def finish_populating_tform_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
# We will attach our action to the context menu
# for the 'Functions window' widget.
# The action will be be inserted in a submenu of
# the context menu, named 'Others'.
if idaapi.get_tform_type(form) == idaapi.BWN_CALL_STACK:
#line = form.GetCurrentLine()
pass
elif idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
#regs =['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp', 'esp', 'ax', 'bx', 'cx', 'dx', 'ah', 'al', 'bh', 'bl', 'ch', 'cl', 'dh', 'dl']
regs = idaapi.ph_get_regnames()
idaapi.attach_action_to_popup(form, popup, "revCursor:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "dis:action", 'RESim/')
highlighted = idaapi.get_highlighted_identifier()
if highlighted is not None:
if highlighted in regs:
idaapi.attach_action_to_popup(form, popup, "modReg:action", 'RESim/')
else:
addr = getHex(highlighted)
if addr is not None or regFu.isHighlightedEffective():
idaapi.attach_action_to_popup(form, popup, "rev:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "dataWatch:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "revData:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "modMemory:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "stringMemory:action", 'RESim/')
def finish_populating_tform_popup(self, form, popup):
"""
A right click menu is about to be shown.
"""
#
# disassembly window
#
if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS:
#
# if the user cursor isn't hovering over a function ref, there
# is nothing for us to do
#
if get_cursor_func_ref() == idaapi.BADADDR:
return
#
# the user cursor is hovering over a valid target for a recursive
# function prefix. insert the prefix action entry into the menu
#
idaapi.attach_action_to_popup(form, popup,
prefix_t.ACTION_RECURSIVE, "Rename",
idaapi.SETMENU_APP)
#
# functions window
#
elif idaapi.get_tform_type(form) == idaapi.BWN_FUNCS:
# inject the 'Bulk' function prefix action
idaapi.attach_action_to_popup(form, popup, prefix_t.ACTION_BULK,
"Delete function(s)...",
idaapi.SETMENU_INS)
# inject the 'Clear prefix' action
idaapi.attach_action_to_popup(form, popup, prefix_t.ACTION_CLEAR,
"Delete function(s)...",
idaapi.SETMENU_INS)
# inject a menu separator
idaapi.attach_action_to_popup(form, popup, None,
"Delete function(s)...",
idaapi.SETMENU_INS)
# done
return 0
def finish_populating_tform_popup(self, form, popup):
# Insert the action once the context menu
# has been populated.
# Submenu Others
if idaapi.get_tform_type(form) == idaapi.BWN_FUNCS:
idaapi.attach_action_to_popup(form, popup, ACTION_EXEC_TREE,
'Function Tracer/')
def finish_populating_widget_popup(self, form, popup):
try:
b = idaapi.get_widget_type(form) == idaapi.BWN_DISASM
except:
b = idaapi.get_tform_type(form) == idaapi.BWN_DISASM
if b:
# Add separator
idaapi.attach_action_to_popup(form, popup, None, None)
# Add actions
try:
currentAddress = idc.get_screen_ea()
except:
currentAddress = idc.ScreenEA()
if currentAddress in [
node.node_id
for node in self.cc.PatternGenerator.targetNodes
]:
idaapi.attach_action_to_popup(form, popup,
"grap:pg:remove_target", None)
elif self.cc.PatternGenerator.rootNode is None or currentAddress != self.cc.PatternGenerator.rootNode.node_id:
idaapi.attach_action_to_popup(form, popup, "grap:pg:set_root",
None)
idaapi.attach_action_to_popup(form, popup,
"grap:pg:add_target", None)
def populating_tform_popup(self, form, popup):
global highlight
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
highlight = idaapi.get_highlight(form)
if highlight:
idaapi.update_action_label("search:action", "Search Google for \"" + highlight[0] + "\"")
idaapi.attach_action_to_popup(form, popup, "search:action", None)
def finish_populating_tform_popup(self, form, popup):
# disassembly window
if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS:
if get_cursor_func_ref() == idaapi.BADADDR:
return
idaapi.attach_action_to_popup(
form,
popup,
funcref_t.ACTION_COPY
)
# functions window
elif idaapi.get_tform_type(form) == idaapi.BWN_FUNCS:
idaapi.attach_action_to_popup(form, popup, funcref_t.ACTION_BULK, "Copy All", idaapi.SETMENU_INS)
return 0
def finish_populating_tform_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup,
ShowXrefsGraphFrom.get_name(),
'')
idaapi.attach_action_to_popup(form, popup,
ShowXrefsGraphTo.get_name(), '')
def get_custom_viewer_hint(self, view, place):
try:
tform = idaapi.get_current_tform()
if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM:
return None
curline = idaapi.get_custom_viewer_curline(view, True)
_, x, y = idaapi.get_custom_viewer_place(view, True)
ea = place.toea()
# "color" is a bit of misnomer: its the type of the symbol currently hinted
color = get_color_at_char(curline, x)
