def extractCode():
printAvd()
start = idc.SelStart()
end = idc.SelEnd()
codeSize = end - start
ea = start
#print hex(ea)
result=""
for i in range(codeSize):
op1 = idc.GetOpType(ea,0)
op2 = idc.GetOpType(ea,1)
instructionSize=idc.ItemSize(ea)
if op1 == idc.o_reg and (op2 ==idc.o_reg or op2 == idc.o_void or op2 == idc.o_phrase):
for b in range(0,instructionSize):
result += formatByte(ea+b)
elif (op1 == idc.o_reg and op2 == idc.o_displ) or (op1 == idc.o_displ and op2 == idc.o_reg) or (op1 == idc.o_displ and op2 == idc.o_imm):
result += formatByte(ea) + formatByte(ea+1)
for b in range(2,instructionSize):
result=result+"*"
elif op1 == idc.o_phrase and op2 == idc.o_reg:
for b in range(0,instructionSize):
result+=formatByte(ea+b)
else:
result+=calcStr(ea,instructionSize)
ea = ea + instructionSize
if ea >= (start + codeSize):
break
print ("%s Offset:%s") % (idc.GetFunctionName(start),hex(start - idc.GetFunctionAttr(start,0)))
print result
return result
def symbolic_exec():
from miasm2.ir.symbexec import SymbolicExecutionEngine
from miasm2.core.bin_stream_ida import bin_stream_ida
from utils import guess_machine
bs = bin_stream_ida()
machine = guess_machine()
mdis = machine.dis_engine(bs)
start, end = idc.SelStart(), idc.SelEnd()
mdis.dont_dis = [end]
asmcfg = mdis.dis_multiblock(start)
ira = machine.ira(symbol_pool=mdis.symbol_pool)
for block in asmcfg.blocks:
ira.add_block(block)
print "Run symbolic execution..."
sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init)
sb.run_at(start)
modified = {}
for dst, src in sb.modified(init_state=machine.mn.regs.regs_init):
modified[dst] = src
view = symbolicexec_t()
all_views.append(view)
if not view.Create(modified, machine, mdis.symbol_pool,
"Symbolic Execution - 0x%x to 0x%x" % (start, end)):
return
view.Show()
def get_pos():
""" Get the selected area """
start, end = idc.SelStart(), idc.SelEnd()
if start == idc.BADADDR:
start = idc.ScreenEA()
end = idc.ScreenEA() + instr_size(start)
return start, end
def copy_bytes():
"""
Copy selected bytes to clipboard
"""
if using_ida7api:
start = idc.read_selection_start()
end = idc.read_selection_end()
if idaapi.BADADDR in (start, end):
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
# # reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3
data = idc.get_bytes(start, end - start).hex()
print("Bytes copied: %s" % data)
copy_to_clip(data)
else:
start = idc.SelStart()
end = idc.SelEnd()
if idaapi.BADADDR in (start, end):
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
# reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3
# not work in ida7.5 python3.7.7
# data = idc.GetManyBytes(start, end-start).encode('hex')
data = idc.GetManyBytes(start, end - start).hex()
print("Bytes copied: %s" % data)
copy_to_clip(data)
return
def __init__(self):
self.start = idc.SelStart()
self.end = idc.SelEnd()
self.buffer = ''
self.ogLen = None
self.status = True
self.run()
def get_selection():
start = idc.SelStart()
end = idc.SelEnd()
if idaapi.BADADDR in (start, end):
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
return start, end
def promptForRange(self):
#check if a range has already been selected - if so skip prompt
start = idc.SelStart()
if start != idc.BADADDR:
self.logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
self.params.startAddr = start
self.params.endAddr = idc.SelEnd()
else:
self.logger.info('Processing current segment only')
self.params.startAddr = idc.SegStart(idc.here())
self.params.endAddr = idc.SegEnd(idc.here())
def __init__(self):
self.searchDwordArray = False
self.searchPushArgs = False
self.createStruct = False
#startAddr & endAddr: range to process
self.startAddr = idc.SelStart()
self.endAddr = idc.SelEnd()
#hashTypes: list of HashTypes user confirmed to process
self.hashTypes = []
def eBlock(self, codeStart=None, codeEnd=None):
if codeStart == None: codeStart = idc.SelStart()
if codeEnd == None: codeEnd = idc.SelEnd()
codeStart = codeStart | 1 if self._is_thumb_ea(
codeStart) else codeStart
self._emulate(startAddr=codeStart,
stopAddr=codeEnd,
args=[],
TimeOut=0,
Count=0,
DisablePatchRA=True)
self._showRegs(self.curUC)
def get_selection(always=True):
start = idc.SelStart()
end = idc.SelEnd()
if idaapi.BADADDR in (start, end):
if not always:
raise exceptions.SarkNoSelection()
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
return Selection(start, end)
def __init__(self):
self.searchDwordArray = False
self.searchPushArgs = False
self.createStruct = False
self.useDecompiler = False
self.useXORSeed = False
self.XORSeed = 0
#startAddr & endAddr: range to process
if using_ida7api:
self.startAddr = idc.read_selection_start()
self.endAddr = idc.read_selection_end()
else:
self.startAddr = idc.SelStart()
self.endAddr = idc.SelEnd()
#hashTypes: list of HashTypes user confirmed to process
self.hashTypes = []
def symbolic_exec():
from miasm2.ir.symbexec import SymbolicExecutionEngine
from miasm2.core.bin_stream_ida import bin_stream_ida
from utils import guess_machine
bs = bin_stream_ida()
machine = guess_machine()
mdis = machine.dis_engine(bs)
start, end = idc.SelStart(), idc.SelEnd()
mdis.dont_dis = [end]
blocks = mdis.dis_multiblock(start)
ira = machine.ira()
for block in blocks:
ira.add_block(block)
print "Run symbolic execution..."
sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init)
sb.emul_ir_blocks(start)
modified = {}
for ident in sb.symbols.symbols_id:
if ident in sb.ir_arch.arch.regs.regs_init and \
ident in sb.symbols.symbols_id and \
sb.symbols.symbols_id[ident] == sb.ir_arch.arch.regs.regs_init[ident]:
continue
modified[ident] = sb.symbols.symbols_id[ident]
for ident in sb.symbols.symbols_mem:
modified[sb.symbols.symbols_mem[ident][0]] = sb.symbols.symbols_mem[ident][1]
view = symbolicexec_t()
all_views.append(view)
if not view.Create(modified, machine,
"Symbolic Execution - 0x%x to 0x%x" % (start, end)):
return
view.Show()
def eBlock(self):
codeStart = idc.SelStart()
codeEnd = idc.SelEnd()
codesize = codeEnd - codeStart
print(">>> start:0x%x" % codeStart)
print(">>> end:0x%x" % codeEnd)
try:
uc = Uc(self.arch, self.mode)
code = self._getOriginData(codeStart, codesize)
print(">>> opcode:", code.encode('hex'))
self._initStack(uc, self.RA)
self._initData(uc)
self._initRegs(uc)
# add the invalid memory access hook
uc.hook_add(UC_HOOK_MEM_READ_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED | \
UC_HOOK_MEM_FETCH_UNMAPPED, self._hook_mem_invalid)
uc.emu_start(codeStart, codeEnd)
self._showStatus(uc)
except UcError as e:
print("#ERROR: %s" % e)
def promptForRange(self):
# Only run if QT not available, so not bothering with ida7 check
#check if a range has already been selected - if so skip prompt
if using_ida7api:
selstart = idc.read_selection_start()
selend = idc.read_selection_end()
segstart = idc.get_segm_start(idc.here())
segend = idc.get_segm_end(idc.here())
else:
selstart = idc.SelStart()
selend = idc.SelEnd()
seg = idc.SegStart(idc.here())
self.params.endAddr = idc.SegEnd(idc.here())
if selstart != idc.BADADDR:
self.params.startAddr = selstart
self.params.endAddr = selend
logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
else:
self.params.startAddr = segstart
self.params.endAddr = segend
logger.info('Processing current segment only')
def symbolic_exec():
from miasm2.ir.symbexec import SymbolicExecutionEngine
from miasm2.core.bin_stream_ida import bin_stream_ida
from utils import guess_machine
start, end = idc.SelStart(), idc.SelEnd()
bs = bin_stream_ida()
machine = guess_machine(addr=start)
mdis = machine.dis_engine(bs)
if start == idc.BADADDR and end == idc.BADADDR:
start = idc.ScreenEA()
end = idc.next_head(start) # Get next instruction address
mdis.dont_dis = [end]
asmcfg = mdis.dis_multiblock(start)
ira = machine.ira(loc_db=mdis.loc_db)
for block in asmcfg.blocks:
ira.add_block(block)
print "Run symbolic execution..."
sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init)
sb.run_at(start)
modified = {}
for dst, src in sb.modified(init_state=machine.mn.regs.regs_init):
modified[dst] = src
view = symbolicexec_t()
all_views.append(view)
if not view.Create(
modified, machine, mdis.loc_db,
"Symbolic Execution - 0x%x to 0x%x" % (start, idc.prev_head(end))):
return
view.Show()
def extractCode(self):
self.printAvd()
start = idc.SelStart()
end = idc.SelEnd()
codeSize = end - start
ea = start
# print hex(ea)
result = ""
for i in range(codeSize):
op1 = idc.GetOpType(ea, 0)
op2 = idc.GetOpType(ea, 1)
instructionSize = idc.ItemSize(ea)
if op1 == idc.o_reg and (op2 == idc.o_reg or op2 == idc.o_void or op2 == idc.o_phrase):
for b in range(0, instructionSize):
result += self.formatByte(ea + b)
elif (op1 == idc.o_reg and op2 == idc.o_displ) or (op1 == idc.o_displ and op2 == idc.o_reg) or (
op1 == idc.o_displ and op2 == idc.o_imm):
result += self.formatByte(ea) + self.formatByte(ea + 1)
for b in range(2, instructionSize):
result = result + " ??"
