def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
leaf_desc = idaapi.action_desc_t(self.leaf_function_action_name,
self.leaf_function_name,
LeafFunctionAction(),
self.wanted_hotkey,
self.leaf_function_tooltip, 199)
format_string_desc = idaapi.action_desc_t(
self.format_string_action_name, self.format_string_name,
FormatStringFunctionAction(), self.wanted_hotkey,
self.format_string_tooltip, 199)
idaapi.register_action(leaf_desc)
idaapi.register_action(format_string_desc)
idaapi.attach_action_to_menu(self.menu_tab,
self.leaf_function_action_name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_tab,
self.format_string_action_name,
idaapi.SETMENU_APP)
else:
self.menu_context.append(
idaapi.add_menu_item(self.menu_tab, self.leaf_function_name,
"", 0, leaf_from_menu, (None, )))
self.menu_context.append(
idaapi.add_menu_item(self.menu_tab, self.format_string_name,
"", 0, format_from_menu, (None, )))
return idaapi.PLUGIN_KEEP
def init(self):
self.lines = set()
self.settings = IDASettings('HighlightCalls')
try:
self.set_color(self.settings['color'])
except KeyError:
self.settings.user['color'] = HIGHLIGHT_COLOR
self.set_color(HIGHLIGHT_COLOR)
self.ui_hooks = UiHooks(self.lines)
self.toggle_action_desc = idaapi.action_desc_t(
'HighlightCalls:Toggle', 'Toggle call highlighting',
ToggleHighlightHandler(self.enable_highlights,
self.disable_highlights), '',
'Toggle call highlighting', -1)
idaapi.register_action(self.toggle_action_desc)
self.color_selector = idaapi.action_desc_t(
'HighlightCalls:SelectColor', 'Select highlight color',
SelectColorHandler(set_color=self.set_color), '',
'Select highlight color', -1)
idaapi.register_action(self.color_selector)
idaapi.attach_action_to_menu('Edit/', self.toggle_action_desc.name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu('Edit/', self.color_selector.name,
idaapi.SETMENU_APP)
return idaapi.PLUGIN_KEEP
def finish_populating_widget_popup(self, widget, popup):
if self.form.title == idaapi.get_widget_title(widget):
idaapi.attach_dynamic_action_to_popup(
widget, popup,
idaapi.action_desc_t(
None, "Update View",
self.PopupActionHandler(
self.form, self.form.menu_update),
None, None, -1))
idaapi.attach_dynamic_action_to_popup(
widget, popup,
idaapi.action_desc_t(
None, "Lookup Instruction",
self.PopupActionHandler(
self.form, self.form.menu_lookup),
None, None, -1))
idaapi.attach_dynamic_action_to_popup(
widget, popup,
idaapi.action_desc_t(
None, "Toggle Auto-refresh",
self.PopupActionHandler(
self.form, self.form.menu_autorefresh),
None, None, -1))
idaapi.attach_action_to_popup(
widget, popup, "-", None)
idaapi.attach_dynamic_action_to_popup(
widget, popup,
idaapi.action_desc_t(
None, "Change Architecture",
self.PopupActionHandler(
self.form, self.form.change_arch),
None, None, -1))
idaapi.attach_action_to_popup(
widget, popup, "-", None)
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
idaapi.register_action(
idaapi.action_desc_t(self.action_rizzo_loadfile,
'Rizzo signature file...',
self.rizzo_loadHandler(), None,
'Rizzo signature file...'))
idaapi.attach_action_to_menu("File/Load file/",
self.action_rizzo_loadfile,
idaapi.SETMENU_APP)
idaapi.register_action(
idaapi.action_desc_t(self.action_rizzo_producefile,
'Rizzo signature file...',
self.rizzo_produceHandler(), None,
'Rizzo signature file...'))
idaapi.attach_action_to_menu("File/Produce file/",
self.action_rizzo_producefile,
idaapi.SETMENU_APP)
else:
self.menu_context_load = idaapi.add_menu_item(
"File/Load file/", "Rizzo signature file...", "", 0,
self.rizzo_load, (None, ))
self.menu_context_produce = idaapi.add_menu_item(
"File/Produce file/", "Rizzo signature file...", "", 0,
self.rizzo_produce, (True, ))
return idaapi.PLUGIN_KEEP
def _attach_to_menu_items(self):
self.search_magic_desc = idaapi.action_desc_t(
'idamagnum:searchmagic',
'search magic number ...',
SearchMagicNumber(self),
"Shift+M",
'Search this value on MagnumDB',
)
self.configure_plugin_desc = idaapi.action_desc_t(
'idamagnum:configure',
'Configure',
ConfigureIdaMagnum(self),
"",
'Configure plugin',
)
idaapi.register_action(self.search_magic_desc)
idaapi.register_action(self.configure_plugin_desc)
idaapi.attach_action_to_menu('Edit/Plugins/IdaMagnum/',
'idamagnum:searchmagic',
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu('Edit/Plugins/IdaMagnum/',
'idamagnum:configure', idaapi.SETMENU_APP)
return 0
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
produce_desc = idaapi.action_desc_t(self.produce_action_name,
self.menu_name,
ProduceRizzoAction(),
self.wanted_hotkey,
self.produce_tooltip, 199)
load_desc = idaapi.action_desc_t(self.load_action_name,
self.menu_name, LoadRizzoAction(),
self.wanted_hotkey,
self.load_tooltip, 199)
idaapi.register_action(produce_desc)
idaapi.register_action(load_desc)
idaapi.attach_action_to_menu(
os.path.join(self.menu_tab, 'Produce file/'),
self.produce_action_name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(
os.path.join(self.menu_tab, 'Load file/'),
self.load_action_name, idaapi.SETMENU_APP)
else:
self.menu_context.append(
idaapi.add_menu_item(os.path.join(self.menu_tab, 'Load file/'),
"Rizzo signature file...", "", 0,
rizzo_load, (None, )))
self.menu_context.append(
idaapi.add_menu_item(
os.path.join(self.menu_tab, 'Produce file/'),
"Rizzo signature file...", "", 0, rizzo_produce, (None, )))
return idaapi.PLUGIN_KEEP
def init(brutal_self):
idaapi.unregister_action('Undo')
idaapi.unregister_action('Redo')
brutal_self.brutal_action_handler = BrutalActionHandler()
brutal_action_desc = idaapi.action_desc_t(
'BRUTAL', 'BRUTAL IDA', brutal_self.brutal_action_handler, '',
'IDA', BRUTAL6_ICON)
idaapi.register_action(brutal_action_desc)
idaapi.create_toolbar('BRUTAL IDA', 'BRUTAL IDA')
brutal_self.brutal_letter_handlers = []
for brutal_letter in 'BRUTAL':
brutal_letter_handler = BrutalLetterHandler()
brutal_self.brutal_letter_handlers.append(brutal_letter_handler)
brutal_label = 'BRUTAL {}'.format(brutal_letter)
brutal_letter_desc = idaapi.action_desc_t(
brutal_label, brutal_label, brutal_letter_handler, '',
brutal_letter, BRUTAL_LETTERS[brutal_letter])
idaapi.register_action(brutal_letter_desc)
idaapi.attach_action_to_toolbar('BRUTAL IDA', brutal_label)
idaapi.attach_action_to_toolbar('BRUTAL IDA', 'BRUTAL')
brutal_self.brutal_hotkey = idaapi.add_hotkey(
'Ctrl+Z', brutal_self.dispatch_brutality)
return idaapi.PLUGIN_KEEP
def init(self):
if not idaapi.init_hexrays_plugin():
print "[ERROR] Failed to initialize Hex-Rays SDK"
return isaapi.PLUGIN_SKIP
idaapi.register_action(
idaapi.action_desc_t(
"mee:DeepDecompile1",
"Deep Decompile Function",
