def run(self):
'''Start the plugin.'''
if not idaapi.init_hexrays_plugin():
print "HRDEV Error: Failed to initialise Hex-Rays plugin."
return
function_name = idaapi.get_func_name(idaapi.get_screen_ea())
demangled_name = self.tools.demangle_name(function_name)
file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name))
cache_path = os.path.sep.join([self.current_dir,
'data', 'cache',
self._bin_name])
if not os.path.isdir(cache_path):
os.mkdir(cache_path)
complete_path = os.path.sep.join([cache_path, file_name])
if not os.path.isfile(complete_path):
src = str(idaapi.decompile(idaapi.get_screen_ea()))
self.tools.save_file(complete_path, src)
self.tools.set_file_path(complete_path)
max_title = self.config_main.getint('etc', 'max_title')
self.gui = include.gui.Canvas(self.config_main,
self.config_theme,
self.tools,
demangled_name[:max_title])
self.gui.Show('HRDEV')
self.parser = include.syntax.Parser(self)
self.parser.run(complete_path)
return
def init(self):
"""
Ensure plugin's line modification function is called whenever needed.
If Hex-Rays is not installed, or is not initialized yet, then plugin
will not load. To ensure that the plugin loads after Hex-Rays, please
name your plugin's .py file with a name that starts lexicographically
after "hexx86f"
"""
try:
if idaapi.init_hexrays_plugin():
def hexrays_event_callback(event, *args):
if event == idaapi.hxe_refresh_pseudocode:
# We use this event instead of hxe_text_ready because
# MacOSX doesn't seem to work well with it
# TODO: Look into this
vu, = args
self.run_over_cfunc(vu.cfunc)
return 0
idaapi.install_hexrays_callback(hexrays_event_callback)
else:
return idaapi.PLUGIN_SKIP
except AttributeError:
print "init_hexrays_plugin() not found. Skipping Hex-Rays plugin."
return idaapi.PLUGIN_KEEP
def _init_hexrays_hooks(self):
"""
Install Hex-Rrays hooks (when available).
NOTE: This is called when the ui_ready_to_run event fires.
"""
if idaapi.init_hexrays_plugin():
idaapi.install_hexrays_callback(self._hooks.hxe_callback)
def versions():
"""Returns IDA & Python versions"""
import sys
return {
'python': sys.version,
'ida': idaapi.get_kernel_version(),
'hexrays': idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None
}
def versions():
"""Returns IDA & Python versions"""
import sys
return {
'python':
sys.version,
'ida':
idaapi.get_kernel_version(),
'hexrays':
idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None
}
def init(self):
if idaapi.init_hexrays_plugin():
i = hexrays_callback_info()
idaapi.register_action(
idaapi.action_desc_t(force_width_actname, "Force lvar width",
force_width_action_handler_t(i),
"Shift-W"))
idaapi.install_hexrays_callback(i.event_callback)
print 'Hex-Rays lvar width forcer by ecx86 loaded!'
else:
print 'Force lvar width: Hexrays is not available.'
def hook(self):
if self._available is None:
if not idaapi.init_hexrays_plugin():
logger.info("Hex-Rays SDK is not available")
self._available = False
else:
idaapi.install_hexrays_callback(self._hxe_callback)
self._available = True
if self._available:
self._installed = True
def init():
if not idaapi.init_hexrays_plugin():
logging.error("Failed to initialize Hex-Rays SDK")
return idaapi.PLUGIN_SKIP
action_manager.initialize()
hx_callback_manager.initialize()
cache.temporary_structure = TemporaryStructureModel()
const.init()
XrefStorage().open()
return idaapi.PLUGIN_KEEP
def _init_hexrays_hooks(self):
"""
Install Hex-Rays hooks (when available).
