def btn_get_one_sink_func_xref(self, code=0): """ 查看某个危险函数调用地址 """ tgt_t = ida_kernwin.ask_str('', 0, '请输入要查看的危险函数名') if tgt_t in SINK_FUNC: cols = [['', 0 | ida_kernwin.Choose.CHCOL_DEC], ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN], ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX]] items = [] mgr_t = FESinkFuncMgr() xref_list = mgr_t.get_one_func_xref(tgt_t) if not xref_list: FELogger.warn("未找到函数%s" % tgt_t) return tmp_list = [] for xref_addr in xref_list: data = AnalysisChooseData(vuln=0, name=tgt_t, ea=xref_addr) items.append(data) tmp_list.append(xref_addr) self.sink_func_xref_dict[tgt_t] = tmp_list chooser = AnalysisChooser(title='危险函数调用地址', cols=cols, item=items) chooser.Show() else: FELogger.warn("未支持函数")
def add_or_del_one_xref_bpt(self, is_add): if is_add == True: action = idc.add_bpt act_info = '添加' else: action = idc.del_bpt act_info = '删除' tgt_t = ida_kernwin.ask_str('', 0, '请输入危险函数名') if tgt_t in SINK_FUNC: if not tgt_t in self.sink_func_xref_dict: mgr_t = FESinkFuncMgr() xref_list = mgr_t.get_one_func_xref(tgt_t) if not xref_list: FELogger.warn("未找到函数%s" % tgt_t) return tmp_list = [] for xref_addr in xref_list: tmp_list.append(xref_addr) action(xref_addr) self.sink_func_xref_dict[tgt_t] = tmp_list else: for xref_addr_t in self.sink_func_xref_dict[tgt_t]: action(xref_addr_t) FELogger.info("已%s断点:危险函数调用地址(%s)" % (act_info, tgt_t)) else: FELogger.warn("未支持函数")
def btn_add_one_vuln_bpt(self, code=0): """添加断点 某个危险函数漏洞地址""" tgt_t = ida_kernwin.ask_str('', 0, '请输入危险函数名') if tgt_t in SINK_FUNC: if not tgt_t in self.vuln_func_fast_dict: mgr_t = FESinkFuncMgr() xref_list = mgr_t.get_one_func_xref(tgt_t) tag = SINK_FUNC[tgt_t]['tag'] if not xref_list: FELogger.warn("未找到函数%s" % tgt_t) return if tag == FUNC_TAG['PRINTF']: items = printf_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['STRING']: items = str_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['SCANF']: items = scanf_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['SYSTEM']: items = system_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) elif tag == FUNC_TAG['MEMORY']: items = mem_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) else: FELogger.info("未支持函数%s" % tgt_t) if tgt_t in self.vuln_func_fast_dict: for xref_addr_t in self.vuln_func_fast_dict[tgt_t]: ida_dbg.add_bpt(xref_addr_t, 0, idc.BPT_DEFAULT) FELogger.info('已添加断点:危险函数漏洞分析(%s)' % tgt_t) else: FELogger.warn("未支持函数")
def btn_get_one_vuln_func(self, code=0): """查看某个危险函数漏洞地址""" tgt_t = ida_kernwin.ask_str('', 0, '请输入要查看的危险函数名') if tgt_t in SINK_FUNC: mgr_t = FESinkFuncMgr() xref_list = mgr_t.get_one_func_xref(tgt_t) tag = SINK_FUNC[tgt_t]['tag'] if not xref_list: FELogger.warn("未找到函数%s" % tgt_t) return # printf系列函数 if tag == FUNC_TAG['PRINTF']: items = printf_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC], ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN], ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['格式字符串地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['格式字符串', 15 | ida_kernwin.Choose.CHCOL_PLAIN], ['长度', 10 | ida_kernwin.Choose.CHCOL_HEX]] chooser = AnalysisChooser(title='危险函数漏洞分析', cols=cols, item=items) chooser.Show() # str系列函数 elif tag == FUNC_TAG['STRING']: items = str_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC], ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN], ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['来源地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['字符串', 15 | ida_kernwin.Choose.CHCOL_PLAIN], ['字符串长度', 10 | ida_kernwin.Choose.CHCOL_HEX]] chooser = AnalysisChooser(title='危险函数漏洞分析', cols=cols, item=items) chooser.Show() # scanf系列函数 elif tag == FUNC_TAG['SCANF']: items = scanf_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC], ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN], ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['格式字符串地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['格式字符串', 15 | ida_kernwin.Choose.CHCOL_PLAIN], ['长度', 10 | ida_kernwin.Choose.CHCOL_HEX]] chooser = AnalysisChooser(title='危险函数漏洞分析', cols=cols, item=items) chooser.Show() # system函数 elif tag == FUNC_TAG['SYSTEM']: items = system_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC], ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN], ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['来源地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['命令语句', 15 | ida_kernwin.Choose.CHCOL_PLAIN]] chooser = AnalysisChooser(title='危险函数漏洞分析', cols=cols, item=items) chooser.Show() # mem系列函数 elif tag == FUNC_TAG['MEMORY']: items = mem_func_analysis(tgt_t, xref_list) self.add_fast_dict_from_items(items) cols = [['可疑', 3 | ida_kernwin.Choose.CHCOL_DEC], ['函数名', 10 | ida_kernwin.Choose.CHCOL_PLAIN], ['函数地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['来源地址', 10 | ida_kernwin.Choose.CHCOL_HEX], ['', 0 | ida_kernwin.Choose.CHCOL_PLAIN], ['字符串长度', 10 | ida_kernwin.Choose.CHCOL_HEX]] chooser = AnalysisChooser(title='危险函数漏洞分析', cols=cols, item=items) chooser.Show() else: FELogger.info("未支持函数%s" % tgt_t) else: FELogger.warn("未支持函数")