DeepDecompile(1),
None
)
)
idaapi.register_action(
idaapi.action_desc_t(
"mee:DeepDecompile3",
"Deep Decompile Function 3 Deep",
DeepDecompile(3),
None
)
)
self.hooks = Hooks()
self.hooks.hook()
idaapi.attach_action_to_menu("View/Open subviews/Local types","mee:DeepDecompile3",idaapi.SETMENU_APP)
idaapi.attach_action_to_menu("View/Open subviews/Local types","mee:DeepDecompile1",idaapi.SETMENU_APP)
idaapi.install_hexrays_callback(hexrays_events_callback)
return idaapi.PLUGIN_KEEP
def create_ioctl_tab(tracker, modal=False):
global ioctl_tracker
ioctl_tracker = tracker
items = get_all_defines()
idaapi.register_action(
idaapi.action_desc_t("choose2:remove_ioctl", "Invalid IOCTL",
remove_ioctl(items)))
action = "send_ioctl"
actname = "choose2:act%s" % action
idaapi.register_action(
idaapi.action_desc_t(actname, "Send IOCTL",
send_ioctl_handler_t(items)))
idaapi.register_action(
idaapi.action_desc_t("choose2:actcopy_defines", "Copy All Defines",
copy_defines_handler_t(items)))
idaapi.register_action(
idaapi.action_desc_t("choose2:actstop_unload", "Stop & Unload Driver",
stop_unload_handler_t()))
idaapi.register_action(
idaapi.action_desc_t("choose2:actstart_load", "Load & Start Driver",
start_load_handler_t()))
global c
c = MyChoose2("IOCTL Code Viewer", items, modal=modal)
c.show()
form = idaapi.get_current_tform()
idaapi.attach_action_to_popup(form, None, "choose2:act%s" % action)
idaapi.attach_action_to_popup(form, None, "choose2:actcopy_defines")
idaapi.attach_action_to_popup(form, None, "choose2:actstop_unload")
idaapi.attach_action_to_popup(form, None, "choose2:actstart_load")
idaapi.attach_action_to_popup(form, None, "choose2:remove_ioctl")
def init(self):
self.lines = set()
self.settings = IDASettings('HighlightCalls')
try:
self.set_color(self.settings['color'])
except KeyError:
self.settings.user['color'] = HIGHLIGHT_COLOR
self.set_color(HIGHLIGHT_COLOR)
self.ui_hooks = UiHooks(self.lines)
self.toggle_action_desc = idaapi.action_desc_t('HighlightCalls:Toggle',
'Toggle call highlighting',
ToggleHighlightHandler(self.enable_highlights,
self.disable_highlights),
'',
'Toggle call highlighting',
-1)
idaapi.register_action(self.toggle_action_desc)
self.color_selector = idaapi.action_desc_t('HighlightCalls:SelectColor',
'Select highlight color',
SelectColorHandler(set_color=self.set_color),
'',
'Select highlight color',
-1)
idaapi.register_action(self.color_selector)
idaapi.attach_action_to_menu('View/', self.toggle_action_desc.name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu('View/', self.color_selector.name, idaapi.SETMENU_APP)
return idaapi.PLUGIN_KEEP
def init(self):
act_icon = idaapi.load_custom_icon(data=icon_data, format="png")
act_name = "idenLib:action"
idaapi.register_action(
idaapi.action_desc_t(act_name, "idenLib - Function Identification",
idenLib_class(), None, "idenLib", act_icon))
# Insert the action in a toolbar
idaapi.attach_action_to_toolbar("DebugToolBar", act_name)
idaapi.attach_action_to_menu('Edit/idenLib/', act_name,
idaapi.SETMENU_APP)
# refresh signatures
act_name = "idenLib:refresh"
idaapi.register_action(
idaapi.action_desc_t(act_name, "Refresh Signatures",
RefreshHandler(), None, "idenLib - Refresh"))
idaapi.attach_action_to_menu('Edit/idenLib/', act_name,
idaapi.SETMENU_APP)
# about
act_name = "idenLib:about"
idaapi.register_action(
idaapi.action_desc_t(act_name, "About", AboutHandler(), None,
"idenLib - About"))
idaapi.attach_action_to_menu('Edit/idenLib/', act_name,
idaapi.SETMENU_APP)
return idaapi.PLUGIN_OK
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
code_desc = idaapi.action_desc_t(self.code_action_name,
'Fixup Code', CodatifyFixupCode(),
self.wanted_hotkey, 'Fixup Code',
199)
data_desc = idaapi.action_desc_t(self.data_action_name,
'Fixup Data', CodatifyFixupData(),
self.wanted_hotkey, 'Fixup Data',
199)
idaapi.register_action(code_desc)
idaapi.register_action(data_desc)
idaapi.attach_action_to_menu(self.menu_tab, self.code_action_name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_tab, self.data_action_name,
idaapi.SETMENU_APP)
else:
self.menu_context.append(
idaapi.add_menu_item("Options/", "Fixup code", "", 0, fix_code,
(None, )))
self.menu_context.append(
idaapi.add_menu_item("Options/", "Fixup data", "", 0, fix_data,
(None, )))
return idaapi.PLUGIN_KEEP
def init(self):
# Register the action
self.menu_context_load = idaapi.action_desc_t(
'my:load_rizzo', # The action name. This acts like an ID and must be unique
'Rizzo signature file...', # The action text.
LoadHandler(), # The action handler.
'', # Optional: the action shortcut
'', # Optional: the action tooltip (available in menus/toolbar)
) # Optional: the action icon (shows when in menus/toolbars) use numbers 1-255
# Register the action
idaapi.register_action(self.menu_context_load)
idaapi.attach_action_to_menu('File/Load file/', 'my:load_rizzo',
idaapi.SETMENU_APP)
self.menu_context_produce = idaapi.action_desc_t(
'my:produce_rizzo', # The action name. This acts like an ID and must be unique
'Rizzo signature file...', # The action text.
ExportHandler(), # The action handler.
'', # Optional: the action shortcut
'', # Optional: the action tooltip (available in menus/toolbar)
) # Optional: the action icon (shows when in menus/toolbars) use numbers 1-255
# Register the action
idaapi.register_action(self.menu_context_produce)
idaapi.attach_action_to_menu('File/Produce file/', 'my:produce_rizzo',
idaapi.SETMENU_APP)
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
leaf_desc = idaapi.action_desc_t(self.leaf_function_action_name,
self.leaf_function_name,
LeafFunctionAction(),
self.wanted_hotkey,
self.leaf_function_tooltip,
199)
format_string_desc = idaapi.action_desc_t(self.format_string_action_name,
self.format_string_name,
FormatStringFunctionAction(),
self.wanted_hotkey,
self.format_string_tooltip,
199)
idaapi.register_action(leaf_desc)
idaapi.register_action(format_string_desc)
idaapi.attach_action_to_menu(self.menu_tab, self.leaf_function_action_name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_tab, self.format_string_action_name, idaapi.SETMENU_APP)
else:
self.menu_context.append(idaapi.add_menu_item(self.menu_tab, self.leaf_function_name, "", 0, leaf_from_menu, (None,)))
self.menu_context.append(idaapi.add_menu_item(self.menu_tab, self.format_string_name, "", 0, format_from_menu, (None,)))
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
# Add ALLEYCAT_LIMIT variable to the global namespace so it can be accessed from the IDA python terminal.
global ALLEYCAT_LIMIT
add_to_namespace('__main__', 'alleycat', 'ALLEYCAT_LIMIT',
ALLEYCAT_LIMIT)
