def rename(self, name=None):
"""
Renames (and comments) the string variable in IDA.
:param str name: New name to given encoded string. (defaults to decoded_string)
"""
name = name or self.display_name
if not name:
logger.warning(
"Unable to rename encoded string due to no decoded string: {!r}"
.format(self))
return
# Add comment
comment = '"{}"'.format(name[:self._MAX_COMMENT_LENGTH])
if len(name) > self._MAX_COMMENT_LENGTH:
comment += " (truncated)"
if self.string_location is not None:
idc.set_cmt(self.string_location, comment, 1)
if self.string_reference is not None:
idc.set_cmt(self.string_reference, comment, 1)
if self.dest is not None:
idc.set_cmt(self.dest, comment, 1)
# Set variable name
# To follow IDA conventions, the decoded string itself will be prefixed with 'a'
# If a destination was provided, don't include any prefix, because this
# is usually for resolved API functions.
name = name[:self._MAX_NAME_LENGTH]
if self.string_location is not None:
ida_name.force_name(self.string_location, "a" + name)
if self.dest is not None:
ida_name.force_name(self.dest, name)
def rename(self, name=None):
"""
Renames (and comments) the string variable in IDA.
:param str name: New name to given encoded string. (defaults to decoded_string)
"""
name = name or self.display_name
if not name:
logger.warning(
'Unable to rename encoded string due to no decoded string: {!r}'.format(self))
return
# Add comment
comment = '"{}"'.format(name[:self._MAX_COMMENT_LENGTH])
if len(name) > self._MAX_COMMENT_LENGTH:
comment += ' (truncated)'
if self.string_location is not None:
idc.set_cmt(self.string_location, comment, 1)
if self.string_reference is not None:
idc.set_cmt(self.string_reference, comment, 1)
if self.dest is not None:
idc.set_cmt(self.dest, comment, 1)
# Set variable name
name = name[:self._MAX_NAME_LENGTH]
if self.string_location is not None:
ida_name.force_name(self.string_location, name)
if self.dest is not None:
ida_name.force_name(self.dest, '_dest_' + name)
def rename(self, name=None):
"""
Renames (and comments) the string variable in IDA.
:param str name: New name to given encoded string. (defaults to decoded_string)
"""
name = name or self.display_name
if not name:
logger.warning(
"Unable to rename encoded string due to no decoded string: {!r}".format(
self
)
)
# Set name and comment in stack variable.
comment = '"{}"'.format(name[: self._MAX_COMMENT_LENGTH])
if len(name) > self._MAX_COMMENT_LENGTH:
comment += " (truncated)"
if self.frame_id and self.stack_offset:
idc.set_member_cmt(self.frame_id, self.stack_offset, comment, repeatable=1)
var_name = re.sub(
"[^_$?@0-9A-Za-z]", "_", name[: self._MAX_NAME_LENGTH]
) # Replace invalid characters
if not var_name:
raise ValueError("Unable to calculate var_name for : {!r}".format(self))
var_name = "a" + var_name.capitalize()
idc.set_member_name(self.frame_id, self.stack_offset, var_name)
if self.dest is not None:
ida_name.force_name(self.dest, name)
# Add a comment where the string is being used.
if self.string_reference:
idc.set_cmt(self.string_reference, comment, 1)
def paste_highlight_name():
ea = get_ea_from_highlight()
if ea != idaapi.BADADDR:
name = clip_text()
if name:
if not ida_name.force_name(ea, name):
name = ida_name.validate_name(name, ida_name.VNT_IDENT)
if not ida_name.force_name(ea, name):
plg_print("FAILED to set name '%s' to 0x%X" % (name, ea))
return False
plg_print("Set name '%s' to 0x%X" % (name, ea))
return True
else:
plg_print("Clipboard is empty")
else:
plg_print("Invalid ea to paste")
return False
def rename(self, name=None):
"""
Renames (and comments) the string variable in IDA.
:param str name: New name to given encoded string. (defaults to decoded_string)
"""
name = name or self.display_name
if not name:
logger.warning(
"Unable to rename encoded string due to no decoded string: {!r}".format(
self
)
)
return
# Add comment
comment = '"{}"'.format(name[: self._MAX_COMMENT_LENGTH])
if len(name) > self._MAX_COMMENT_LENGTH:
comment += " (truncated)"
if self.string_location is not None:
idc.set_cmt(self.string_location, comment, 1)
if self.string_reference is not None:
idc.set_cmt(self.string_reference, comment, 1)
if self.dest is not None:
idc.set_cmt(self.dest, comment, 1)
# Set variable name
# To follow IDA conventions, the decoded string itself will be prefixed with 'a'
# If a destination was provided, don't include any prefix, because this
# is usually for resolved API functions.
name = name[: self._MAX_NAME_LENGTH]
if self.string_location is not None:
ida_name.force_name(self.string_location, "a" + name)
if self.dest is not None:
# IDA will sometimes type API function pointers based on code analysis, and it's generic. Unsetting the
# type before the rename will cause IDA to properly type API functions if the type is known from the
# loaded type libraries.
idc.SetType(self.dest, '')
ida_name.force_name(self.dest, name)
def rename(self, new_name):
"""
Attempts to apply new_name to the object at <ea>. If more than one object starts at <ea>, the
largest object will be renamed. If that name already exists, let IDA resolve the collision
and then return that name. If new_name is "", reset the name to IDA's default.