"""
result = False
if idaapi.init_hexrays_plugin():
logger.debug("HexRays present, installing hooks...")
result = idaapi.install_hexrays_callback(self._hxe_callback)
logger.debug("HexRays hooked: %r" % result)
def versions():
"""Returns IDA & Python versions"""
import sys
return {
"python":
sys.version,
"ida":
idaapi.get_kernel_version(),
"hexrays":
idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None,
}
def decompile_and_get(self, ea):
decompiler_plugin = get_decompiler_plugin()
if not init_hexrays_plugin() and not (load_plugin(decompiler_plugin)
and init_hexrays_plugin()):
return False
f = get_func(ea)
if f is None:
return False
try:
cfunc = decompile(f)
except:
Warning("Error decompiling function: %s" % str(sys.exc_info())[1])
return False
if cfunc is None:
# Failed to decompile
return False
cmts = idaapi.restore_user_cmts(cfunc.entry_ea)
if cmts is not None:
for tl, cmt in cmts.iteritems():
self.pseudo_comments[tl.ea - self.get_base_address()] = [
str(cmt), tl.itp
]
sv = cfunc.get_pseudocode()
self.pseudo[ea] = []
first_line = None
for sline in sv:
line = tag_remove(sline.line)
if line.startswith("//"):
continue
if first_line is None:
first_line = line
else:
self.pseudo[ea].append(line)
return first_line
def check_ida(self):
if idaapi.IDA_SDK_VERSION < 730:
BinaryAILog.log(BinaryAILog.ERROR, "Need IDA >= 7.3")
return False
if not idaapi.init_hexrays_plugin():
BinaryAILog.log(BinaryAILog.ERROR,
"Hex-Rays decompiler not exists")
return False
if not idaapi.is_idaq():
BinaryAILog.log(BinaryAILog.INFO,
"Plugin should not be loaded in idaq mode")
return False
return True
def init(self):
"""
This method is called when IDA is loading the plugin. It will first
load the configuration file, then initialize all the modules.
"""
if idaapi.init_hexrays_plugin():
self.hexrays_hooks = HexRaysHooks()
self.core_hook = CPPHooks()
self.gui_hook = CPPUIHooks()
self.hook()
self.install_hotkey()
keep = ida_idaapi.PLUGIN_KEEP
return keep
def run(self):
'''Start the plugin.'''
if not idaapi.init_hexrays_plugin():
print "HRDEV Error: Failed to initialise Hex-Rays plugin."
return
function_name = idaapi.get_func_name(idaapi.get_screen_ea())
demangled_name = self.tools.demangle_name(function_name)
src = idaapi.decompile(idaapi.get_screen_ea())
file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name))
cache_path = os.path.sep.join(
[tempfile.gettempdir(), 'hrdev_cache', self._bin_name])
# Create required directories if they dont exist
tmp_dir_path = os.path.sep.join([tempfile.gettempdir(), 'hrdev_cache'])
if not os.path.isdir(tmp_dir_path):
os.mkdir(tmp_dir_path)
if not os.path.isdir(cache_path):
os.mkdir(cache_path)
complete_path = os.path.sep.join([cache_path, file_name])
idaapi.msg("HRDEV cache path: {}\n".format(complete_path))
# Check if file is already in cache
if not os.path.isfile(complete_path) or \
self.config_main.getboolean('etc', 'disable_cache'):
self.tools.save_file(complete_path, str(src))
self.tools.set_file_path(complete_path)
lvars = {}
for v in src.lvars:
_type = idaapi.print_tinfo('', 0, 0, idaapi.PRTYPE_1LINE, v.tif,
'', '')
lvars[str(v.name)] = "{} {} {}".\
format(_type, str(v.name), str(v.cmt))
max_title = self.config_main.getint('etc', 'max_title')
self.gui = hrdev_plugin.include.gui.Canvas(self.config_main,
self.config_theme,
self.tools, lvars,
demangled_name[:max_title])
self.gui.Show('HRDEV')
self.parser = hrdev_plugin.include.syntax.Parser(self, lvars)
self.parser.run(complete_path)
return
def run(self):
'''Start the plugin.'''
