def getBuiltinGlobalTypePython(self): logger.debug('Getting GlobalType the Python way') sym = idaapi.til_symbol_t() if using_ida7api: ret = idaapi.choose_named_type(sym, idaapi.get_idati(), 'Choose type to apply', idaapi.NTF_SYMM, None) else: ret = idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, None, sym) if not ret: logger.debug('User canceled. Bailing out') return tuple = idaapi.get_named_type(sym.til, sym.name, 0) if tuple == None: logger.debug('Could not find %s', sym.name) return tinfo = idaapi.tinfo_t() tinfo.deserialize(sym.til, tuple[1], tuple[2]) return tinfo
def getBuiltinGlobalTypePython(self): self.logger.debug('Getting GlobalType the Python way') sym = idaapi.til_symbol_t() ret = idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, None, sym) if not ret: self.logger.debug('User canceled. Bailing out') return tuple = idaapi.get_named_type(sym.til, sym.name, 0) if tuple == None: self.logger.debug('Could not find %s', sym.name) return tinfo = idaapi.tinfo_t() tinfo.deserialize(sym.til, tuple[1], tuple[2]) return tinfo
def getBuiltinGlobalTypeCtypes(self): self.logger.debug('Getting GlobalType the Ctypes way') ############################################################ # Several type-related functions aren't accessibly via IDAPython # so have to do things with ctypes idaname = "ida64" if idc.__EA64__ else "ida" if sys.platform == "win32": g_dll = ctypes.windll[idaname + ".wll"] elif sys.platform == "linux2": g_dll = ctypes.cdll["lib" + idaname + ".so"] elif sys.platform == "darwin": g_dll = ctypes.cdll["lib" + idaname + ".dylib"] ############################################################ # Specifying function types for a few IDA SDK functions to keep the # pointer-to-pointer args clear. get_named_type = g_dll.get_named_type get_named_type.argtypes = [ ctypes.c_void_p, #const til_t *ti, ctypes.c_char_p, #const char *name, ctypes.c_int, #int ntf_flags, ctypes.POINTER(ctypes.POINTER( ctypes.c_ubyte)), #const type_t **type=NULL, ctypes.POINTER(ctypes.POINTER( ctypes.c_ubyte)), #const p_list **fields=NULL, ctypes.POINTER(ctypes.POINTER( ctypes.c_ubyte)), #const char **cmt=NULL, ctypes.POINTER(ctypes.POINTER( ctypes.c_ubyte)), #const p_list **fieldcmts=NULL, ctypes.POINTER(ctypes.c_ulong), #sclass_t *sclass=NULL, ctypes.POINTER(ctypes.c_ulong), #uint32 *value=NULL); ] sym = idaapi.til_symbol_t() #dang - no predicate func support via idapython :( #idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, predFunc, sym) ret = idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, None, sym) if not ret: self.logger.debug('User canceled. Bailing out') return til = sym.til funcname = sym.name typ_type = ctypes.POINTER(ctypes.c_ubyte)() typ_fields = ctypes.POINTER(ctypes.c_ubyte)() typ_cmt = ctypes.POINTER(ctypes.c_ubyte)() typ_fieldcmts = ctypes.POINTER(ctypes.c_ubyte)() typ_sclass = ctypes.c_ulong() value = ctypes.c_ulong() ret = get_named_type(long(til.this), funcname, idaapi.NTF_SYMM, ctypes.byref(typ_type), ctypes.byref(typ_fields), ctypes.byref(typ_cmt), ctypes.byref(typ_fieldcmts), ctypes.byref(typ_sclass), ctypes.byref(value)) if ret == 0: self.logger.debug('Could not find %s', funcname) return ######################################## # the following isn't needed, as moved to tinfo_t usage #if typ_type[0] != idaapi.BT_FUNC: # #not positive that the first type value has to be BT_FUNC