:param str new_name: The desired new name for the function.
:return str: The name that ended up getting set (unless no name was set, then return None).
"""
if new_name == '':
if idaapi.set_name(self.start_ea, new_name):
return idaapi.get_name(self.function_obj.start_ea)
else:
logger.warning('Failed to reset name at 0x%X' % self.start_ea)
elif ida_name.force_name(self.start_ea, new_name):
self.name = idaapi.get_name(self.start_ea)
if self.name != new_name:
logger.info('IDA changed name "%s" to "%s"' % (new_name, self.name))
return self.name
else:
logger.warning('Failed to rename at 0x%X' % self.start_ea)
def load_file(f, neflags, format):
f.seek(0)
ida_idp.set_processor_type("metapc", ida_idp.SETPROC_LOADER)
MGROUPStart = 0
magic = f.read(2)
if magic == MZ_HEADER_MAGIC:
f.seek(0x22)
MGROUPStart = DW(f) * 16
f.seek(MGROUPStart)
magic = f.read(2)
headerSize = DW(f)
segmentDataAlignment = DW(f)
nextExeOff = DD(f)
SegDataOff = DD(f)
f.file2base(MGROUPStart, 0, SegDataOff, True)
ida_segment.add_segm(0, 0, 0x50, "HEADER", "MODULE")
f.seek(MGROUPStart + 2)
headerSize = rnDW(f, "headerSize", MGROUPStart)
segmentDataAlignment = rnDW(f, "segmentDataAlignment", MGROUPStart)
nextExeOff = rnDD(f, "nextExeOff", MGROUPStart)
SegDataOff = rnDD(f, "SegDataOff", MGROUPStart)
ResDataOff = rnDD(f, "ResDataOff", MGROUPStart)
flags = rnDW(f, "flags", MGROUPStart)
version = rnDB(f, "version", MGROUPStart)
revision = rnDB(f, "revision", MGROUPStart)
AutoDataSegNo = rnDW(f, "AutoDataSegNo", MGROUPStart)
HeapSize = rnDW(f, "HeapSize", MGROUPStart)
StackSize = rnDW(f, "StackSize", MGROUPStart)
StartProc = rnDD(f, "StartProc", MGROUPStart)
LoadProc = rnDD(f, "LoadProc", MGROUPStart)
FreeProc = rnDD(f, "FreeProc", MGROUPStart)
nSegments = rnDW(f, "nSegments", MGROUPStart)
pSegTable = rnDW(f, "pSegTable", MGROUPStart)
cbResTab = rnDW(f, "cbResTab", MGROUPStart)
pResTab = rnDW(f, "pResTab", MGROUPStart)
cbEntTab = rnDW(f, "cbEntTab", MGROUPStart)
pEntTab = rnDW(f, "pEntTab", MGROUPStart)
cbNamTab = rnDW(f, "cbNamTab", MGROUPStart)
pNamTab = rnDW(f, "pNamTab", MGROUPStart)
cbStrTab = rnDW(f, "cbStrTab", MGROUPStart)
pStrTab = rnDW(f, "pStrTab", MGROUPStart)
cbNRNamTab = rnDW(f, "cbNRNamTab", MGROUPStart)
pNRNamTab = rnDW(f, "pNRNamTab", MGROUPStart)
ida_segment.add_segm(0, pSegTable,
pSegTable + (nSegments * SEG_STRUCT_SIZE), "SEGTABLE",
"MODULE")
ida_segment.add_segm(0, pResTab, pResTab + cbResTab, "RESOURCES", "MODULE")
ida_segment.add_segm(0, pEntTab, pEntTab + cbEntTab, "ENTTABLE", "MODULE")
ida_segment.add_segm(0, pNamTab, pNamTab + cbNamTab, "ENTNAME", "MODULE")
ida_segment.add_segm(0, pStrTab, pStrTab + cbStrTab, "IMPORTS", "MODULE")
ida_segment.add_segm(0, pNRNamTab, pNRNamTab + cbNRNamTab, "NRENTNAME",
"MODULE")
#parse segtable
segentsid = defSEGENT()
base = SegDataOff // 16
importCount = 0
for i in range(nSegments):
segEntStart = pSegTable + i * SEG_STRUCT_SIZE
ida_bytes.create_struct(segEntStart, SEG_STRUCT_SIZE, segentsid)
segStart = ida_bytes.get_word(segEntStart + 2)
segLen = ida_bytes.get_word(segEntStart + 4)
segImports = ida_bytes.get_word(segEntStart + 6)
importCount += segImports
f.file2base(MGROUPStart + SegDataOff + segStart * 16,
SegDataOff + segStart * 16,
SegDataOff + (segStart + segLen) * 16, True)
segBase = (base + segStart) * 16
#segmentDef = ida_segment.segment_t()
#segmentDef.start_ea = segBase
#segmentDef.end_ea = (base+segStart+segLen)*16
#ida_segment.set_selector()
print(base + segStart)
ida_segment.add_segm(base + segStart, segBase,
(base + segStart + segLen) * 16, "", "", 0)
sel = ida_segment.find_selector(base + segStart)
seg = ida_segment.getseg(segBase)
ida_segment.set_segm_addressing(seg, 0)
segtable[i] = seg
segimportstable[i] = segImports
if i + 1 == AutoDataSegNo:
ida_segment.set_segm_name(seg, "DATA", 0)
ida_segment.set_segm_class(seg, "DATA", 0)
dataSel = sel
else:
ida_segment.set_segm_name(seg, "TEXT", 0)
ida_segment.set_segm_class(seg, "CODE", 0)
if AutoDataSegNo == 0:
dataSel = sel
ida_segregs.set_default_dataseg(dataSel)
#parse enttable
pENT = pEntTab
currord = 1
while pENT < pEntTab + cbEntTab:
bundleCount = ida_bytes.get_byte(pENT)
bundleFlags = ida_bytes.get_byte(pENT + 1)
if bundleCount == 0 and bundleFlags == 0:
break
pENT += 2
for i in range(bundleCount):
if bundleFlags == 0xFF:
ordFlags = ida_bytes.get_byte(pENT)
if ordFlags & 0x80:
toexport.append(currord)
segNo = ida_bytes.get_byte(pENT + 3)
segOff = ida_bytes.get_word(pENT + 4)
enttable[currord] = (segtable[segNo - 1].start_ea // 16,
segOff)
pENT += 6
else:
ordFlags = ida_bytes.get_byte(pENT)
if ordFlags & 0x80:
toexport.append(currord)
segOff = ida_bytes.get_word(pENT + 1)
enttable[currord] = (segtable[bundleFlags - 1].start_ea // 16,
segOff)
pENT += 3
currord += 1
modulename = readPASSTR(pNamTab)
make_entry(StartProc, modulename + "_start")
make_entry(LoadProc, modulename + "_load")
make_entry(FreeProc, modulename + "_free")
#export named ordinals
namedordtable = loadExportsF(f)
for i in toexport:
if i in namedordtable:
name = namedordtable[i]
else:
name = "Ordinal" + str(i)
(base, off) = enttable[i]
addr = base * 16 + off
ida_entry.add_entry(i, addr, name, 1)
#process imports
ida_segment.add_segm(0xF000, 0xF0000, 0xF0000 + importCount * 2, "IMPORTS",
"XTRN", 0)
import_ea = 0xF0000
for seg in segtable:
segend = segtable[seg].end_ea
f.seek(MGROUPStart + segend)
for i in range(segimportstable[seg]):
count = DB(f)
mode = DB(f)
relocStart = DW(f)
module = DW(f)
proc = DW(f)
if (module == 0xFFFF):
(base, off) = enttable[proc]
else:
modulestr = readPASSTR(pStrTab + module)
if (proc & 0x8000) != 0: # read by ord
ordinal = proc & 0x7FFF
procname = modulestr + "_Ordinal" + str(ordinal)
if not modulestr in importedmodules:
if os.path.isfile(modulestr + ".EXE"):
importedmodules[modulestr] = loadExports(
modulestr + ".EXE")
else:
filename = ida_kernwin.ask_file(
0, modulestr + ".EXE",
"Select file to name exports")
if filename is not None and os.path.isfile(
filename):
importedmodules[modulestr] = loadExports(
filename)
else:
importedmodules[modulestr] = None
if modulestr in importedmodules and (
importedmodules[modulestr] is not None
) and ordinal in importedmodules[modulestr]:
procname = importedmodules[modulestr][ordinal]
else:
procname = readPASSTR(pStrTab + proc)
ida_bytes.create_data(import_ea, ida_bytes.FF_WORD, 2,
ida_idaapi.BADADDR)
ida_name.force_name(import_ea, procname)
ida_bytes.set_cmt(import_ea, "Imported from " + modulestr, 1)
base = 0xF000
off = import_ea - 0xF0000
import_ea += 2
for xx in range(count):
next = ida_bytes.get_word(segtable[seg].start_ea + relocStart)
if mode == 0x20:
ida_bytes.put_word(segtable[seg].start_ea + relocStart + 2,
base)
ida_bytes.put_word(segtable[seg].start_ea + relocStart,
off)
elif mode == 0x10:
ida_bytes.put_word(segtable[seg].start_ea + relocStart,
off)
elif mode == 0x0:
ida_bytes.put_word(segtable[seg].start_ea + relocStart,
base)
relocStart = next
#print "import %d: seg %d mode %s count %d relocStart %s module %s proc %s" % (i, seg, hex(mode), count, hex(relocStart), modulestr, hex(proc))
return 1
def NameCanonical(f, mod_name, func_name):
n = "%s_%s_%08x" % (mod_name, func_name, f)
print("Renaming %s to %s\n" % (idc.get_func_name(f), n))
ida_name.force_name(f, n)
def name(self, value):
if force_name(self.__ea, value) != 1:
print("force_name(0x%X, '%s') has failed" % (self.__ea, value))