# Add functions to global namespace.
add_to_namespace('__main__', 'alleycat', 'AlleyCatFunctionPaths',
AlleyCatFunctionPaths)
add_to_namespace('__main__', 'alleycat', 'AlleyCatCodePaths',
AlleyCatCodePaths)
add_to_namespace('__main__', 'alleycat', 'AlleyCatGraph',
AlleyCatGraph)
to_curr_from_desc = idaapi.action_desc_t(
self.to_from_action_name, self.to_from_menu_name,
ToCurrentFromAction(), self.wanted_hotkey,
'Find paths to the current function from...', 199)
from_curr_to_desc = idaapi.action_desc_t(
self.from_to_action_name, self.from_to_menu_name,
FromCurrentToAction(), self.wanted_hotkey,
'Find paths from the current function to...', 199)
curr_func_to_block_desc = idaapi.action_desc_t(
self.curr_func_curr_block_action_name,
self.curr_func_curr_block_menu_name,
InCurrentFunctionToCurrentCodeBlockAction(),
self.wanted_hotkey,
'Find paths in the current function to the current code block',
199)
idaapi.register_action(to_curr_from_desc)
idaapi.register_action(from_curr_to_desc)
idaapi.register_action(curr_func_to_block_desc)
idaapi.attach_action_to_menu(self.menu_name,
self.to_from_action_name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_name,
self.from_to_action_name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_name,
self.curr_func_curr_block_action_name,
idaapi.SETMENU_APP)
else:
self.menu_context.append(
idaapi.add_menu_item(self.menu_name, self.to_from_menu_name,
"", 0, find_paths_from_many, (None, )))
self.menu_context.append(
idaapi.add_menu_item(self.menu_name, self.from_to_menu_name,
"", 0, find_paths_to_many, (None, )))
self.menu_context.append(
idaapi.add_menu_item(self.menu_name,
self.curr_func_curr_block_menu_name, "",
0, find_paths_to_code_block, (None, )))
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
xref_current_func_desc = idaapi.action_desc_t(
self.xref_current_func_action_name,
self.xref_current_func_menu_name,
FunctionProfilerFromFunctionActionHandler(),
self.wanted_hotkey, 'Xrefs from the current function.', 199)
all_xref_desc = idaapi.action_desc_t(
self.all_xref_action_name, self.all_xref_menu_name,
FunctionProfilerAllFunctionsActionHandler(),
self.wanted_hotkey, 'All functions xref.', 199)
idaapi.register_action(xref_current_func_desc)
idaapi.register_action(all_xref_desc)
idaapi.attach_action_to_menu(self.menu_tab,
self.xref_current_func_action_name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_tab,
self.all_xref_action_name,
idaapi.SETMENU_APP)
else:
self.menu_context.append(
idaapi.add_menu_item(self.menu_tab,
self.xref_current_func_menu_name, "", 0,
from_function_profiler, (True, )))
self.menu_context.append(
idaapi.add_menu_item(self.menu_tab, self.all_xref_menu_name,
"", 0, all_functions_profiler, (False, )))
return idaapi.PLUGIN_KEEP
def add_menu_items(self):
""" Init additions to Ida's menu entries """
if idaapi.IDA_SDK_VERSION <= 695:
def add_menu_item_helper(self, menupath, name, hotkey, flags,
pyfunc, args):
""" helper for adding a menu item """
# add menu item and report on errors
addmenu_item_ctx = idaapi.add_menu_item(
menupath, name, hotkey, flags, pyfunc, args)
if addmenu_item_ctx is None:
return 1
else:
self.addmenu_item_ctxs.append(addmenu_item_ctx)
return 0
if add_menu_item_helper(self, "Search/all error operands",
"list rop gadgets...", "Ctrl+Shift+r", 1,
self.proc_rop, None):
return 1
if add_menu_item_helper(self, "View/Open subviews/Problems",
"View rop gadgets...", "Shift+r", 1,
self.show_rop_view, None):
return 1
return 0
elif idaapi.IDA_SDK_VERSION >= 700:
search_gadgets_desc = idaapi.action_desc_t(
'idarop:searchgadgets',
'search rop gadgets...',
SearchGadgetsHandler(self),
"Ctrl+Shift+r",
'search all gadgets available on this binary',
)
idaapi.register_action(search_gadgets_desc)
idaapi.attach_action_to_menu('Search/IdaRop/',
'idarop:searchgadgets',
idaapi.SETMENU_APP)
list_gadgets_desc = idaapi.action_desc_t(
'idarop:listgadgets',
'list rop gadgets...',
ListGadgetsHandler(self),
"Shift+r",
'list all gadgets searched on this binary',
)
idaapi.register_action(list_gadgets_desc)
idaapi.attach_action_to_menu('Search/IdaRop/',
'idarop:listgadgets',
idaapi.SETMENU_APP)
return 0
else:
return 0
def finish_populating_widget_popup(self, widget, popup):
if self.form.title == idaapi.get_widget_title(widget):
idaapi.attach_dynamic_action_to_popup(widget, popup, idaapi.action_desc_t(None, "Update View", self.PopupActionHandler(self.form, self.form.menu_update), None, None, -1))
idaapi.attach_dynamic_action_to_popup(widget, popup, idaapi.action_desc_t(None, "Lookup Instruction", self.PopupActionHandler(self.form, self.form.menu_lookup), None, None, -1))
idaapi.attach_dynamic_action_to_popup(widget, popup, idaapi.action_desc_t(None, "Toggle Auto-refresh", self.PopupActionHandler(self.form, self.form.menu_autorefresh), None, None, -1))
idaapi.attach_action_to_popup(widget, popup, "-", None)
idaapi.attach_dynamic_action_to_popup(widget, popup, idaapi.action_desc_t(None, "Change Architecture", self.PopupActionHandler(self.form, self.form.change_arch), None, None, -1))
idaapi.attach_action_to_popup(widget, popup, "-", None)
def __init__(self):
self.menu_context_load_action = idaapi.action_desc_t(
'rizzo:load', 'Rizzo signature file...', RizzoActionHandlerLoad())
self.menu_context_produce_action = idaapi.action_desc_t(
'rizzo:produce', 'Rizzo signature file...',
RizzoActionHandlerProduce())
idaapi.register_action(self.menu_context_load_action)
idaapi.register_action(self.menu_context_produce_action)
def __init__(self):
self.graph = None
self.menu_action_find_from = idaapi.action_desc_t('alleycat:find_from', 'Find paths to the current function from...', AlleycatActionHandlerFindPathsFrom())
self.menu_action_find_to = idaapi.action_desc_t('alleycat:find_to', 'Find paths from the current function to...', AlleycatActionHandlerFindPathsTo())
self.menu_action_find_current = idaapi.action_desc_t('alleycat:find_current', 'Find paths in the current function to the current code block', AlleycatActionHandlerFindPathsToCurrentBlock())
idaapi.register_action(self.menu_action_find_from)
idaapi.register_action(self.menu_action_find_to)
idaapi.register_action(self.menu_action_find_current)
def __init__(self):
print("\n================================================================================")
print("[Rizzo ^_^] Rizzo plugin by @devttys0, @Craig Heffner, Reverier-Xu for IDA 7.4+")
print("[Rizzo =_=] Loading Rizzo...")
self.menu_context_load_action = idaapi.action_desc_t('rizzo:load', 'Rizzo signature file...', RizzoActionHandlerLoad())
self.menu_context_produce_action = idaapi.action_desc_t('rizzo:produce', 'Rizzo signature file...', RizzoActionHandlerProduce())
idaapi.register_action(self.menu_context_load_action)
idaapi.register_action(self.menu_context_produce_action)
print("[Rizzo ^_^] Rizzo is Ready!")
def register(self):
form = idaversion.get_current_widget()
the_name = "reverse to"
idaapi.register_action(idaapi.action_desc_t(the_name, "reverse to", self.stacktrace_handler(self.revTo)))
idaapi.attach_action_to_popup(form, None, the_name)
the_name = "refresh_stack"
idaapi.register_action(idaapi.action_desc_t(the_name, "refresh stack", self.stacktrace_handler(self.updateStackTrace)))
idaapi.attach_action_to_popup(form, None, the_name)
def init(self):
#
# Ensure symEx and cache dir existed
#
if not os.path.isdir(symEx_dir):
print("[idenLib] default sig directory {} not existed !!!".format(symEx_dir))
os.mkdir(symEx_dir)
if not os.path.isdir(symEx_cache_dir):
os.mkdir(symEx_cache_dir)
act_icon = idaapi.load_custom_icon(data=icon_data, format="png")
act_name = "idenLib:action"
idaapi.register_action(idaapi.action_desc_t(
act_name,
"idenLib - Function Identification",
idenLibHandler(),
None,
"idenLib",
act_icon))
# Insert the action in a toolbar
idaapi.attach_action_to_toolbar("DebugToolBar", act_name)
idaapi.attach_action_to_menu(
'Edit/idenLib/',
act_name,
idaapi.SETMENU_APP)
# refresh signatures
act_name = "idenLib:refresh"
idaapi.register_action(idaapi.action_desc_t(
act_name,
"Refresh Signatures",
RefreshHandler(),
None,
"idenLib - Refresh"))
idaapi.attach_action_to_menu(
'Edit/idenLib/',
act_name,
idaapi.SETMENU_APP)
# about
act_name = "idenLib:about"
idaapi.register_action(idaapi.action_desc_t(
act_name,
"About",
AboutHandler(),
None,
"idenLib - About"))
idaapi.attach_action_to_menu(
'Edit/idenLib/',
act_name,
idaapi.SETMENU_APP)
return idaapi.PLUGIN_OK
def init(self):
global initialized
if initialized is False:
initialized = True
if idaapi.IDA_SDK_VERSION >= 700:
# populating action menus
action_desc = idaapi.action_desc_t(
'my:aboutaction', # The action name. This acts like an ID and must be unique
'About!', # The action text.
