def parse_function_type(ea: int, end: Optional[int] = None) -> str: frame = idc.get_func_attr(ea, FUNCATTR_FRAME) if frame is None: return "" if end is None: # try to find end func = function_at(ea) if not func: return "?" end = prev_addr(get_func_attr(func, FUNCATTR_END)) end_addr = end mnem = GetDisasm(end_addr) if "ret" not in mnem: # it's not a real end, get instruction before... end_addr = prev_addr(end) if end_addr == BADADDR: # cannot get the real end return "" mnem = GetDisasm(end_addr) if "ret" not in mnem: # cannot get the real end return "" op = get_operand_type(end_addr, 0) if op == o_void: # retn has NO parameters return "__cdecl" # retn has parameters return "__stdcall"
def handleHookInstCust(self, screenEA=None): if screenEA is not None: address = screenEA else: address = ScreenEA() # safety checks, can be start of the function if address in self.idbHookMap and self.idbHookMap[ address].hook.type == "func": dlg = AskYN( 0, "Address contains function hook!\nDo you want to remove it?") if dlg != 1: return # remove function hook self.handleUnhookFunc(address) offset, moduleName = self.getAddressDetails(address) hookDlg = InstructionHookDialog(moduleName, "%X" % address, GetDisasm(address), None) hookDlg.Compile() hookDlg.script.value = "" ok = hookDlg.Execute() if ok != 1: return hook = InstHook() hook.id = address hook.mnemonic = GetDisasm(address) hook.address = offset hook.module = moduleName hook.once = True if hookDlg.trigger.value == 0 else False hook.recentScriptFile = hookDlg.recentScriptFile hook.script = hookDlg.script.value entry = HookEntry(hook) outJSON = json.dumps({ "req_id": kFridaLink_SetHookRequest, "data": entry.genSetRequest() }) SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst) refresh_idaview_anyway() self.clientSocket.sendto(outJSON, self.clientAddress) self.idbHookMap[address] = entry self.idbHooksView.setContent(self.idbHookMap)
def handleQuickInstHook(self, address, once, breakpoint=False): # safety checks, can be start of the function if address in self.idbHookMap and self.idbHookMap[ address].hook.type == "func": dlg = AskYN( 0, "Address contains function hook!\nDo you want to remove it?") if dlg != 1: return # remove function hook self.handleUnhookFunc(address) offset, moduleName = self.getAddressDetails(address) hook = InstHook() hook.id = address hook.mnemonic = GetDisasm(address) hook.address = offset hook.module = moduleName hook.once = once hook.breakpoint = breakpoint entry = HookEntry(hook) outJSON = json.dumps({ "req_id": kFridaLink_SetHookRequest, "data": entry.genSetRequest() }) SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst) refresh_idaview_anyway() self.clientSocket.sendto(outJSON, self.clientAddress) self.idbHookMap[address] = entry self.idbHooksView.setContent(self.idbHookMap)
def GetInstructions(start_ea, end_ea): ins = [] for head in idautils.Heads(start_ea, end_ea): if idaapi.isCode(idaapi.getFlags(head)): ins.append(Instruction(head, GetDisasm(head))) return ins
def GetInstructions(start_ea, end_ea): """ Return a list of all the instructions in the range [start_ea, end_ea]. """ ins = [] for head in idautils.Heads(start_ea, end_ea): if idaapi.isCode(idaapi.getFlags(head)): ins.append(Instruction(head, GetDisasm(head))) return ins
