def copy_bytes(): """ Copy selected bytes to clipboard """ if using_ida7api: start = idc.read_selection_start() end = idc.read_selection_end() if idaapi.BADADDR in (start, end): ea = idc.here() start = idaapi.get_item_head(ea) end = idaapi.get_item_end(ea) # # reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3 data = idc.get_bytes(start, end - start).hex() print("Bytes copied: %s" % data) copy_to_clip(data) else: start = idc.SelStart() end = idc.SelEnd() if idaapi.BADADDR in (start, end): ea = idc.here() start = idaapi.get_item_head(ea) end = idaapi.get_item_end(ea) # reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3 # not work in ida7.5 python3.7.7 # data = idc.GetManyBytes(start, end-start).encode('hex') data = idc.GetManyBytes(start, end - start).hex() print("Bytes copied: %s" % data) copy_to_clip(data) return
def eBlock(self, codeStart=None, codeEnd=None): if codeStart == None: codeStart = read_selection_start() if codeEnd == None: codeEnd = read_selection_end() codeStart = codeStart | 1 if self._is_thumb_ea( codeStart) else codeStart self._emulate(codeStart, codeEnd) self._show_regs()
def get_selection(): start = idc.read_selection_start() end = idc.read_selection_end() if idaapi.BADADDR in (start, end): ea = idc.here() start = idaapi.get_item_head(ea) end = idaapi.get_item_end(ea) return start, end
def get_selection(always=True): start = idc.read_selection_start() end = idc.read_selection_end() if idaapi.BADADDR in (start, end): if not always: raise exceptions.SarkNoSelection() ea = idc.here() start = idaapi.get_item_head(ea) end = idaapi.get_item_end(ea) return Selection(start, end)
def activate(self, ctx): start, end = idc.read_selection_start(), idc.read_selection_end() if start == idaapi.BADADDR: print 'Please select something' return import capstone md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64) md.details = True data = idaapi.get_bytes(start, end - start) for insn in md.disasm(data, start): # print "0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str) idaapi.set_cmt(insn.address, str('%s %s' % (insn.mnemonic, insn.op_str)), False)
def __init__(self): self.searchDwordArray = False self.searchPushArgs = False self.createStruct = False #startAddr & endAddr: range to process if using_ida7api: self.startAddr = idc.read_selection_start() self.endAddr = idc.read_selection_end() else: self.startAddr = idc.SelStart() self.endAddr = idc.SelEnd() #hashTypes: list of HashTypes user confirmed to process self.hashTypes = []
def extractCode(self): self.printAvd() start = idc.read_selection_start() end = idc.read_selection_end() codeSize = end - start ea = start # print hex(ea) result = "" for i in range(codeSize): op1 = idc.get_operand_type(ea, 0) op2 = idc.get_operand_type(ea, 1) instructionSize = idc.get_item_size(ea) if op1 == idc.o_reg and (op2 == idc.o_reg or op2 == idc.o_void or op2 == idc.o_phrase): for b in range(0, instructionSize): result += self.formatByte(ea + b) elif (op1 == idc.o_reg and op2 == idc.o_displ) or ( op1 == idc.o_displ and op2 == idc.o_reg) or (op1 == idc.o_displ and op2 == idc.o_imm): result += self.formatByte(ea) + self.formatByte(ea + 1) for b in range(2, instructionSize): result = result + " ??" elif op1 == idc.o_phrase and op2 == idc.o_reg: for b in range(0, instructionSize): result += self.formatByte(ea + b) else: result += self.calcStr(ea, instructionSize) ea = ea + instructionSize if ea >= (start + codeSize): break # print (idc.get_event_module_base() - idc.SelStart()); print("%s Offset:0x%x") % (idc.GetFunctionName( idc.here()), idc.here() - idaapi.get_imagebase()) # print result return result
