def query_selected_func(self, ctx): title = self._get_ctx_title(ctx) if title == "Functions window": if IDAUtils.is_hexrays_v7(): ida_funcs = [idaapi.getn_func(f_idx) for f_idx in ctx.chooser_selection] else: ida_funcs = [idaapi.getn_func(f_idx - 1) for f_idx in ctx.chooser_selection] if self._get_connector() is not None: self.connector.search_func( queries=IDAUtils.get_as_multiple_surrogate(ida_funcs), topk=self.get_conf_topk(), threshold=self.get_conf_threshold(), avoid_same_binary=self.get_conf_avoidSameBinary()) else: connector, ida_funcs, threshold, topk, avoidSameBinary = self.select_funcs() if ida_funcs is None: return if connector is None: self.open_cnn_manager() connector = self.connector if connector is not None and ida_funcs is not None and len( ida_funcs) > 0: connector.search_func( queries=IDAUtils.get_as_multiple_surrogate(ida_funcs), topk=topk, threshold=threshold, avoid_same_binary=avoidSameBinary)
def get_chooser_item_attrs(self, chooser, n, attrs): func = idaapi.getn_func(n) if bai_mark.is_bai_func(func.start_ea): colors = [0x8B98B3, 0x6F82AB, 0x5B74AB, 0x3B5BA1, 0x304A82] score = bai_mark.record[func.start_ea]['score'] index = max(int((score * 100 - 80) / 5), 0) attrs.color = colors[index]
def activate(self, ctx): for idx in ctx.chooser_selection: func_ea = idaapi.getn_func(idx - 1).startEA cfunc = helper.decompile_function(func_ea) obj = api.VariableObject(cfunc.get_lvars()[0], 0) if cfunc: NewDeepSearchVisitor(cfunc, 0, obj, cache.temporary_structure).process()
def run(self, arg): """ loop through all functions, collect "self._data", then show view @param: arg : -- """ try: self._data = dict() count = idaapi.get_func_qty() for i in xrange(count): fn = idaapi.getn_func(i) fn_an = self.analyze_func(fn) # if fn_an['math']: # print 'fn: %#08x has math' % fn.startEA if idaapi.has_dummy_name(idaapi.getFlags(fn.startEA)): self._handle_calls(fn, fn_an) self._handle_tags(fn, fn_an) if self.view: self.view.Close(idaapi.PluginForm.FORM_NO_CONTEXT) self.view = AutoREView(self._data) self.view.Show() except: idaapi.msg('AutoRE: error: %s\n' % traceback.format_exc())
def get_chooser_item_attrs(self, chooser, n, attrs): func = idaapi.getn_func(n) if bai_mark.is_bai_func(func.start_ea): colors = [0xE8E4FF, 0xC0BAFF, 0x817FFF, 0x5E58FF] score = bai_mark.record[func.start_ea]['score'] index = max(int((score*100-80)/5), 0) attrs.color = colors[index]
def process_func(i): """Convert function i into a mega file line.""" func = idaapi.getn_func(i) if not func: return if idaapi.has_name(idaapi.getFlags(func.startEA)) and \ not (func.flags & idaapi.FUNC_LIB): return create_func_signature(func.startEA, func.endEA - func.startEA)
def activate(self, ctx): for pfn_id in ctx.chooser_selection: ida_func = idaapi.getn_func(pfn_id - 1) if self._action == ACTION_ADD_ANNOTATION: ali.ida_add_lineinfo_comment_to_func( ali_plugin.dia, ida_func) elif self._action == ACTION_DEL_ANNOTATION: ali.ida_del_lineinfo_comment_from_func(ida_func) return 1
def index_selected_func(self, ctx): title = self._get_ctx_title(ctx) if title == "Functions window": if IDAUtils.is_hexrays_v7(): ida_funcs = [idaapi.getn_func(f_idx) for f_idx in ctx.chooser_selection] else: ida_funcs = [idaapi.getn_func(f_idx - 1) for f_idx in ctx.chooser_selection] if self._get_connector() is not None: self.connector.index( IDAUtils.get_as_single_surrogate(ida_funcs)) else: connector, ida_funcs, _, _, _ = self.select_funcs() if ida_funcs is None: return if connector is None: self.open_cnn_manager() connector = self.connector if connector is not None and ida_funcs is not None and len(ida_funcs) > 0: self.connector.index( IDAUtils.get_as_single_surrogate(ida_funcs))