if color != idaapi.COLOR_ADDR:
return None
# for COLOR_ADDR tokens, we get something like:
# 401000sub_401000
# so we will need to prune the address from the start before we can use it :-(
token = get_token_at_char(curline, x)
# enumerate the operands of the instruction at this address
# and search the token for the operand text
func_name = None
for i in range(3):
o = idc.GetOpnd(ea, i)
if not o:
break
# if we have `offset sub_401000`, we want: `sub_401000`
if ' ' in o:
o = o.partition(' ')[2]
if o in token:
func_name = o
break
if not func_name:
return None
# get the address given the function name
fva = idc.LocByName(func_name)
if not fva:
return None
# ensure its actually a function
if not idaapi.get_func(fva):
return None
# this magic constant "1" is the number of "important lines" to display by default.
# the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines.
return render_function_hint(fva), 1
except Exception as e:
print(
'CallsHintsPlugin: error: %s. Get in touch with @williballenthin.'
% (str(e)))
return None
def finish_populating_tform_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, MarkReachableNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkUnReachableNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkReachingNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkNotReachingNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkExits.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkClearHandler.get_name(), "Mark/")
def finish_populating_tform_popup(self, form, popup):
tft = idaapi.get_tform_type(form)
if tft == idaapi.BWN_DISASM:
# Note the 'None' as action name (1st parameter).
# That's because the action will be deleted immediately
# after the context menu is hidden anyway, so there's
# really no need giving it a valid ID.
desc = idaapi.action_desc_t(None, 'Decode IOCTL',
IOCTLDecodeHandler())
idaapi.attach_dynamic_action_to_popup(form, popup, desc, None)
def finish_populating_tform_popup(self, form, popup):
# We'll add our action to all "IDA View-*"s.
# If we wanted to add it only to "IDA View-A", we could
# also discriminate on the widget's title:
#
# if idaapi.get_tform_title(form) == "IDA View-A":
# ...
#
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, act_name, None)
def finish_populating_tform_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, MarkReachableNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkUnReachableNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkReachingNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkNotReachingNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkExits.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkClearHandler.get_name(), "Mark/")
def finish_populating_tform_popup(self, form, popup):
tft = idaapi.get_tform_type(form)
if tft == idaapi.BWN_DISASM:
# Define a silly handler.
# Note the 'None' as action name (1st parameter).
# That's because the action will be deleted immediately
# after the context menu is hidden anyway, so there's
# really no need giving it a valid ID.
idaapi.attach_action_to_popup(form, popup, MyHandler.get_name(),
"-")
def finish_populating_tform_popup(self, form, popup):
form_type = idaapi.get_tform_type(form)
if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
if idaapi.read_selection() or ItemSize(ScreenEA()) > 1:
idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None)
for action in ACTION_CONVERT:
idaapi.attach_action_to_popup(form, popup, action, "Convert/")
if form_type == idaapi.BWN_DISASM and (arch, bits) in [(idaapi.PLFM_386, 32),
(idaapi.PLFM_386, 64),
(idaapi.PLFM_ARM, 32),]:
idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
current_tform = idaapi.get_current_tform()
tform_type = idaapi.get_tform_type(current_tform)
# get the hexrays vdui (if available)
vu = idaapi.get_tform_vdui(current_tform)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif tform_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum())
op_func = idaapi.get_func(op_addr)
if op_func and op_func.startEA == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.startEA == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
current_tform = idaapi.get_current_tform()
tform_type = idaapi.get_tform_type(current_tform)
# get the hexrays vdui (if available)
vu = idaapi.get_tform_vdui(current_tform)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif tform_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum())
op_func = idaapi.get_func(op_addr)
if op_func and op_func.startEA == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.startEA == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
def finish_populating_tform_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
