def s_create(): db = database.get() name = idaapi.ask_str('', idaapi.HIST_IDENT,'Enter a class name') if name is None: return None if name in database.get().classes_by_name: idaapi.warning('That name is already used.') return None if not Class.s_name_is_valid(name): idaapi.warning('The class name "%s" is invalid.' % name) return None base_class = None base_name = idaapi.ask_str('', idaapi.HIST_IDENT,'Enter a base class name (leave empty for none)') if base_name is None: return None if base_name: if base_name not in db.classes_by_name: idaapi.warning('The class "%s" is not in the database.' % base_name) return None else: base_class = db.classes_by_name[base_name] if not base_class.can_be_derived(): idaapi.warning('The class %s cannot be derived because the VTable is not setup correctly' % base_class.name) return None return Class(name, base_class) '''
def OnKeydown(self, vkey, shift): """ User pressed a key @param vkey: Virtual key code @param shift: Shift flag @return: Boolean. True if you handled the event """ print "OnKeydown, vk=%d shift=%d" % (vkey, shift) # ESCAPE? if vkey == 27: self.Close() # VK_DELETE elif vkey == 46: n = self.GetLineNo() if n is not None: self.DelLine(n) self.Refresh() print "Deleted line %d" % n # Goto? elif vkey == ord('G'): n = self.GetLineNo() if n is not None: v = idaapi.ask_long(self.GetLineNo(), "Where to go?") if v: self.Jump(v, 0, 5) elif vkey == ord('R'): print "refreshing...." self.Refresh() elif vkey == ord('C'): print "refreshing current line..." self.RefreshCurrent() elif vkey == ord('A'): s = idaapi.ask_str("NewLine%d" % self.Count(), 0, "Append new line") self.AddLine(s) self.Refresh() elif vkey == ord('X'): print "Clearing all lines" self.ClearLines() self.Refresh() elif vkey == ord('I'): n = self.GetLineNo() s = idaapi.ask_str("InsertedLine%d" % n, 0, "Insert new line") self.InsertLine(n, s) self.Refresh() elif vkey == ord('E'): l = self.GetCurrentLine(notags=1) if not l: return False n = self.GetLineNo() print "curline=<%s>" % l l = l + idaapi.COLSTR("*", idaapi.SCOLOR_VOIDOP) self.EditLine(n, l) self.RefreshCurrent() print "Edited line %d" % n else: return False return True
def OnKeydown(self, vkey, shift): """ User pressed a key @param vkey: Virtual key code @param shift: Shift flag @return: Boolean. True if you handled the event """ print("OnKeydown, vk=%d shift=%d" % (vkey, shift)) # ESCAPE? if vkey == 27: self.Close() # VK_DELETE elif vkey == 46: n = self.GetLineNo() if n is not None: self.DelLine(n) self.Refresh() print("Deleted line %d" % n) # Goto? elif vkey == ord('G'): n = self.GetLineNo() if n is not None: v = idaapi.ask_long(self.GetLineNo(), "Where to go?") if v: self.Jump(v, 0, 5) elif vkey == ord('R'): print("refreshing....") self.Refresh() elif vkey == ord('C'): print("refreshing current line...") self.RefreshCurrent() elif vkey == ord('A'): s = idaapi.ask_str("NewLine%d" % self.Count(), 0, "Append new line") self.AddLine(s) self.Refresh() elif vkey == ord('X'): print("Clearing all lines") self.ClearLines() self.Refresh() elif vkey == ord('I'): n = self.GetLineNo() s = idaapi.ask_str("InsertedLine%d" % n, 0, "Insert new line") self.InsertLine(n, s) self.Refresh() elif vkey == ord('E'): l = self.GetCurrentLine(notags=1) if not l: return False n = self.GetLineNo() print("curline=<%s>" % l) l = l + idaapi.COLSTR("*", idaapi.SCOLOR_VOIDOP) self.EditLine(n, l) self.RefreshCurrent() print("Edited line %d" % n) else: return False return True
def _make_item(self): """make custom element""" item = [ idaapi.ask_str(str(), 0, "GUID"), idaapi.ask_str(str(), 0, "Name"), idaapi.ask_str(str(), 0, "Module"), idaapi.ask_str(str(), 0, "Service"), ] self.n += 1 return item