AboutHandler(), # The action handler.
'', # Optional: the action shortcut
'About X64dbg ida', # Optional: the action tooltip (available in menus/toolbar)
) # Optional: the action icon (shows when in menus/toolbars) use numbers 1-255
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu('Edit/x64dbgida/',
'my:aboutaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:eksportaction',
'Export x64dbg database',
EksportHandler(),
'',
'Export x64dbg database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu('Edit/x64dbgida/',
'my:eksportaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:importaction',
'Import (uncompressed) database',
ImportHandler(),
'',
'Import (uncompressed) database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu('Edit/x64dbgida/',
'my:importaction',
idaapi.SETMENU_APP)
else:
print("Use version 1.0")
return idaapi.PLUGIN_KEEP
def init(self):
global initialized
if initialized == False:
initialized = True
'''menu = idaapi.add_menu_item("Edit/x64dbgida/", "About", "", 0,
self.about, None)
if menu is not None:
idaapi.add_menu_item("Edit/x64dbgida/", "Export database", "",
0, self.exportdb, None)
idaapi.add_menu_item("Edit/x64dbgida/",
"Import (uncompressed) database", "", 0,
self.importdb, None)
elif idaapi.IDA_SDK_VERSION < 680:
idaapi.add_menu_item("File/Produce file/",
"Export x64dbg database", "", 0,
self.exportdb, None)
idaapi.add_menu_item("File/Load file/",
"Import x64dbg database", "", 0,
self.importdb, None)
'''
act_export = idaapi.action_desc_t(
'x64dbg:export_db',
'Export IDA -> x64dbg',
x64dbg_plugin_action_exportdb(),
'',
'Export IDA -> x64dbg',
)
act_import = idaapi.action_desc_t(
'x64dbg:import_db',
'Import x64dbg -> IDA',
x64dbg_plugin_action_importdb(),
'',
'Import x64dbg -> IDA',
)
idaapi.register_action(act_export)
idaapi.register_action(act_import)
idaapi.attach_action_to_menu(
'Edit/x64dbg/Export DB',
'x64dbg:export_db',
idaapi.SETMENU_APP,
)
idaapi.attach_action_to_menu(
'Edit/x64dbg/Import DB',
'x64dbg:import_db',
idaapi.SETMENU_APP,
)
return idaapi.PLUGIN_OK
def register(isim):
rev_to_action_desc = idaapi.action_desc_t(
'rev:action',
'Reverse to address',
RevToHandler(isim)
)
dis_action_desc = idaapi.action_desc_t(
'dis:action',
'analysis',
DisHandler(isim)
)
rev_cursor_action_desc = idaapi.action_desc_t(
'revCursor:action',
'reverse to cursor',
RevCursorHandler(isim)
)
mod_reg_action_desc = idaapi.action_desc_t(
'modReg:action',
'modify register',
ModRegHandler(isim)
)
data_watch_action_desc = idaapi.action_desc_t(
'dataWatch:action',
'data watch',
DataWatchHandler(isim)
)
rev_addr_action_desc = idaapi.action_desc_t(
'revData:action',
'reverse track data',
RevDataHandler(isim)
)
mod_memory_action_desc = idaapi.action_desc_t(
'modMemory:action',
'modify memory',
ModMemoryHandler(isim)
)
string_memory_action_desc = idaapi.action_desc_t(
'stringMemory:action',
'modify memory (string)',
StringMemoryHandler(isim)
)
struct_field_action_desc = idaapi.action_desc_t(
'structField:action',
'Structure field',
StructFieldHandler(isim)
)
idaapi.register_action(rev_to_action_desc)
idaapi.register_action(dis_action_desc)
idaapi.register_action(rev_cursor_action_desc)
idaapi.register_action(mod_reg_action_desc)
idaapi.register_action(data_watch_action_desc)
idaapi.register_action(rev_addr_action_desc)
idaapi.register_action(mod_memory_action_desc)
idaapi.register_action(string_memory_action_desc)
idaapi.register_action(struct_field_action_desc)
def register(self):
form = idaversion.get_current_widget()
the_name = "refresh_data"
idaapi.register_action(
idaapi.action_desc_t(the_name, "refresh data",
self.datawatch_handler(self.updateDataWatch)))
idaapi.attach_action_to_popup(form, None, the_name)
iterator_name = "tag_iterator"
idaapi.register_action(
idaapi.action_desc_t(iterator_name, "Tag function as iterator",
self.datawatch_handler(self.tagIterator)))
idaapi.attach_action_to_popup(form, None, iterator_name)
def init(self):
ui_path = "View/Graphs/"
self.menu_contexts = []
# IDA 7.x
if idaapi.IDA_SDK_VERSION >= 700:
idaapi.register_action(
idaapi.action_desc_t(
action_alleycat_from,
'Find paths to the current function from...',
FindPathsFromManyHandler(), None,
'Find paths from other function to the current function'))
idaapi.attach_action_to_menu(ui_path, action_alleycat_from,
idaapi.SETMENU_APP)
idaapi.register_action(
idaapi.action_desc_t(
action_alleycat_to,
'Find paths from the current function to...',
FindPathsToManyHandler(), None,
'Find paths from the current function to other function'))
idaapi.attach_action_to_menu(ui_path, action_alleycat_to,
idaapi.SETMENU_APP)
idaapi.register_action(
idaapi.action_desc_t(
action_alleycat_block,
'Find paths in the current function to the current code block',
FindPathsToCodeBlockHandler(), None,
'Find paths in the current function to the current code block'
))
idaapi.attach_action_to_menu(ui_path, action_alleycat_block,
idaapi.SETMENU_APP)
# IDA 6.x
else:
self.menu_contexts.append(
idaapi.add_menu_item(
ui_path, "Find paths to the current function from...", "",
0, self.FindPathsFromMany, (None, )))
self.menu_contexts.append(
idaapi.add_menu_item(
ui_path, "Find paths from the current function to...", "",
0, self.FindPathsToMany, (None, )))
self.menu_contexts.append(
idaapi.add_menu_item(
ui_path,
"Find paths in the current function to the current code block",
"", 0, self.FindPathsToCodeBlock, (None, )))
return idaapi.PLUGIN_KEEP
def init(self):
loose_yara_action = idaapi.action_desc_t(
'mkYARA:generate_loose_yara', # The action name. This acts like an ID and must be unique
'Generate Loose Yara Rule ', # The action text.
generic_handler(lambda: self.generate_yara_rule("loose")
), # The action handler.
None, # Optional: the action shortcut
'Generate loose yara rule', # Optional: the action tooltip (available in menus/toolbar)
199 # Optional: the action icon (shows when in menus/toolbars)
)
normal_yara_action = idaapi.action_desc_t(
'mkYARA:generate_normal_yara', # The action name. This acts like an ID and must be unique
'Generate Normal Yara Rule ', # The action text.
generic_handler(lambda: self.generate_yara_rule("normal")
), # The action handler.
'Ctrl+Y', # Optional: the action shortcut
'Generate normal yara rule', # Optional: the action tooltip (available in menus/toolbar)
199 # Optional: the action icon (shows when in menus/toolbars)
)
strict_yara_action = idaapi.action_desc_t(
'mkYARA:generate_strict_yara', # The action name. This acts like an ID and must be unique
'Generate Strict Yara Rule ', # The action text.
generic_handler(lambda: self.generate_yara_rule("strict")
), # The action handler.
None, # Optional: the action shortcut
'Generate strict yara rule', # Optional: the action tooltip (available in menus/toolbar)
199 # Optional: the action icon (shows when in menus/toolbars)
)
data_yara_action = idaapi.action_desc_t(
'mkYARA:generate_data_yara', # The action name. This acts like an ID and must be unique
'Generate Data Yara Rule ', # The action text.
generic_handler(lambda: self.generate_yara_rule(
"normal", is_data=True)), # The action handler.
