def render_img(self, buffers, addr, mouse_offs):
colors = []
cols = [qRgb(0xDC, 0xDC, 0xDC), qRgb(0x00, 0x00, 0x00)]
colidx = 0
goffs = 0
for mapped, buf in buffers:
if mapped:
start = ea = addr + goffs
end = start + len(buf)
head = get_item_head(start)
sz = get_item_size(head)
if head < start:
sz -= (start - head)
while ea < end:
for i in xrange(sz):
colors.append((True, copy(cols[colidx])))
colidx = ((colidx + 1) & sz != 0)
if ea + sz > end:
sz = ea + sz - end
ea += sz
sz = get_item_size(ea)
else:
for i in xrange(len(buf)):
colors.append((False, 0))
goffs += len(buf)
return colors
def dump():
ret = []
for addr, name in idautils.Names():
flags = ida_bytes.get_flags(addr)
# The 'a' heuristic is fairly bad but we need to filter out IDA's default
# naming for strings
if ida_bytes.has_dummy_name(flags) or ida_bytes.has_auto_name(flags) or not ida_bytes.is_data(flags) or name[0] == 'a':
continue
# Sometimes the auto-generated names don't actually usually have the
# right flags set, so skip these auto-looking names.
if any(name.startswith(s) for s in ['byte_', 'word_', 'dword_', 'unk_', 'jpt_']):
continue
sz = ida_bytes.get_item_size(addr)
if ida_bytes.is_struct(flags):
ti = ida_nalt.opinfo_t()
ida_bytes.get_opinfo(ti, addr, 0, flags)
typ = ida_struct.get_struc_name(ti.tid)
else:
typ = None
ret.append(filter_none({
'address': addr,
'name': name,
'type': typ,
'sz': sz,
'flags': flags,
}))
return ret
def on_process_buffer(self, buffers, addr, size, mouse_offs):
colors = []
goffs = 0
for mapped, buf in buffers:
if mapped:
ip = get_ip_val()
i = 0
while i < len(buf):
if ip is not None and ip == addr + goffs + i and self.hook.highlighted:
size = get_item_size(ip)
for j in range(size):
colors.append((True, qRgb(0xFF, 0x45, 0)))
i += size
continue
else:
if addr + goffs + i in self.hook.hits:
data = self.hook.hits[addr + goffs + i]
size = data[1]
hits = data[0]
for j in range(size):
base = self.palette[len(self.palette)-1]
col = QColor(base).darker(100+(float(hits)/self.hook.maxhits)*105).rgb()
colors.append((True, col))
i += size
continue
else:
c = buf[i]
colors.append((True, self.palette[self._byte2coloridx(c)]))
i += 1
else:
for i in range(len(buf)):
colors.append((False, None))
goffs += len(buf)
return colors
def _add_hit(self):
ip = get_ip_val()
if ip is not None:
try:
data = self.hits[ip]
x = data[0]
if x <= self.maxhits:
data[0] = x + 1
except KeyError:
self.hits[ip] = [1, get_item_size(ip)]
def disasm_patched(self):
result = []
offset = 0
while True:
if offset >= self.length():
break
instruction_addr = self.ea() + offset
disasm = idc.GetDisasm(instruction_addr)
disasm = re.sub("\\s+", " ", disasm)
result.append(disasm)
offset += ida_bytes.get_item_size(instruction_addr)
return result
def render_img(self, buf, addr, mouse_offs):
colors = []
start = addr
end = start + len(buf)
ea = start
col1 = qRgb(0xDC, 0xDC, 0xDC)
col2 = qRgb(0x00, 0x00, 0x00)
cols = [col1, col2]
pos = 0
head = get_item_head(start)
sz = get_item_size(start)
if head < start:
sz -= (start - head)
while ea < end:
for i in xrange(sz):
colors.append(copy(cols[pos]))
pos = (pos + 1) % len(cols)
if ea + sz > end:
sz = ea + sz - end
ea += sz
sz = get_item_size(ea)
return colors
def on_get_annotations(self, address, size, mouse_offs):
item_ea = get_item_head(address + mouse_offs)
cursor_ea = address + mouse_offs
name = get_name(item_ea)
if len(name):
name = "(%s)" % name
else:
name = ""
ann = [
(item_ea, self.red[0], "Item: %X" % (item_ea), self.colormap[-1]),
(None, None,
" Size: %d %s" % (get_item_size(get_item_head(cursor_ea)), name),
self.colormap[-3]),
(cursor_ea, self.colormap[-1], "Cursor: %X" % (cursor_ea),
self.colormap[-1]),
(None, None, " %s" % generate_disasm_line(
cursor_ea, GENDSM_FORCE_CODE | GENDSM_REMOVE_TAGS),
self.colormap[-3]),
(None, None, " Value: %02X" % get_byte(cursor_ea),
self.colormap[-3]),
]
return ann
def dump():
ret = []
for addr, name in idautils.Names():
flags = ida_bytes.get_flags(addr)
if ida_bytes.has_dummy_name(flags) or ida_bytes.has_auto_name(
flags) or not ida_bytes.is_data(flags):
print('skip auto:', name)