# We will attach our action to the context menu
# for the 'Functions window' widget.
# The action will be be inserted in a submenu of
# the context menu, named 'Others'.
if not self.is_closed and idaapi.get_tform_type(form) == idaapi.BWN_DISASMS:
addr = idc.ScreenEA()
for addr_from, addr_to in self.addrs:
if addr == addr_from:
idaapi.attach_action_to_popup(
form, popup, "pyrebox:show_funcs", "PyREBox/")
break
def finish_populating_tform_popup(self, form, popup):
form_type = idaapi.get_tform_type(form)
if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
if idaapi.read_selection() or ItemSize(ScreenEA()) > 1:
idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None)
idaapi.attach_action_to_popup(form, popup, ACTION_FILLNOP, None)
for action in ACTION_CONVERT:
idaapi.attach_action_to_popup(form, popup, action, "Convert/")
if form_type == idaapi.BWN_DISASM and (ARCH, BITS) in [(idaapi.PLFM_386, 32),
(idaapi.PLFM_386, 64),
(idaapi.PLFM_ARM, 32),]:
idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def finish_populating_tform_popup(self, form, popup):
# TODO - Attach to the functions view.
# if idaapi.get_tform_type(form) == idaapi.BWN_FUNCS:
# idaapi.attach_action_to_popup(
# form, popup, "my:disasmsaction", None)
# Attach to the disassembler view only
if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS:
idaapi.attach_action_to_popup(form, popup, "my:disasmsaction",
None)
idaapi.attach_action_to_popup(form, popup, "my:disasmtracker",
None)
idaapi.attach_action_to_popup(form, popup, "my:invalidatecache",
None)
def finish_populating_tform_popup(self, form, popup):
tft = idaapi.get_tform_type(form)
if tft != idaapi.BWN_DISASM:
return
if not device_type.is_driver():
return
pos = idc.ScreenEA()
# If the second argument to the current selected instruction is an immediately
# then give the option to decode it.
if idc.GetOpType(pos, 1) == 5:
register_dynamic_action(form, popup, 'Decode IOCTL', DecodeHandler())
if pos in ioctl_tracker.ioctl_locs:
register_dynamic_action(form, popup, 'Invalid IOCTL', InvalidHandler())
register_dynamic_action(form, popup, 'Decode All IOCTLs in Function', DecodeAllHandler())
if len(ioctl_tracker.ioctl_locs) > 0:
register_dynamic_action(form, popup, 'Show All IOCTLs', ShowAllHandler())
def get_custom_viewer_hint(self, view, place):
try:
tform = idaapi.get_current_tform()
if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM:
return None
curline = idaapi.get_custom_viewer_curline(view, True)
# sometimes get_custom_viewer_place() returns [x, y] and sometimes [place_t, x, y].
# we want the place_t.
viewer_place = idaapi.get_custom_viewer_place(view, True)
if len(viewer_place) != 3:
return None
_, x, y = viewer_place
ea = place.toea()
# "color" is a bit of misnomer: its the type of the symbol currently hinted
color = get_color_at_char(curline, x)
if color != idaapi.COLOR_ADDR:
return None
# grab the FAR references to code (not necessarilty a branch/call/jump by itself)
far_code_references = [
xref.to for xref in idautils.XrefsFrom(ea, ida_xref.XREF_FAR)
if idc.isCode(idc.GetFlags(xref.to))
]
if len(far_code_references) != 1:
return None
fva = far_code_references[0]
# ensure its actually a function
if not idaapi.get_func(fva):
