def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) if not self.check(hx_view): return ea = ctx.cur_ea c_number = hx_view.item.e number_value = c_number.numval() ordinal = _choose_structure_by_size(number_value) if ordinal: number_format_old = c_number.n.nf number_format_new = idaapi.number_format_t() number_format_new.flags = idaapi.FF_1STRO | idaapi.FF_0STRO operand_number = number_format_old.opnum number_format_new.opnum = operand_number number_format_new.props = number_format_old.props number_format_new.type_name = idaapi.create_numbered_type_name(ordinal) c_function = hx_view.cfunc number_formats = c_function.numforms # type: idaapi.user_numforms_t # print "(number) flags: {0:#010X}, type_name: {1}, opnum: {2}".format( # number_format.flags, # number_format.type_name, # number_format.opnum # ) operand_locator = idaapi.operand_locator_t(ea, ord(operand_number) if operand_number else 0) if operand_locator in number_formats: del number_formats[operand_locator] number_formats[operand_locator] = number_format_new c_function.save_user_numforms() hx_view.refresh_view(True)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) func_ea = hx_view.cfunc.entry_ea obj = api.ReturnedObject(func_ea) origin = cache.temporary_structure.main_offset visitor = DeepReturnVisitor(hx_view.cfunc, origin, obj, cache.temporary_structure) visitor.process()
def update(self, ctx): if IDA7: vdui = idaapi.get_widget_vdui(ctx.widget) return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET else: vdui = idaapi.get_tform_vdui(ctx.form) return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
def activate(self, ctx): global potential_negatives hx_view = idaapi.get_widget_vdui(ctx.widget) result = type_library.choose_til() if not result: return selected_library, max_ordinal, is_local_types = result lvar_idx = hx_view.item.e.v.idx candidate = potential_negatives[lvar_idx] structures = candidate.find_containing_structures(selected_library) items = list( map(lambda x: [str(x[0]), "0x{0:08X}".format(x[1]), x[2], x[3]], structures)) structure_chooser = forms.MyChoose( items, "Select Containing Structure", [["Ordinal", 5], ["Offset", 10], ["Member_name", 20], ["Structure Name", 20]], 165) selected_idx = structure_chooser.Show(modal=True) if selected_idx != -1: if not is_local_types: type_library.import_type(selected_library, items[selected_idx][3]) lvar = hx_view.cfunc.get_lvars()[lvar_idx] lvar_cmt = re.sub("```.*```", '', lvar.cmt) hx_view.set_lvar_cmt( lvar, lvar_cmt + "```{0}+{1}```".format( structures[selected_idx][3], structures[selected_idx][1])) hx_view.refresh_view(True)
def activate(self, ctx): if self.action == ACTION_HX_REMOVERETTYPE: if IDA7: vdui = idaapi.get_widget_vdui(ctx.widget) else: vdui = idaapi.get_tform_vdui(ctx.form) self.remove_rettype(vdui) vdui.refresh_ctext() elif self.action == ACTION_HX_COPYEA: ea = idaapi.get_screen_ea() if ea != idaapi.BADADDR: copy_to_clip("0x%X" % ea) print "Address 0x%X has been copied to clipboard" % ea elif self.action == ACTION_HX_COPYNAME: if IDA7: name = idaapi.get_highlight(idaapi.get_current_viewer())[0] else: name = idaapi.get_highlighted_identifier() if name: copy_to_clip(name) print "%s has been copied to clipboard" % name else: return 0 return 1
def activate(self, ctx): if self.action == ACTION_HX_REMOVERETTYPE: if IDA7: vdui = idaapi.get_widget_vdui(ctx.widget) else: vdui = idaapi.get_tform_vdui(ctx.form) self.remove_rettype(vdui) vdui.refresh_ctext() elif self.action == ACTION_HX_COPYEA: ea = idaapi.get_screen_ea() if ea != idaapi.BADADDR: copy_to_clip("0x%X" % ea) print("Address 0x%X has been copied to clipboard" % ea) elif self.action == ACTION_HX_COPYNAME: if IDA7: name = idaapi.get_highlight(idaapi.get_current_viewer())[0] else: name = idaapi.get_highlighted_identifier() if name: copy_to_clip(name) print("%s has been copied to clipboard" % name) elif self.action == ACTION_HX_GOTOCLIP: loc = parse_location(clip_text()) print("Goto location 0x%x" % loc) Jump(loc) else: return 0 return 1