if not idaapi.init_hexrays_plugin():
print "HRDEV Error: Failed to initialise Hex-Rays plugin."
return
function_name = idaapi.get_func_name(idaapi.get_screen_ea())
demangled_name = self.tools.demangle_name(function_name)
file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name))
cache_path = os.path.sep.join([tempfile.gettempdir(),
'hrdev_cache',
self._bin_name])
# Create require directories if they dont exist
tmp_dir_path = os.path.sep.join([tempfile.gettempdir(), 'hrdev_cache'])
if not os.path.isdir(tmp_dir_path):
os.mkdir(tmp_dir_path)
if not os.path.isdir(cache_path):
os.mkdir(cache_path)
complete_path = os.path.sep.join([cache_path, file_name])
idaapi.msg("HRDEV cache path: {}\n".format(complete_path))
src = idaapi.decompile(idaapi.get_screen_ea())
lvars = {}
for v in src.lvars:
_type = idaapi.print_tinfo('', 0, 0, idaapi.PRTYPE_1LINE, v.tif, '', '')
lvars[str(v.name)] = "{} {} {}".\
format(_type, str(v.name), str(v.cmt))
# Check if file is already in cache
if not os.path.isfile(complete_path):
self.tools.save_file(complete_path, str(src))
self.tools.set_file_path(complete_path)
max_title = self.config_main.getint('etc', 'max_title')
self.gui = hrdev_plugin.include.gui.Canvas(self.config_main,
self.config_theme,
self.tools,
lvars,
demangled_name[:max_title])
self.gui.Show('HRDEV')
self.parser = hrdev_plugin.include.syntax.Parser(self)
self.parser.run(complete_path)
return
def load_plugin_decompiler():
'''
load the hexray plugins
:return: success or not
'''
is_ida64 = GetIdbPath().endswith(".i64")
if not is_ida64:
idaapi.load_plugin("hexrays")
idaapi.load_plugin("hexarm")
else:
idaapi.load_plugin("hexx64")
if not idaapi.init_hexrays_plugin():
l.error('[+] decompiler plugins load failed. IDAdb: %s' % GetInputFilePath())
idc.Exit(0)
def init(self):
# just go when we have hexrays
if not idaapi.init_hexrays_plugin():
return idaapi.PLUGIN_SKIP
# initialize the menu actions our plugin will inject
self._init_action_bulk()
self._init_action_copy()
# initialize plugin hooks
self._init_hooks()
# done
idaapi.msg("%s %s initialized...\n" % (self.wanted_name, VERSION))
return idaapi.PLUGIN_KEEP
def init(self):
idaapi.msg('[*] Pwndbg XML RPC plugin loaded.\n')
if idaapi.init_hexrays_plugin():
addon = idaapi.addon_info_t()
addon.id = "com.pwndbg.pwndbg"
addon.name = "Pwndbg XML RPC"
addon.producer = "pwndbg"
addon.url = "https://github.com/pwndbg/pwndbg"
addon.version = "1.0.0.0"
idaapi.register_addon(addon)
self.pwndbgRPC = PwndbgRPC()
return idaapi.PLUGIN_KEEP
def run(self, arg):
"""
Launch when you press Ctrl-Shift-M
"""
if idaapi.init_hexrays_plugin():
if not ComIDA.hxehook:
ComResultsForm(find_com_references()).show()
ComIDA.hxehook = ComIdaHook()
ComIDA.hxehook.hook()
else:
ComIDA.hxehook.unhook()
ComIDA.hxehook = None
ComIDA.log("%s is %sabled now." %
(ComIDA.wanted_name, "en" if ComIDA.hxehook else "dis"))
def _init_hexrays_hooks(self):
"""
Install Hex-Rrays hooks (when available).
NOTE: This is called when the ui_ready_to_run event fires.
