def context_menu(self, position):
sender = self.sender()
menu = QtWidgets.QMenu()
copy_action = menu.addAction("Copy value")
copy_row = menu.addAction("Copy row")
view_chunk = menu.addAction("View chunk")
jump_to = menu.addAction("Jump to chunk")
jump_to_u = menu.addAction("Jump to user-data")
check_freaable = menu.addAction("Check freeable")
chunk_addr = int(sender.item(sender.currentRow(), 0).text(), 16)
action = menu.exec_(sender.mapToGlobal(position))
if action == copy_action:
sender.copy_selected_value()
if action == copy_row:
sender.copy_selected_row()
elif action == jump_to:
idc.Jump(chunk_addr)
elif action == jump_to_u:
idc.Jump(chunk_addr + (config.ptr_size*2))
elif action == view_chunk:
self.view_selected_chunk()
elif action == check_freaable:
self.parent.check_freeable(chunk_addr)
def OnDblClick(self, node_id):
xref_locations = []
node_ea = self.get_ea_by_name(self[node_id])
if self.edges.has_key(node_id):
for edge_node_id in self.edges[node_id]:
edge_node_name = self[edge_node_id]
edge_node_ea = self.get_ea_by_name(edge_node_name)
if edge_node_ea != idc.BADADDR:
for xref in idautils.XrefsTo(edge_node_ea):
# Is the specified node_id the source of this xref?
if self.match_xref_source(xref, node_ea):
xref_locations.append((xref.frm, edge_node_ea))
if xref_locations:
xref_locations.sort()
print ""
print "Path Xrefs from %s:" % self[node_id]
print "-" * 100
for (xref_ea, dst_ea) in xref_locations:
print "%-50s => %s" % (self.get_name_by_ea(xref_ea),
self.get_name_by_ea(dst_ea))
print "-" * 100
print ""
idc.Jump(xref_locations[0][0])
else:
idc.Jump(node_ea)
def Call(self, function, arguments=[], retaddr=0, block_until_return=True):
'''
Call a given function. Arguments must already be configured.
This should not be used to call functions hooked with IDASimulator or it likely won't work.
@function - The name or address of the function to call.
@arguments - A list of function arguments.
@retaddr - The address to return to.
@block_until_return - If set to True, this method will not return until the function does.
If set to False, this method will return immediately after calling the function.
Returns the return value of the function on success.
Returns None on failure, or if block_until_return is False.
'''
retval = None
# Process should already be paused, but just in case...
idc.PauseProcess()
# If a function name was specified, get its address
if isinstance(function, type('')):
function = idc.LocByName('.' + function)
if function == idc.BADADDR:
function = idc.LocByName(function)
if function != idc.BADADDR:
if not retaddr:
retaddr = self.cpu.ProgramCounter()
# Set the specified function arguments
self.cpu.SetArguments(arguments)
# Do any arch-specific initialization before the function call
self.cpu.PreFunctionCall(function)
# Set up the return address and point the program counter to the start of the target function
self.cpu.ReturnAddress(value=retaddr)
self.cpu.ProgramCounter(value=function)
idc.Jump(function)
if block_until_return:
# Resume process and wait for the target function to return
idc.StepUntilRet()
idc.GetDebuggerEvent(idc.WFNE_CONT | idc.WFNE_SUSP, -1)
idc.Jump(retaddr)
retval = self.cpu.ReturnValue()
else:
idc.ResumeProcess()
return retval
def onDClicked(self, qmodelindex): # QModelIndex
item = self.bptree.currentItem()
parent = item.parent()
if parent:
addtext = item.text(1).strip()
if re.search("^0x[\da-fA-F]{5,15}$", addtext):
idc.Jump(int(addtext[2:], 16))
else:
text = item.text(0).strip()
if text[0] == '+':
offset = int(text[1:], 16)
idc.Jump(parent.bps.addr + offset)
else:
idc.Jump(item.bps.addr)
print('DClick Key=%s,value=%s' % (item.text(0), item.text(1)))
def _get_user_selected_functions(self, many=False):
functions = []
ea = idc.ScreenEA()
try:
current_function = idc.GetFunctionAttr(ea, idc.FUNCATTR_START)
except:
current_function = None
while True:
function = idc.ChooseFunction(
"Select a function and click 'OK' until all functions have been selected. When finished, click 'Cancel' to display the graph."
