segments
if load_segments:
for addr in api.idautils.Segments():
try:
end = api.idaapi.get_segm_end(addr)
size = end - addr
data = api.ida_bytes.get_bytes(
addr, size) #seems to fail sometimes
name = api.idaapi.get_segm_name(addr)
name = "%s_%s_0x%x" % (os.path.basename(fname), name,
addr)
print(name)
self.add_segment(group, name, addr, data, size)
except:
import traceback
traceback.print_exc()
#extract function names
if load_functions:
for addr in api.idautils.Functions():
name = api.idc.GetFunctionName(addr)
if self.cfg["config"]["thumb_mode"]:
addr |= 1
self.add_symbol("global", name, addr)
#vs vstruct
self.save()
def test_armel_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'armel', 'ls.idb')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x00002598) == 'push\t{r4, r5, r6, r7, r8, sb, sl, fp, lr}'
assert api.idc.GetDisasm(0x00012010) == 'b\t#0x12014'
def CONSTANT_SIMILAR(FROM_FILE, Constant_Queue):
with idb.from_file(FROM_FILE) as db:
try:
api = idb.IDAPython(db)
CONSTANT_SIMILAR_LIST = main(api)
except:
Constant_Queue.put("None")
Constant_Queue.put(CONSTANT_SIMILAR_LIST)
def test_thumb_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, "data", "thumb", "ls.idb")
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x00011EAC) == "strb\tr4, [r3, r5]"
assert api.idc.GetDisasm(0x00011EAE) == "b\t#0x11ebc"
def test_function_comment():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'func-comment', 'small.idb')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.ida_funcs.get_func_cmt(3, False) == 'function comment'
assert api.ida_funcs.get_func_cmt(3, True) == 'repeatable function comment'
def test_thumb_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'thumb', 'ls.idb')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x00011eac) == 'strb\tr4, [r3, r5]'
assert api.idc.GetDisasm(0x00011eae) == 'b\t#0x11ebc'
def test_multi_bitness():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'multibitness', 'multibitness.idb')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x0) == 'xor\tdx, dx' # 16-bit
assert api.idc.GetDisasm(0x1000) == 'xor\tedx, edx' # 32-bit
def BASIC_BLOCK_IDB(FROM_FILE):
try:
with idb.from_file(FROM_FILE) as db:
api = idb.IDAPython(db)
BASIC_BLOCK_RESULT_LIST = BB64.main(api)
return BASIC_BLOCK_RESULT_LIST
except:
return None
def main(argv=None):
# TODO: do version check for 3.x
if argv is None:
argv = sys.argv[1:]
parser = argparse.ArgumentParser(
description="Dump an IDB B-tree to a textual representation."
)
parser.add_argument("script_path", type=str, help="Path to script file")
parser.add_argument("idbpath", type=str, help="Path to input idb file")
parser.add_argument(
"-v", "--verbose", action="store_true", help="Enable debug logging"
)
parser.add_argument(
"-q", "--quiet", action="store_true", help="Disable all output but errors"
)
parser.add_argument("--ScreenEA", type=str, help="Prepare value of ScreenEA()")
args = parser.parse_args(args=argv)
if args.verbose:
logging.basicConfig(level=logging.DEBUG)
logging.getLogger().setLevel(logging.DEBUG)
elif args.quiet:
logging.basicConfig(level=logging.ERROR)
logging.getLogger().setLevel(logging.ERROR)
logging.getLogger("idb.netnode").setLevel(logging.ERROR)
logging.getLogger("idb.fileformat").setLevel(logging.ERROR)
else:
logging.basicConfig(level=logging.INFO)
logging.getLogger().setLevel(logging.INFO)
logging.getLogger("idb.netnode").setLevel(logging.ERROR)
logging.getLogger("idb.fileformat").setLevel(logging.ERROR)
with idb.from_file(args.idbpath) as db:
if args.ScreenEA:
if args.ScreenEA.startswith("0x"):
screenea = int(args.ScreenEA, 0x10)
else:
screenea = int(args.ScreenEA)
else:
screenea = list(sorted(idb.analysis.Segments(db).segments.keys()))[0]
hooks = idb.shim.install(db, ScreenEA=screenea)