def _preprocess_api_wrappers(self, fnqty): rv = defaultdict(dict) for i in xrange(fnqty): fn = idaapi.getn_func(i) items = list(FuncItems(self.start_ea_of(fn))) if len(items) not in (1, 2): continue dis0 = decode_insn(items[0]) if dis0 is None: continue addr = self._check_is_jmp_wrapper(dis0) if not addr and len(items) > 1: dis1 = decode_insn(items[1]) if dis1 is not None: addr = self._check_is_push_retn_wrapper(dis0, dis1) if not addr: continue name = idaapi.get_ea_name(addr) name = name.replace(idaapi.FUNC_IMPORT_PREFIX, '') if not name: continue imp_stripped_name = name.lstrip('_') for tag, names in TAGS.items(): for tag_api in names: if tag in STRICT_TAG_NAME_CHECKING: match = tag_api in (name, imp_stripped_name) else: match = tag_api in name if not match: continue refs = list(CodeRefsTo(self.start_ea_of(fn), 1)) for ref in refs: ref_fn = idaapi.get_func(ref) if not ref_fn: # idaapi.msg('AutoRE: there is no func for ref: %08x for api: %s' % (ref, name)) continue if tag not in rv[self.start_ea_of(ref_fn)]: rv[self.start_ea_of(ref_fn)][tag] = list() if name not in rv[self.start_ea_of(ref_fn)][tag]: rv[self.start_ea_of(ref_fn)][tag].append(name) return dict(rv)
def interactive_load_exec_tree(self,ctx): disassembler.show_wait_box("Start building execute trace metadata...") # Thx to Arnaud :) idx_l = list(ctx.chooser_selection) if len(idx_l) > 1: print "UI: multiple selection not allowed!" return 1 f = idaapi.getn_func(idx_l[0]) self.director.exec_tree_addr = f.startEA if self._ui_exe_tree_overview and self._ui_exe_tree_overview.isVisible(): self._ui_exe_tree_overview.show() return self._ui_exe_tree_overview =ExecuteTreeOverview(self) self._ui_exe_tree_overview.show()
def indexSelectedFunctions(self, ctx): if ctx.form_title == "Functions window": funcs = [] for fidx in ctx.chooser_selection: func = idaapi.getn_func(fidx - 1) funcs.append(func) self.createIndexProgressForm(funcs) else: form = IndexSelectionForm(self) ok = form.Execute() funcs = form.funcs s_cnn = form.cnn form.Free() if ok == 1: self.createIndexProgressForm(funcs, s_cnn)
def querySelectedFunctions(self, ctx): if ctx.form_title == "Functions window": funcs = [] for fidx in ctx.chooser_selection: func = idaapi.getn_func(fidx - 1) funcs.append(func) self.createProgressForm(funcs) else: form = SelectionForm(self) ok = form.Execute() funcs = form.funcs s_cnn = form.cnn form.Free() if ok == 1: self.createProgressForm(funcs, s_cnn)
def run(self, arg): if RDEBUG and RDEBUG_EGG: if not os.path.isfile(RDEBUG_EGG): idaapi.msg( 'AutoRE: Remote debug is enabled, but I cannot find the debug egg: %s' % RDEBUG_EGG) else: import sys if RDEBUG_EGG not in sys.path: sys.path.append(RDEBUG_EGG) import pydevd pydevd.settrace(RDEBUG_HOST, port=RDEBUG_PORT, stdoutToServer=True, stderrToServer=True ) # , stdoutToServer=True, stderrToServer=True try: self._data = dict() count = idaapi.get_func_qty() # pre-process of api wrapper functions known_refs_tags = self._preprocess_api_wrappers(count) for i in xrange(count): fn = idaapi.getn_func(i) fn_an = self.analyze_func(fn) # if fn_an['math']: # print 'fn: %#08x has math' % fn.startEA if idaapi.has_dummy_name(idaapi.getFlags(fn.startEA)): self._handle_calls(fn, fn_an) known_refs = known_refs_tags.get(fn.startEA) self._handle_tags(fn, fn_an, known_refs) if self.view: self.view.Close(idaapi.PluginForm.FORM_NO_CONTEXT) self.view = AutoREView(self._data) self.view.Show() except: idaapi.msg('AutoRE: error: %s\n' % traceback.format_exc())
def _priority_paint_functions(self, target_address): """ Paint functions in the immediate vicinity of the given address. This will paint both the instructions & graph nodes of defined functions. """ database_coverage = self._director.coverage # the number of functions before and after the cursor to paint FUNCTION_BUFFER = 1 # determine range of functions to repaint func_num = idaapi.get_func_num(target_address) func_num_start = func_num - FUNCTION_BUFFER func_num_end = func_num + FUNCTION_BUFFER + 1 # we will save the instruction addresses painted by our function paints function_instructions = set() # repaint the specified range of functions for num in xrange(func_num_start, func_num_end): function = idaapi.getn_func(num) if not function: continue # repaint the function self.paint_function(function) # NOTE/COMPAT: if using_ida7api: start_ea = function.start_ea else: start_ea = function.startEA # get the function coverage data for the target address function_coverage = database_coverage.functions.get(start_ea, None) if not function_coverage: continue # extract the painted instructions in this function function_instructions |= function_coverage.instructions # return the instruction addresses painted return function_instructions