)
# ChooseFunction automatically jumps to the selected function
# if the enter key is pressed instead of clicking 'OK'. Annoying.
if idc.ScreenEA() != ea:
idc.Jump(ea)
if not function or function == idc.BADADDR or function == current_function:
break
elif function not in functions:
functions.append(function)
if not many:
break
return functions
def onDClicked(self, qmodelindex): # QModelIndex
try:
item = self.argtree.currentItem()
if not item:
return
parent = item.parent()
if parent:
addtext = item.text(1).strip()
if re.search("^0x[\da-fA-F]{5,15}$", addtext):
idc.Jump(int(addtext[2:], 16))
else:
idc.Jump(item.func.addr)
print('DClick Key=%s,value=%s' % (item.text(0), item.text(1)))
except:
import traceback
traceback.print_exc()
def _execution_tree_onClickItem(self, item):
address = int(item.text(1), 16)
is_api = int(item.text(5), 16)
tid = int(item.text(6), 16)
target = int(item.text(3), 16)
callee_id = int(item.text(7), 16)
if is_api > 0:
for thread in self._maze['process']['threads']:
if tid == thread['tid']:
for i in range(len(thread['api_parameters'])):
if thread['api_parameters'][i][
'target'] == target and thread[
'api_parameters'][i]['id'] == callee_id:
if thread['api_parameters'][i]['xref'] == (
address + idc.ItemSize(address)):
if 'parameters' in thread['api_parameters'][i]:
cmt = item.text(0).encode('ascii') + "\n"
for param in thread['api_parameters'][i][
'parameters']:
cmt += (param['name'] + " : " +
str(param['data']) +
"\n").encode('ascii')
idc.MakeComm(address, cmt)
break
idc.Jump(address)
def _onClickItem(self, item):
xref = int(item.text(1), 16)
tid = int(item.text(6), 16)
target = int(item.text(3), 16)
xrefID = int(item.text(7), 16)
Maze().addCallParams(target, xref, xrefID, tid)
idc.Jump(xref)
def handle_vtable_interaction(self, row, column):
if self.edit_class is None:
return
vm = self.edit_class.vmethods[row]
if column == 0: # Go to vtable offset
idc.jumpto(self.edit_class.vtable_start + row * 4)
elif column == 1: # Go to address
idc.Jump(vm.ea)
elif column == 2: # Edit signature
dlg = SignatureDialog(vm.return_type,
vm.owner.name,
vm.name,
vm.args,
vm.is_const,
vm.ctor_type,
vm.dtor_type,
fixed_owner_type=True)
if dlg.exec_() != QtWidgets.QDialog.Accepted:
return
vm.set_signature(dlg.name, dlg.args, dlg.return_type, dlg.is_const,
dlg.ctor_type, dlg.dtor_type)
self.vtable.setItem(row, 2,
QtWidgets.QTableWidgetItem(vm.get_signature()))
idc.Refresh()
def Sync(self, offset, added, removed):
""" Sync(offset, added, removed) => None
Synchronize debug info with gef. This is an internal function. It is
not recommended using it from the command line.