return None
# this magic constant is the number of "important lines" to display by default.
# the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines.
return render_function_hint(fva), DEFAULT_IMPORTANT_LINES_NUM
except Exception as e:
logger.warning(
'unexpected exception: %s. Get in touch with @williballenthin.',
e,
exc_info=True)
return None
def finish_populating_tform_popup(self, form, popup):
tft = idaapi.get_tform_type(form)
if tft == idaapi.BWN_DISASM: # Disassembly view
descs = []
# Choose either selection or function annotation depending on cursor
selection = idaapi.read_selection()
if selection[0] == True:
descs.append(
idaapi.action_desc_t(
None, 'Annotate selection with line info',
ALI_DISASM_SelectionHandler(
ACTION_ADD_ANNOTATION)))
descs.append(
idaapi.action_desc_t(
None, 'Remove annotations from selection',
ALI_DISASM_SelectionHandler(
ACTION_DEL_ANNOTATION)))
else:
func = idaapi.get_func(ScreenEA())
if func is not None:
descs.append(
idaapi.action_desc_t(
None, 'Annotate function with line info',
ALI_DISASM_FunctionHandler(
ACTION_ADD_ANNOTATION)))
descs.append(
idaapi.action_desc_t(
None, 'Remove annotations from function',
ALI_DISASM_FunctionHandler(
ACTION_DEL_ANNOTATION)))
# Add corresponding action to popup menu
for d in descs:
idaapi.attach_dynamic_action_to_popup(form, popup, d, None)
elif tft == idaapi.BWN_FUNCS: # Functions view
# Add action to popup menu
idaapi.attach_action_to_popup(
form, popup,
type(ali_plugin).action_wfuncs_add_name, None,
idaapi.SETMENU_INS)
idaapi.attach_action_to_popup(
form, popup,
type(ali_plugin).action_wfuncs_del_name, None,
idaapi.SETMENU_INS)
def get_cursor_func_ref():
current_tform = idaapi.get_current_tform()
tform_type = idaapi.get_tform_type(current_tform)
# get the hexrays vdui (if available)
vu = idaapi.get_tform_vdui(current_tform)
if vu:
cursor_addr = vu.item.get_ea()
elif tform_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum())
op_func = idaapi.get_func(op_addr)
if op_func and op_func.startEA == op_addr:
return op_addr
else:
return idaapi.BADADDR
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.startEA == cursor_addr:
return cursor_addr
return idaapi.BADADDR
def finish_populating_tform_popup(self, form, popup):
"""
A right click menu is about to be shown. (IDA 6.x)
"""
inject_prefix_actions(form, popup, idaapi.get_tform_type(form))
return 0
def finish_populating_tform_popup(self, form, popup):
"""
A right click menu is about to be shown.
"""
#
# disassembly window
#
if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS:
#
# if the user cursor isn't hovering over a function ref, there
# is nothing for us to do
#
if get_cursor_func_ref() == idaapi.BADADDR:
return
#
# the user cursor is hovering over a valid target for a recursive
# function prefix. insert the prefix action entry into the menu
#
idaapi.attach_action_to_popup(
form,
popup,
prefix_t.ACTION_RECURSIVE,
"Rename",
idaapi.SETMENU_APP
)
#
# functions window
#
elif idaapi.get_tform_type(form) == idaapi.BWN_FUNCS:
# inject the 'Bulk' function prefix action
idaapi.attach_action_to_popup(
form,
popup,
prefix_t.ACTION_BULK,
"Delete function(s)...",
idaapi.SETMENU_INS