or not... # # and whether it's important to only apply to funcs or not # self.logger.debug('Found named type, but not a function: %s', funcname) # return #type_arr = ctypes.create_string_buffer(0x400) #type_arr[0] = chr(idaapi.BT_PTR) #manualTypeCopy(type_arr, 1, len(type_arr), typ_type) #name_buffer = ctypes.create_string_buffer(0x400) #print_type_to_one_line( # name_buffer, # len(name_buffer), # long(til.this), # typ_type, # funcname, # typ_cmt, # typ_fields, # typ_fieldcmts #) #self.logger.info('Found type: %s', name_buffer.value) ######################################## #this works as well, but it's deprecated #self.logger.info('Trying to set type: %s', name_buffer.value) #ret = g_dll.apply_callee_type( # ctypes.c_uint(here), # type_arr, # typ_fields #) tinfo = idaapi.tinfo_t() #self.logger.info('Trying to deserialize stuff') #self.logger.info('Type of til: %s', type(til)) #self.logger.info('Type of typ_type: %s', type(typ_type)) ret = g_dll.deserialize_tinfo(long(tinfo.this), long(til.this), ctypes.byref(typ_type), ctypes.byref(typ_fields), ctypes.byref(typ_fieldcmts)) return tinfo
def getBuiltinGlobalTypeCtypes(self): self.logger.debug('Getting GlobalType the Ctypes way') ############################################################ # Several type-related functions aren't accessibly via IDAPython # so have to do things with ctypes idaname = "ida64" if idc.__EA64__ else "ida" if sys.platform == "win32": g_dll = ctypes.windll[idaname + ".wll"] elif sys.platform == "linux2": g_dll = ctypes.cdll["lib" + idaname + ".so"] elif sys.platform == "darwin": g_dll = ctypes.cdll["lib" + idaname + ".dylib"] ############################################################ # Specifying function types for a few IDA SDK functions to keep the # pointer-to-pointer args clear. get_named_type = g_dll.get_named_type get_named_type.argtypes = [ ctypes.c_void_p, #const til_t *ti, ctypes.c_char_p, #const char *name, ctypes.c_int, #int ntf_flags, ctypes.POINTER(ctypes.POINTER(ctypes.c_ubyte)), #const type_t **type=NULL, ctypes.POINTER(ctypes.POINTER(ctypes.c_ubyte)), #const p_list **fields=NULL, ctypes.POINTER(ctypes.POINTER(ctypes.c_ubyte)), #const char **cmt=NULL, ctypes.POINTER(ctypes.POINTER(ctypes.c_ubyte)), #const p_list **fieldcmts=NULL, ctypes.POINTER(ctypes.c_ulong), #sclass_t *sclass=NULL, ctypes.POINTER(ctypes.c_ulong), #uint32 *value=NULL); ] sym = idaapi.til_symbol_t() #dang - no predicate func support via idapython :( #idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, predFunc, sym) ret = idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, None, sym) if not ret: self.logger.debug('User canceled. Bailing out') return til = sym.til funcname = sym.name typ_type = ctypes.POINTER(ctypes.c_ubyte)() typ_fields = ctypes.POINTER(ctypes.c_ubyte)() typ_cmt = ctypes.POINTER(ctypes.c_ubyte)() typ_fieldcmts = ctypes.POINTER(ctypes.c_ubyte)() typ_sclass = ctypes.c_ulong() value = ctypes.c_ulong() ret = get_named_type( long(til.this), funcname, idaapi.NTF_SYMM, ctypes.byref(typ_type), ctypes.byref(typ_fields), ctypes.byref(typ_cmt), ctypes.byref(typ_fieldcmts), ctypes.byref(typ_sclass), ctypes.byref(value) ) if ret == 0: self.logger.debug('Could not find %s', funcname) return ######################################## # the following isn't needed, as moved to tinfo_t usage #if typ_type[0] != idaapi.BT_FUNC: # #not