def install():
"""
Install FA ida plugin
:return: None
"""
fa_plugin_dir = os.path.join(
idaapi.get_user_idadir(), 'plugins')
if not os.path.exists(fa_plugin_dir):
os.makedirs(fa_plugin_dir)
fa_plugin_filename = os.path.join(fa_plugin_dir, PLUGIN_FILENAME)
if os.path.exists(fa_plugin_filename):
IdaLoader.log('already installed')
return
with open(fa_plugin_filename, 'w') as f:
f.writelines("""from __future__ import print_function
try:
from fa.ida_plugin import PLUGIN_ENTRY, FAIDAPlugIn
except ImportError:
print("[WARN] Could not load FA plugin. "
"FA Python package doesn\'t seem to be installed.")
""")
idaapi.load_plugin(PLUGIN_FILENAME)
IdaLoader.log('Successfully installed :)')
def load_plugins():
import idaapi
plugins_dir = idaapi.idadir("plugins")
files = [f for f in os.listdir(plugins_dir) if re.match(r".*\.py", f)]
for path in files:
idaapi.load_plugin(path)
def init(self):
# Show usage message.
usage_message = ["Loading plugins from system-wide and user-specific lists:",
" System-wide List: {}".format(SYS_PLUGIN_LIST_PATH),
" User-specific List: {}".format(USER_PLUGIN_LIST_PATH)]
if PROJECT_PLUGIN_LIST_PATH:
usage_message.append(" Project-specific List: {}".format(PROJECT_PLUGIN_LIST_PATH))
message(*usage_message)
# Make sure the files exist. If not - create them.
if not os.path.isfile(SYS_PLUGIN_LIST_PATH):
try:
with open(SYS_PLUGIN_LIST_PATH, "wb"):
message("Created system plugin list at {}".format(SYS_PLUGIN_LIST_PATH))
except IOError:
message("Failed creating system plugin list at {}".format(SYS_PLUGIN_LIST_PATH))
if not os.path.isfile(USER_PLUGIN_LIST_PATH):
try:
with open(USER_PLUGIN_LIST_PATH, "wb"):
message("Created user plugin list at {}".format(USER_PLUGIN_LIST_PATH))
except IOError:
message("Failed creating user plugin list at {}".format(USER_PLUGIN_LIST_PATH))
for path in iter_plugin_paths():
# This check is not needed, but saves us from the dreaded error message-box
# that pops when a python plugin is not found.
if not os.path.isfile(path):
message("Plugin file not found: {}".format(path))
continue
idaapi.load_plugin(path)
return idaapi.PLUGIN_SKIP
def init(self):
# Show usage message.
message("Loading plugins from system-wide and user-specific lists:",
" System-wide List: {}".format(SYS_PLUGIN_LIST_PATH),
" User-specific List: {}".format(USER_PLUGIN_LIST_PATH))
# Make sure the files exist. If not - create them.
if not os.path.isfile(SYS_PLUGIN_LIST_PATH):
try:
with open(SYS_PLUGIN_LIST_PATH, "wb"):
message("Created system plugin list at {}".format(SYS_PLUGIN_LIST_PATH))
except IOError:
message("Failed creating system plugin list at {}".format(SYS_PLUGIN_LIST_PATH))
if not os.path.isfile(USER_PLUGIN_LIST_PATH):
try:
with open(USER_PLUGIN_LIST_PATH, "wb"):
message("Created user plugin list at {}".format(USER_PLUGIN_LIST_PATH))
except IOError:
message("Failed creating user plugin list at {}".format(USER_PLUGIN_LIST_PATH))
for path in iter_plugin_paths():