# update sys.path to point to directory containing script.
# so scripts can import .py files in the same directory.
script_dir = os.path.dirname(args.script_path)
sys.path.insert(0, script_dir)
with open(args.script_path, "rb") as f:
g = {
"__name__": "__main__",
}
g.update(hooks)
exec(f.read(), g)
return 0
def test_posterior_lines():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'ant-post-comments', 'small.idb')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.LineB(1, 0) == 'posterior line 1'
assert api.idc.LineB(1, 1) == 'posterior line 2'
assert api.idc.LineB(1, 2) == ''
def test_mips64el_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'mips64el', 'ls.i64')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x0000b8c8) == 'addiu\t$s0, $s0, -0x57'
assert api.idc.GetDisasm(0x0000b8cc) == 'daddiu\t$v1, $v1, 1'
assert api.idc.GetDisasm(0x0000b8d0) == 'b\t0xb760'
def test_mipsel_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'mipsel', 'ls.idb')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x0000543c) == 'sb\t$t2, ($t1)'
assert api.idc.GetDisasm(0x00005440) == 'addiu\t$t3, $t3, 1'
assert api.idc.GetDisasm(0x00005444) == 'b\t0x5238'
def test_arm64_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, 'data', 'arm64', 'ls.i64')
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x00005d30) == 'cmp\tw5, #0x74'
assert api.idc.GetDisasm(0x00005d34) == 'csel\tw5, w5, w12, ne'
assert api.idc.GetDisasm(0x00005d38) == 'b\t#0x5c30'
def test_posterior_lines():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, "data", "ant-post-comments", "small.idb")
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.LineB(1, 0) == "posterior line 1"
assert api.idc.LineB(1, 1) == "posterior line 2"
assert api.idc.LineB(1, 2) == ""
def test_arm64_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, "data", "arm64", "ls.i64")
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x00005D30) == "cmp\tw5, #0x74"
assert api.idc.GetDisasm(0x00005D34) == "csel\tw5, w5, w12, ne"
assert api.idc.GetDisasm(0x00005D38) == "b\t#0x5c30"
def test_mipsel_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, "data", "mipsel", "ls.idb")
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x0000543C) == "sb\t$t2, ($t1)"
assert api.idc.GetDisasm(0x00005440) == "addiu\t$t3, $t3, 1"
assert api.idc.GetDisasm(0x00005444) == "b\t0x5238"
def test_mips64el_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, "data", "mips64el", "ls.i64")
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert api.idc.GetDisasm(0x0000B8C8) == "addiu\t$s0, $s0, -0x57"
assert api.idc.GetDisasm(0x0000B8CC) == "daddiu\t$v1, $v1, 1"
assert api.idc.GetDisasm(0x0000B8D0) == "b\t0xb760"
def test_armel_disasm():
cd = os.path.dirname(__file__)
idbpath = os.path.join(cd, "data", "armel", "ls.idb")
with idb.from_file(idbpath) as db:
api = idb.IDAPython(db)
assert (api.idc.GetDisasm(0x00002598) ==
"push\t{r4, r5, r6, r7, r8, sb, sl, fp, lr}")
assert api.idc.GetDisasm(0x00012010) == "b\t#0x12014"
def print_idb_infos(self):
g_logger.info("Uploading information from IDB %s", self.idbpath)
with idb.from_file(self.idbpath) as db:
root = idb.analysis.Root(db)
g_logger.debug("Sample MD5: %s", root.md5)
self.md5 = root.md5
g_logger.debug("Database version %d created on %s opened %d times",
root.version, root.created, root.open_count)
nn = idb.netnode.Netnode(db, "Root Node")
self.sample = nn.valstr()
g_logger.debug("Original filename: %s", self.sample)
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
parser = argparse.ArgumentParser(
description="Dump an IDB B-tree to a textual representation.")
parser.add_argument("idbpath", type=str, help="Path to input idb file")
parser.add_argument("-v",
"--verbose",
action="store_true",
help="Enable debug logging")
parser.add_argument("-q",
"--quiet",
action="store_true",
help="Disable all output but errors")
args = parser.parse_args(args=argv)
if args.verbose:
logging.basicConfig(level=logging.DEBUG)
logging.getLogger().setLevel(logging.DEBUG)
elif args.quiet:
logging.basicConfig(level=logging.ERROR)
logging.getLogger().setLevel(logging.ERROR)
else:
logging.basicConfig(level=logging.INFO)
logging.getLogger().setLevel(logging.INFO)
with idb.from_file(args.idbpath) as db:
cursor = db.id0.get_min()
while True:
if cursor.key[0] == 0x2E:
try:
k = idb.netnode.parse_key(cursor.key, wordsize=db.wordsize)
except UnicodeDecodeError:
hexdump.hexdump(cursor.key)
else:
print("nodeid: %x tag: %s index: %s" % (
k.nodeid,
k.tag,
hex(k.index) if k.index is not None else "None",
))
else:
hexdump.hexdump(cursor.key)
hexdump.hexdump(bytes(cursor.value))
print("--")
try:
cursor.next()
except IndexError:
break
return 0
def send_names(self):
with idb.from_file(self.idbpath) as db:
api = idb.IDAPython(db)
for ea in api.idautils.Functions():
mflags = api.idc.GetFlags(ea)
# Check if it is a dummy name
# TODO: check for automatic names
if not api.ida_bytes.has_dummy_name(mflags):
fname = api.idc.GetFunctionName(ea)
self.idaapi.send_name(self.sid, fname, ea)
g_logger.debug("Sent name: 0x%x:%s", ea, fname)
def create_section_dynsym(elf, path_idb=None, path_map=None):
section = Section()
section.name = ".dynsym"
section.type = lief.ELF.SECTION_TYPES.DYNSYM
section.flags = lief.ELF.SECTION_FLAGS.ALLOC
section.link = INDEX_DYNSTR
section.information = 0
section.alignment = 8
section.offset = 0
section.entry_size = 0
section.size = 0
section.virtual_address = 0
section.entry_size = 0x18
index = 1
sym = Symbol()
if path_idb:
with idb.from_file(path_idb) as db:
api = idb.IDAPython(db)
for ea in api.idautils.Functions():
name = api.idc.GetFunctionName(ea)
sym.name = index
sym.info = 0x12
sym.other = 0
sym.shndx = 0x0 # TODO
sym.value = ea
sym.size = api.idc.GetFunctionAttr(ea, api.idc.FUNCATTR_END) - ea
section.content += sym.serialize()
section.size += section.entry_size
index += len(name) + 1
elif path_map:
sym = Symbol()
for name, addr, size in parse_map_symbols(path_map):
sym.name = index
sym.info = 0x12
sym.other = 0
sym.shndx = 0x0 # TODO
sym.value = addr
sym.size = 0x10000 # TODO
section.content += sym.serialize()
section.size += section.entry_size
index += len(name) + 1
return section