None, # Optional: the action shortcut
'Generate data yara rule', # Optional: the action tooltip (available in menus/toolbar)
199 # Optional: the action icon (shows when in menus/toolbars)
)
idaapi.register_action(loose_yara_action)
idaapi.register_action(normal_yara_action)
idaapi.register_action(strict_yara_action)
idaapi.register_action(data_yara_action)
self.ui_hooks = mkYARAUIHooks()
self.ui_hooks.hook()
print('mkYARA :: Plugin Started')
return idaapi.PLUGIN_KEEP
def init(self):
export_desc = idaapi.action_desc_t(
'collare:export', 'CollaRE Export', CollaREExportAction(), '',
'Export function names and comments for CollaRE projects.')
idaapi.register_action(export_desc)
idaapi.attach_action_to_menu("File/Save as...", "collare:export",
idaapi.SETMENU_APP)
import_desc = idaapi.action_desc_t(
'collare:import', 'CollaRE Import', CollaREImportAction(), '',
'Import function names and comments for CollaRE projects.')
idaapi.register_action(import_desc)
idaapi.attach_action_to_menu("File/Save as...", "collare:import",
idaapi.SETMENU_APP)
def init(self):
self._last_enum = ""
self.rename_action_desc = idaapi.action_desc_t(
'AutoEnum:RenameImmediate', 'Rename immediate value',
RenameImmediateHandler(), 'Ctrl+Shift+M', 'Rename immediate value',
-1)
idaapi.register_action(self.rename_action_desc)
self.autoenum_action_desc = idaapi.action_desc_t(
'AutoEnum:AutoEnum', 'Automatically create enum',
AutoEnumHandler(), 'Shift+M', 'Automatically create enum', -1)
idaapi.register_action(self.autoenum_action_desc)
return idaapi.PLUGIN_KEEP
def register_munu_actions():
act_registers = '%s:registers' % PLUGIN_NAME
act1 = idaapi.action_desc_t(act_registers, REGS_WIDGET_TITLE,
StartHandler(REGS_WIDGET_TITLE), 'Alt-Shift-D',
'Start plugin', 122)
idaapi.register_action(act1)
idaapi.attach_action_to_menu(DBG_MENU_PATH, act_registers,
idaapi.SETMENU_APP)
act_stack = '%s:stack' % PLUGIN_NAME
act2 = idaapi.action_desc_t(act_stack, STACK_WIDGET_TITLE,
StartHandler(STACK_WIDGET_TITLE),
'Alt-Shift-E', 'Start plugin', 122)
idaapi.register_action(act2)
idaapi.attach_action_to_menu(DBG_MENU_PATH, act_stack, idaapi.SETMENU_APP)
def register_handlers():
"""
Register the handlers for the pop-up menu to interact with the UI
"""
print("GhIDA:: [DEBUG] Registering handlers")
# Load a custom icon
icon_path = gl.plugin_resource("ghida.png")
icon_data = str(open(icon_path, "rb").read())
icon_ghida = idaapi.load_custom_icon(data=icon_data)
idaapi.register_action(
idaapi.action_desc_t("my:disasmsaction",
"Decompile function with GhIDA", DisasmsHandler(),
None, 'IDA plugin for Ghidra decompiler',
icon_ghida))
disasmtracker_action = idaapi.action_desc_t(
"my:disasmtracker", "Disable decompile view synchronization",
DisasmTracker(), None, None, icon_ghida)
idaapi.register_action(disasmtracker_action)
idaapi.register_action(
idaapi.action_desc_t("my:invalidatecache",
"Clear cache for current function",
InvalidateCache(), None, None, icon_ghida))
# Add the settings item in the menu
show_settings_action = idaapi.action_desc_t('my:showsettingsaction',
'GhIDA Settings',
ShowSettingsHandler(), None,
'GhIDA Settings', icon_ghida)
idaapi.register_action(show_settings_action)
idaapi.attach_action_to_menu('Edit/Settings/GhIDA Settings',
'my:showsettingsaction', idaapi.SETMENU_APP)
# Add the view decompile window in the menu
show_decomp_window_action = idaapi.action_desc_t(
'my:showdecompilewindowaction', 'GhIDA decomp view',
ShowDecompWindowHandler(), None, 'GhIDA decomp view', icon_ghida)
idaapi.register_action(show_decomp_window_action)
idaapi.attach_action_to_menu('View/Open subviews/GhIDA',
'my:showdecompilewindowaction',
idaapi.SETMENU_APP)
return
def init(self):
global p_initialized
# register popup menu handlers
try:
Fluorescence.register(self, "Un/highlight call instructions")
except:
pass
self.highlighted = False
if p_initialized is False:
p_initialized = True
idaapi.register_action(idaapi.action_desc_t(
"Fluorescence",
"Highlights function calls",
self.run,
None,
None,
0))
idaapi.attach_action_to_menu("Options/General...", "Fluorescence", idaapi.SETMENU_APP)
print("=" * 80)
print("Fluorescence v{0} by devttys0, 2017".format(VERSION))
print("=" * 80)
return idaapi.PLUGIN_KEEP
def init(self):
self.handler = SyncHandler()
action_desc = idaapi.action_desc_t(SYNC_ACTION_NAME, 'Ret-Sync', self.handler, '',
'Enable/Disable Debugger Sync', SYNC_OFF_ICON)
idaapi.register_action(action_desc)
idaapi.attach_action_to_toolbar('DebugToolBar', SYNC_ACTION_NAME)
return idaapi.PLUGIN_KEEP
def init(self):
global p_initialized
# register popup menu handlers
try:
Searcher.register(self, "Findcrypt")
except:
pass
if p_initialized is False:
p_initialized = True
idaapi.register_action(idaapi.action_desc_t(
"Findcrypt",
"Find crypto constants",
self.search,
None,
None,
0))
idaapi.attach_action_to_menu("Edit/Findcrypt", "Findcrypt", idaapi.SETMENU_APP)
print("=" * 80)
print("Findcrypt v{0} by David BERARD, 2017".format(VERSION))
print("Findcrypt search shortcut key is Ctrl-Alt-F")
print("Rules in %s" % YARARULES_CFGFILE)
print("=" * 80)
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
# Add ALLEYCAT_LIMIT variable to the global namespace so it can be accessed from the IDA python terminal.
global ALLEYCAT_LIMIT
add_to_namespace('__main__', 'alleycat', 'ALLEYCAT_LIMIT', ALLEYCAT_LIMIT)
# Add functions to global namespace.
add_to_namespace('__main__', 'alleycat', 'AlleyCatFunctionPaths', AlleyCatFunctionPaths)
add_to_namespace('__main__', 'alleycat', 'AlleyCatCodePaths', AlleyCatCodePaths)
add_to_namespace('__main__', 'alleycat', 'AlleyCatGraph', AlleyCatGraph)
to_curr_from_desc = idaapi.action_desc_t(self.to_from_action_name,
self.to_from_menu_name,
ToCurrentFromAction(),
self.wanted_hotkey,
'Find paths to the current function from...',
199)
from_curr_to_desc = idaapi.action_desc_t(self.from_to_action_name,
self.from_to_menu_name,
FromCurrentToAction(),
self.wanted_hotkey,
'Find paths from the current function to...',
199)
curr_func_to_block_desc = idaapi.action_desc_t(self.curr_func_curr_block_action_name,
self.curr_func_curr_block_menu_name,
InCurrentFunctionToCurrentCodeBlockAction(),
self.wanted_hotkey,
'Find paths in the current function to the current code block',
199)
idaapi.register_action(to_curr_from_desc)
idaapi.register_action(from_curr_to_desc)
idaapi.register_action(curr_func_to_block_desc)
idaapi.attach_action_to_menu(self.menu_name, self.to_from_action_name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_name, self.from_to_action_name, idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(self.menu_name, self.curr_func_curr_block_action_name, idaapi.SETMENU_APP)
else:
self.menu_context.append(idaapi.add_menu_item(self.menu_name, self.to_from_menu_name, "", 0, find_paths_from_many, (None,)))
self.menu_context.append(idaapi.add_menu_item(self.menu_name, self.from_to_menu_name, "", 0, find_paths_to_many, (None,)))
self.menu_context.append(idaapi.add_menu_item(self.menu_name, self.curr_func_curr_block_menu_name, "", 0, find_paths_to_code_block, (None,)))
return idaapi.PLUGIN_KEEP
def register(self, plugin, label):
self.plugin = plugin
self.label = label
instance = self()
return idaapi.register_action(idaapi.action_desc_t(
self.get_name(), # Name. Acts as an ID. Must be unique.