)
# inject the 'Clear prefix' action
idaapi.attach_action_to_popup(
form,
popup,
prefix_t.ACTION_CLEAR,
"Delete function(s)...",
idaapi.SETMENU_INS
)
# inject a menu separator
idaapi.attach_action_to_popup(
form,
popup,
None,
"Delete function(s)...",
idaapi.SETMENU_INS
)
# done
return 0
def get_widget_type(form):
if idaapi.IDA_SDK_VERSION <= 699:
retval = idaapi.get_tform_type(form)
else:
retval = ida_kernwin.get_widget_type(form)
return retval
def finish_populating_widget_popup(self, form, popup):
try:
b = idaapi.get_widget_type(form) == idaapi.BWN_DISASM
except:
b = idaapi.get_tform_type(form) == idaapi.BWN_DISASM
if b:
# Add separator
idaapi.attach_action_to_popup(form, popup, None, None)
# Add actions
try:
currentAddress = idc.get_screen_ea()
except:
currentAddress = idc.ScreenEA()
#if currentAddress in [node.node_id for node in self.cc.PatternGenerator.targetNodes]:
if currentAddress in self.cc.PatternGenerator.coloredNodes:
idaapi.attach_action_to_popup(form, popup,
"grap:pg:match_default", None)
idaapi.attach_action_to_popup(form, popup,
"grap:pg:match_full", None)
idaapi.update_action_label(
"grap:pg:match_full",
self.cc.PatternGenerator.preview_match(
currentAddress, "[grap] Full match", "match_full"))
idaapi.attach_action_to_popup(form, popup,
"grap:pg:match_opcode_arg1",
None)
idaapi.update_action_label(
"grap:pg:match_opcode_arg1",
self.cc.PatternGenerator.preview_match(
currentAddress, "[grap] Opcode+arg1",
"match_opcode_arg1"))
idaapi.attach_action_to_popup(form, popup,
"grap:pg:match_opcode_arg2",
None)
idaapi.update_action_label(
"grap:pg:match_opcode_arg2",
self.cc.PatternGenerator.preview_match(
currentAddress, "[grap] Opcode+arg2",
"match_opcode_arg2"))
idaapi.attach_action_to_popup(form, popup,
"grap:pg:match_opcode", None)
idaapi.update_action_label(
"grap:pg:match_opcode",
self.cc.PatternGenerator.preview_match(
currentAddress, "[grap] Opcode", "match_opcode"))
idaapi.attach_action_to_popup(form, popup,
"grap:pg:match_wildcard", None)
idaapi.attach_action_to_popup(form, popup,
"grap:pg:remove_target", None)
for type in [
"match_default", "match_full", "match_opcode_arg1",
"match_opcode_arg2", "match_opcode", "match_wildcard"
]:
idaapi.update_action_icon("grap:pg:" + type, -1)
if currentAddress not in self.cc.PatternGenerator.targetNodeType:
type = "match_default"
else:
type = self.cc.PatternGenerator.targetNodeType[
currentAddress]
idaapi.update_action_icon("grap:pg:" + type,
self.selected_icon_number)
elif self.cc.PatternGenerator.rootNode is None or currentAddress != self.cc.PatternGenerator.rootNode.node_id:
idaapi.attach_action_to_popup(form, popup, "grap:pg:set_root",
None)
idaapi.attach_action_to_popup(form, popup,
"grap:pg:add_target", None)
def cb(user_data, notification_code, va_list):
'''
example hook_cb_t function that handles custom viewer hints.
Args:
user_data (ctypes.c_void_p): context supplied to callback registration
notification_code (int): one of the UI_NOTIFICATIONS enum values
va_list (ctypes.c_void_p): varargs that must be manually parsed
Returns:
int: see notifiication code documentation for interpretation
Notes:
- This is a closure that expects to have
'''