"""
global _breakpoints, _current_instruction, _current_instruction_color
if _current_instruction > 0:
idc.SetColor(_current_instruction, CIC_ITEM, _current_instruction_color)
base_addr = idaapi.get_imagebase()
pc = base_addr + int(offset, 16)
_current_instruction = long(pc)
_current_instruction_color = GetColor(_current_instruction, CIC_ITEM)
idc.SetColor(_current_instruction, CIC_ITEM, 0x00ff00)
print("PC @ " + hex(_current_instruction).strip('L'))
# post it to the ida main thread to prevent race conditions
idaapi.execute_sync(lambda: idc.Jump(_current_instruction), idaapi.MFF_WRITE)
cur_bps = set([ idc.GetBptEA(n)-base_addr for n in range(idc.GetBptQty()) ])
ida_added = cur_bps - _breakpoints
ida_removed = _breakpoints - cur_bps
_breakpoints = cur_bps
# update bp from gdb
for bp in added:
idc.AddBpt(base_addr+bp)
_breakpoints.add(bp)
for bp in removed:
if bp in _breakpoints:
_breakpoints.remove(bp)
idc.DelBpt(base_addr+bp)
return [list(ida_added), list(ida_removed)]
def handle_methods_interaction(self, row, column):
if self.edit_class is None:
return
m = self.methods.item(row, 0).data(QtCore.Qt.UserRole)
if type(
m
) != database_entries.Method or m not in self.edit_class.methods:
return
elif column == 0: # Go to address
idc.Jump(m.ea)
elif column == 1: # Edit signature
dlg = SignatureDialog(m.return_type,
m.owner.name,
m.name,
m.args,
m.is_const,
m.ctor_type,
m.dtor_type,
fixed_owner_type=True)
if dlg.exec_() != QtWidgets.QDialog.Accepted:
return
m.set_signature(dlg.name, dlg.args, dlg.return_type, dlg.is_const,
dlg.ctor_type, dlg.dtor_type)
self.methods.setItem(row, 1,
QtWidgets.QTableWidgetItem(m.get_signature()))
idc.Refresh()
def Jump(self, address):
""" Jump(int addr) => None
Move the IDA EA pointer to the address pointed by `addr`.
Example: ida Jump 0x4049de
"""
addr = long(address, 16) if ishex(address) else long(address)
return idc.Jump(addr)
def OnSelectLine(self, n):
try:
addr = int(self.items[n][0], 16)
idc.Jump(addr)
print "[+] Jump to %s" % self.items[n][0]
except:
print "[-] Error while jumping"
def OnCommand(self, cmd_id):
"""
Triggered when a menu command is selected through the menu or its hotkey
@return: None
"""
#print "command:", cmd_id
if self.cmd_close == cmd_id:
self.Close()
return
elif self.cmd_color == cmd_id:
func_item = idaapi.get_func(idc.ScreenEA())
# get the default color
idc.Jump(func_item.startEA)
idautils.ProcessUiActions("GraphDefaultColor", 0)
defaultcolor = idc.GetColor(func_item.startEA, idc.CIC_ITEM)
# reset colors to default
idc.SetColor(func_item.startEA, idc.CIC_FUNC, defaultcolor)
# RGB
for block in self.blocks:
start, end = self.getBounds(block)
# color all basic blocks
for head in idautils.Heads(start, end):
idc.SetColor(head, idc.CIC_ITEM,
self.options['bb_path_color'])
#branch_insn = idc.NextHead(end, func_item.endEA)
#print "branch instruction is at 0x%08x" % branch_insn
#idc.SetColor(branch_insn, idc.CIC_ITEM, self.options['bb_path_color'])
idaapi.refresh_idaview_anyway()
def goto_btn_clicked(self):
global last_selected_row
list_item = self.goto_list.currentItem()
last_selected_row = self.goto_list.currentRow()
if list_item:
func_name = list_item.text()
idc.Jump(self.jump_list[func_name])
self.d.accept()
def on_go_to_address_button_clicked():
indices = g_item_list.selectedIndexes()
if len(indices) != 1:
return
index = indices[0].row()
address = g_item_list_model.item(index).data()['address']
idc.Jump(address)
def clickRow(self):
try:
addr = int(
self._import_table.item(self._import_table.currentRow(),
0).text(), 16)
idc.Jump(addr)
except Exception, e:
log.error("Exception encountered: {}".format(e))
def go(ea):
'''slightly less typing for idc.Jump'''
if not contains(ea):
left, right = range()
raise ValueError(
"Unable to goto address %x. (valid range is %x - %x)" %
(ea, left, right))
idc.Jump(ea)
return ea
def go_to_instruction(self, item):