def promptForRange(self): # Only run if QT not available, so not bothering with ida7 check #check if a range has already been selected - if so skip prompt if using_ida7api: selstart = idc.read_selection_start() selend = idc.read_selection_end() segstart = idc.get_segm_start(idc.here()) segend = idc.get_segm_end(idc.here()) else: selstart = idc.SelStart() selend = idc.SelEnd() seg = idc.SegStart(idc.here()) self.params.endAddr = idc.SegEnd(idc.here()) if selstart != idc.BADADDR: self.params.startAddr = selstart self.params.endAddr = selend logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr) else: self.params.startAddr = segstart self.params.endAddr = segend logger.info('Processing current segment only')
def symbolic_exec(): from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.core.bin_stream_ida import bin_stream_ida from utils import guess_machine start, end = idc.read_selection_start(), idc.read_selection_end() loc_db = LocationDB() bs = bin_stream_ida() machine = guess_machine(addr=start) mdis = machine.dis_engine(bs, loc_db=loc_db) if start == idc.BADADDR and end == idc.BADADDR: start = idc.get_screen_ea() end = idc.next_head(start) # Get next instruction address mdis.dont_dis = [end] asmcfg = mdis.dis_multiblock(start) ira = machine.ira(loc_db=loc_db) ircfg = ira.new_ircfg_from_asmcfg(asmcfg) print("Run symbolic execution...") sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init) sb.run_at(ircfg, start) modified = {} for dst, src in sb.modified(init_state=machine.mn.regs.regs_init): modified[dst] = src view = symbolicexec_t() all_views.append(view) if not view.Create( modified, machine, loc_db, "Symbolic Execution - 0x%x to 0x%x" % (start, idc.prev_head(end))): return view.Show()
def search_for_bytes(): search_vt = vtgrep.VTGrepSearch(addr_start=idc.read_selection_start(), addr_end=idc.read_selection_end()) search_vt.search(False)
def search_with_wildcards(strict): search_vt = vtgrep.VTGrepSearch(addr_start=idc.read_selection_start(), addr_end=idc.read_selection_end()) search_vt.search(True, strict)
def eBlock(self, codeStart=None, codeEnd=None): if codeStart == None: codeStart = read_selection_start() if codeEnd == None: codeEnd = read_selection_end() self._emulate(codeStart, codeEnd) self._showRegs(self.curUC)
def __init__(self): default_types_info = r"""ExprId("RDX", 64): char *""" archs = ["AMD64_unk", "X86_32_unk", "msp430_unk"] func = ida_funcs.get_func(idc.get_screen_ea()) func_addr = func.start_ea start_addr = idc.read_selection_start() if start_addr == idc.BADADDR: start_addr = idc.get_screen_ea() end_addr = idc.read_selection_end() ida_kernwin.Form.__init__( self, r"""BUTTON YES* Launch BUTTON CANCEL NONE Type Propagation Settings {FormChangeCb} Analysis scope: <Whole function:{rFunction}> <From an address to the end of function:{rAddr}> <Between two addresses:{r2Addr}>{cScope}> <Target function:{functionAddr}> <Start address :{startAddr}> <End address :{endAddr}> <Architecture/compilator :{arch}> <##Header file :{headerFile}> <Use a file for type information:{rTypeFile}>{cTypeFile}> <##Types information :{typeFile}> <Types information :{strTypesInfo}> <Unalias stack:{rUnaliasStack}>{cUnalias}> """, { 'FormChangeCb': ida_kernwin.Form.FormChangeCb(self.OnFormChange), 'cScope': ida_kernwin.Form.RadGroupControl( ("rFunction", "rAddr", "r2Addr")), 'functionAddr': ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX, value=func_addr), 'startAddr': ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX, value=start_addr), 'endAddr': ida_kernwin.Form.NumericInput(tp=ida_kernwin.Form.FT_RAWHEX, value=end_addr), 'arch': ida_kernwin.Form.DropdownListControl( items=archs, readonly=False, selval=archs[0]), 'headerFile': ida_kernwin.Form.FileInput(swidth=20, open=True), 'cTypeFile': ida_kernwin.Form.ChkGroupControl(("rTypeFile", )), 'typeFile': ida_kernwin.Form.FileInput(swidth=20, open=True), 'strTypesInfo': ida_kernwin.Form.MultiLineTextControl( text=default_types_info, flags=ida_kernwin.Form.MultiLineTextControl.TXTF_FIXEDFONT ), 'cUnalias': ida_kernwin.Form.ChkGroupControl(("rUnaliasStack", )), }) form, args = self.Compile() form.rUnaliasStack.checked = True form.rTypeFile.checked = True
def cmd_get_selection(self): return " ".join( self.fmt_addr(a) for a in [idc.read_selection_start(), idc.read_selection_end()])