# this function is called *a lot*, so don't do any heavy lifting
# until you know its the event you want.
# ctypes doesn't support varargs in callback functions.
# so, we need to parse the remaining arguments ourselves.
#
# on windows, varargs are sequential stack locations.
# so, lets access the members like an array of ints/pointers.
#
# WARNING: the following section that manually parses varargs is
# probably architecture and platfrom dependent!
va_list = ctypes.cast(va_list, c_long_p)
if notification_code == UI_NOTIFICATIONS.UI_GET_EA_HINT:
# ea is just a number:
#
# typedef uint32 ea_t
#
# via: https://www.hex-rays.com/products/ida/support/sdkdoc/pro_8h.html#a7b0aeaed04e477c02cf8ea3452002d1a
ea = va_list[0]
buf = ctypes.cast(va_list[1], ctypes.c_char_p)
bufsize = va_list[2]
print('ui_get_ea_hint:')
print('>.. notification code: %s' % (notification_code))
print('>.. ea: %s' % (hex(ea)))
print('>.. buf: %s' % (buf))
print('>.. bufsize: %s' % (hex(bufsize)))
the_hint = datetime.datetime.now().isoformat(' ')
self.dll.qstrncpy(buf, ctypes.c_char_p(the_hint), bufsize)
print('<.. buf: %s' % (buf))
return 1
elif notification_code == UI_NOTIFICATIONS.UI_GET_CUSTOM_VIEWER_HINT:
viewer = ctypes.cast(va_list[0], c_long_p)
place = ctypes.cast(va_list[1], c_long_p)
important_lines = ctypes.cast(va_list[2], c_long_p)
hint = ctypes.cast(va_list[3], c_char_pp)
if not place:
print('ui_get_custom_viewer_hint: invalid place')
return 0
print('ui_get_custom_viewer_hint:')
print('>.. notification code: %s' % (notification_code))
print('>.. important lines: %s %s' %
(important_lines, important_lines.contents))
print('>.. hint: %s %s' % (hint, hint.contents))
# so, we'd like to fetch the EA of the current view.
# ideally, we'd do:
#
# ea = place.toea()
#
# but `place` is a raw c++ object pointer, and ctypes isn't that smart.
# next best would be to do something like:
#
# place = self.dll.get_custom_viewer_place(viewer);
#
# however, this doesn't work because `get_custom_viewer_place` is not an exported routine.
# it seems to be part of the IDA SDK static lib to which plugins link.
#
# next best would be to use `idaapi.get_custom_viewer_place`:
#
# place = idaapi.get_custom_viewer_place(viewer);
#
# but, this doesn't work because we're mixing a ctypes pointer with a swig function.
# so, we'll fall back to querying the current viewer, and fetching the place from there.
# let's only display for disassembly listings
#
# i only know how to test the view/form type using the `get_tform_type` function.
# therefore, we'll first query the current tform, and subsequently the current custom_viewer.
tform = idaapi.get_current_tform()
if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM:
return 0
viewer = idaapi.get_current_viewer()
# `place` is a tuple (though techincally, a list), with elements:
# - place_t proxy
# - x position in characters
# - y position in characters from top of screen/form (-1 in graph view)
place, x, y = idaapi.get_custom_viewer_place(viewer, True)
the_hint = '0x%08X: %s' % (
place.toea(), datetime.datetime.now().isoformat(' '))
important_lines[0] = ctypes.c_long(1)
# we don't have access to the qstring c++ class methods,
# so we'll use a dummy routine to correctly set our qstring contents.
# `replace_tabs` assigns from a char * to a qstring *.
#
# relevant idasdk documentation:
#
# idaman THREAD_SAFE bool ida_export
# replace_tabs (
# qstring *out,
# const char *str,
# int tabsize)
self.dll.replace_tabs(hint, ctypes.c_char_p(the_hint), 4)
print('<.. important lines: %s %s' %
(important_lines, important_lines.contents))
print('<.. hint: %s %s' % (hint, hint.contents))
return 1
return 0
def finish_populating_tform_popup(self, form, popup):
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup,
idaview_handler.get_name(), "")
def finish_populating_tform_popup(self, form, popup):
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup,
CONTEXT_MENU_ACTION_NAME, None)
def finish_populating_tform_popup(self, form, popup):
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, plugin.add_to_search_handler.get_name(), '')
idaapi.attach_action_to_popup(form, popup, plugin.clear_search_handler.get_name(), '')
def populating_tform_popup(self, form, popup):
print "populating"
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM or idaapi.get_tform_type(form) == idaapi.BWN_DISASMS:
idaapi.attach_action_to_popup(form, popup, "mee:DeepDecompile1", None)
idaapi.attach_action_to_popup(form, popup, "mee:DeepDecompile3", None)
def finish_populating_tform_popup(self, form, popup):
if idaapi.get_tform_type(form) == idaapi.BWN_DUMP:
desc = idaapi.action_desc_t(None, 'Follow in hex dump',
HexJumpHandler())
idaapi.attach_dynamic_action_to_popup(form, popup, desc, None)
def finish_populating_tform_popup(self, form, popup):
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, idaview_handler.get_name(), "")
def finish_populating_tform_popup(self, form, popup):
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, "My Plugin",
"My Plugin")
idaapi.attach_action_to_popup(form, popup, "My script",
"My Plugin/")
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
# NOTE / COMPAT:
if using_ida7api:
current_widget = idaapi.get_current_widget()