instance.get_label(), # Label. That's what users see.
instance # Handler. Called when activated, and for updating
))
def init(self):
if idaapi.IDA_SDK_VERSION <= 695:
self.menu_context_1 = idaapi.add_menu_item(
"Search/", "binwalk opcodes", "", 0, self.opcode_scan, (None,))
self.menu_context_2 = idaapi.add_menu_item(
"Search/", "binwalk signatures", "", 0, self.signature_scan, (None,))
if idaapi.IDA_SDK_VERSION >= 700:
# populate action menus
action_desc = idaapi.action_desc_t(
'my:opaction', # action name. This acts like an ID and must be unique
'Binwalk opcodes', # text for this action
OpHandler(), # the action handler
'', # optional shortcut key
'Binwalk opcodes', # optional action tooltip for menus/toolbar
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Search/',
'my:opaction',
idaapi.SETMENU_APP)
# populate action menus
action_desc = idaapi.action_desc_t(
'my:sigaction',
'Binwalk signatures',
SigHandler(),
'',
'Binwalk signatures',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Search/',
'my:sigaction',
idaapi.SETMENU_APP)
else:
pass
return idaapi.PLUGIN_KEEP
def get_desc(cls):
"""Get a descriptor for this handler."""
name = cls.get_name()
text = cls.TEXT
handler = cls()
hotkey = cls.HOTKEY
tooltip = cls.TOOLTIP
icon = cls.ICON
action_desc = idaapi.action_desc_t(name, text, handler, hotkey, tooltip, icon)
return action_desc
def init(self):
self._last_enum = ""
self.rename_action_desc = idaapi.action_desc_t('AutoEnum:RenameImmediate',
'Rename immediate value',
RenameImmediateHandler(),
'Ctrl+Shift+M',
'Rename immediate value',
-1)
idaapi.register_action(self.rename_action_desc)
self.autoenum_action_desc = idaapi.action_desc_t('AutoEnum:AutoEnum',
'Automatically create enum',
AutoEnumHandler(),
'Shift+M',
'Automatically create enum',
-1)
idaapi.register_action(self.autoenum_action_desc)
return idaapi.PLUGIN_KEEP
def _add_menus(self):
ret = []
if idaapi.IDA_SDK_VERSION <= 695:
menu_path = MENU_PATH if idaapi.IDA_SDK_VERSION > 660 else ALTERNATIVE_MENU_PATH
ret.append(self._add_menu(menu_path, 'Stop IdaRef', '', 1, self.stop, tuple()))
ret.append(self._add_menu(menu_path, 'Start IdaRef', '', 1, self.start, tuple()))
if idaapi.IDA_SDK_VERSION >= 700:
action_desc = idaapi.action_desc_t(
'idaref:stop', # The action name. Must be unique
'Stop Idaref', # Action Text
StopHandler(), # Action handler
'', # Optional shortcut
'Stop Idaref' # Action tooltip
)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
MENU_PATH,
'idaref:stop',
idaapi.SETMENU_APP
)
action_desc = idaapi.action_desc_t(
'idaref:start', # The action name. Must be unique
'Start Idaref', # Action Text
StartHandler(), # Action handler
'', # Optional shortcut
'Start Idaref' # Action tooltip
)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
MENU_PATH,
'idaref:start',
idaapi.SETMENU_APP
)
if False in ret:
return idaapi.PLUGIN_SKIP
else:
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
produce_desc = idaapi.action_desc_t(self.produce_action_name,
self.menu_name,
ProduceRizzoAction(),
self.wanted_hotkey,
self.produce_tooltip,
199)
load_desc = idaapi.action_desc_t(self.load_action_name,
self.menu_name,
LoadRizzoAction(),
self.wanted_hotkey,
self.load_tooltip,
199)
idaapi.register_action(produce_desc)
idaapi.register_action(load_desc)
idaapi.attach_action_to_menu(os.path.join(self.menu_tab, 'Produce file/'),
self.produce_action_name,
idaapi.SETMENU_APP)
idaapi.attach_action_to_menu(os.path.join(self.menu_tab, 'Load file/'),
self.load_action_name,
idaapi.SETMENU_APP)
else:
self.menu_context.append(
idaapi.add_menu_item(os.path.join(self.menu_tab, 'Load file/'),
"Rizzo signature file...",
"",
0,
rizzo_load,
(None,)))
self.menu_context.append(
idaapi.add_menu_item(os.path.join(self.menu_tab, 'Produce file/'),
"Rizzo signature file...",
"",
0,
rizzo_produce,
(None,)))
return idaapi.PLUGIN_KEEP
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
fluorescence_desc = idaapi.action_desc_t(self.fluorescence_action_name,
self.menu_name,
FluorescenceActionHandler(),
self.wanted_hotkey,
'Highlights function calls.',
199)
idaapi.register_action(fluorescence_desc)
idaapi.attach_action_to_menu(self.menu_tab, self.fluorescence_action_name, idaapi.SETMENU_APP)
else:
self.context_menu = idaapi.add_menu_item(self.menu_tab, self.menu_name, "", 0, self.highlight, (None,))
return idaapi.PLUGIN_KEEP
def show_win():
x = mycv_t()
if not x.Create():
print "Failed to create!"
return None
x.Show()
tcc = x.GetTCustomControl()
# Register actions
for thing in ["Hello", "World"]:
actname = "custview:say_%s" % thing
idaapi.register_action(idaapi.action_desc_t(actname, "Say %s" % thing, say_something_handler_t(thing)))
idaapi.attach_action_to_popup(tcc, None, actname)
return x
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
# 199 is a default icon.
action_desc = idaapi.action_desc_t(self.action_name,
self.menu_name,
MipsRopHandler(),
self.wanted_hotkey,
self.wanted_tooltip,
199)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(self.root_tab, self.action_name, idaapi.SETMENU_APP)
else:
self.menu_context = idaapi.add_menu_item("Search/", self.menu_name, "", 0, self.run, (None,))
return idaapi.PLUGIN_KEEP
def registerAction(self, addToToolBar = True):
action_desc = idaapi.action_desc_t(
self.id, # The action id
self.name, # The action text.
self, # The action handler.
self.shortcut, # Optional: the action shortcut
self.tooltip, # Optional: the action tooltip (available in menus/toolbar)
self.icon) # Optional: the action icon (shows when in menus/toolbars)
if not idaapi.register_action(action_desc):
return False
if not idaapi.attach_action_to_menu(self.menuPath, self.id, 0):
return False
if addToToolBar:
if not idaapi.attach_action_to_toolbar("SearchToolBar", self.id):
return False
return True
def registerAction(self):
action_desc = idaapi.action_desc_t(
self.id,
self.name,
self,
"",
self.tooltip,
self.icon
)
if not idaapi.register_action(action_desc):
return False
if not idaapi.attach_action_to_menu(self.menuPath, self.id, 0):
return False
if not idaapi.attach_action_to_toolbar("AnalysisToolBar", self.id):
return False
return True
def init(self):
if idaapi.IDA_SDK_VERSION >= 700:
action_desc = idaapi.action_desc_t(self.action_name,
self.menu_name,
MipsSavedRegistersAction(),
self.wanted_hotkey,
self.wanted_tooltip,
199)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(self.menu_tab, self.action_name, idaapi.SETMENU_APP)
else:
self.menu_context = idaapi.add_menu_item(self.menu_tab,
self.menu_name,
"",
0,
name_saved_registers,
(None,))
return idaapi.PLUGIN_KEEP
def _init_action_recursive(self):
"""
Register the recursive rename action with IDA.
"""
# load the icon for this action
self._recursive_icon_id = idaapi.load_custom_icon(plugin_resource("recursive.png"))
# describe the action
action_desc = idaapi.action_desc_t(
self.ACTION_RECURSIVE, # The action name.
"Recursive function prefix", # The action text.
IDACtxEntry(recursive_prefix_cursor), # The action handler.
None, # Optional: action shortcut
"Recursively prefix callees of this function", # Optional: tooltip
self._recursive_icon_id # Optional: the action icon
)
# register the action with IDA
assert idaapi.register_action(action_desc), "Action registration failed"
def _init_action_clear(self):
"""
Register the clear prefix action with IDA.
"""
# load the icon for this action
self._clear_icon_id = idaapi.load_custom_icon(plugin_resource("clear.png"))
# describe the action
action_desc = idaapi.action_desc_t(
self.ACTION_CLEAR, # The action name.
"Clear prefixes", # The action text.
IDACtxEntry(clear_prefix), # The action handler.
None, # Optional: action shortcut
"Clear user prefixes from the selected functions", # Optional: tooltip
self._clear_icon_id # Optional: the action icon
)
# register the action with IDA
assert idaapi.register_action(action_desc), "Action registration failed"
def _init_action_bulk(self):
"""
Register the bulk prefix action with IDA.
"""
# load the icon for this action
self._bulk_icon_id = idaapi.load_custom_icon(plugin_resource("bulk.png"))
# describe the action
action_desc = idaapi.action_desc_t(
self.ACTION_BULK, # The action name.
"Prefix selected functions", # The action text.
IDACtxEntry(bulk_prefix), # The action handler.
None, # Optional: action shortcut
"Assign a user prefix to the selected functions", # Optional: tooltip
self._bulk_icon_id # Optional: the action icon
)
# register the action with IDA
assert idaapi.register_action(action_desc), "Action registration failed"
def ui_init(self):
"""Initializes the plugins interface extensions."""
# Register menu entry.
# @HR: I really preferred the pre-6.5 mechanic.
zelf = self
class MenuEntry(idaapi.action_handler_t):
def activate(self, ctx):
zelf.open_proj_creation_dialog()
return 1
def update(self, ctx):
return idaapi.AST_ENABLE_ALWAYS
action = idaapi.action_desc_t(
'continuum_new_project',
"New continuum project...",
MenuEntry(),
)
idaapi.register_action(action)
idaapi.attach_action_to_menu("File/Open...", 'continuum_new_project', 0)
# Alright, is an IDB loaded? Pretend IDB open event as we miss the callback
# when it was loaded before our plugin was staged.
if GetIdbPath():
self.core.handle_open_idb(None, None)
# Register hotkeys.
idaapi.add_hotkey('Shift+F', self.core.follow_extern)
# Sign up for events.
self.core.project_opened.connect(self.create_proj_explorer)
self.core.project_closing.connect(self.close_proj_explorer)
self.core.client_created.connect(self.subscribe_client_events)
# Project / client already open? Fake events.
if self.core.project:
self.create_proj_explorer(self.core.project)
if self.core.client:
self.subscribe_client_events(self.core.client)
# if the function itself is selected, show xrefs to it.
self.sel = item.f
return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
class hexrays_callback_info(object):
def __init__(self):
return
def event_callback(self, event, *args):
try:
if event == idaapi.hxe_populating_popup:
form, phandle, vu = args
idaapi.attach_action_to_popup(form, phandle, "vdsxrefs:show", None)
except:
traceback.print_exc()
return 0
if idaapi.init_hexrays_plugin():
adesc = idaapi.action_desc_t('vdsxrefs:show', 'Show xrefs', show_xrefs_ah_t(), "Ctrl+X")
if idaapi.register_action(adesc):
i = hexrays_callback_info()
idaapi.install_hexrays_callback(i.event_callback)
else:
print "Couldn't register action."
else:
print 'hexrays is not available.'
def populate_form(self):
'''
Populate form contents
'''
# Main layout
# ---------------------
main_layout = QtWidgets.QVBoxLayout()
self.parent.setLayout(main_layout)
# Choose file group box
# ---------------------
choose_file_groupbox = QtWidgets.QGroupBox(
"Choose file to load (interproc or apitracer binary file)")
choose_file_groupbox_layout = QtWidgets.QHBoxLayout()
choose_file_groupbox.setLayout(choose_file_groupbox_layout)
main_layout.addWidget(choose_file_groupbox)
# Line edit
self.choose_file_lineedit = QtWidgets.QLineEdit("")
self.choose_file_lineedit.setReadOnly(True)
# Select button
btn_selectfile = QtWidgets.QPushButton('Select', self.parent)
width = btn_selectfile.fontMetrics().boundingRect(
'Select').width() + 30
btn_selectfile.setMaximumWidth(width)
btn_selectfile.clicked.connect(self.show_file_dialog)
# Load functions button
self.btn_loadfile = QtWidgets.QPushButton(
'Load functions', self.parent)
width = self.btn_loadfile.fontMetrics().boundingRect(
'Load functions').width() + 30
self.btn_loadfile.setMaximumWidth(width)
self.btn_loadfile.setEnabled(False)
self.btn_loadfile.clicked.connect(self.load_file)
choose_file_groupbox_layout.addWidget(self.choose_file_lineedit)
choose_file_groupbox_layout.addWidget(btn_selectfile)
choose_file_groupbox_layout.addWidget(self.btn_loadfile)
# Choose PID groupbox
# ---------------------
choose_pid_groupbox = QtWidgets.QGroupBox("Choose PID to visualize")
choose_pid_groupbox_layout = QtWidgets.QHBoxLayout()
choose_pid_groupbox.setLayout(choose_pid_groupbox_layout)
main_layout.addWidget(choose_pid_groupbox)
# Combobox
self.combo_pids = QtWidgets.QComboBox()
self.combo_pids.setEditable(False)
self.combo_pids.currentIndexChanged[
'QString'].connect(self.combo_pids_changed)
choose_pid_groupbox_layout.addWidget(self.combo_pids)
# Apply button
btn_apply = QtWidgets.QPushButton('Apply', self.parent)
width = btn_apply.fontMetrics().boundingRect('Apply').width() + 30
btn_apply.setMaximumWidth(width)
btn_apply.clicked.connect(self.apply_functions)
choose_pid_groupbox_layout.addWidget(btn_apply)
# Apply and rename button
btn_apply_rename = QtWidgets.QPushButton(
'Apply and rename', self.parent)
width = btn_apply.fontMetrics().boundingRect(
'Apply and rename').width() + 30
btn_apply_rename.setMaximumWidth(width)
btn_apply_rename.clicked.connect(
functools.partial(self.apply_functions, rename=True))
choose_pid_groupbox_layout.addWidget(btn_apply_rename)
# Filters groupbox
# ---------------------
filter_groupbox = QtWidgets.QGroupBox("Filter functions")
filter_groupbox_layout = QtWidgets.QGridLayout()
filter_groupbox_layout.setSpacing(10)
filter_groupbox.setLayout(filter_groupbox_layout)
main_layout.addWidget(filter_groupbox)
# Filter 1 - Function name
filter1_label = QtWidgets.QLabel()
filter1_label.setText("Function name")
filter_groupbox_layout.addWidget(filter1_label, 1, 0)
self.filter_fname_lineedit = QtWidgets.QLineEdit("")
self.filter_fname_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_fname_lineedit, 1, 1)
self.filter_fname_lineedit.textEdited.connect(self.filter_edited)
# Filter 2 - Dll name
filter2_label = QtWidgets.QLabel()
filter2_label.setText("DLL name")
filter_groupbox_layout.addWidget(filter2_label, 2, 0)
self.filter_dll_lineedit = QtWidgets.QLineEdit("")
self.filter_dll_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_dll_lineedit, 2, 1)
self.filter_dll_lineedit.textEdited.connect(self.filter_edited)
# Filter 3 - Caller
filter3_label = QtWidgets.QLabel()
filter3_label.setText("Caller")
filter_groupbox_layout.addWidget(filter3_label, 3, 0)
self.filter_caller_lineedit = QtWidgets.QLineEdit("")
