def copy_bytes():
"""
Copy selected bytes to clipboard
"""
if using_ida7api:
start = idc.read_selection_start()
end = idc.read_selection_end()
if idaapi.BADADDR in (start, end):
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
# # reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3
data = idc.get_bytes(start, end - start).hex()
print("Bytes copied: %s" % data)
copy_to_clip(data)
else:
start = idc.SelStart()
end = idc.SelEnd()
if idaapi.BADADDR in (start, end):
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
# reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3
# not work in ida7.5 python3.7.7
# data = idc.GetManyBytes(start, end-start).encode('hex')
data = idc.GetManyBytes(start, end - start).hex()
print("Bytes copied: %s" % data)
copy_to_clip(data)
return
def eBlock(self, codeStart=None, codeEnd=None):
if codeStart == None: codeStart = read_selection_start()
if codeEnd == None: codeEnd = read_selection_end()
codeStart = codeStart | 1 if self._is_thumb_ea(
codeStart) else codeStart
self._emulate(codeStart, codeEnd)
self._show_regs()
def get_selection():
start = idc.read_selection_start()
end = idc.read_selection_end()
if idaapi.BADADDR in (start, end):
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
return start, end
def get_selection(always=True):
start = idc.read_selection_start()
end = idc.read_selection_end()
if idaapi.BADADDR in (start, end):
if not always:
raise exceptions.SarkNoSelection()
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
return Selection(start, end)
def activate(self, ctx):
start, end = idc.read_selection_start(), idc.read_selection_end()
if start == idaapi.BADADDR:
print 'Please select something'
return
import capstone
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
md.details = True
data = idaapi.get_bytes(start, end - start)
for insn in md.disasm(data, start):
# print "0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)
idaapi.set_cmt(insn.address, str('%s %s' % (insn.mnemonic, insn.op_str)), False)
def __init__(self):
self.searchDwordArray = False
self.searchPushArgs = False
self.createStruct = False
#startAddr & endAddr: range to process
if using_ida7api:
self.startAddr = idc.read_selection_start()
self.endAddr = idc.read_selection_end()
else:
self.startAddr = idc.SelStart()
self.endAddr = idc.SelEnd()
#hashTypes: list of HashTypes user confirmed to process
self.hashTypes = []
def extractCode(self):
self.printAvd()
start = idc.read_selection_start()
end = idc.read_selection_end()
codeSize = end - start
ea = start
# print hex(ea)
result = ""
for i in range(codeSize):
op1 = idc.get_operand_type(ea, 0)
op2 = idc.get_operand_type(ea, 1)
instructionSize = idc.get_item_size(ea)
if op1 == idc.o_reg and (op2 == idc.o_reg or op2 == idc.o_void
or op2 == idc.o_phrase):
for b in range(0, instructionSize):
result += self.formatByte(ea + b)
elif (op1 == idc.o_reg and op2 == idc.o_displ) or (
op1 == idc.o_displ
and op2 == idc.o_reg) or (op1 == idc.o_displ
and op2 == idc.o_imm):
result += self.formatByte(ea) + self.formatByte(ea + 1)
for b in range(2, instructionSize):
result = result + " ??"
elif op1 == idc.o_phrase and op2 == idc.o_reg:
for b in range(0, instructionSize):
result += self.formatByte(ea + b)
else:
result += self.calcStr(ea, instructionSize)
ea = ea + instructionSize
if ea >= (start + codeSize):
break
# print (idc.get_event_module_base() - idc.SelStart());
print("%s Offset:0x%x") % (idc.GetFunctionName(
idc.here()), idc.here() - idaapi.get_imagebase())
# print result
return result
def promptForRange(self):
# Only run if QT not available, so not bothering with ida7 check
#check if a range has already been selected - if so skip prompt
if using_ida7api:
selstart = idc.read_selection_start()
selend = idc.read_selection_end()
segstart = idc.get_segm_start(idc.here())
segend = idc.get_segm_end(idc.here())
else:
selstart = idc.SelStart()
selend = idc.SelEnd()
seg = idc.SegStart(idc.here())
self.params.endAddr = idc.SegEnd(idc.here())
if selstart != idc.BADADDR:
self.params.startAddr = selstart
self.params.endAddr = selend
logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
else:
self.params.startAddr = segstart
self.params.endAddr = segend
logger.info('Processing current segment only')
def symbolic_exec():
from miasm.ir.symbexec import SymbolicExecutionEngine
from miasm.core.bin_stream_ida import bin_stream_ida
from utils import guess_machine
start, end = idc.read_selection_start(), idc.read_selection_end()
loc_db = LocationDB()
bs = bin_stream_ida()
machine = guess_machine(addr=start)
mdis = machine.dis_engine(bs, loc_db=loc_db)
if start == idc.BADADDR and end == idc.BADADDR:
start = idc.get_screen_ea()
end = idc.next_head(start) # Get next instruction address
mdis.dont_dis = [end]
asmcfg = mdis.dis_multiblock(start)
ira = machine.ira(loc_db=loc_db)
ircfg = ira.new_ircfg_from_asmcfg(asmcfg)
print("Run symbolic execution...")
sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init)
sb.run_at(ircfg, start)
modified = {}
for dst, src in sb.modified(init_state=machine.mn.regs.regs_init):
modified[dst] = src
view = symbolicexec_t()
all_views.append(view)
if not view.Create(
modified, machine, loc_db, "Symbolic Execution - 0x%x to 0x%x" %
(start, idc.prev_head(end))):
return
view.Show()
def search_for_bytes():
search_vt = vtgrep.VTGrepSearch(addr_start=idc.read_selection_start(),
addr_end=idc.read_selection_end())
search_vt.search(False)
def search_with_wildcards(strict):
search_vt = vtgrep.VTGrepSearch(addr_start=idc.read_selection_start(),
addr_end=idc.read_selection_end())
search_vt.search(True, strict)
def eBlock(self, codeStart=None, codeEnd=None):
if codeStart == None: codeStart = read_selection_start()
if codeEnd == None: codeEnd = read_selection_end()
self._emulate(codeStart, codeEnd)
self._showRegs(self.curUC)
def __init__(self):
default_types_info = r"""ExprId("RDX", 64): char *"""
archs = ["AMD64_unk", "X86_32_unk", "msp430_unk"]
func = ida_funcs.get_func(idc.get_screen_ea())
func_addr = func.start_ea
start_addr = idc.read_selection_start()
if start_addr == idc.BADADDR:
start_addr = idc.get_screen_ea()
end_addr = idc.read_selection_end()
ida_kernwin.Form.__init__(
self, r"""BUTTON YES* Launch
BUTTON CANCEL NONE
Type Propagation Settings
{FormChangeCb}
Analysis scope:
<Whole function:{rFunction}>
<From an address to the end of function:{rAddr}>
<Between two addresses:{r2Addr}>{cScope}>
<Target function:{functionAddr}>
<Start address :{startAddr}>
<End address :{endAddr}>
<Architecture/compilator :{arch}>
<##Header file :{headerFile}>
<Use a file for type information:{rTypeFile}>{cTypeFile}>
<##Types information :{typeFile}>
<Types information :{strTypesInfo}>
<Unalias stack:{rUnaliasStack}>{cUnalias}>
""", {
'FormChangeCb':
ida_kernwin.Form.FormChangeCb(self.OnFormChange),
'cScope':
ida_kernwin.Form.RadGroupControl(
("rFunction", "rAddr", "r2Addr")),
'functionAddr':
ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX,
value=func_addr),
'startAddr':
ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX,
value=start_addr),
'endAddr':
ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX,
value=end_addr),
'arch':
ida_kernwin.Form.DropdownListControl(
items=archs, readonly=False, selval=archs[0]),
'headerFile':
ida_kernwin.Form.FileInput(swidth=20, open=True),
'cTypeFile':
ida_kernwin.Form.ChkGroupControl(("rTypeFile", )),
'typeFile':
ida_kernwin.Form.FileInput(swidth=20, open=True),
'strTypesInfo':
ida_kernwin.Form.MultiLineTextControl(
text=default_types_info,
flags=ida_kernwin.Form.MultiLineTextControl.TXTF_FIXEDFONT
),
'cUnalias':
ida_kernwin.Form.ChkGroupControl(("rUnaliasStack", )),
})
form, args = self.Compile()
form.rUnaliasStack.checked = True
form.rTypeFile.checked = True
def cmd_get_selection(self):
return " ".join(
self.fmt_addr(a)
for a in [idc.read_selection_start(),
idc.read_selection_end()])