form_type = idaapi.get_widget_type(current_widget)
vu = idaapi.get_widget_vdui(current_widget)
else:
current_tform = idaapi.get_current_tform()
form_type = idaapi.get_tform_type(current_tform)
vu = idaapi.get_tform_vdui(current_tform)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif form_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
opnum = idaapi.get_opnum()
if opnum != -1:
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
# NOTE/COMPAT:
if using_ida7api:
op_addr = idc.get_operand_value(cursor_addr, opnum)
else:
op_addr = idc.GetOperandValue(cursor_addr, opnum)
op_func = idaapi.get_func(op_addr)
# NOTE/COMPAT:
if using_ida7api:
if op_func and op_func.start_ea == op_addr:
return op_addr
else:
if op_func and op_func.startEA == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
# NOTE/COMPAT:
if using_ida7api:
if cursor_func and cursor_func.start_ea == cursor_addr:
return cursor_addr
else:
if cursor_func and cursor_func.startEA == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
def finish_populating_tform_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphFrom.get_name(), '')
idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphTo.get_name(), '')
def finish_populating_tform_popup(self, form, popup_handle):
ALT = None
if QtWidgets.QApplication.keyboardModifiers() == QtCore.Qt.AltModifier:
ALT = True
if get_tform_type(form) == BWN_IMPORTS:
if ALT is not None:
attach_action_to_popup(form, popup_handle,
"fridalink:hook_imp_cpu", "Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_imp_stack",
"Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_imp_backtrace",
"Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_imp_linkmem",
"Frida Link/")
attach_action_to_popup(form, popup_handle, "-", "Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_imp_edit",
"Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:unhook_imp_symbol",
"Frida Link/")
else:
attach_action_to_popup(form, popup_handle,
"fridalink:hook_imp_symbol",
"Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:replace_imp_symbol",
"Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:load_imp_module",
"Frida Link/")
elif get_tform_type(form) == BWN_FUNCS:
attach_action_to_popup(form, popup_handle, "-", "")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_once", "Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_perm", "Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_cust", "Frida Link/")
attach_action_to_popup(form, popup_handle,
"fridalink:replace_func", "Frida Link/")
elif get_tform_type(form) == BWN_DISASM:
attach_action_to_popup(form, popup_handle, "", None)
allowNewInstHook = False
allowEditInstHook = False
allowNewFuncHook = False
allowEditFuncHook = False
allowNewFuncReplace = False
allowEditFuncReplace = False
if self.pluginInstance.replacedFunction():
allowEditFuncReplace = True
else:
if self.pluginInstance.hookedInstruction() == False:
allowNewInstHook = True
if self.pluginInstance.hookedFunction() == False:
allowNewFuncHook = True
allowNewFuncReplace = True
else:
allowEditFuncHook = True
else:
allowEditInstHook = True
if self.pluginInstance.hookedFunction() == False:
allowNewFuncHook = True
else:
allowEditFuncHook = True
if allowNewInstHook:
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_once",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_perm",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_brk_once",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_brk_perm",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_cust",
"Frida Link/Instruction/")
if allowEditInstHook:
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_cpu",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_stack",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_backtrace",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_linkmem",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle, "-",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_inst_edit",
"Frida Link/Instruction/")
attach_action_to_popup(form, popup_handle,
"fridalink:unhook_inst",
"Frida Link/Instruction/")
if allowEditFuncHook:
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_cpu",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_stack",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_backtrace",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_linkmem",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle, "-",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_edit",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:unhook_func",
"Frida Link/Function/")
if allowNewFuncHook:
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_once",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_perm",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:hook_func_cust",
"Frida Link/Function/")
if allowNewFuncReplace:
attach_action_to_popup(form, popup_handle,
"fridalink:replace_func",
"Frida Link/Function/")
if allowEditFuncReplace:
attach_action_to_popup(form, popup_handle,
"fridalink:replace_func_edit",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:replace_func_del",
"Frida Link/Function/")
attach_action_to_popup(form, popup_handle,
"fridalink:get_real_address", "Frida Link/")
return 0