continue
# Sometimes the auto-generated names don't actually usually have the
# right flags set, so skip these auto-looking names.
if any(
name.startswith(s)
for s in ['byte_', 'word_', 'dword_', 'unk_', 'jpt_']):
continue
# print('%08x' % addr, '%08x' % flags, name,
# ida_bytes.is_data(flags))
sz = ida_bytes.get_item_size(addr)
if ida_bytes.is_struct(flags):
ti = ida_nalt.opinfo_t()
ida_bytes.get_opinfo(ti, addr, 0, flags)
# itemsize = ida_bytes.get_data_elsize(addr, flags, ti)
typ = ida_struct.get_struc_name(ti.tid)
else:
# itemsize = ida_bytes.get_item_size(addr)
typ = None
ret.append({
'address': addr,
'name': name,
'type': typ,
'sz': sz,
'flags': flags,
})
return ret
def _invent_var_type(ea, seg_ref, min_size=1):
"""Try to invent a variable type. This will basically be an array of bytes
that spans what we need. We will, however, try to be slightly smarter and
look for cross-references in the range, and when possible, use their types."""
seg = find_segment_containing_ea(ea, seg_ref)
if not seg:
return ea, None
head_ea = ida_bytes.get_item_head(ea)
if head_ea < ea:
head_seg = find_segment_containing_ea(head_ea, seg_ref)
if head_seg != seg:
return ea, None
return _invent_var_type(head_ea, seg_ref, ea - head_ea)
min_size = max(min_size, ida_bytes.get_item_size(ea))
next_ea = ida_bytes.next_head(ea + 1, seg.end_ea)
next_seg = find_segment_containing_ea(next_ea, seg_ref)
arr = ArrayType()
arr.set_element_type(IntegerType(1, False))
if not next_seg or next_seg != seg:
arr.set_num_elements(min_size)
return ea, arr
min_size = min(min_size, next_ea - ea)