# This check is not needed, but saves us from the dreaded error message-box
# that pops when a python plugin is not found.
if not os.path.isfile(path):
message("Plugin file not found: {}".format(path))
continue
idaapi.load_plugin(path)
return idaapi.PLUGIN_SKIP
def init(self):
settings = ida_settings.IDASettings("PluginLoader")
message("Loading settings from IDASettings('PluginLoader')")
for name, path in settings.iteritems():
message('Loading {} from {}'.format(name, path))
idaapi.load_plugin(path)
return idaapi.PLUGIN_SKIP
class Freesome(idaapi.plugin_t):
flags = idaapi.PLUGIN_PROC
comment = ""
help = ""
wanted_name = "Free the Debugger"
wanted_hotkey = "Alt-F6"
def init(self):
idaapi.msg("Free the Debugger is found. \n")
return idaapi.PLUGIN_OK
def run(self, arg):
idaapi.msg("run() called with %d!\n" % arg)
def term(self):
idaapi.msg("")
if __EA64__:
idaapi.load_and_run_plugin("windbg_user.p64", 0)
idaapi.load_and_run_plugin("armlinux_stub.p64", 0)
idaapi.load_and_run_plugin("gdb_user.p64", 0)
idaapi.load_and_run_plugin("linux_stub.p64", 0)
idaapi.load_and_run_plugin("mac_stub.p64", 0)
idaapi.load_and_run_plugin("win32_stub.p64", 0)
idaapi.load_and_run_plugin("win32_user.p64", 0)
idaapi.load_and_run_plugin("wince_stub.p64", 0)
idaapi.load_and_run_plugin("bdescr.p64", 0)
idaapi.load_and_run_plugin("epoc_user.p64", 0)
idaapi.load_and_run_plugin("bochs_user.p64", 0)
idaapi.load_and_run_plugin("mac_stub.p64", 0)
idaapi.load_and_run_plugin("replay_user.p64", 0)
idaapi.load_and_run_plugin("pin_user.p64", 0)
idaapi.load_and_run_plugin("dalvik_user.p64", 0)
idaapi.load_plugin("dalvik_user.plw")
#idc.LoadDebugger("gdb", 1)
##'lets give this baby some debuggers'''
else:
idaapi.load_and_run_plugin("windbg_user.plw", 0)
idaapi.load_and_run_plugin("armlinux_stub.plw", 0)
idaapi.load_and_run_plugin("gdb_user.plw", 0)
idaapi.load_and_run_plugin("linux_stub.plw", 0)
idaapi.load_and_run_plugin("mac_stub.plw", 0)
idaapi.load_and_run_plugin("win32_stub.plw", 0)
idaapi.load_and_run_plugin("win32_user.plw", 0)
idaapi.load_and_run_plugin("wince_stub.plw", 0)
idaapi.load_and_run_plugin("bdescr.plw", 0)
idaapi.load_and_run_plugin("epoc_user.plw", 0)
idaapi.load_and_run_plugin("bochs_user.plw", 0)
idaapi.load_and_run_plugin("mac_stub.plw", 0)
idaapi.load_and_run_plugin("replay_user.plw", 0)
idaapi.load_and_run_plugin("pin_user.plw", 0)
idaapi.load_and_run_plugin("dalvik_user.plw", 0)
idaapi.load_plugin("dalvik_user.plw")
def init(self):
settings = ida_settings.IDASettings("PluginLoader")
message("Loading settings from IDASettings('PluginLoader')")
for name, path in settings.iteritems():
message('Loading {} from {}'.format(name, path))
idaapi.load_plugin(path)
return idaapi.PLUGIN_SKIP
def main():
tty = idc.ARGV[1]
ea = int(idc.ARGV[2], 16) # function address
idaapi.load_plugin('hexrays') # need to load the decompiler first
idaapi.load_plugin('hexx64')
f = idaapi.get_func(ea)
fdec = idaapi.decompile(f)
# Print to stdout instead of the Output window.
with open(tty, 'w') as fh:
fh.write("{}\n".format(fdec))
idc.Exit(0)
def decompile(self, ea):
if not self.use_decompiler:
return False
if ea in self.pseudo:
return "\n".join(self.pseudo[ea])
decompiler_plugin = get_decompiler_plugin()
if not init_hexrays_plugin() and not (load_plugin(decompiler_plugin) and init_hexrays_plugin()):
return False
f = get_func(ea)
if f is None:
return False
try:
cfunc = decompile(f)
except:
Warning("Error decompiling function: %s" % str(sys.exc_info())[1])
return False
if cfunc is None:
# Failed to decompile
return False
sv = cfunc.get_pseudocode()
self.pseudo[ea] = []
for sline in sv:
line = tag_remove(sline.line)
if line.startswith("//"):
continue
self.pseudo[ea].append(line)
return "\n".join(self.pseudo[ea])
def export(self, filename):
print('export %s' % filename)
try:
binkit = idaapi.load_plugin('BinKit')
if binkit:
idc_command = ("SaveBinKitAnalysis(\"%s\");" % (filename)).replace("\\", "\\\\")
print(idc_command)
idc.eval_idc(str(idc_command))
except:
traceback.print_exc()
pass
def init(self):
"""Read directory and load as many plugins as possible."""
import os
import bap.plugins
import bap.utils.run
import idaapi
idaapi.msg("BAP Loader activated\n")
bap.utils.run.check_and_configure_bap()
plugin_path = os.path.dirname(bap.plugins.__file__)
idaapi.msg("Loading plugins from {}\n".format(plugin_path))
for plugin in sorted(os.listdir(plugin_path)):
path = os.path.join(plugin_path, plugin)
if not plugin.endswith('.py') or plugin.startswith('__'):
continue # Skip non-plugins
idaapi.load_plugin(path)
return idaapi.PLUGIN_SKIP # The loader will be called whenever needed
def show(self):
ret = self.Show(False)
if ret < 0:
return False
decompiler_plugin = get_decompiler_plugin()
if not init_hexrays_plugin() and not (load_plugin(decompiler_plugin) and init_hexrays_plugin()):
# Don't do anything if there is no decompiler, just ignore that for now...
pass
else:
self.cmd_diff_c = self.AddCommand("Diff pseudo-code")
self.cmd_show_reasons = self.AddCommand("Show match reasons")
self.cmd_import_all = self.AddCommand("Import all functions")
self.cmd_import_selected = self.AddCommand("Import selected functions")
def init(self):
"""Read directory and load as many plugins as possible."""
self.plugins = []
idaapi.msg("BAP Loader activated\n")
bap.utils.run.check_and_configure_bap()
plugin_path = os.path.dirname(bap.plugins.__file__)
idaapi.msg("BAP> Loading plugins from {}\n".format(plugin_path))
for plugin in sorted(os.listdir(plugin_path)):
path = os.path.join(plugin_path, plugin)
if not plugin.endswith('.py') or plugin.startswith('__'):
continue # Skip non-plugins
idaapi.msg('BAP> Loading {}\n'.format(plugin))
self.plugins.append(idaapi.load_plugin(path))
return idaapi.PLUGIN_KEEP
def load_plugin_decompiler():
'''
load the hexray plugins
:return: success or not
'''
is_ida64 = GetIdbPath().endswith(".i64")
if not is_ida64:
idaapi.load_plugin("hexrays")
idaapi.load_plugin("hexarm")
else:
idaapi.load_plugin("hexx64")
if not idaapi.init_hexrays_plugin():
l.error('[+] decompiler plugins load failed. IDAdb: %s' % GetInputFilePath())
idc.Exit(0)
def decompile_and_get(self, ea):
decompiler_plugin = get_decompiler_plugin()
if not init_hexrays_plugin() and not (load_plugin(decompiler_plugin)
and init_hexrays_plugin()):
return False
f = get_func(ea)
if f is None:
return False
try:
cfunc = decompile(f)
except:
Warning("Error decompiling function: %s" % str(sys.exc_info())[1])
return False
if cfunc is None:
# Failed to decompile
return False
cmts = idaapi.restore_user_cmts(cfunc.entry_ea)
if cmts is not None:
for tl, cmt in cmts.iteritems():
self.pseudo_comments[tl.ea - self.get_base_address()] = [
str(cmt), tl.itp
]
sv = cfunc.get_pseudocode()
self.pseudo[ea] = []
first_line = None
for sline in sv:
line = tag_remove(sline.line)
if line.startswith("//"):
continue
if first_line is None:
first_line = line
else:
self.pseudo[ea].append(line)
return first_line
ipyida_stub_target_path = os.path.join(idaapi.get_user_idadir(), "plugins",
"ipyida.py")
if not os.path.exists(os.path.dirname(ipyida_stub_target_path)):
os.makedirs(os.path.dirname(ipyida_stub_target_path), 0o755)