def _make_item(self): """make custom element""" item = [ idaapi.ask_str(str(), 0, 'GUID'), idaapi.ask_str(str(), 0, 'Name'), idaapi.ask_str(str(), 0, 'Module'), idaapi.ask_str(str(), 0, 'Service') ] self.n += 1 return item
def _make_item(self): """make custom element""" item = [ idaapi.ask_str('', 0, 'Address'), idaapi.ask_str('', 0, 'Name'), idaapi.ask_str('', 0, 'Service'), idaapi.ask_str('', 0, 'Place'), idaapi.ask_str('', 0, 'GUID') ] self.n += 1 return item
def _make_item(self): ''' make custom element ''' item = [ idaapi.ask_str('', 0, 'GUID'), idaapi.ask_str('', 0, 'Name'), idaapi.ask_str('', 0, 'Module'), idaapi.ask_str('', 0, 'Service') ] self.n += 1 return item
def run(self, arg): start, end = sark.get_selection() if not sark.structure.selection_has_offsets(start, end): message('No structure offsets in selection. Operation cancelled.') idaapi.warning( 'No structure offsets in selection. Operation cancelled.') return struct_name = idaapi.ask_str(self._prev_struct_name, 0, "Struct Name") if not struct_name: message("No structure name provided. Operation cancelled.") return self._prev_struct_name = struct_name common_reg = sark.structure.get_common_register(start, end) reg_name = idaapi.ask_str(common_reg, 0, "Register") if not reg_name: message("No offsets found. Operation cancelled.") return try: offsets, operands = sark.structure.infer_struct_offsets( start, end, reg_name) except sark.exceptions.InvalidStructOffset: message( "Invalid offset found. Cannot create structure.", "Make sure there are no negative offsets in the selection.") return except sark.exceptions.SarkInvalidRegisterName: message( "Invalid register name {!r}. Cannot create structs.".format( reg_name)) return try: sark.structure.create_struct_from_offsets(struct_name, offsets) except sark.exceptions.SarkStructAlreadyExists: yes_no_cancel = idaapi.ask_yn( idaapi.ASKBTN_NO, "Struct already exists. Modify?\n" "Cancel to avoid applying the struct.") if yes_no_cancel == idaapi.ASKBTN_CANCEL: return elif yes_no_cancel == idaapi.ASKBTN_YES: sid = sark.structure.get_struct(struct_name) sark.structure.set_struct_offsets(offsets, sid) else: # yes_no_cancel == idaapi.ASKBTN_NO: pass sark.structure.apply_struct(start, end, reg_name, struct_name)
def bulk_prefix(): """ Prefix the Functions window selection with a user defined string. """ # prompt the user for a prefix to apply to the selected functions tag = idaapi.ask_str(PREFIX_DEFAULT, 0, "Function Tag") # the user closed the window... ignore if tag == None: return # the user put a blank string and hit 'okay'... notify & ignore elif tag == '': idaapi.warning("[ERROR] Tag cannot be empty [ERROR]") return # # loop through all the functions selected in the 'Functions window' and # apply the user defined prefix tag to each one. # for func_name in get_selected_funcs(): # ignore functions that already have the specified prefix applied if func_name.startswith(tag): continue # apply the user defined prefix to the function (rename it) new_name = '%s%s%s' % (str(tag), PREFIX_SEPARATOR, func_name) func_addr = idaapi.get_name_ea(idaapi.BADADDR, func_name) idaapi.set_name(func_addr, new_name, idaapi.SN_NOWARN) # refresh the IDA views refresh_views()
def slot_change_rule_author(self): """ """ author = idaapi.ask_str(str(settings.user.get("rulegen_author", "")), 0, "Enter default rule author") if author: settings.user["rulegen_author"] = author idaapi.info("Run analysis again for your changes to take effect.")