elif op1 == idc.o_phrase and op2 == idc.o_reg:
for b in range(0, instructionSize):
result += self.formatByte(ea + b)
else:
result += self.calcStr(ea, instructionSize)
ea = ea + instructionSize
if ea >= (start + codeSize):
break
# print (idc.get_event_module_base() - idc.SelStart());
print ("%s Address:0x%x Offset:0x%x") % (idc.GetFunctionName(idc.here()),idc.here(), idc.here() - idaapi.get_imagebase())
# print result
return result
#coding=utf-8 import idautils import idaapi import idc #获取选取的数据的边界(起始地址和结束地址) 注意结束地址是这段数据中最后一条指令的下一条指令的起始地址 #0x100001dfdL 0x100001e2dL start = idc.SelStart() end = idc.SelEnd() print hex(start),hex(end) # 同上 简化版 #0x1 0x100001dfdL 0x100001e2bL result,start,end = idaapi.read_selection() print hex(result), hex(start), hex(end)
import idaapi
import idautils
import idc
# needed for regexp [a3e1bcd6]
import re
# Ask for a prefix that will be added to subs in the specified range
func_prefix = idc.AskStr("MyClass::",
"Enter a prefix that will be added to subs")
if (func_prefix == "MyClass::") or not func_prefix:
quit()
start_addr = idc.SelStart()
end_addr = idc.SelEnd()
#start = idc.SelStart()
#end = idc.SelEnd()
# print hex(start), hex(end)
# while start < end:
# # print hex(idc.Qword(start))
# print hex(start)
# start = idc.NextAddr(start)
# quit()
# [[441b119f]]
# Asks for a start address of a vftable. Function names in this range (start_addr-end_addr) will be renamed.
#
def __init__(self):
start, end = idc.SelStart(), idc.SelEnd()
if start == idc.BADADDR:
raise ValueError("No selection")
super(Selection, self).__init__(start, end)
def __init__(self):
default_types_info = r"""ExprId("RDX", 64): char *"""
archs = ["AMD64_unk", "X86_32_unk", "msp430_unk"]
func = ida_funcs.get_func(idc.ScreenEA())
func_addr = func.startEA
start_addr = idc.SelStart()
if start_addr == idc.BADADDR:
start_addr = idc.ScreenEA()
end_addr = idc.SelEnd()
ida_kernwin.Form.__init__(
self, r"""BUTTON YES* Launch
BUTTON CANCEL NONE
Type Propagation Settings
{FormChangeCb}
Analysis scope:
<Whole function:{rFunction}>
<From an address to the end of function:{rAddr}>
<Between two addresses:{r2Addr}>{cScope}>
<Target function:{functionAddr}>
<Start address :{startAddr}>
<End address :{endAddr}>
<Architecture/compilator :{arch}>
<##Header file :{headerFile}>
<Use a file for type informations:{rTypeFile}>{cTypeFile}>
<##Types informations :{typeFile}>
<Types informations :{strTypesInfo}>
<Unalias stack:{rUnaliasStack}>{cUnalias}>
""", {
'FormChangeCb':
ida_kernwin.Form.FormChangeCb(self.OnFormChange),
'cScope':
ida_kernwin.Form.RadGroupControl(
("rFunction", "rAddr", "r2Addr")),
'functionAddr':
ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX,
value=func_addr),
'startAddr':
ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX,
value=start_addr),
'endAddr':
ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX,
value=end_addr),
'arch':
ida_kernwin.Form.DropdownListControl(
items=archs, readonly=False, selval=archs[0]),
'headerFile':
ida_kernwin.Form.FileInput(swidth=20, open=True),
'cTypeFile':
ida_kernwin.Form.ChkGroupControl(("rTypeFile", )),
'typeFile':
ida_kernwin.Form.FileInput(swidth=20, open=True),
'strTypesInfo':
ida_kernwin.Form.MultiLineTextControl(
text=default_types_info,
flags=ida_kernwin.Form.MultiLineTextControl.TXTF_FIXEDFONT
),
'cUnalias':
ida_kernwin.Form.ChkGroupControl(("rUnaliasStack", )),
})
form, args = self.Compile()
form.rUnaliasStack.checked = True
form.rTypeFile.checked = True