# Make sure ipyida module is not the ipyida.py in the plugins folder, otherwise
# pkg_resources will try to get file from there. This happends when package is
# uninstalled, but ipyida.py is still in the plugin folder.
if 'ipyida' in sys.modules:
del sys.modules['ipyida']
shutil.copyfile(
pkg_resources.resource_filename("ipyida", "ipyida_plugin_stub.py"),
ipyida_stub_target_path)
print("[+] ipyida.py added to user plugins")
idaapi.load_plugin(ipyida_stub_target_path)
_ida_version = pkg_resources.parse_version(idaapi.get_kernel_version())
if os.name == 'nt' and _ida_version < pkg_resources.parse_version("7.4"):
# No party for Windows with old IDA
print(
"[+] IPyIDA Installation successful. Use <Shift+.> to open the console."
)
else:
print(
"[🍺] IPyIDA Installation successful. Use <Shift+.> to open the console."
)
def _do_load():
ipyida_plugin_path = __file__
if ipyida_plugin_path.endswith("pyc"):
# IDA Python can't load pyc, only the Python source so we remove the "c"
ipyida_plugin_path = ipyida_plugin_path[:-1]
idaapi.load_plugin(ipyida_plugin_path)
in_ckxtraceviewer_block = True
elif line.startswith("# END ckxtraceviewer loading code"):
in_ckxtraceviewer_block = False
elif not in_ckxtraceviewer_block:
sys.stdout.write(line)
ckxtraceviewer_stub_target_path = os.path.join(idaapi.get_user_idadir(), "plugins", "ckxtraceviewer.py")
if not os.path.exists(os.path.dirname(ckxtraceviewer_stub_target_path)):
os.makedirs(os.path.dirname(ckxtraceviewer_stub_target_path), 0o755)
# Make sure ckxtraceviewer module is not the ckxtraceviewer.py in the plugins folder, otherwise
# pkg_resources will try to get file from there. This happends when package is
# uninstalled, but ckxtraceviewer.py is still in the plugin folder.
if 'ckxtraceviewer' in sys.modules:
del sys.modules['ckxtraceviewer']
shutil.copyfile(
pkg_resources.resource_filename("ckxtraceviewer", "ckxtraceviewer_plugin_stub.py"),
ckxtraceviewer_stub_target_path
)
print("[+] ckxtraceviewer.py added to user plugins")
idaapi.load_plugin(ckxtraceviewer_stub_target_path)
_ida_version = pkg_resources.parse_version(idaapi.get_kernel_version())
if os.name == 'nt' and _ida_version < pkg_resources.parse_version("7.4"):
# No party for Windows with old IDA
print("[+] ckxtraceviewer Installation successful. Use <Ctrl-Alt-I> to open the console.")
else:
print("[🍺] ckxtraceviewer Installation successful. Use <Ctrl-Alt-I> to open the console.")
print('Vars collected.')
return 1
def main():
global renamed_prefix
global varmap
global varnames
renamed_prefix = os.path.join(os.environ['OUTPUT_DIR'], 'functions',
os.environ['PREFIX'])
# Load collected variables
with open(os.environ['COLLECTED_VARS']) as vars_fh:
varmap = pickle.load(vars_fh)
# Collect decompilation info
cv = collect_vars()
cv.activate(None)
idaapi.autoWait()
if not idaapi.init_hexrays_plugin():
idaapi.load_plugin('hexrays')
idaapi.load_plugin('hexx64')
if not idaapi.init_hexrays_plugin():
print('Unable to load Hex-rays')
else:
print('Hex-rays version %s has been detected' %
idaapi.get_hexrays_version())
main()
ida_pro.qexit(0)
print('[*] Unzipping master.zip archive...')