def run(self, arg): try: self._data = dict() fn = idaapi.get_func(idaapi.get_screen_ea()) if idaapi.IDA_SDK_VERSION >= 700: orig_name = idaapi.get_func_name(idaapi.get_screen_ea()) addr_str = '{:x}'.format(self.start_ea_of(fn)) print("checking function start addr: ", addr_str) #set default name if orig_name.lower().find(addr_str): default_name = orig_name else: default_name = orig_name + '_' + addr_str #append current function address as sufix as default user_name = idaapi.ask_str(default_name, 0, 'New name:') else: user_name = idaapi.askstr( 0, default_name, 'New name:') #jeanfixme: check old version support if user_name == '': return if orig_name == user_name: return #if len(fn_an['math']) < self._MIN_MAX_MATH_OPS_TO_ALLOW_RENAME: jeanfixme: check the max length can be set here force_name(self.start_ea_of(fn), user_name) print("rename \"" + str(orig_name) + "\" to " + str(user_name)) user_prefix = user_name.lower().replace(addr_str, '') query = 'Use \"' + user_prefix + '\" to rename the callers\' names' #yesno= idaapi.askyn_c(1, query) jeanfixme: check how to interact with user yesno = idaapi.ask_str( "yes", 0, query) #jeanfixme: check how to interact with user #user the rename the parrents if yesno == 'yes': #rename the parent print "start rename parents.." self.rename_parents(fn, user_prefix, 1) except: idaapi.msg('Ancestor RE: error: %s\n' % traceback.format_exc())
def slot_change_rule_scope(self): """ """ scope = idaapi.ask_str( str(settings.user.get("rulegen_scope", "function")), 0, "Enter default rule scope") if scope: settings.user["rulegen_scope"] = scope idaapi.info("Run analysis again for your changes to take effect.")
def btn_dfs_test_1(self, code=0): addr_t = idaapi.ask_str('', 0, '请输入回溯起点地址') reg_t = idaapi.ask_str('', 0, '请输入回溯寄存器') reg = regt2reg(reg_t) if (addr_t and addr_t != '') and (reg != -1): try: addr_t = int(addr_t, 16) except Exception: FELogger.warn("无效地址") return FELogger.info("从地址%s回溯寄存器[%s]" % (hexstr(addr_t), REG[reg])) tracer = FEArgsTracer(addr_t, reg, 256) source_addr = tracer.run() print('source_addr: ', source_addr) else: FELogger.warn("请输入起点地址和寄存器")
def autoenum(self): common_value = get_common_value() enum_name = idaapi.ask_str(self._last_enum, 0, "Enum Name") if enum_name is None: return if not enum_name: enum_name = None self._last_enum = enum_name # Can't ask with negative numbers. if common_value >> ((8 * sark.core.get_native_size()) - 1): common_value = 0 const_value = idaapi.ask_long(common_value, "Const Value") if const_value is None: return modify = True try: enum = sark.add_enum(enum_name) except sark.exceptions.EnumAlreadyExists: enum = sark.Enum(enum_name) yes_no_cancel = idaapi.ask_yn(idaapi.ASKBTN_NO, "Enum already exists. Modify?\n") if yes_no_cancel == idaapi.ASKBTN_CANCEL: return elif yes_no_cancel == idaapi.ASKBTN_YES: modify = True else: # yes_no_cancel == idaapi.ASKBTN_NO: modify = False member_name = const_name(enum, const_value) if modify: try: enum.members.add(member_name, const_value) except sark.exceptions.SarkErrorAddEnumMemeberFailed as ex: idaapi.msg("[AutoEnum] Adding enum member failed: {}.".format( ex.message)) else: for member in enum.members: if member.value == const_value: member_name = member.name break else: return # Apply the enum apply_enum_by_name(enum, member_name)
def client(self): if self._client is None: if not self.cfg['token']: self.cfg['token'] = idaapi.ask_str("", 0, "{} Token:".format(self.name)) assert self.cfg['token'] if self.cfg['url']: self._client = bai.client.Client(self.cfg['token'], self.cfg['url']) else: self._client = bai.client.Client(self.cfg['token']) return self._client
def btn_dfs_test_2(self, code=0): tgt_t = idaapi.ask_str('', 0, '请输入函数名') reg_t = idaapi.ask_str('', 0, '请输入回溯寄存器') reg = regt2reg(reg_t) if (tgt_t and tgt_t != '') and (reg != -1): for func_addr_t in idautils.Functions(): func_name_t = idaapi.get_func_name(func_addr_t) if func_name_t == tgt_t: for xref_addr_t in idautils.CodeRefsTo(func_addr_t, 0): if idaapi.get_func(xref_addr_t): FELogger.info("从地址%s回溯寄存器[%s]" % (hexstr(xref_addr_t), REG[reg])) tracer = FEArgsTracer(xref_addr_t, reg, max_node=256) source_addr = tracer.run() print('source_addr: ', source_addr) break else: FELogger.warn("请输入函数名和寄存器")
def jump_to(self): current = self.base_expr if self.base_expr is not None else "" b = idaapi.ask_str(current, 0, "Sync with") if b and len(b) > 0: try: self.base_expr = b self.reload_info() except: idaapi.warning("Invalid expression") else: self.base_addr = None
def main(): dllname = idaapi.ask_str('kernel32', 0, "Enter module name") if not dllname: print("Cancelled") return imports, R = find_import_ref(dllname) for k, v in R.items(): print(imports[k][1]) for ea in v: print("\t%x" % ea)
def _rename_ea_requested(self, addr, name_idx): old_name = name_idx.data() if idaapi.IDA_SDK_VERSION >= 700: new_name = idaapi.ask_str(str(old_name), 0, 'New name:') else: new_name = idaapi.askstr(0, str(old_name), 'New name:') if new_name is None: return self._rename(addr, new_name) renamed_name = idaapi.get_ea_name(addr) name_idx.model().setData(name_idx, renamed_name)
def activate(self, temp_struct): new_type_declaration = idaapi.ask_str(self.type_name, 0x100, "Enter type:") if new_type_declaration is None: return result = idc.parse_decl(new_type_declaration, 0) if result is None: return _, tp, fld = result tinfo = idaapi.tinfo_t() tinfo.deserialize(idaapi.cvar.idati, tp, fld, None) self.tinfo = tinfo self.is_array = False
def try_set_typedef(self, t): val = idaapi.ask_str('', idaapi.HIST_IDENT, 'Enter typedef value') if val is None: return val_segs = val.split() itanium_mangler.fix_multi_seg_types(val_segs) if len(val_segs) != 1 or ( val_segs[0] not in itanium_mangler.BUILTIN_TYPES and not itanium_mangler.check_identifier(val_segs[0])): idaapi.warning('That value is invalid.') return database.get().typedefs[t] = val.strip() self.update_list()
def recursive_prefix(addr): """ Recursively prefix a function tree with a user defined string. """ func_addr = idaapi.get_name_ea(idaapi.BADADDR, idaapi.get_func_name(addr)) if func_addr == idaapi.BADADDR: idaapi.msg("Prefix: 0x%08X does not belong to a defined function\n" % addr) return # NOTE / COMPAT: # prompt the user for a prefix to apply to the selected functions if using_ida7api: tag = idaapi.ask_str(PREFIX_DEFAULT, 0, "Function Tag") else: tag = idaapi.askstr(0, PREFIX_DEFAULT, "Function Tag") # the user closed the window... ignore if tag == None: return # the user put a blank string and hit 'okay'... notify & ignore elif tag == '': idaapi.warning("[ERROR] Tag cannot be empty [ERROR]") return # recursively collect all the functions called by this function nodes_xref_down = graph_down(func_addr, path=set([])) # graph_down returns the int address needs to be converted tmp = [] tmp1 = '' for func_addr in nodes_xref_down: tmp1 = idaapi.get_func_name(func_addr) if tmp1: tmp.append(tmp1) nodes_xref_down = tmp # prefix the tree of functions for rename in nodes_xref_down: func_addr = idaapi.get_name_ea(idaapi.BADADDR, rename) if tag not in rename: idaapi.set_name(func_addr, '%s%s%s' % (str(tag), PREFIX_SEPARATOR, rename), idaapi.SN_NOWARN) # refresh the IDA views refresh_views()
def run(self, arg=0): jump_str = idaapi.ask_str("", 0, "Jump expression...") if jump_str != None: try: open_deref = jump_str.count("[") close_deref = jump_str.count("]") if close_deref < open_deref: jump_str += "]" * (open_deref - close_deref) if open_deref < close_deref: debug_out("mismatched dereferences") else: result = self.parser.parse(jump_str, lexer=self.lexer) debug_out("resolved to %08x" % result) idaapi.jumpto(result) except: debug_out("problem parsing")
def handle_add(self): t = idaapi.ask_str('', idaapi.HIST_IDENT, 'Enter typedef name') if t is None: return if t in database.get().typedefs: idaapi.warning('That name is already used.') return if not itanium_mangler.check_identifier(t): idaapi.warning('That name is invalid.') return # Todo: prevent overwriting builtins self.try_set_typedef(t)
def modify_value(self): reg = self.get_selected_reg() if not reg: return reg_val = idc.get_reg_value(reg) b = idaapi.ask_str("0x%X" % reg_val, 0, "Modify register value") if b is not None: try: value = int(idaapi.str2ea(b)) idc.set_reg_value(value, reg) self.reload_info() if reg == dbg.registers.flags: self.reload_flags_view() except: idaapi.warning("Invalid expression")
def modify_value(self): ea = self.get_current_expr_ea() if not ea or not idaapi.is_loaded(ea): return stack_val = 0 if idaapi.inf_is_64bit(): stack_val = ida_bytes.get_qword(ea) else: stack_val = ida_bytes.get_dword(ea) b = idaapi.ask_str("0x%X" % stack_val, 0, "Modify value") if b is not None: try: value = int(idaapi.str2ea(b)) if idaapi.inf_is_64bit(): idc.patch_qword(ea, value) else: idc.patch_dword(ea, value) self.reload_info() except: idaapi.warning("Invalid expression")
def handle_set_name(self): if self.edit_class is None: return new_name = idaapi.ask_str(self.edit_class.name, idaapi.HIST_IDENT, 'Enter a class name') if new_name is None or new_name == self.edit_class.name: return if new_name in database.get().classes_by_name: idaapi.warning('That name is already used.') return if not database_entries.Class.s_name_is_valid(new_name): idaapi.warning('The class name "%s" is invalid.' % new_name) return self.edit_class.rename(new_name) self.update_fields() self.parent_gui.update_class(self.edit_class)
def IssueCommand(self): s = idaapi.ask_str(self.last_cmd, 0, "Please enter a debugger command") if not s: return # Save last command self.last_cmd = s # Add it using a different color self.AddLine("debugger>" + idaapi.COLSTR(s, idaapi.SCOLOR_VOIDOP)) try: r = SendDbgCommand(s).split("\n") for s in r: self.AddLine(idaapi.COLSTR(s, idaapi.SCOLOR_LIBNAME)) except: self.AddLine( idaapi.COLSTR( "Debugger is not active or does not export send_dbg_command()", idaapi.SCOLOR_ERROR)) self.Refresh()
def edit_deleted_virtual_vals(self): db = database.get() txt = idaapi.ask_str( ', '.join([('0x%X' % x) for x in db.deleted_virtual_vals]), idaapi.HIST_IDENT, "Enter deleted virtual values") if txt is None or not txt.strip(): return new_deleted_virtual_vals = [] for s in txt.split(','): try: new_deleted_virtual_vals.append(int(s, 0)) except ValueError: idaapi.warning( 'Parsing "%s" failed. Deleted virtual values were not modified.' % s) return db.deleted_virtual_vals = new_deleted_virtual_vals
def rename_immediate(): highlighted = sark.get_highlighted_identifier() try: desired = int(highlighted, 0) except (ValueError, TypeError): desired = None value = idaapi.ask_long(get_common_value(desired), "Const Value") if value is None: return name = idaapi.ask_str("", 0, "Constant Name") if name is None: return try: enum = sark.Enum('GlobalConstants') except sark.exceptions.EnumNotFound: enum = sark.add_enum('GlobalConstants') enum.members.add(name, value) apply_enum_by_name(enum, name)
def run(): idc.auto_wait() analyser = Analyser() if analyser.valid: analyser.print_all() analyser.analyse_all() if not analyser.valid: analyser.arch = idaapi.ask_str( 'x86 / x64', 0, 'Set architecture manually (x86 or x64)') if analyser.arch == 'x86': analyser.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86 elif analyser.arch == 'x64': analyser.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64 else: return False analyser.print_all() analyser.analyse_all() if analyser.Protocols['all']: wind = ProtsWindow(f'{NAME} protocol explorer', analyser, nb=10) wind.show() return True