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) if not self.check(hx_view): return data = [] offset = hx_view.item.e.m struct_type = idaapi.remove_pointer(hx_view.item.e.x.type) ordinal = helper.get_ordinal(struct_type) result = struct_xrefs.XrefStorage().get_structure_info(ordinal, offset) for xref_info in result: data.append([ idaapi.get_short_name(xref_info.func_ea) + "+" + hex(int(xref_info.offset)), xref_info.type, xref_info.line ]) field_name = helper.get_member_name(struct_type, offset) chooser = forms.MyChoose( data, "Cross-references to {0}::{1}".format(struct_type.dstr(), field_name), [["Function", 20 | idaapi.CHCOL_PLAIN], ["Type", 2 | idaapi.CHCOL_PLAIN], ["Line", 40 | idaapi.CHCOL_PLAIN]] ) idx = chooser.Show(True) if idx == -1: return xref = result[idx] idaapi.open_pseudocode(xref.func_ea + xref.offset, False)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) ri = self.extract_recast_info(hx_view.cfunc, hx_view.item) if not ri: return 0 if isinstance(ri, RecastLocalVariable): hx_view.set_lvar_type(ri.local_variable, ri.recast_tinfo) elif isinstance(ri, RecastGlobalVariable): idaapi.apply_tinfo2(ri.global_variable_ea, ri.recast_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastArgument): if ri.recast_tinfo.is_array(): ri.recast_tinfo.convert_array_to_ptr() helper.set_func_argument(ri.func_tinfo, ri.arg_idx, ri.recast_tinfo) idaapi.apply_tinfo2(ri.func_ea, ri.func_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastReturn): cfunc = helper.decompile_function(ri.func_ea) if not cfunc: return 0 func_tinfo = idaapi.tinfo_t() cfunc.get_func_type(func_tinfo) helper.set_func_return(func_tinfo, ri.recast_tinfo) idaapi.apply_tinfo2(cfunc.entry_ea, func_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastStructure): tinfo = idaapi.tinfo_t() tinfo.get_named_type(idaapi.cvar.idati, ri.structure_name) ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, ri.structure_name) if ordinal == 0: return 0 udt_member = idaapi.udt_member_t() udt_member.offset = ri.field_offset * 8 idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member) if udt_member.offset != ri.field_offset * 8: print("[Info] Can't handle with arrays yet") elif udt_member.type.get_size() != ri.recast_tinfo.get_size(): print("[Info] Can't recast different sizes yet") else: udt_data = idaapi.udt_type_data_t() tinfo.get_udt_details(udt_data) udt_data[idx].type = ri.recast_tinfo tinfo.create_udt(udt_data, idaapi.BTF_STRUCT) tinfo.set_numbered_type(idaapi.cvar.idati, ordinal, idaapi.NTF_REPLACE, ri.structure_name) else: raise NotImplementedError hx_view.refresh_view(True) return 0
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) if self.check(hx_view): insn = hx_view.item.it.to_specific_type inverse_if(insn.cif) hx_view.refresh_ctext() invert(hx_view.cfunc.entry_ea, insn.ea)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) obj = self.__extract_propagate_info(hx_view.cfunc, hx_view.item) if obj: cfunc = hx_view.cfunc visitor = _NamePropagator(hx_view, cfunc, obj) visitor.process() hx_view.refresh_view(True)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) result = self.__extract_rename_info(hx_view.cfunc, hx_view.item) if result: lvar, name = result while not hx_view.rename_lvar(lvar, name, True): name = '_' + name
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) cfunc = hx_view.cfunc origin = cache.temporary_structure.main_offset if self._can_be_scanned(cfunc, hx_view.item): obj = api.ScanObject.create(cfunc, hx_view.item) visitor = NewShallowSearchVisitor(cfunc, origin, obj, cache.temporary_structure) visitor.process()
def activate(self, ctx): if self.action == ACTION_HX_REMOVE_RET_TYPE[0]: vdui = idaapi.get_widget_vdui(ctx.widget) self.remove_rettype(vdui) vdui.refresh_ctext() else: return 0 return 1
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) if not vu or not self.sel: print "No vdui? Strange, since this action should be enabled only for pseudocode views." return 0 form = XrefsForm(self.sel) form.Show() return 1