def querySelectedFunctions(self, ctx): if ctx.form_title == "Functions window": funcs = [] for fidx in ctx.chooser_selection: func = idaapi.getn_func(fidx - 1) funcs.append(func) self.createProgressForm(funcs, self.getConfThreshold(), self.getConfTopK()) else: form = SelectionForm(self) ok = form.Execute() funcs = form.funcs s_cnn = form.cnn form.Free() if ok == 1: self.createProgressForm(funcs, form.threshold, form.topk, cnn=s_cnn)
def activate(self, ctx): for idx in ctx.chooser_selection: func_ea = idaapi.getn_func(idx - 1).startEA try: cfunc = idaapi.decompile(func_ea) if cfunc is None: continue FunctionTouchVisitor(cfunc).process() lvars = cfunc.get_lvars() if not (lvars and lvars[0].is_arg_var and Helper.is_legal_type(lvars[0].type())): continue scanner = DeepSearchVisitor(cfunc, 0, 0) scanner.process() for field in scanner.candidates: self.temporary_structure.add_row(field) except idaapi.DecompilationFailure: print "[Warning] Failed to decompile function at 0x{0:08X}".format(func_ea)
def handleFuncViewMenuAction(self, actionType, index): if self.clientSocket is None: fl_log("FridaLink: Frida not connected\n"); return actionHandlers = { # HOOKS kPopupAction_HookFuncOnce : self.handleHookFuncOnce, kPopupAction_HookFuncPerm : self.handleHookFuncPerm, kPopupAction_HookFuncCust : self.handleHookFuncCust, kPopupAction_HookFuncEdit : self.handleHookFuncEdit, kPopupAction_HookFuncCPU : self.handleHookFuncShowCPU, kPopupAction_HookFuncStack : self.handleHookFuncShowStack, kPopupAction_HookFuncBacktrace : self.handleHookFuncShowBacktrace, kPopupAction_HookFuncLinkMem : self.handleHookFuncLinkMemory, kPopupAction_UnhookFunc : self.handleUnhookFunc, # REPLACE kPopupAction_ReplaceFunc : self.handleReplaceFunc, kPopupAction_ReplaceFuncEdit : self.handleReplaceFuncEdit, kPopupAction_ReplaceFuncDel : self.handleReplaceFuncDel, } actionHandlers[actionType](getn_func(index).startEA)
def byAddress(cls, ea): n = idaapi.get_fchunk_num(ea) f = idaapi.getn_func(n) return cls.getIndex(n)
import idaapi import idc import types import os idt = GetIdbPath() idt = idt.replace('.idb', '.idt') idt = idt.replace('.i64', '.idt') dll = GetInputFile() f = open(idt, 'wb') f.write("0 Name = %s\n" % (dll)) for i in xrange(idaapi.get_entry_qty()): fn = idaapi.getn_func(i) a = fn.startEA if a != BADADDR: eo = GetEntryOrdinal(i) nm = GetFunctionName(GetEntryPoint(eo)) if nm != '': f.write("%d Name=%s\n" % (eo, nm)) f.close()
def get_chooser_item_attrs(self, chooser, n, attrs): func = idaapi.getn_func(n) if bai_mark.is_bai_func(func.start_ea): attrs.color = int(bai_config['color'], 16)
def get_functions(): for i in zrange(idaapi.get_func_qty()): yield idaapi.getn_func(i)
def get_all_funcs(): for idx in range(idaapi.get_func_qty()): f = idaapi.getn_func(idx) yield f
def activate(self, ctx): if self.menu_title == MenuAskEntryId: self.outer_self.mixto.entry_id = idaapi.ask_str( "", 1000, "Mixto Entry Id") else: if self.outer_self.mixto.entry_id is None: self.outer_self.mixto.entry_id = idaapi.ask_str( "", 1000, "Mixto Entry Id") if self.menu_title == MenuAllFunc: all_func = "" # Get count of all functions in the binary count = idaapi.get_func_qty() for i in range(count): fn = idaapi.getn_func(i) # Function should not have dummy name such as sub_* # and should not start with underscore (possible library functions) if not idaapi.has_dummy_name(get_flags_at( start_ea_of(fn))) and not idaapi.get_func_name( start_ea_of(fn)).startswith("_"): all_func += "{} @ 0x{:x}\n".format( idaapi.get_func_name(start_ea_of(fn)), start_ea_of(fn)) self.outer_self.mixto.AddCommit(all_func, self.outer_self.mixto.entry_id, "(IDA) All Functions") elif self.menu_title == MenuImports: global AllImports AllImports = "" # Get count of all import modules in the binary count = idaapi.get_import_module_qty() for i in range(count): module_name = idaapi.get_import_module_name(i) AllImports += "{}:\n".format(module_name) idaapi.enum_import_names(i, imports_cb) self.outer_self.mixto.AddCommit(AllImports, self.outer_self.mixto.entry_id, "(IDA) All Imports") elif self.menu_title == MenuDecFunc: addr_current = idc.get_screen_ea() addr_func = idaapi.get_func(addr_current) if not addr_func: idaapi.msg("Place cursor inside a function!") return False else: err = None out = str(idaapi.decompile(addr_func)) # print(out) self.outer_self.mixto.AddCommit( str(out), self.outer_self.mixto.entry_id, "(IDA) Function Decompilation {}".format( idc.GetFunctionName(addr_func.startEA)), ) elif self.menu_title == MenuExports: all_exports = "" for entry in idautils.Entries(): _, ord, ea, name = entry if not name: all_exports += "0x{:x}: ord#{}\n".format(ea, ord) else: all_exports += "0x{:x}: {} ord#{}\n".format( ea, name, ord) self.outer_self.mixto.AddCommit(all_exports, self.outer_self.mixto.entry_id, "(IDA) All Exports") elif self.menu_title == MenuAllComments: addr_current = idc.get_screen_ea() addr_func = idaapi.get_func(addr_current) uniq_comments = {} comments = [] for ea in range(addr_func.startEA, addr_func.endEA): comment = idaapi.get_cmt(ea, 0) if comment is not None: # hacky way to make sure only uniq comments are added if uniq_comments.get(comment) == 1: pass else: print(uniq_comments) comments.append("{offset} {value}".format( offset=hex(ea), value=comment)) print("here") uniq_comments[comment] = 1 if len(comments) > 0: out = "\n".join(comments) self.outer_self.mixto.AddCommit( str(out), self.outer_self.mixto.entry_id, "(IDA) Function Comments {}".format( idc.GetFunctionName(addr_func.startEA)), ) else: raise TypeError("No comments found") return True
def activate(self, ctx): if self.menu_title == MenuAskEntryId: self.outer_self.mixto.entry_id = idaapi.ask_str( "", 1000, "Mixto Entry Id") else: if self.outer_self.mixto.entry_id is None: self.outer_self.mixto.entry_id = idaapi.ask_str( "", 1000, "Mixto Entry Id") if self.menu_title == MenuAllFunc: all_func = "" # Get count of all functions in the binary count = idaapi.get_func_qty() for i in range(count): fn = idaapi.getn_func(i) # Function should not have dummy name such as sub_* # and should not start with underscore (possible library functions) if not idaapi.has_dummy_name(get_flags_at( start_ea_of(fn))) and not idaapi.get_func_name( start_ea_of(fn)).startswith("_"): all_func += "{} @ 0x{:x}\n".format( idaapi.get_func_name(start_ea_of(fn)), start_ea_of(fn)) self.outer_self.mixto.AddCommit(all_func, self.outer_self.mixto.entry_id, "(IDA) All Functions") elif self.menu_title == MenuImports: global AllImports AllImports = "" # Get count of all import modules in the binary count = idaapi.get_import_module_qty() for i in range(count): module_name = idaapi.get_import_module_name(i) AllImports += "{}:\n".format(module_name) idaapi.enum_import_names(i, imports_cb) self.outer_self.mixto.AddCommit(AllImports, self.outer_self.mixto.entry_id, "(IDA) All Imports") elif self.menu_title == MenuDecFunc: addr_current = idc.get_screen_ea() addr_func = idaapi.get_func(addr_current) if not addr_func: idaapi.msg("Place cursor inside a function!") return False else: err = None out = ida_hexrays.decompile_func(addr_func, err) # print(out) self.outer_self.mixto.AddCommit( str(out), self.outer_self.mixto.entry_id, "(IDA) Function Decompilation", ) elif self.menu_title == MenuExports: all_exports = "" for entry in idautils.Entries(): _, ord, ea, name = entry if not name: all_exports += "0x{:x}: ord#{}\n".format(ea, ord) else: all_exports += "0x{:x}: {} ord#{}\n".format( ea, name, ord) self.outer_self.mixto.AddCommit(all_exports, self.outer_self.mixto.entry_id, "(IDA) All Exports") elif self.menu_title == MenuAllComments: raise NotImplementedError("Comments not yet implemented TODO") return True
def get_chooser_item_attrs(self, chooser, n, attrs): func = idaapi.getn_func(n) if bai_mark.is_bai_func(func.start_ea): attrs.color = bai_mark.color