self.filter_caller_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_caller_lineedit, 3, 1)
self.filter_caller_lineedit.textEdited.connect(self.filter_edited)
# Filter 4 - Return
filter4_label = QtWidgets.QLabel()
filter4_label.setText("Return")
filter_groupbox_layout.addWidget(filter4_label, 4, 0)
self.filter_return_lineedit = QtWidgets.QLineEdit("")
self.filter_return_lineedit.setReadOnly(False)
filter_groupbox_layout.addWidget(self.filter_return_lineedit, 4, 1)
self.filter_return_lineedit.textEdited.connect(self.filter_edited)
# QTreeView
# ----------------------
self.treeview = QtWidgets.QTreeView()
main_layout.addWidget(self.treeview)
self.treemodel = QtGui.QStandardItemModel()
self.treemodel.setHorizontalHeaderLabels(
["Function", "Dll", "Caller", "Return"])
self.treeview.setModel(self.treemodel)
# Keyboard shortcut, and action handler
# -------------------------------------
handler = MyActionHandler(self.show_func_dialog)
self.menu_action = idaapi.action_desc_t('pyrebox:show_funcs',
'Show function arguments',
handler,
'Ctrl+Alt+S',
'Show function arguments',
0)
idaapi.register_action(self.menu_action)
# Regular menu entry
# -------------------------------------
# The relative path of where to add the action
idaapi.attach_action_to_menu('Edit/Other/Show function arguments...',
'pyrebox:show_funcs',
# The action ID (see above)
idaapi.SETMENU_APP)
name = demangled_output[0].strip()
demangled_name = demangled_output[1].strip()
if name == demangled_name:
continue
count += 1
self.comment_xrefs(funcea, demangled_name)
print 'Successfully demangled %d functions' % count
def demangle(self, name):
return subprocess.check_output(['/usr/bin/swift-demangle', name])
def comment_xrefs(self, ea, comment):
for xref in XrefsTo(ea):
idaapi.add_long_cmt(xref.frm, 1, comment)
action_desc = idaapi.action_desc_t(
'swift-demangle',
'Demangle swift functions',
SwiftDemangle(),
)
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/Plugins/Jump to next fixup',
'swift-demangle',
idaapi.SETMENU_APP,
)
"\x18\x90\x22\x0A\x98\x8C\x46\xF0\x54\x14\x42\x6D\x7D\x3B\xE4\x1C\x75\x41\xAD\xB7\x1D\x3C\x55\x85\x60\x32\x19\x41\x8A\x2A\xDC\x57\x5C\x74\x12\x28\x47\xA5\x8E\x44\xE4\xF0\x76\x5B",
"\x82\xA6\xCD\x5B\x0D\xB2\x12\xE6\xE4\x06\xB5\x1A\x66\xA7\x26\x41\x92\xC2\xA0\xD5\x6A\x60\x67\x92\x19\xAE\x7B\xCE\x70\x4D\x15\xAB\x01\xAD\xC1\x08\x3F\x46\x64\x6E\x8E\x9D\xF9\x13",
"\xE8\x1A\xFF\xE4\x63\x8A\x0E\xE6\x02\x41\xF8\x3F\x18\x82\x40\x28\x04\xFD\xDD\x75\xF0\xB6\xFF\x2E\x75\x9A\x89\x27\x9D\xFB\xC8\x4F\x39\xBE\xE0\xB4\xAB\xCE\x35\xFE\x71\x00\x16\x17",
"\x25\x76\x50\x26\x76\x6B\x61\x86\x08\xE4\x1D\xAF\x81\xBC\x13\x97\xA9\xD3\x4C\x3C\xE9\xDC\x47\x7E\xCA\xF1\x05\x0C\x5F\x7D\xFE\xEF\x35\x03\xAF\x9F\x00\xB0\x73\x30\x9A\xE2\x81\x0E",
"\xF6\xC1\xED\x52\xB8\x77\xAB\x98\x3A\xCD\xC4\x73\x9D\x7C\x6F\xDE\xF9\xCF\x53\x0E\xFE\xA9\xCD\xAE\xB3\x87\xCE\x75\x35\x54\xE1\xD0\xCB\x47\x38\x39\x36\x88\xFF\x4D\xF8\x57\x41\x33",
"\xF1\xA4\x93\x0F\x00\x36\xAD\x3E\x4C\x6B\xC5\xC9\x5D\x77\x6A\x2F\xB4\x31\xA3\xC4\x40\x4F\x21\x0F\xD1\x4C\x3C\xE9\x2B\xE1\xF5\x0B\xD6\x90\xC8\x90\x4C\xE6\x35\xD0\xCC\x79\x5E\xFF",
"\x2E\xF8\x0B\x2F\x3D\xE5\xC3\x97\x06\xCF\xCF\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82"])
act_icon = idaapi.load_custom_icon(data=icon_data, format="png")
hooks = None
act_name = "example:add_action"
if idaapi.register_action(idaapi.action_desc_t(
act_name, # Name. Acts as an ID. Must be unique.
"Say hi!", # Label. That's what users see.
SayHi("developer"), # Handler. Called when activated, and for updating
"Ctrl+F12", # Shortcut (optional)
"Greets the user", # Tooltip (optional)
act_icon)): # Icon ID (optional)
print("Action registered. Attaching to menu.")
# Insert the action in the menu
if idaapi.attach_action_to_menu("Edit/Export data", act_name, idaapi.SETMENU_APP):
print("Attached to menu.")
else:
print("Failed attaching to menu.")
# Insert the action in a toolbar
if idaapi.attach_action_to_toolbar("AnalysisToolBar", act_name):
print("Attached to toolbar.")
else:
"Symbolic Execution - 0x%x to 0x%x" % (start, end)):
return
view.Show()
# Support ida 6.9 and ida 7
all_views = []
hooks = Hooks()
hooks.hook()
action_expand = idaapi.action_desc_t(
'my:expand',
'Expand',
ActionHandlerExpand(),
'E',
'Expand expression',
50)
action_translate = idaapi.action_desc_t(
'my:translate',
'Translate',
ActionHandlerTranslate(),
'T',
'Translate expression in C/python/z3...',
103)
idaapi.register_action(action_expand)
idaapi.register_action(action_translate)
def init(self):
self.hexrays_inited = False
self.registered_actions = []
self.registered_hx_actions = []
global ARCH
global BITS
ARCH = idaapi.ph_get_id()
info = idaapi.get_inf_structure()
if info.is_64bit():
BITS = 64
elif info.is_32bit():
BITS = 32
else:
BITS = 16
print "LazyIDA (v1.0.0.3) plugin has been loaded."
# Register menu actions
menu_actions = (
idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80),
idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8),
idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38),
idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201),
idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201),
idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9),
idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9),
idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160),
)
for action in menu_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Register hotkey actions
hotkey_actions = (
idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0),
)
for action in hotkey_actions:
idaapi.register_action(action)
self.registered_actions.append(action.name)
# Add ui hook
self.ui_hook = UI_Hook()
self.ui_hook.hook()
# Add hexrays ui callback
if idaapi.init_hexrays_plugin():
addon = idaapi.addon_info_t()
addon.id = "tw.l4ys.lazyida"
addon.name = "LazyIDA"
addon.producer = "Lays"
addon.url = "https://github.com/L4ys/LazyIDA"
addon.version = "1.0.0.3"
idaapi.register_addon(addon)
hx_actions = (
idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"),
idaapi.action_desc_t(ACTION_HX_COPYEA, "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"),
idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"),
)
for action in hx_actions:
idaapi.register_action(action)
self.registered_hx_actions.append(action.name)
self.hx_hook = HexRays_Hook()
idaapi.install_hexrays_callback(self.hx_hook.callback)
self.hexrays_inited = True
return idaapi.PLUGIN_KEEP
# -----------------------------------------------------------------------
def test_choose2_embedded():
global c
c = MyChoose2("Choose2 - embedded", nb=12, embedded = True, width=123, height=222)
r = c.Embedded()
if r == 1:
try:
if test_embedded:
o, sel = _idaapi.choose2_get_embedded(c)
print("o=%s, type(o)=%s" % (str(o), type(o)))
test_embedded(o)
finally:
c.Close()
# -----------------------------------------------------------------------
if __name__ == '__main__':
# Register actions
for thing in ["A", "B"]:
actname = "choose2:act%s" % thing
idaapi.register_action(
idaapi.action_desc_t(
actname,
"command %s" % thing,
chooser_handler_t(thing)))
#test_choose2_embedded()
test_choose2(False)
#</pycode(py_choose2ex1)>