table = self.index_map[self.traces_tab.currentIndex()]
addr_item = table.item(item.row(), 1)
addr_s = addr_item.text()
try:
addr = int(addr_s, 0)
idc.Jump(addr)
except Exception:
print "Cannot jump to the selected location"
def OnSelectLine(self, n):
try:
item = self.items[n]
jump_ea = int(item[0], 16)
# Only jump for valid addresses
if idc.isEnabled(jump_ea):
idc.Jump(jump_ea)
except:
print "OnSelectLine", sys.exc_info()[1]
def jump_to_line(ea, line, col):
idc.Jump(ea)
viewer = idaapi.get_current_viewer()
(pl, x, y) = idaapi.get_custom_viewer_place(viewer, False)
pl2 = idaapi.place_t_as_simpleline_place_t(pl.clone())
pl2.n = line
x = col
y = 10
idaapi.jumpto(viewer, pl2, x, y)
def OnDblClick(self, shift):
line = self.GetCurrentLine()
if "0x" not in line: return False
# skip COLSTR formatting, find address
addy = int(line[2:line.find(":")], 16)
idc.Jump(addy)
return True
def OnSelectLine(self, n):
item = self.items[n]
jump_ea = int(item[0], 16)
# Only jump for valid addresses
if idaapi.IDA_SDK_VERSION < 700:
valid_addr = idc.isEnabled(jump_ea)
else:
valid_addr = idc.is_mapped(jump_ea)
if valid_addr:
idc.Jump(jump_ea)
def click_tree(self):
i = self._switch_tree.currentItem()
addr = i.text(0).strip()
if not addr.startswith("0x"):
addr = idaapi.get_name_ea(idc.BADADDR, str(addr))
else:
addr = addr[2:10]
addr = int(addr, 16)
idc.Jump(addr)
return
def OnDblClick(self, shift):
line = self.GetCurrentLine()
#print('line is %s' % line)
parts = line.split()
try:
addr = int(parts[0], 16)
except:
print('no address found in %s' % line)
return
idc.Jump(addr)
def context_menu(self, position):
sender = self.sender()
menu = QtWidgets.QMenu()
show_warn_info = None
copy_action = menu.addAction("Copy value")
copy_row = menu.addAction("Copy row")
view_chunk = menu.addAction("View chunk")
jump_to = menu.addAction("Jump to chunk")
jump_to_u = menu.addAction("Jump to user-data")
goto_caller = menu.addAction("Jump to caller")
current_row = self.sender().currentRow()
if current_row in self.row_info:
show_warn_info = menu.addAction("Show warning info")
chunk_addr = int(sender.item(sender.currentRow(), 1).text(), 16)
action = menu.exec_(sender.mapToGlobal(position))
if action == copy_action:
sender.copy_selected_value()
if action == copy_row:
sender.copy_selected_row()
elif action == jump_to:
idc.Jump(chunk_addr - (config.ptr_size * 2))
elif action == jump_to_u:
idc.Jump(chunk_addr)
elif action == goto_caller:
caller_str = str(sender.item(sender.currentRow(), 6).text())
if caller_str:
idc.Jump(str2ea(caller_str))
elif action == view_chunk:
self.view_selected_chunk()
elif show_warn_info and action == show_warn_info:
self.traced_double_clicked()
def double_click_event(self, event):
index = event.pos()
try:
item = self.model.itemFromIndex(self.view.indexAt(event.pos()))
column = item.column()
ea = item.ea
except:
return
if ea != -1:
idc.Jump(ea)
def OnSelectLine(self, n):
dt = self.data[n]
if self.jumpProc:
self.jumpProc(dt)
return
for x in self._cols:
if x[0].lower() != 'address':
continue
v = dt.get(x[0])
if v:
idc.Jump(v)
def jmp_clicked(self):
target_base_hex = hex_cleaner(self.combobox_new_base.currentText())
target = int(hex_cleaner(self.edit_target_addr.text()), 16)
target_base = int(target_base_hex, 16)
offset = target - target_base
real_offset = offset + self.cur_image_base
if target_base_hex not in history_jmp_base:
history_jmp_base.append(target_base_hex)
print("original base: %x new base: %x offset:%x" %
(self.cur_image_base, target_base, offset))
idc.Jump(real_offset)
self.close()
def click_row(self):
i = self._bytestring_table.item(self._bytestring_table.currentRow(), 0)
bstr = self._bytestring_table.item(self._bytestring_table.currentRow(), 2)
addr = i.text().strip()
bstr = bstr.text()
if not addr.startswith("0x"):
addr = idaapi.get_name_ea(idc.BADADDR, str(addr))
else:
addr = addr[2:10]
addr = int(addr, 16)
idc.Jump(addr)
self._clipboard.setText(bstr)