positive that the first type value has to be BT_FUNC or not... # # and whether it's important to only apply to funcs or not # self.logger.debug('Found named type, but not a function: %s', funcname) # return #type_arr = ctypes.create_string_buffer(0x400) #type_arr[0] = chr(idaapi.BT_PTR) #manualTypeCopy(type_arr, 1, len(type_arr), typ_type) #name_buffer = ctypes.create_string_buffer(0x400) #print_type_to_one_line( # name_buffer, # len(name_buffer), # long(til.this), # typ_type, # funcname, # typ_cmt, # typ_fields, # typ_fieldcmts #) #self.logger.info('Found type: %s', name_buffer.value) ######################################## #this works as well, but it's deprecated #self.logger.info('Trying to set type: %s', name_buffer.value) #ret = g_dll.apply_callee_type( # ctypes.c_uint(here), # type_arr, # typ_fields #) tinfo = idaapi.tinfo_t() #self.logger.info('Trying to deserialize stuff') #self.logger.info('Type of til: %s', type(til)) #self.logger.info('Type of typ_type: %s', type(typ_type)) ret = g_dll.deserialize_tinfo( long(tinfo.this), long(til.this), ctypes.byref(typ_type), ctypes.byref(typ_fields), ctypes.byref(typ_fieldcmts) ) return tinfo
def getBuiltinGlobalType(self): sym = idaapi.til_symbol_t() #dang - no predicate func support via idapython :( #idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, predFunc, sym) ret = idaapi.choose_named_type2(idaapi.cvar.idati, 'Choose type to apply', idaapi.NTF_SYMM, None, sym) if not ret: self.logger.debug('User canceled. Bailing out') return til = sym.til funcname = sym.name typ_type = ctypes.POINTER(ctypes.c_ubyte)() typ_fields = ctypes.POINTER(ctypes.c_ubyte)() typ_cmt = ctypes.POINTER(ctypes.c_ubyte)() typ_fieldcmts = ctypes.POINTER(ctypes.c_ubyte)() typ_sclass = ctypes.c_ulong() value = ctypes.c_ulong() ret = get_named_type( long(til.this), funcname, idaapi.NTF_SYMM, ctypes.byref(typ_type), ctypes.byref(typ_fields), ctypes.byref(typ_cmt), ctypes.byref(typ_fieldcmts), ctypes.byref(typ_sclass), ctypes.byref(value) ) if ret == 0: self.logger.debug('Could not find %s', funcname) return ######################################## # the following isn't needed, as moved to tinfo_t usage #if typ_type[0] != idaapi.BT_FUNC: # #not positive that the first type value has to be BT_FUNC or not... # # and whether it's important to only apply to funcs or not # self.logger.debug('Found named type, but not a function: %s', funcname) # return #type_arr = ctypes.create_string_buffer(0x400) #type_arr[0] = chr(idaapi.BT_PTR) #manualTypeCopy(type_arr, 1, len(type_arr), typ_type) #name_buffer = ctypes.create_string_buffer(0x400) #print_type_to_one_line( # name_buffer, # len(name_buffer), # long(til.this), # typ_type, # funcname, # typ_cmt, # typ_fields, # typ_fieldcmts #) #self.logger.info('Found type: %s', name_buffer.value) ######################################## #this works as well, but it's deprecated #self.logger.info('Trying to set type: %s', name_buffer.value) #ret = g_dll.apply_callee_type( # ctypes.c_uint(here), # type_arr, # typ_fields #) tinfo = idaapi.tinfo_t() #self.logger.info('Trying to deserialize stuff') #self.logger.info('Type of til: %s', type(til)) #self.logger.info('Type of typ_type: %s', type(typ_type)) ret = g_dll.deserialize_tinfo( long(tinfo.this), long(til.this), ctypes.byref(typ_type), ctypes.byref(typ_fields), ctypes.byref(typ_fieldcmts) ) return tinfo