def initialize_ui(): widget.register_dockwidget(BreakpointsWidget.DebugBreakpointsWidget, "Debugger Breakpoints", Qt.BottomDockWidgetArea, Qt.Horizontal, False) widget.register_dockwidget(RegistersWidget.DebugRegistersWidget, "Debugger Registers", Qt.RightDockWidgetArea, Qt.Vertical, False) widget.register_dockwidget(ThreadsWidget.DebugThreadsWidget, "Debugger Threads", Qt.BottomDockWidgetArea, Qt.Horizontal, False) widget.register_dockwidget(StackWidget.DebugStackWidget, "Debugger Stack", Qt.LeftDockWidgetArea, Qt.Vertical, False) widget.register_dockwidget(ModulesWidget.DebugModulesWidget, "Debugger Modules", Qt.BottomDockWidgetArea, Qt.Horizontal, False) widget.register_dockwidget(ConsoleWidget.DebugConsoleWidget, "Debugger Console", Qt.BottomDockWidgetArea, Qt.Horizontal, False) PluginCommand.register_for_address("Debugger\\Toggle Breakpoint", "sets/clears breakpoint at right-clicked address", cb_bp_toggle, is_valid=valid_bp_toggle) PluginCommand.register("Debugger\\Process\\Run", "Start new debugging session", cb_process_run, is_valid=valid_process_run) PluginCommand.register("Debugger\\Process\\Restart", "Restart debugging session", cb_process_restart, is_valid=valid_process_restart) PluginCommand.register("Debugger\\Process\\Quit", "Terminate debugged process and end session", cb_process_quit, is_valid=valid_process_quit) # PluginCommand.register("Debugger\\Process\\Attach", "Attach to running process", cb_process_attach, is_valid=valid_process_attach) PluginCommand.register("Debugger\\Process\\Detach", "Detach from current debugged process", cb_process_detach, is_valid=valid_process_detach) PluginCommand.register("Debugger\\Process\\Settings", "Open adapter settings menu", cb_process_settings, is_valid=valid_process_settings) PluginCommand.register("Debugger\\Control\\Pause", "Pause execution", cb_control_pause, is_valid=valid_control_pause) PluginCommand.register("Debugger\\Control\\Resume", "Resume execution", cb_control_resume, is_valid=valid_control_resume) PluginCommand.register("Debugger\\Control\\Step Into (Assembly)", "Step into assembly", cb_control_step_into_asm, is_valid=valid_control_step_into_asm) PluginCommand.register("Debugger\\Control\\Step Into (IL)", "Step into IL", cb_control_step_into_il, is_valid=valid_control_step_into_il) PluginCommand.register("Debugger\\Control\\Step Over (Assembly)", "Step over function call", cb_control_step_over_asm, is_valid=valid_control_step_over_asm) PluginCommand.register("Debugger\\Control\\Step Over (IL)", "Step over function call", cb_control_step_over_il, is_valid=valid_control_step_over_il) PluginCommand.register("Debugger\\Control\\Step Return", "Step until current function returns", cb_control_step_return, is_valid=valid_control_step_return) ViewType.registerViewType(DebugView.DebugViewType())
def initialize_ui(): widget.register_dockwidget(BreakpointsWidget.DebugBreakpointsWidget, "Breakpoints", Qt.BottomDockWidgetArea, Qt.Horizontal, False) widget.register_dockwidget(RegistersWidget.DebugRegistersWidget, "Registers", Qt.RightDockWidgetArea, Qt.Vertical, False) widget.register_dockwidget(ThreadsWidget.DebugThreadsWidget, "Threads", Qt.BottomDockWidgetArea, Qt.Horizontal, False) widget.register_dockwidget(StackWidget.DebugStackWidget, "Stack", Qt.LeftDockWidgetArea, Qt.Vertical, False) widget.register_dockwidget(ModulesWidget.DebugModulesWidget, "Modules", Qt.BottomDockWidgetArea, Qt.Horizontal, False) # TODO: Needs adapter support # widget.register_dockwidget(ConsoleWidget.DebugConsoleWidget, "Debugger Console", Qt.BottomDockWidgetArea, Qt.Horizontal, False) PluginCommand.register_for_address( "Set Breakpoint", "sets breakpoint at right-clicked address", cb_bp_set, is_valid=require_adapter) PluginCommand.register_for_address( "Clear Breakpoint", "clears breakpoint at right-clicked address", cb_bp_clr, is_valid=require_adapter) ViewType.registerViewType(DebugView.DebugViewType())
