def emit(self, record): """Emit a log record into IDA's output window. Args: record (LogRecord): a logging.LogRecord instance """ idc.msg("%s\n" % (super(IdaLogHandler, self).format(record)))
def dbg_trace(self, tid, ip): if ip in self._visited_addrs: return 1 self._visited_addrs.add(ip) if idc.is_unknown(ida_bytes.get_flags(ip)): ida_ua.create_insn(ip) else: idc.msg( 'Skipping explored EA at address 0x{0:X}\n'.format(ip) ) # print idc.generate_disasm_line(ip, 0) if ida_ua.decode_insn(ip) > 0: if 'ret' in ida_ua.cmd.get_canon_mnem().lower(): idc.msg('Found ret instruction, suspending execution\n') ida_dbg.suspend_process() else: idc.msg( 'Unable to decode instruction at address 0x{0:X}\n'.format(ip) ) ida_dbg.suspend_process() return 0
from __future__ import print_function import os import sys import shutil from glob import glob try: import epydoc.apidoc import epydoc.cli except ImportError as e: import idc import traceback idc.msg("Couldn't import module %s\n" % traceback.format_exc()) idc.qexit(-1) # -------------------------------------------------------------------------- DOC_DIR = 'hr-html' # -------------------------------------------------------------------------- def log(msg): #print msg pass def add_header(lines): S1 = 'href="epydoc.css"' p = lines.find(S1) if p < 0: return None p = lines.find('\n', p)
from __future__ import print_function import os import sys import shutil from glob import glob try: import epydoc.apidoc import epydoc.cli except ImportError as e: import idc import traceback idc.msg("Couldn't import module %s\n" % traceback.format_exc()) idc.qexit(-1) # -------------------------------------------------------------------------- DOC_DIR = 'hr-html' # -------------------------------------------------------------------------- def log(msg): #print msg pass def add_header(lines): S1 = 'href="epydoc.css"' p = lines.find(S1) if p < 0: return None p = lines.find('\n', p) if p < 0: return None
def activate(self, ctx): if self.action in ACTION_MENU_CONVERT: sel, start, end = lazy_read_selection() if not sel: idc.msg("[LazyIDA] Nothing to convert.") return False size = end - start data = idc.get_bytes(start, size) if isinstance(data, str): # python2 compatibility data = bytearray(data) assert size == len(data) name = idc.get_name(start, idc.GN_VISIBLE) if not name: name = "data" if data: output = None plg_print("Dump from 0x%X to 0x%X (%u bytes):" % (start, end - 1, size)) if self.action == ACTION_MENU_CONVERT[0]: # escaped string output = '"%s"' % "".join("\\x%02X" % b for b in data) elif self.action == ACTION_MENU_CONVERT[1]: # hex string, space output = " ".join("%02X" % b for b in data) elif self.action == ACTION_MENU_CONVERT[2]: # C array output = "unsigned char %s[%d] = {" % (name, size) for i in range(size): if i % 16 == 0: output += "\n " output += "0x%02X, " % data[i] output = output[:-2] + "\n};" elif self.action == ACTION_MENU_CONVERT[3]: # C array word data += b"\x00" array_size = (size + 1) // 2 output = "unsigned short %s[%d] = {" % (name, array_size) for i in range(0, size, 2): if i % 16 == 0: output += "\n " output += "0x%04X, " % u16(data[i:i+2]) output = output[:-2] + "\n};" elif self.action == ACTION_MENU_CONVERT[4]: # C array dword data += b"\x00" * 3 array_size = (size + 3) // 4 output = "unsigned int %s[%d] = {" % (name, array_size) for i in range(0, size, 4): if i % 32 == 0: output += "\n " output += "0x%08X, " % u32(data[i:i+4]) output = output[:-2] + "\n};" elif self.action == ACTION_MENU_CONVERT[5]: # C array qword data += b"\x00" * 7 array_size = (size + 7) // 8 output = "unsigned long %s[%d] = {" % (name, array_size) for i in range(0, size, 8): if i % 32 == 0: output += "\n " output += "%#018X, " % u64(data[i:i+8]) output = output[:-2] + "\n};" output = output.replace("0X", "0x") elif self.action == ACTION_MENU_CONVERT[6]: # python list output = "[%s]" % ", ".join("0x%02X" % b for b in data) elif self.action == ACTION_MENU_CONVERT[7]: # python list word data += b"\x00" output = "[%s]" % ", ".join("0x%04X" % u16(data[i:i+2]) for i in range(0, size, 2)) elif self.action == ACTION_MENU_CONVERT[8]: # python list dword data += b"\x00" * 3 output = "[%s]" % ", ".join("0x%08X" % u32(data[i:i+4]) for i in range(0, size, 4)) elif self.action == ACTION_MENU_CONVERT[9]: # python list qword data += b"\x00" * 7 output = "[%s]" % ", ".join("%#018X" % u64(data[i:i+8]) for i in range(0, size, 8)).replace("0X", "0x") elif self.action == ACTION_MENU_CONVERT[10]: # MASM byte array header = "%s db " % name output = header for i in range(size): if i and i % 16 == 0: output += "\n" output += " " * len(header) output += "0%02Xh, " % data[i] output = output[:-2] elif self.action == ACTION_MENU_CONVERT[11]: # GNU ASM byte array header = "%s: .byte " % name output = header for i in range(size): if i and i % 16 == 0: output += "\n" output += " " * len(header) output += "0x%02X, " % data[i] output = output[:-2] if output: print(output) copy_to_clip(output) output = None elif self.action == ACTION_MENU_COPY_DATA: # added by merc, modified by HTC sel, start, end = lazy_read_selection() if not sel: return 0 data = idaapi.get_bytes(start, end - start) if isinstance(data, str): data = bytearray(data) output = "".join("%02X" % b for b in data) copy_to_clip(output) plg_print("Hex string '%s' copied" % output) elif self.action == ACTION_MENU_DUMP_DATA: # add by HTC sel, start, end = lazy_read_selection() if not sel: return 0 size = end - start data = idaapi.get_bytes(start, size) assert len(data) == size if data and len(data) == size: dump_data_to_file("Dump_At_%X_Size_%d.dump" % (start, size), data) else: plg_print("0x%X: unable to get %d bytes" % (start, size)) elif self.action == ACTION_MENU_XOR_DATA: sel, start, end = lazy_read_selection() if not sel: return 0 size = end - start key = idaapi.ask_str("AA BB CC DD", 0, "Xor with hex values (or a string begin and end with\" or ')...") if not key: return 0 bytes_key = bytearray() if is_str(key): bytes_key = str_to_bytes(key) else: bytes_key = hex_to_bytes(key) if not bytes_key: return 0 data = idc.get_bytes(start, end - start) if isinstance(data, str): # python2 compatibility data = bytearray(data) output = xor_data(data, bytes_key) if not output: plg_print("Sorry, error occurred. My bug :( Please report.") return 0 assert size == len(output) plg_print("Xor result from 0x%X to 0x%X (%d bytes) with %s:" % (start, end, end - start, key)) process_data_result(start, output) elif self.action == ACTION_MENU_FILL_NOP: sel, start, end = lazy_read_selection() if not sel: return 0 idaapi.patch_bytes(start, b"\x90" * (end - start)) idc.create_insn(start) plg_print("Fill 0x%X to 0x%X (%u bytes) with NOPs" % (start, end, end - start)) elif self.action == ACTION_MENU_B64STD: base64_decode(True) elif self.action == ACTION_MENU_B64URL: base64_decode(False) elif self.action == ACTION_MENU_SCAN_VUL: plg_print("Finding Format String Vulnerability...") found = [] for addr in idautils.Functions(): name = idc.get_func_name(addr) if "printf" in name and "v" not in name and idc.get_segm_name(addr) in (".text", ".plt", ".idata"): xrefs = idautils.CodeRefsTo(addr, False) for xref in xrefs: vul = self.check_fmt_function(name, xref) if vul: found.append(vul) if found: plg_print("Done! %d possible vulnerabilities found." % len(found)) ch = VulnChoose("Vulnerability", found, None, False) ch.Show() else: plg_print("No format string vulnerabilities found.") else: return 0 return 1