"""
if idaapi.init_hexrays_plugin():
idaapi.install_hexrays_callback(self._hxe_callback)
#
# we only use self._hooks (UI_Hooks) to install our hexrays hooks.
# since this 'init' function should only ever be called once, remove
# our UI_Hooks now to clean up after ourselves.
#
self._hooks.unhook()
def init(self):
if not idaapi.init_hexrays_plugin():
log.error("Decompiler is not ready")
return idaapi.PLUGIN_SKIP
if not idaapi.install_hexrays_callback(callback):
log.error("Failed to install hexrays callback")
return idaapi.PLUGIN_SKIP
log.info(
"Hex-Rays version %s has been detected; %s is ready to use",
idaapi.get_hexrays_version(),
self.wanted_name,
)
self.inited = True
return idaapi.PLUGIN_KEEP
def init():
if not idaapi.init_hexrays_plugin():
print "[ERROR] Failed to initialize Hex-Rays SDK"
return idaapi.PLUGIN_SKIP
Cache.temporary_structure = TemporaryStructureModel()
# Actions.register(Actions.CreateVtable)
Actions.register(Actions.ShowGraph)
Actions.register(Actions.ShowClasses)
Actions.register(Actions.GetStructureBySize)
Actions.register(Actions.RemoveArgument)
Actions.register(Actions.AddRemoveReturn)
Actions.register(Actions.ConvertToUsercall)
Actions.register(Actions.ShallowScanVariable,
Cache.temporary_structure)
Actions.register(Actions.DeepScanVariable, Cache.temporary_structure)
Actions.register(Actions.DeepScanReturn, Cache.temporary_structure)
Actions.register(Actions.DeepScanFunctions, Cache.temporary_structure)
Actions.register(Actions.RecognizeShape)
Actions.register(Actions.CreateNewField)
Actions.register(Actions.SelectContainingStructure,
potential_negatives)
Actions.register(Actions.ResetContainingStructure)
Actions.register(Actions.RecastItemRight)
Actions.register(Actions.RecastItemLeft)
Actions.register(Actions.RenameOther)
Actions.register(Actions.RenameInside)
Actions.register(Actions.RenameOutside)
Actions.register(Actions.RenameUsingAssert)
Actions.register(Actions.SwapThenElse)
Actions.register(Actions.FindFieldXrefs)
Actions.register(Actions.PropagateName)
Actions.register(Actions.GuessAllocation)
idaapi.attach_action_to_menu('View/Open subviews/Local types',
Actions.ShowClasses.name,
idaapi.SETMENU_APP)
idaapi.install_hexrays_callback(hexrays_events_callback)
Const.init()
XrefStorage().open()
return idaapi.PLUGIN_KEEP
def decompile_func(ea):
if not idaapi.init_hexrays_plugin():
return False
f = idaapi.get_func(ea)
if f is None:
return False
cfunc = idaapi.decompile(f)
if cfunc is None:
# Failed to decompile
return False
lines = []
sv = cfunc.get_pseudocode()
for sline in sv:
line = idaapi.tag_remove(sline.line)
lines.append(line)
return "\n".join(lines)
def init(self):
# Some initialization
global hexnight_cb_info, hexnight_cb, inttype
if idaapi.init_hexrays_plugin() and idaapi.ph_get_id() == idaapi.PLFM_ARM:
inttype = idaapi.get_int_type_by_width_and_sign(4, True)
hexnight_cb_info = hexrays_callback_info()
hexnight_cb = hexnight_cb_info.event_callback
if idaapi.install_hexrays_callback(hexnight_cb):
print "Hexnight plugin installed"
addon = idaapi.addon_info_t();
addon.id = "org.xerub.hexnight";
addon.name = "Hexnight";
addon.producer = "xerub";
addon.url = "https://twitter.com/xerub";
addon.version = "7.0";
idaapi.register_addon( addon );
return idaapi.PLUGIN_KEEP
print "Hexnight plugin failed"
return idaapi.PLUGIN_SKIP
def main():
if not idaapi.init_hexrays_plugin():
return False
print "Hex-rays version %s has been detected" % idaapi.get_hexrays_version()
f = idaapi.get_func(idaapi.get_screen_ea());
if f is None:
print "Please position the cursor within a function"
return True
cfunc = idaapi.decompile(f);
if cfunc is None:
print "Failed to decompile!"
return True
sv = cfunc.get_pseudocode();
for sline in sv:
print idaapi.tag_remove(sline.line);
return True
def init(self):
# Some initialization
global hexlight_cb_info, hexlight_cb
if idaapi.init_hexrays_plugin():
hexlight_cb_info = hexrays_callback_info()
hexlight_cb = hexlight_cb_info.event_callback
if not idaapi.install_hexrays_callback(hexlight_cb):
# print "could not install hexrays_callback"
return idaapi.PLUGIN_SKIP
print("Hexlight plugin installed")
addon = idaapi.addon_info_t()
addon.id = "milan.bohacek.hexlight"
addon.name = "Hexlight"
addon.producer = "Milan Bohacek"
addon.url = "*****@*****.**"
addon.version = "6.95"
idaapi.register_addon(addon)
return idaapi.PLUGIN_KEEP
#print "init_hexrays_plugin failed"
return idaapi.PLUGIN_SKIP
def __init__(self):
self.enabled = False
self.prev_ea = None
self.discarded_ea = None
self.last_func = None
self.vdui_t = None
self.cfunc = None
self.eamap = None
self.safe_mode = False
self.event_cb = HexEventCb(self).event_cb
if not idaapi.init_hexrays_plugin():
print("[sync] hexrays not available")
else:
version = idaapi.get_hexrays_version()
print("[sync] hexrays #{} found".format(version))
major, minor, revision, build_date = [int(x) for x in version.split('.')]
if (major < 7) or (major >= 7 and minor < 2):
print("[sync] hexrays version >= 7.2 is needed")
self.safe_mode = True
def init(self):
"""
This method is called when IDA is loading the plugin. It will first
load the configuration file, then initialize all the modules.
"""
if idaapi.init_hexrays_plugin():
self.is_decompiler_on = True
else:
log.warn("Hex-Rays decompiler is not available")
self.cpp_hooks = CPPHooks()
self.gui_hooks = CPPUIHooks()
if not self.hook():
log.warn("Failed to set hooks")
return idaapi.PLUGIN_SKIP
self.install_hotkey()
log.info("Im up")
return idaapi.PLUGIN_KEEP
def init(self):
"""
This is called by IDA when it is loading the plugin.
"""
# describe a custom IDA UI action
action_desc = idaapi.action_desc_t(
self.ACTION_LOAD_FILE, # Name. Acts as an ID. Must be unique.
"BbTrace Flow File...", # Label. That's what users see.
IDACtxEntry(self.interactive_load_file
), # Handler. Called when activated, and for updating
None, # Shortcut (optional)
"Load bbtrace flow file...", # Tooltip (optional)
ACT_ICON) # Icon ID (optional)
# register the action with IDA
result = idaapi.register_action(action_desc)
if not result:
RuntimeError("Failed to register load_file action with IDA")
# attach the action to the File-> dropdown menu
result = idaapi.attach_action_to_menu(
"File/Load file/", # Relative path of where to add the action
self.ACTION_LOAD_FILE, # The action ID (see above)
idaapi.SETMENU_APP # We want to append the action after ^
)
if not result:
RuntimeError("Failed action attach load_file")
if idaapi.init_hexrays_plugin():
idaapi.install_hexrays_callback(self.hexrays_event)
else:
print('hexrays is not available.')
self.display = None
print("BBTrace initialized.")
return idaapi.PLUGIN_KEEP
def main():
if not idaapi.init_hexrays_plugin():
return False
print "Hex-rays version %s has been detected" % idaapi.get_hexrays_version(
)
f = idaapi.get_func(idaapi.get_screen_ea())
if f is None:
print "Please position the cursor within a function"
return True
cfunc = idaapi.decompile(f)
if cfunc is None:
print "Failed to decompile!"
return True
sv = cfunc.get_pseudocode()
for i in xrange(0, sv.size()):
line = idaapi.tag_remove(str(sv[i]))
print line
return True
def init(self):
# Some initialization
global hexnight_cb_info, hexnight_cb, inttype
if idaapi.init_hexrays_plugin() and idaapi.ph_get_id(
) == idaapi.PLFM_ARM and idaapi.BADADDR > 0xFFFFFFFF:
inttype = idaapi.get_int_type_by_width_and_sign(4, True)
enu = idaapi.add_enum(0, myenum, 0)
for i in regs.keys():
idaapi.add_enum_member(enu, regs[i], i)
hexnight_cb_info = hexrays_callback_info()
hexnight_cb = hexnight_cb_info.event_callback
if idaapi.install_hexrays_callback(hexnight_cb):
print "Hexnight plugin installed"
addon = idaapi.addon_info_t()
addon.id = "org.xerub.hexnight"
addon.name = "Hexnight"
addon.producer = "xerub"
addon.url = "https://twitter.com/xerub"
addon.version = "6.95"
idaapi.register_addon(addon)
return idaapi.PLUGIN_KEEP
print "Hexnight plugin failed"
return idaapi.PLUGIN_SKIP
def init():
if fDebug:
pydevd.settrace('localhost', port=31337, stdoutToServer=True, stderrToServer=True,suspend=False)
if not idaapi.init_hexrays_plugin():
print "[ERROR] Failed to initialize Hex-Rays SDK"
return idaapi.PLUGIN_SKIP
Helper.temporary_structure = TemporaryStructureModel()
hex_pytools_config = Config()
for ac in hex_pytools_config.actions:
if hex_pytools_config.actions[ac]:
Actions.register(hex_pytools_config.actions_refs[ac])
# Actions.register(Actions.CreateVtable)
# Actions.register(Actions.ShowGraph)
# Actions.register(Actions.ShowClasses)
# Actions.register(Actions.GetStructureBySize)
# Actions.register(Actions.RemoveArgument)
# Actions.register(Actions.AddRemoveReturn)
# Actions.register(Actions.ConvertToUsercall)
# Actions.register(Actions.ShallowScanVariable, Helper.temporary_structure)
# Actions.register(Actions.DeepScanVariable, Helper.temporary_structure)
# Actions.register(Actions.RecognizeShape)
# Actions.register(Actions.SelectContainingStructure, potential_negatives)
# Actions.register(Actions.ResetContainingStructure)
# Actions.register(Actions.RecastItemRight)
# Actions.register(Actions.RecastItemLeft)
# Actions.register(Actions.RenameInside)
# Actions.register(Actions.RenameOutside)
idaapi.attach_action_to_menu('View/Open subviews/Local types', Actions.ShowClasses.name, idaapi.SETMENU_APP)
idaapi.install_hexrays_callback(hexrays_events_callback)
Helper.touched_functions.clear()
Const.init()
return idaapi.PLUGIN_KEEP
def main():
if not idaapi.init_hexrays_plugin():
return False
print "Hex-rays version %s has been detected" % idaapi.get_hexrays_version()
idaapi.install_hexrays_callback(event_callback)
def init(self):
self.hexrays_inited = False
self.registered_actions = []
self.registered_hx_actions = []
global ARCH
global BITS
ARCH = idaapi.ph_get_id()
info = idaapi.get_inf_structure()
if info.is_64bit():
BITS = 64
elif info.is_32bit():
BITS = 32
else:
BITS = 16
print("LazyIDA (v1.0.0.3) plugin has been loaded.")
# Register menu actions
menu_actions = (
idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80),
idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8),
idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201),
idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9),
idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9),
idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160),
)
for action in menu_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Register hotkey actions
hotkey_actions = (
idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0),
idaapi.action_desc_t(ACTION_GOTOCLIP, "Goto clip EA", hotkey_action_handler_t(ACTION_GOTOCLIP), "Shift-G", "Goto clipboard EA", 0),
)
for action in hotkey_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Add ui hook
self.ui_hook = UI_Hook()
self.ui_hook.hook()
# Add hexrays ui callback
if idaapi.init_hexrays_plugin():
addon = idaapi.addon_info_t()
addon.id = "tw.l4ys.lazyida"
addon.name = "LazyIDA"
addon.producer = "Lays"
addon.url = "https://github.com/L4ys/LazyIDA"
addon.version = "1.0.0.3"
idaapi.register_addon(addon)
hx_actions = (
idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"),
idaapi.action_desc_t(ACTION_HX_COPYEA, "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"),
idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"),
idaapi.action_desc_t(ACTION_HX_GOTOCLIP, "Goto clipboard ea", hexrays_action_handler_t(ACTION_HX_GOTOCLIP), "Shift-G"),
)
for action in hx_actions:
idaapi.register_action(action)
self.registered_hx_actions.append(action.name)
self.hx_hook = HexRays_Hook()
idaapi.install_hexrays_callback(self.hx_hook.callback)
self.hexrays_inited = True
return idaapi.PLUGIN_KEEP
if int(kv[i]) < int(rv[i]):
return False
return True
# -----------------------------------------------------------------------------
def get_callers(name):
for xr in idautils.CodeRefsTo(idaapi.get_name_ea(idaapi.BADADDR, name),
True):
fn = idaapi.get_func(xr)
if fn:
yield fn.startEA
# -----------------------------------------------------------------------------
if not idaapi.init_hexrays_plugin():
print "This script requires the HexRays decompiler plugin."
else:
func_list = []
for name in MEMCPY_FAM:
func_list += get_callers(name)
func_list = set(func_list)
nfuncs = len(func_list)
print "Checking %d functions." % (nfuncs)
choser = MrsPicky("MrsPicky")
choser.Show()
if is_ida_version("7.3"):
aborted = False
def init(self):
self.hexrays_inited = False
self.registered_actions = []
self.registered_hx_actions = []
global arch
global bits
arch = idaapi.ph_get_id()
info = idaapi.get_inf_structure()
if info.is_64bit():
bits = 64
elif info.is_32bit():
bits = 32
else:
bits = 16
print "LazyIDA (Python Version) (v1.0.0.1) plugin has been loaded."
# Register menu actions
menu_actions = (
idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80),
idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8),
idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201),
idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9),
idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160),
)
for action in menu_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Register hotkey actions
hotkey_actions = (
idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0),
)
for action in hotkey_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Add ui hook
self.ui_hook = UI_Hook()
self.ui_hook.hook()
# Add hexrays ui callback
if idaapi.init_hexrays_plugin():
hx_actions = (
idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"),
idaapi.action_desc_t(ACTION_HX_COPYEA , "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"),
idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"),
)
for action in hx_actions:
idaapi.register_action(action)
self.registered_hx_actions.append(action.name)
self.hx_hook = HexRays_Hook()
idaapi.install_hexrays_callback(self.hx_hook.callback)
self.hexrays_inited = True
return idaapi.PLUGIN_KEEP
def init(self):
self.hexrays_inited = False
self.registered_actions = []
self.registered_hx_actions = []
global ARCH
global BITS
ARCH = idaapi.ph_get_id()
info = idaapi.get_inf_structure()
if info.is_64bit():
BITS = 64
elif info.is_32bit():
BITS = 32
else:
BITS = 16
print "LazyIDA (v1.0.0.3) plugin has been loaded."
# Register menu actions
menu_actions = (
idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80),
idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8),
idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201),
idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9),
idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9),
idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160),
)
for action in menu_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Register hotkey actions
hotkey_actions = (
idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0),
)
for action in hotkey_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Add ui hook
self.ui_hook = UI_Hook()
self.ui_hook.hook()
# Add hexrays ui callback
if idaapi.init_hexrays_plugin():
addon = idaapi.addon_info_t()
addon.id = "tw.l4ys.lazyida"
addon.name = "LazyIDA"
addon.producer = "Lays"
addon.url = "https://github.com/L4ys/LazyIDA"
addon.version = "1.0.0.3"
idaapi.register_addon(addon)
hx_actions = (
idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"),
idaapi.action_desc_t(ACTION_HX_COPYEA, "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"),
idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"),
)
for action in hx_actions:
idaapi.register_action(action)
self.registered_hx_actions.append(action.name)
self.hx_hook = HexRays_Hook()
idaapi.install_hexrays_callback(self.hx_hook.callback)
self.hexrays_inited = True
return idaapi.PLUGIN_KEEP
if len(str(lv.name)):
print " Name: %s" % (str(lv.name), )
if len(str(lv.type)):
#~ print_type_to_one_line(buf, sizeof(buf), idati, .c_str());
print " Type: %s" % (str(lv.type), )
if len(str(lv.cmt)):
print " Comment: %s" % (str(lv.cmt), )
except:
traceback.print_exc()
return 0
def handle_retrieved_mapping(self, lm):
return 0
def get_info_mapping_for_saving(self):
return None
# Now iterate over all user definitions
dli = dump_lvar_info_t();
idaapi.restore_user_lvar_settings(entry_ea, dli)
return
if idaapi.init_hexrays_plugin():
run()
else:
print 'dump user info: hexrays is not available.'
print " %x: insn %s" % (ins.ea, ins.opname)
return
class hexrays_callback_info(object):
def __init__(self):
return
def event_callback(self, event, *args):
try:
if event == idaapi.hxe_maturity:
cfunc, maturity = args
if maturity == idaapi.CMAT_BUILT:
cbv = cblock_visitor_t()
cbv.apply_to(cfunc.body, None)
except:
traceback.print_exc()
return 0
if idaapi.init_hexrays_plugin():
i = hexrays_callback_info()
idaapi.install_hexrays_callback(i.event_callback)
else:
print 'cblock visitor: hexrays is not available.'
def init(self):
self.hexrays_inited = False
self.registered_actions = []
self.registered_hx_actions = []
global arch
global bits
global is_cgc
arch = idaapi.ph_get_id()
info = idaapi.get_inf_structure()
if info.is_64bit():
bits = 64
elif info.is_32bit():
bits = 32
else:
bits = 16
is_cgc = "CGC" in idaapi.get_file_type_name()
print "LazyIDA (Python Version) (v1.0.0.1) plugin has been loaded."
# Register menu actions
menu_actions = (
idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80),
idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8),
idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201),
idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9),
idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9),
idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160),
)
for action in menu_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Register hotkey actions
hotkey_actions = (
idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0),
)
for action in hotkey_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Add ui hook
self.ui_hook = UI_Hook()
self.ui_hook.hook()
# Add idb hook
self.idb_hook = IDB_Hook()
self.idb_hook.hook()
# Add idp hook
self.idp_hook = IDP_Hook()
self.idp_hook.hook()
# Add hexrays ui callback
if idaapi.init_hexrays_plugin():
hx_actions = (
idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"),
idaapi.action_desc_t(ACTION_HX_COPYEA , "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"),
idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"),
)
for action in hx_actions:
idaapi.register_action(action)
self.registered_hx_actions.append(action.name)
idaapi.install_hexrays_callback(hexrays_callback)
self.hexrays_inited = True
# Auto apply libcgc signature
if is_cgc and os.path.exists(idaapi.get_sig_filename("libcgc.sig")):
if "libcgc.sig" not in [idaapi.get_idasgn_desc(i)[0] for i in range(idaapi.get_idasgn_qty())]:
idaapi.plan_to_apply_idasgn("libcgc.sig")
return idaapi.PLUGIN_KEEP