if os.path.exists(masterDir):
shutil.rmtree(masterDir)
with zipfile.ZipFile(archivePath, 'r') as z:
for zf in z.namelist():
if zf.startswith('IDAConnect-master/'):
z.extract(zf, pluginsDir)
print('[*] Moving the IDAConnect files...')
for filename in FILES_TO_MOVE:
masterPath = os.path.join(masterDir, filename)
pluginPath = os.path.join(pluginsDir, filename)
if os.path.exists(pluginPath):
if os.path.isdir(pluginPath):
shutil.rmtree(pluginPath)
if os.path.isfile(pluginPath):
os.remove(pluginPath)
shutil.move(masterPath, pluginPath)
print('[*] Removing master.zip archive...')
if os.path.exists(archivePath):
os.remove(archivePath)
if os.path.exists(masterDir):
shutil.rmtree(masterDir)
print('[*] Loading IDAConnect into IDA Pro...')
pluginPath = os.path.join(pluginsDir, 'idaconnect_plugin.py')
idaapi.load_plugin(pluginPath)
print('[*] IDAConnect installed successfully!')
rc_file_content = rc.read()
if "# BEGIN IPyIDA loading" in rc_file_content:
print("[.] Old IPyIDA loading script present in idapythonrc.py. Removing.")
in_ipyida_block = False
for line in fileinput.input(ida_python_rc_path, inplace=1, backup='.ipyida_old'):
if line.startswith("# BEGIN IPyIDA loading code"):
in_ipyida_block = True
elif line.startswith("# END IPyIDA loading code"):
in_ipyida_block = False
elif not in_ipyida_block:
sys.stdout.write(line)
ipyida_stub_target_path = os.path.join(idaapi.get_user_idadir(), "plugins", "ipyida.py")
if not os.path.exists(os.path.dirname(ipyida_stub_target_path)):
os.makedirs(os.path.dirname(ipyida_stub_target_path), 0755)
shutil.copyfile(
pkg_resources.resource_filename("ipyida", "ipyida_plugin_stub.py"),
ipyida_stub_target_path
)
print("[+] ipyida.py added to user plugins")
idaapi.load_plugin('ipyida.py')
if os.name == 'nt':
# No party for Windows
print("[+] IPyIDA Installation successful. Use <Shift+.> to open the console.")
else:
print("[🍺] IPyIDA Installation successful. Use <Shift+.> to open the console.")
name=name,
return_type=return_type,
arguments=arguments,
local_vars=local_vars,
raw_code=raw_code,
)
self.functions.append(
CollectedFunction(
ea=ea,
debug=self.debug_functions[ea],
decompiler=decompiler,
))
self.write_info()
return 1
ida.auto_wait()
if not ida.init_hexrays_plugin():
ida.load_plugin("hexrays")
ida.load_plugin("hexx64")
if not ida.init_hexrays_plugin():
print("Unable to load Hex-rays")
ida.qexit(1)
else:
print(f"Hex-rays version {ida.get_hexrays_version()}")
decompiler = CollectDecompiler()
decompiler.activate(None)
print("Done with activate")
ida.qexit(0)
def loadAllPythonPlugins():
plugins_dir = idaapi.idadir('plugins')
print("idascript: loading all .py plugins in %s" % plugins_dir)
files = [f for f in os.listdir(plugins_dir) if re.match(r'.*\.py', f)]
for path in files:
idaapi.load_plugin(path)
def init(self):
#
idaapi.load_plugin('hexrays')
idaapi.msg("init() called!\n")
return idaapi.PLUGIN_OK
def _do_load():
ipyida_plugin_path = __file__
if ipyida_plugin_path.endswith("pyc"):
# IDA Python can't load pyc, only the Python source so we remove the "c"
ipyida_plugin_path = ipyida_plugin_path[:-1]
idaapi.load_plugin(ipyida_plugin_path)
def loadAllPythonPlugins():
plugins_dir = idaapi.idadir('plugins')
print("idascript: loading all .py plugins in %s" % plugins_dir)
files = [f for f in os.listdir(plugins_dir) if re.match(r'.*\.py', f)]
for path in files:
idaapi.load_plugin(path)