def activate(self, ctx): if self.action in ACTION_CONVERT: sel, start, end = lazy_read_selection() if not sel: idc.msg("[LazyIDA] Nothing to convert.") return False size = end - start data = idc.get_bytes(start, size) if isinstance(data, str): # python2 compatibility data = bytearray(data) assert size == len(data) name = idc.get_name(start, idc.GN_VISIBLE) if not name: name = "data" if data: print("\n[+] Dump 0x%X - 0x%X (%u bytes) :" % (start, end, size)) if self.action == ACTION_CONVERT[0]: # escaped string print('"%s"' % "".join("\\x%02X" % b for b in data)) elif self.action == ACTION_CONVERT[1]: # hex string print("".join("%02X" % b for b in data)) elif self.action == ACTION_CONVERT[2]: # C array output = "unsigned char %s[%d] = {" % (name, size) for i in range(size): if i % 16 == 0: output += "\n " output += "0x%02X, " % data[i] output = output[:-2] + "\n};" print(output) elif self.action == ACTION_CONVERT[3]: # C array word data += b"\x00" array_size = (size + 1) // 2 output = "unsigned short %s[%d] = {" % (name, array_size) for i in range(0, size, 2): if i % 16 == 0: output += "\n " output += "0x%04X, " % u16(data[i:i+2]) output = output[:-2] + "\n};" print(output) elif self.action == ACTION_CONVERT[4]: # C array dword data += b"\x00" * 3 array_size = (size + 3) // 4 output = "unsigned int %s[%d] = {" % (name, array_size) for i in range(0, size, 4): if i % 32 == 0: output += "\n " output += "0x%08X, " % u32(data[i:i+4]) output = output[:-2] + "\n};" print(output) elif self.action == ACTION_CONVERT[5]: # C array qword data += b"\x00" * 7 array_size = (size + 7) // 8 output = "unsigned long %s[%d] = {" % (name, array_size) for i in range(0, size, 8): if i % 32 == 0: output += "\n " output += "%#018X, " % u64(data[i:i+8]) output = output[:-2] + "\n};" print(output.replace("0X", "0x")) elif self.action == ACTION_CONVERT[6]: # python list print("[%s]" % ", ".join("0x%02X" % b for b in data)) elif self.action == ACTION_CONVERT[7]: # python list word data += b"\x00" print("[%s]" % ", ".join("0x%04X" % u16(data[i:i+2]) for i in range(0, size, 2))) elif self.action == ACTION_CONVERT[8]: # python list dword data += b"\x00" * 3 print("[%s]" % ", ".join("0x%08X" % u32(data[i:i+4]) for i in range(0, size, 4))) elif self.action == ACTION_CONVERT[9]: # python list qword data += b"\x00" * 7 print("[%s]" % ", ".join("%#018X" % u64(data[i:i+8]) for i in range(0, size, 8)).replace("0X", "0x")) elif self.action == ACTION_COPYDATA: # added by merc, modfiy by HTC sel, start, end = lazy_read_selection() if not sel: return 0 data = idaapi.get_bytes(start, end - start) data = data.encode('hex') copy_to_clip(data) print("[LazyIDA] copied hex string '%s'" % data) elif self.action == ACTION_XORDATA: sel, start, end = lazy_read_selection() if not sel: return 0 data = idc.get_bytes(start, end - start) if isinstance(data, str): # python2 compatibility data = bytearray(data) x = idaapi.ask_long(0, "Xor with...") if x: x &= 0xFF print("\n[+] Xor 0x%X - 0x%X (%u bytes) with 0x%02X:" % (start, end, end - start, x)) print(repr("".join(chr(b ^ x) for b in data))) elif self.action == ACTION_FILLNOP: sel, start, end = lazy_read_selection() if not sel: return 0 idaapi.patch_bytes(start, b"\x90" * (end - start)) print("\n[+] Fill 0x%X - 0x%X (%u bytes) with NOPs" % (start, end, end - start)) elif self.action == ACTION_SCANVUL: print("\n[+] Finding Format String Vulnerability...") found = [] for addr in idautils.Functions(): name = idc.get_func_name(addr) if "printf" in name and "v" not in name and idc.get_segm_name(addr) in (".text", ".plt", ".idata"): xrefs = idautils.CodeRefsTo(addr, False) for xref in xrefs: vul = self.check_fmt_function(name, xref) if vul: found.append(vul) if found: print("[!] Done! %d possible vulnerabilities found." % len(found)) ch = VulnChoose("Vulnerability", found, None, False) ch.Show() else: print("[-] No format string vulnerabilities found.") elif self.action == ACTION_COPYNAME: copy_highlight_name() elif self.action == ACTION_PASTENAME: paste_highlight_name() else: return 0 return 1