def handleDebugStepOver(self): if self.clientSocket is None: return if self.debugBreakId is None: return cur_ea = self.debugBreakId decode_insn(cur_ea) next_ea = cur_ea + idaapi.cmd.size if isCode(getFlags(next_ea)) == False: return entry = None # remove current if self.debugBreakId in self.idbHookMap: entry = self.idbHookMap[self.debugBreakId] outJSON = json.dumps({ "req_id": kFridaLink_DelHookRequest, "data": entry.genDelRequest() }) del self.idbHookMap[self.debugBreakId] self.clientSocket.sendto(outJSON, self.clientAddress) SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset) refresh_idaview_anyway() offset, moduleName = self.getAddressDetails(next_ea) # install next if entry == None: hook = InstHook() hook.id = next_ea hook.once = once hook.breakpoint = True entry = HookEntry(hook) entry.hook.id = next_ea entry.hook.mnemonic = GetDisasm(next_ea) entry.hook.address = offset entry.hook.module = moduleName outJSON = json.dumps({ "req_id": kFridaLink_SetHookRequest, "data": entry.genSetRequest() }) self.clientSocket.sendto(outJSON, self.clientAddress) self.idbHookMap[next_ea] = entry self.idbHooksView.setContent(self.idbHookMap) self.handleDebugContinue()
def handleGetRealAddress(self, screenEA=None): if screenEA is not None: address = screenEA else: address = ScreenEA() offset, moduleName = self.getAddressDetails(address) for module in self.targetModules: if module['name'] == moduleName: moduleBase = module['base'] realAddr = int(moduleBase, 16) + offset self.handleFraplLog( "info", "[ %s ] 0x%X => 0x%X %s" % (moduleName, address, realAddr, GetDisasm(address))) break
def _hook_code(self, uc, address, size, user_data): if self.traceOption & TRACE_CODE: self._addTrace("### Trace Instruction at 0x%x, size = %u, %s" % (address, size, GetDisasm(address))) if address in self.altFunc.keys(): func, argc, balance = self.altFunc[address] try: sp = uc.reg_read(self.REG_SP) if self.REG_RA == 0: RA = unpack(self.pack_fmt, str(uc.mem_read(sp, self.step)))[0] sp += self.step else: RA = uc.reg_read(self.REG_RA) args = [] i = 0 while i < argc and i < len(self.REG_ARGS): args.append(uc.reg_read(self.REG_ARGS[i])) i += 1 sp2 = sp while i < argc: args.append( unpack(self.pack_fmt, str(uc.mem_read(sp2, self.step)))[0]) sp2 += self.step i += 1 res = func(uc, self.logBuffer, args) if type(res) != int: res = 0 uc.reg_write(self.REG_RES, res) uc.reg_write(self.REG_PC, RA) if balance: uc.reg_write(self.REG_SP, sp2) else: uc.reg_write(self.REG_SP, sp) except Exception as e: self._addTrace("alt exception: %s" % e)
def handleHookInstEdit(self, screenEA=None): if self.hookedInstruction() == False: return if screenEA is not None: address = screenEA else: address = ScreenEA() entry = self.idbHookMap[address] entry.hook.mnemonic = GetDisasm(address) hookDlg = InstructionHookDialog(entry.hook.module, "%X" % entry.hook.id, entry.hook.mnemonic, entry.hook.recentSrcFile) hookDlg.Compile() hookDlg.script.value = entry.hook.script hookDlg.trigger.value = 0 if entry.hook.once == True else 1 ok = hookDlg.Execute() if ok != 1: return flags = HookEntry.UDP_NONE once = True if hookDlg.trigger.value == 0 else False if entry.hook.once != once: entry.hook.once = once flags |= HookEntry.UPD_TRIGGER entry.hook.recentSrcFile = hookDlg.recentScriptFile if entry.hook.script != hookDlg.script.value: entry.hook.script = hookDlg.script.value flags |= HookEntry.UPD_SCRIPT outJSON = json.dumps({ "req_id": kFridaLink_UpdHookRequest, "data": entry.genUpdRequest(flags) }) self.clientSocket.sendto(outJSON, self.clientAddress)
def resolveStackAddress(self, address, symbol): if symbol[0] == "0x0": return None info = {} info['module'] = str(symbol[1]) segm = get_segm_by_name(info['module']) if segm is not None: locEA = segm.startEA delta = address - int(symbol[0], 16) + locEA func = get_func(delta) if func is not None: info['symbol'] = str(get_func_name(delta)) else: info['symbol'] = str(GetDisasm(delta)) elif symbol[2] != '': if symbol[2] == '<redacted>': info['symbol'] = "+0x%X" % (address - int(symbol[0], 16)) else: info['symbol'] = str(symbol[2]) else: info['symbol'] = '' return info
def make_item(self, value): #[["Address", 16], ["VTable addresses", 16], ["Name", 16], ["Instruction", 16]] tmp = " | ".join(map(lambda x: "0x%.8x" % x, value[1])) r = ["0x%.8x" % value[0], tmp, GetDisasm(value[0]).split(";")[0]] self.n += 1 return r