# TODO(pag): Go and do a better job, e.g. find pointers inside of the global.
# i = 0
# while i < min_size:
# for ref_ea in xref_generator(ea + i, seg_ref):
# break
# i += 1
arr.set_num_elements(min_size)
return ea, arr
def on_process_buffer(self, buffers, addr, total, mouse_offs):
colors = []
goffs = 0
mouse_boundaries = None
sp = get_sp_val()
ip = get_ip_val()
fi = FrameInfo()
if mouse_offs is not None:
mouse_boundaries = fi.get_element_boundaries(addr+mouse_offs)
for mapped, buf in buffers:
if mapped:
i = 0
while i < len(buf):
# highlight stack var pointed to by mouse
if mouse_offs and mouse_boundaries:
start, end = mouse_boundaries
if addr + goffs + i in xrange(start, end):
size = min(end - start, total-i)
for j in xrange(size):
colors.append((True, self.palette[3]))
i += size
continue
# flash sp
if sp is not None and self.hook.highlighted and sp == addr + goffs + i:
size = get_item_size(sp)
boundaries = fi.get_element_boundaries(sp)
if boundaries:
start, end = boundaries
size = min(end - start, total-i)
for j in xrange(size):
colors.append((True, self.palette[4]))
i += size
continue
# locals
if goffs + addr + i in xrange(fi.ea, fi.ea + fi.framesize):
size = 1
boundaries = fi.get_element_boundaries(goffs + addr + i)
if boundaries: # if anything on the stackframe
start, end = boundaries
size = min(end - start, total-i)
for j in xrange(size):
colors.append((True, self.palette[2]))
i += size
continue
else: #gap between locals
colors.append((True, self.palette[1]))
i += 1
continue
# default bg color
colors.append((True, self.palette[0]))
i += 1
# unmapped, transparency
else:
for i in xrange(len(buf)):
colors.append((False, None))
goffs += len(buf)
return colors
def on_get_tooltip(self, addr, size, mouse_offs):
return "%X: item size %d" % (addr, get_item_size(addr + mouse_offs))
def dump_heads(out):
# out is a file like object, sys.stdout or an acual file object
# There doesn't seem to a good way to determine what function a
# particular address is in. Almost everyone recommends iterating
# of the functions, and then getting the bytes out of each, but
# that's not really what we want because it skips non function
# bytes and reports them in the wrong order. It appears that the
# best we can do is to build a map in advance. :-(
a2fmap = build_a2fmap()
min_ea = idaapi.cvar.inf.minEA
max_ea = idaapi.cvar.inf.maxEA
ea = min_ea
while ea != ida_idaapi.BADADDR:
ida_auto.show_addr(ea)
isize = ida_bytes.get_item_size(ea)
ibytes = ida_bytes.get_bytes(ea, isize)
ihexbytes = binascii.b2a_hex(ibytes).upper()
iflags = ida_bytes.get_flags(ea)
# Skip the PE header?
if not ida_bytes.is_head(iflags):
ea = ida_bytes.next_head(ea, max_ea)
continue
# Loop up this address in the address-to-function map.
if ea in a2fmap:
faddrs = a2fmap[ea]
else:
faddrs = [ea]
tcode = "ERROR"
imnem = "???"
iops = "???"
if ida_bytes.is_code(iflags):
tcode = "INSN"
imnem = "???"
iops = "???"
insn = idautils.DecodeInstruction(ea)
if insn == None:
imnem = "BAD"
iops = ""
elif not insn.is_canon_insn():
imnem = "NCAN"
iops = ""
else:
imnem = insn.get_canon_mnem()
sops = []
for n in range(8):
ostr = ida_ua.print_operand(ea, n)
if ostr is not None:
ostrnt = ida_lines.tag_remove(ostr)
if ostrnt != '':
sops.append(ostrnt)
iops = ', '.join(sops)
elif ida_bytes.is_data(iflags):
tcode = "DATA"
imnem = "db"
iops = "???"
if ida_bytes.is_align(iflags):
tcode += "_ALIGN"
#elif ida_bytes.is_struct(iflags):
# tcode += "_STRUCT"
#elif ida_bytes.is_char(iflags):
# tcode += "_STR"
# There are other types that IDA recognizes.
elif ida_bytes.is_unknown(iflags):
tcode = "UNK-%08X" % iflags
imnem = "???"
iops = "???"
for faddr in sorted(faddrs):
out.write('"PART",0x%08X,"%s",0x%08X,"%s","%s","%s"\n' %
(ea, tcode, faddr, ihexbytes, imnem, iops))
ea = ida_bytes.next_head(ea, max_ea)
print "Analysis complete!"
def __get_last_ins_addr(self, cur_ins_addr):
ida_bytes.get_item_size(cur_ins_addr)
def size(self):
"""Size of data"""
if self.is_stack:
return ida_struct.get_member_size(self._member)
else:
return ida_bytes.get_item_size(self.addr)
def color_lines(self, start, end, color):
address = idaapi.get_imagebase() + start
while address < idaapi.get_imagebase() + end:
idaapi.set_item_color(address, color)
address += ida_bytes.get_item_size(address)
def _get_item_info(self, ea):
head = get_item_head(ea)
name = get_name(head)
size = get_item_size(head)
return (head, name, size)