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) if not vu or not self.sel: print("No vdui? Strange, since this action should be enabled only for pseudocode views.") return 0 form = XrefsForm(self.sel) form.Show() return 1
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) result = self.__extract_rename_info(hx_view.cfunc, hx_view.item) if result: func_tinfo, address, arg_index, name = result helper.set_func_arg_name(func_tinfo, arg_index, name) idaapi.apply_tinfo(address, func_tinfo, idaapi.TINFO_DEFINITE) hx_view.refresh_view(True)
def refresh_pseudocode_view(): """ Refresh the pseudocode view in IDA. """ names = ['Pseudocode-%c' % chr(ord('A') + i) for i in range(5)] for name in names: widget = idaapi.find_widget(name) if widget: vu = idaapi.get_widget_vdui(widget) vu.refresh_view(True)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) cfunc = hx_view.cfunc origin = cache.temporary_structure.main_offset if self._can_be_scanned(cfunc, hx_view.item): obj = api.ScanObject.create(cfunc, hx_view.item) if helper.FunctionTouchVisitor(cfunc).process(): hx_view.refresh_view(True) visitor = NewDeepSearchVisitor(hx_view.cfunc, origin, obj, cache.temporary_structure) visitor.process()
def get_cursor_func_ref(): """ Get the function reference under the user cursor. Returns BADADDR or a valid function address. """ current_widget = idaapi.get_current_widget() form_type = idaapi.get_widget_type(current_widget) vu = idaapi.get_widget_vdui(current_widget) # # hexrays view is active # if vu: cursor_addr = vu.item.get_ea() # # disassembly view is active # elif form_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() opnum = idaapi.get_opnum() if opnum != -1: # # if the cursor is over an operand value that has a function ref, # use that as a valid rename target # op_addr = idc.get_operand_value(cursor_addr, opnum) op_func = idaapi.get_func(op_addr) if op_func and op_func.start_ea == op_addr: return op_addr # unsupported/unknown view is active else: return idaapi.BADADDR # # if the cursor is over a function definition or other reference, use that # as a valid rename target # cursor_func = idaapi.get_func(cursor_addr) if cursor_func and cursor_func.start_ea == cursor_addr: return cursor_addr # fail return idaapi.BADADDR
def refresh_views(): """ Refresh the IDA views. """ # refresh IDA views idaapi.refresh_idaview_anyway() # refresh hexrays current_widget = idaapi.get_current_widget() vu = idaapi.get_widget_vdui(current_widget) if vu: vu.refresh_ctext()
def view_click(self, view, event): form_type = idaapi.get_widget_type(view) decomp_view = idaapi.get_widget_vdui(view) if not form_type: return # check if view is decomp or disassembly before doing expensive ea lookup if not decomp_view and not form_type == idaapi.BWN_DISASM: return ea = idc.get_screen_ea() if not ea: return controller.update_active_context(ea)
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) if function_details.rettype.equals_to(const.VOID_TINFO): function_details.rettype = idaapi.tinfo_t(const.PVOID_TINFO) else: function_details.rettype = idaapi.tinfo_t(idaapi.BT_VOID) function_tinfo.create_func(function_details) idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) print(dir(ctx)) line_numbers = get_selected_lines(hx_view) print("Selected lines: %s" % (line_numbers)) objs = list() for n in line_numbers: objs += get_obj_ids(hx_view, n) unique_objs = set(objs) print("Object ids: %s" % unique_objs) return
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) del_arg = vu.item.get_lvar() function_details.erase( [x for x in function_details if x.name == del_arg.name][0]) function_tinfo.create_func(function_details) idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def update(self, ctx): if ctx.widget_type != idaapi.BWN_PSEUDOCODE: return idaapi.AST_DISABLE_FOR_WIDGET vu = idaapi.get_widget_vdui(ctx.widget) vu.get_current_item(idaapi.USE_KEYBOARD) item = vu.item self.sel = None if item.citype == idaapi.VDI_EXPR and item.it.to_specific_type.opname in ('obj', 'memref', 'memptr'): # if an expression is selected. verify that it's either a cot_obj, cot_memref or cot_memptr self.sel = item.it.to_specific_type elif item.citype == idaapi.VDI_FUNC: # if the function itself is selected, show xrefs to it. self.sel = item.f return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