def register_commands(): """ Register commands """ PluginCommand.register_for_address( "Resolve Shared Library Import", "Resolves an import from a shared library, and jumps to its definition.", action=resolve_imports, is_valid=is_valid, )
def register_commands(): from .deoptimization import ( annotate_operations_ending_at_address, annotate_operations_in_function, ) PluginCommand.register_for_address( "Deoptimize Operations - Line", "Uses z3 to deoptimize divisions and modulos ending at the specified line.", action=annotate_operations_ending_at_address, ) PluginCommand.register_for_function( "Deoptimize Operations - Function", "Uses z3 to deoptimize divisions and modulos through the current function.", action=annotate_operations_in_function, )
def init_module(): init_load_ops() init_store_ops() init_alu_ops() init_jmp_ops() init_ret_ops() init_misc_ops() #EtherTypeRenderer().register_type_specific() EtherTypeRenderer().register_generic() #for full_opcode in InstructionNames: # log('0x%x : %s' % (full_opcode, InstructionNames[full_opcode])) BPFArch.register() arch = Architecture['BPF'] arch.register_calling_convention(DefaultCallingConvention(arch, 'default')) arch.standalone_platform.default_calling_convention = arch.calling_conventions['default'] XTBPFView.register() BPFView.register() PluginCommand.register_for_address('BPF Annotate IP', 'Converts BPF K value to IP', annotate_ip_at)
# Perform lookup f = open(toc, "r") found = False for line in f: if line.startswith(lookupstr + ","): found = True break f.close() if (found): try: # Extract info result = line.split(",") print result[0] + " = " + result[1] # Open Intel proc manual to page for selected opcode subprocess.Popen([browser, '-url', manual + result[2]]) except: log_error("Couldn't find info for the selected opcode!") else: log_error("No table of contents entry for this opcode!") # Create a plugin command so that the user can right click on an instruction and invoke the command PluginCommand.register_for_address("Proc Manual", "Lookup asm instruction in proc manual", proc_manual)
addr, HighlightStandardColor.RedHighlightColor) # Add the instruction to the list associated with the current view bv.session_data.angr_avoid.add(addr) def solve(bv): if len(bv.session_data.angr_find) == 0: show_message_box( "Angr Solve", "You have not specified a goal instruction.\n\n" + "Please right click on the goal instruction and select \"Find Path to This Instruction\" to " + "continue.", MessageBoxButtonSet.OKButtonSet, MessageBoxIcon.ErrorIcon) return # Start a solver thread for the path associated with the view s = Solver(bv.session_data.angr_find, bv.session_data.angr_avoid, bv) s.start() # Register commands for the user to interact with the plugin PluginCommand.register_for_address( "Find Path to This Instruction", "When solving, find a path that gets to this instruction", find_instr) PluginCommand.register_for_address( "Avoid This Instruction", "When solving, avoid paths that reach this instruction", avoid_instr) PluginCommand.register( "Solve With Angr", "Attempt to solve for a path that satisfies the constraints given", solve)
@db_required def display_bb_viewer(bv): dock_handler = None for wg in QApplication.allWidgets(): wg_win = wg.window() dock_handler = wg_win.findChild(DockHandler, "__DockHandler") if dock_handler: break if dock_handler is None: print("Could not find DockHandler") return dock_widget = BBViewerWidget("Basic Block viewer", dock_handler.parent(), bv, LOADED_DB) dock_handler.addDockWidget(dock_widget, Qt.RightDockWidgetArea, Qt.Vertical, True) PluginCommand.register("Wakare\\Load trace database", "Loads a trace database", db_load) PluginCommand.register_for_address("Wakare\\Branch xrefs from", "Displays xrefs from a branch", display_branch_xrefs) PluginCommand.register("Wakare\\Show basic block viewer", "Displays information about basic blocks", display_bb_viewer)
data = bv.read(tbl + (i * addrsize), addrsize) if len(data) == addrsize: if addrsize == 4: ptr = struct.unpack("<I", data)[0] else: ptr = struct.unpack("<Q", data)[0] # If the pointer is within the binary, add it as a destination and continue # to the next entry if (ptr >= bv.start) and (ptr < bv.end): print "Found destination 0x%x" % ptr branches.append((arch, ptr)) else: # Once a value that is not a pointer is encountered, the jump table is ended break else: # Reading invalid memory break i += 1 # Set the indirect branch targets on the jump instruction to be the list of targets discovered func.set_user_indirect_branches(jump_addr, branches) # Create a plugin command so that the user can right click on an instruction referencing a jump table and # invoke the command PluginCommand.register_for_address("Process jump table", "Look for jump table destinations", find_jump_table)
return "str_" + "XXX" varname = "str_" varname += _RE_REPLACE_UNDERSCORE.sub("_", s) varname = _RE_COMPRESS_UNDERSCORE.sub("_", varname) return varname def define_str_var(bv, addr): a = get_address_from_inst(bv, addr) if not a: a = addr data = bv.read(a, MAX_STRING_LENGTH) if not data: log_alert("failed to read from 0x{:x}".format(a)) if b"\x00" in data: length = data.find(b"\x00") + 1 else: log_info("not a null-terminated string: {!r}".format(data)) log_alert("doesn't look like a null-terminated-string") return varname = get_string_varname(data[:length]) t = bv.parse_type_string("char {}[{}]".format(varname, length)) bv.define_user_data_var(a, t[0]) sym = binaryninja.types.Symbol('DataSymbol', a, varname[:21], varname) bv.define_user_symbol(sym) # Register commands for the user to interact with the plugin PluginCommand.register_for_address("Define string variable", "Define string variable", define_str_var)
print('WARNING: unfamiliar call operand in {}'.format(instruction)) continue symbol = bv.get_symbol_at(instruction.prefix_operands[2]) if symbol and symbol.type == SymbolType.ImportedFunctionSymbol: #print(symbol.name) #demangler.demangleImport(bv, instruction.prefix_operands[2]) #demangler.demangleImport(bv, symbol.name) name = symbol.name if name[:2] == '__': name = name[1:] try: result = demangler.demangleSymbolAsNode(bv, name) if not result: skipped.append(symbol.name) print('SKIPPING: {}'.format(symbol.name)) continue successful.append(symbol.name) print(result) #print(demangler.getNodeTreeAsString(result)) except Exception as e: logging.exception(e) print(len(skipped)) print(skipped) print(len(successful)) print(successful) PluginCommand.register("Define Objective-C classes", "Parses the objc_classlist section to define Objective C and Swift classes", define_classes) PluginCommand.register_for_address("Demangle Swift symbol", "Demangles the Swift symbol name at the given address", demangler.demangleAddress) PluginCommand.register_for_function("Demangle imported Swift symbols", "Demangles the imported Swift symbol names in the given function", demangleImportsInFunction)
if not ok: return False global g_bn_hook_manager if g_bn_hook_manager is None: g_bn_hook_manager = hook_manager_create(bv) if (g_bn_hook_manager is None): show_message_box( 'Unimplemented', 'This plugin does not support executables of type {} yet.'. format(bv.view_type), icon=MessageBoxIcon.ErrorIcon) return False ok = g_bn_hook_manager.install_hook(hook) if not ok: show_message_box('Install Fail', 'The hook failed to install.', icon=MessageBoxIcon.ErrorIcon) return False return True PluginCommand.register_for_address( 'Insert Custom Hook', 'jumps to a custom piece of code, and jumps back, allowing the binary to continue as originally programmed', insert_hook)