def update(self, ctx): if ctx.widget_type != idaapi.BWN_PSEUDOCODE: return idaapi.AST_DISABLE_FOR_WIDGET vu = idaapi.get_widget_vdui(ctx.widget) vu.get_current_item(idaapi.USE_KEYBOARD) item = vu.item self.sel = None if item.citype == idaapi.VDI_EXPR and item.it.to_specific_type.opname in ( 'obj', 'memref', 'memptr'): # if an expression is selected. verify that it's either a cot_obj, cot_memref or cot_memptr self.sel = item.it.to_specific_type elif item.citype == idaapi.VDI_FUNC: # if the function itself is selected, show xrefs to it. self.sel = item.f return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
def refresh_views(): """ Refresh the IDA views. """ # refresh IDA views idaapi.refresh_idaview_anyway() # NOTE/COMPAT: refresh hexrays view, if active if using_ida7api: current_widget = idaapi.get_current_widget() vu = idaapi.get_widget_vdui(current_widget) else: current_tform = idaapi.get_current_tform() vu = idaapi.get_tform_vdui(current_tform) if vu: vu.refresh_ctext()
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) cfunc = hx_view.cfunc if not self._can_be_scanned(cfunc, hx_view.item): return obj = api.ScanObject.create(cfunc, hx_view.item) tmp_struct = TemporaryStructureModel() visitor = NewShallowSearchVisitor(cfunc, 0, obj, tmp_struct) visitor.process() tinfo = tmp_struct.get_recognized_shape() if tinfo: tinfo.create_ptr(tinfo) if obj.id == api.SO_LOCAL_VARIABLE: hx_view.set_lvar_type(obj.lvar, tinfo) elif obj.id == api.SO_GLOBAL_OBJECT: idaapi.apply_tinfo(obj.obj_ea, tinfo, idaapi.TINFO_DEFINITE) hx_view.refresh_view(True)
def activate(self, ctx): if self.action == ACTION_HX_REMOVERETTYPE: vdui = idaapi.get_widget_vdui(ctx.widget) self.remove_rettype(vdui) vdui.refresh_ctext() elif self.action == ACTION_HX_COPYEA: ea = idaapi.get_screen_ea() if ea != idaapi.BADADDR: copy_to_clip("0x%X" % ea) print("Address 0x%X has been copied to clipboard" % ea) elif self.action == ACTION_HX_COPYNAME: copy_highlight_name() elif self.action == ACTION_HX_PASTENAME: paste_highlight_name() elif self.action == ACTION_HX_GOTOCLIP: goto_clip_text() else: return 0 return 1
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) convention = idaapi.CM_CC_MASK & function_details.cc if convention == idaapi.CM_CC_CDECL: function_details.cc = idaapi.CM_CC_SPECIAL elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL, idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL): function_details.cc = idaapi.CM_CC_SPECIALP elif convention == idaapi.CM_CC_ELLIPSIS: function_details.cc = idaapi.CM_CC_SPECIALE else: return function_tinfo.create_func(function_details) idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) if not self.__can_be_part_of_assert(hx_view.cfunc, hx_view.item): return # So we clicked on function an func argument that is a string. Now we extract # argument index and address of assert function expr_arg = hx_view.item.it.to_specific_type expr_call = hx_view.cfunc.body.find_parent_of( expr_arg).to_specific_type arg_idx, _ = helper.get_func_argument_info(expr_call, expr_arg) assert_func_ea = expr_call.x.obj_ea # Iterate through all places where assert function and rename using helper class all_callers = helper.get_funcs_calling_address(assert_func_ea) for caller_ea in all_callers: cfunc = helper.decompile_function(caller_ea) if cfunc: _RenameUsingAssertVisitor(cfunc, assert_func_ea, arg_idx).process() hx_view.refresh_view(True)
def update(self, ctx): vdui = idaapi.get_widget_vdui(ctx.widget) return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET
def activate(self, ctx): vdui = idaapi.get_widget_vdui(ctx.widget) self.inverter.invert_if_event(vdui) return 1
def update(self, ctx): if IDA7: vdui = idaapi.get_widget_vdui(ctx.widget) return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET vdui = idaapi.get_tform_vdui(ctx.form) return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM