def init(self):
if not ida_hexrays.init_hexrays_plugin():
print("D-810 need Hex-Rays decompiler. Skipping")
return idaapi.PLUGIN_SKIP
kv = ida_kernwin.get_kernel_version().split(".")
if (int(kv[0]) < 7) or (int(kv[1]) < 5):
print("D-810 need IDA version >= 7.5. Skipping")
return idaapi.PLUGIN_SKIP
print("D-810 initialized (version {0})".format(D810_VERSION))
return idaapi.PLUGIN_OK
def hook(self):
if self._available is None:
if not ida_hexrays.init_hexrays_plugin():
self._plugin.logger.info("Hex-Rays SDK is not available")
self._available = False
else:
ida_hexrays.install_hexrays_callback(self._hxe_callback)
self._available = True
if self._available:
self._installed = True
def run(self, arg):
new_idx = (self.current_idx + 1) % len(
hx_switch_plugin_t.hx_alternatives)
plugin_id = hx_switch_plugin_t.hx_alternatives[self.current_idx]
new_plugin_id = hx_switch_plugin_t.hx_alternatives[new_idx]
print '[+] Switching to [%d]: %s' % (new_idx, repr(new_plugin_id))
ptr = ida_plugins.find_plugin(plugin_id)
if not ptr:
print '[!] Unable to locate the plugin description block'
return False
# Close all pseudocode views, otherwise IDA will crash on unload
self.hx_hook.close_hx_views()
# Temporarily unhook, avoid messing with `hexdsp`
self.hx_hook.unhook()
# Set unload flag
ptr.contents.flags |= idaapi.PLUGIN_UNL
# Replace the "run plugin" function with a dummy, so no more nags
ptr.contents.run = hx_switch_plugin_t.plugin_t_run_dummy
# Call the plugin and cue IDA to unload it
ida_plugins.run_plugin(ptr, 0)
# Load the new plugin
ida_plugins.find_plugin(new_plugin_id, True)
# Sometimes `ida_hexrays` forget to re-initialize, causing crash on
# switching decompilers and closing database
ida_hexrays.init_hexrays_plugin()
# Hook again to record views
self.hx_hook.hook()
self.current_idx = new_idx
return True
def init(self):
if ida_hexrays.init_hexrays_plugin():
i = hexrays_callback_info()
ida_kernwin.register_action(
ida_kernwin.action_desc_t(
inverter_actname,
"Invert then/else",
invert_action_handler_t(i),
"I"))
self.vds3_hooks = vds3_hooks_t(i)
self.vds3_hooks.hook()
return ida_idaapi.PLUGIN_KEEP # keep us in the memory
def init(self):
self.vds5_hooks = None
if not ida_hexrays.init_hexrays_plugin():
idaapi.msg("hexrays-graph: hexrays is not available.")
return idaapi.PLUGIN_SKIP
ida_kernwin.register_action(
ida_kernwin.action_desc_t(ACTION_NAME,
"Hex-Rays show C graph (IDAPython)",
display_graph_ah_t(), ACTION_SHORTCUT))
self.vds5_hooks = vds5_hooks_t()
self.vds5_hooks.hook()
return idaapi.PLUGIN_KEEP
def init(self):
if not ida_hexrays.init_hexrays_plugin():
print("pyhexraysdeob: no decompiler, skipping")
return ida_idaapi.PLUGIN_SKIP
print("Hex-rays version %s has been detected, %s ready to use" %
(ida_hexrays.get_hexrays_version(), self.wanted_name))
import sys
modules_path = os.path.join(my_dirname, "pyhexraysdeob_modules")
if not modules_path in sys.path:
sys.path.append(modules_path)
return ida_idaapi.PLUGIN_OK
def init(self):
result = idaapi.PLUGIN_SKIP
if ida_hexrays.init_hexrays_plugin():
try:
self.config = load_cfg()
except:
ida_kernwin.warning((
"%s failed parsing %s.\n"
"If fixing this config file manually doesn't help, please delete the file and re-run the plugin.\n\n"
"The plugin will now terminate." %
(PLUGIN_NAME, get_cfg_filename())))
else:
result = idaapi.PLUGIN_KEEP
return result
def init(self):
print('IDABuddy init')
if not ida_hexrays.init_hexrays_plugin():
db_error('Failed to initialize Hex-Rays SDK')
return ida_idaapi.PLUGIN_SKIP
# actions registration block
register(MakeItConst)
self.hx_hook = BuddyHooks()
self.hx_hook.hook()
return ida_idaapi.PLUGIN_KEEP
def load_decompiler():
ALL_DECOMPILERS = {
ida_idp.PLFM_386: ("hexrays", "hexx64"),
ida_idp.PLFM_ARM: ("hexarm", "hexarm64"),
ida_idp.PLFM_PPC: ("hexppc", "hexppc64"),
}
pair = ALL_DECOMPILERS.get(ida_idp.ph.id, None)
if pair:
decompiler = pair[1 if ida_ida.cvar.inf.is_64bit() else 0]
if ida_loader.load_plugin(
decompiler) and ida_hexrays.init_hexrays_plugin():
return True
else:
print("Couldn't load or initialize decompiler: \"%s\"" %
decompiler)
else:
print("No known decompilers for architecture with ID: %d" %
ida_idp.ph.id)
def main():
show_banner()
print "Unregistering old action..."
ida_kernwin.unregister_action(ACTION_NAME)
if ida_hexrays.init_hexrays_plugin():
ida_kernwin.register_action(
ida_kernwin.action_desc_t(ACTION_NAME,
"Keep sanity (stack strings)",
stack_strings_ah_t(), None))
print "Registered new action"
idaapi.install_hexrays_callback(cb)
else:
print "[x] No decompiler found!"
return
def init(self):
"""
This is called by IDA when it is loading the plugin.
"""
# only bother to load the plugin for relevant sessions
if not is_amd64_idb():
return ida_idaapi.PLUGIN_SKIP
# ensure the x64 decompiler is loaded
ida_loader.load_plugin("hexx64")
assert ida_hexrays.init_hexrays_plugin(
), "Missing Hexx64 Decompiler..."
# initialize the AVX lifter
self.avx_lifter = AVXLifter()
self.avx_lifter.install()
sys.modules["__main__"].lifter = self.avx_lifter
# mark the plugin as loaded
self.loaded = True
return ida_idaapi.PLUGIN_KEEP
def main():
if not ida_hexrays.init_hexrays_plugin():
return False
print("Hex-rays version %s has been detected" %
ida_hexrays.get_hexrays_version())
f = ida_funcs.get_func(ida_kernwin.get_screen_ea())
if f is None:
print("Please position the cursor within a function")
return True
cfunc = ida_hexrays.decompile(f)
if cfunc is None:
print("Failed to decompile!")
return True
sv = cfunc.get_pseudocode()
for sline in sv:
print(ida_lines.tag_remove(sline.line))
return True
def init_hexrays():
ALL_DECOMPILERS = {
ida_idp.PLFM_386: "hexrays",
ida_idp.PLFM_ARM: "hexarm",
ida_idp.PLFM_PPC: "hexppc",
ida_idp.PLFM_MIPS: "hexmips",
}
cpu = ida_idp.ph.id
decompiler = ALL_DECOMPILERS.get(cpu, None)
if not decompiler:
print("No known decompilers for architecture with ID: %d" %
ida_idp.ph.id)
return False
if ida_ida.inf_is_64bit():
if cpu == ida_idp.PLFM_386:
decompiler = "hexx64"
else:
decompiler += "64"
if ida_loader.load_plugin(
decompiler) and ida_hexrays.init_hexrays_plugin():
return True
else:
print('Couldn\'t load or initialize decompiler: "%s"' % decompiler)
return False
def init(self):
return idaapi.PLUGIN_KEEP if ida_hexrays.init_hexrays_plugin(
) else idaapi.PLUGIN_SKIP
def main():
ida_auto.auto_wait()
ALL_DECOMPILERS = {
ida_idp.PLFM_386: ("hexrays", "hexx64"),
ida_idp.PLFM_ARM: ("hexarm", "hexarm64"),
ida_idp.PLFM_PPC: ("hexppc", "hexppc64"),
}
pair = ALL_DECOMPILERS.get(ida_idp.ph.id, None)
if pair:
decompiler = pair[1 if ida_ida.cvar.inf.is_64bit() else 0]
if ida_loader.load_plugin(
decompiler) and ida_hexrays.init_hexrays_plugin():
eqty = ida_entry.get_entry_qty()
if eqty:
decompiled = []
# For all entrypoints
for i in xrange(0, eqty):
# Get current ea
ea = ida_entry.get_entry(ida_entry.get_entry_ordinal(i))
# Get segment class
seg = getseg(ea)
# Loop from segment start to end
func_ea = seg.startEA
# Get a function at the start of the segment (if any)
func = get_func(func_ea)
if func is None:
# No function there, try to get the next one
func = get_next_func(func_ea)
seg_end = seg.end_ea
while func is not None and func.start_ea < seg_end:
funcea = func.start_ea
# Skip function if already decompiled
if get_func_name(funcea) not in decompiled:
decompiled.append(get_func_name(funcea))
print "Function %s at 0x%X" % (
get_func_name(funcea), funcea)
print("Decompiling at: 0x%X" % funcea)
try:
cf = ida_hexrays.decompile(funcea)
if cf:
print(cf)
else:
print("Decompilation failed")
except:
print('')
func = get_next_func(funcea)
else:
print("No known entrypoint. Cannot decompile.")
else:
print("Couldn't load or initialize decompiler: \"%s\"" %
decompiler)
else:
print("No known decompilers for architecture with ID: %d" %
ida_idp.ph.id)
print decompiled
def init(self):
if ida_hexrays.init_hexrays_plugin():
self.optimizer = sample_optimizer_t()
self.optimizer.install()
print("Installed sample optimizer for 'x | ~x'")
return ida_idaapi.PLUGIN_KEEP # keep us in the memory
# we're inside a literal.
if c == delim:
delim = None # literal ended
elif c == '"' or c == "'":
delim = c # string/char literal started
elif c.isspace():
end = l.lstrip()
nptr = my_tag_skipcodes(end, out)
dbg("end: '%s', nptr: '%s'" % (end, nptr))
# do not concatenate idents
if not is_cident_char(last) or not is_cident_char(nptr[0]):
l = end
c = l[0] if l else ''
dbg("new l: '%s'" % l)
last = l[0] if l else ''
sl.line = "".join(out)
class vds6_hooks_t(ida_hexrays.Hexrays_Hooks):
def func_printed(self, cfunc):
for sl in cfunc.get_pseudocode():
remove_spaces(sl);
return 0
if ida_hexrays.init_hexrays_plugin():
vds6_hooks = vds6_hooks_t()
vds6_hooks.hook()
else:
print('remove spaces: hexrays is not available.')
import ida_auto
import ida_loader
import ida_hexrays
import ida_idp
import ida_entry
ida_auto.auto_wait()
ALL_DECOMPILERS = {
ida_idp.PLFM_386 : ("hexrays", "hexx64"),
ida_idp.PLFM_ARM : ("hexarm", "hexarm64"),
ida_idp.PLFM_PPC : ("hexppc", "hexppc64"),
}
pair = ALL_DECOMPILERS.get(ida_idp.ph.id, None)
if pair:
decompiler = pair[1 if ida_ida.cvar.inf.is_64bit() else 0]
if ida_loader.load_plugin(decompiler) and ida_hexrays.init_hexrays_plugin():
eqty = ida_entry.get_entry_qty()
if eqty:
ea = ida_entry.get_entry(ida_entry.get_entry_ordinal(0))
print("Decompiling at: %X" % ea)
cf = ida_hexrays.decompile(ea)
if cf:
print(cf)
else:
print("Decompilation failed")
else:
print("No known entrypoint. Cannot decompile.")
else:
print("Couldn't load or initialize decompiler: \"%s\"" % decompiler)
else:
print("No known decompilers for architecture with ID: %d" % ida_idp.ph.id)
def plugin_loaded(self, plugin_info):
if plugin_info.name == "Hex-Rays Decompiler":
if ida_hexrays.init_hexrays_plugin():
self.hexrays_support = True
ida_hexrays.install_hexrays_callback(self.hxe_callback)
print("[AMIE] Hex-Rays decompiler is supported")
def update_vtable_struct(
functions_ea,
vtable_struct,
class_name,
this_type=None,
get_next_func_callback=get_vtable_line,
vtable_head=None,
ignore_list=None,
add_dummy_member=False,
pure_virtual_name=None,
parent_name=None,
add_func_this=True,
force_rename_vtable_head=False, # rename vtable head even if it is already named by IDA
# if it's not named, then it will be renamed anyway
):
# pylint: disable=too-many-arguments,too-many-locals,too-many-branches
# TODO: refactor
if this_type is None:
this_type = utils.get_typeinf_ptr(class_name)
if not add_func_this:
this_type = None
func_ea, next_func = get_next_func_callback(
functions_ea,
ignore_list=ignore_list,
pure_virtual_name=pure_virtual_name,
)
dummy_i = 1
offset = 0
while func_ea is not None:
new_func_name, _ = update_func_name_with_class(func_ea, class_name)
func_ptr = None
if ida_hexrays.init_hexrays_plugin():
fix_userpurge(func_ea, idc.TINFO_DEFINITE)
update_func_this(func_ea, this_type, idc.TINFO_DEFINITE)
func_ptr = utils.get_typeinf_ptr(utils.get_func_tinfo(func_ea))
else:
func_ptr = make_funcptr_pt(func_ea, this_type) # TODO: maybe try to get or guess type?
if add_dummy_member:
utils.add_to_struct(vtable_struct, "dummy_%d" % dummy_i, func_ptr)
dummy_i += 1
offset += utils.WORD_LEN
ptr_member = utils.add_to_struct(
vtable_struct, new_func_name, func_ptr, offset, overwrite=True, is_offs=True
)
if ptr_member is None:
log.error(
"Couldn't add %s(%s) to vtable struct 0x%X at offset 0x%X",
new_func_name,
str(func_ptr),
vtable_struct.id,
offset,
)
offset += utils.WORD_LEN
if not ida_xref.add_dref(ptr_member.id, func_ea, ida_xref.XREF_USER | ida_xref.dr_I):
log.warn(
"Couldn't create xref between member %s and func %s",
ida_struct.get_member_name(ptr_member.id),
idc.get_name(func_ea),
)
func_ea, next_func = get_next_func_callback(
next_func,
ignore_list=ignore_list,
pure_virtual_name=pure_virtual_name,
)
vtable_size = ida_struct.get_struc_size(vtable_struct)
if vtable_head is None:
vtable_head = functions_ea
# ida_bytes.del_items(vtable_head, ida_bytes.DELIT_SIMPLE, vtable_size)
ida_bytes.create_struct(vtable_head, vtable_size, vtable_struct.id)
if not idc.hasUserName(idc.get_full_flags(vtable_head)) or force_rename_vtable_head:
if parent_name is None and this_type:
parent = utils.deref_struct_from_tinfo(this_type)
parent_name = ida_struct.get_struc_name(parent.id)
if parent_name == class_name:
parent_name = None
idc.set_name(
vtable_head,
get_vtable_instance_name(class_name, parent_name),
ida_name.SN_CHECK | ida_name.SN_FORCE,
)
import ida_hexrays
import ida_idp
import ida_entry
ida_auto.auto_wait()
ALL_DECOMPILERS = {
ida_idp.PLFM_386: ("hexrays", "hexx64"),
ida_idp.PLFM_ARM: ("hexarm", "hexarm64"),
ida_idp.PLFM_PPC: ("hexppc", "hexppc64"),
ida_idp.PLFM_MIPS: ("hexmips", "hexmips64"),
}
pair = ALL_DECOMPILERS.get(ida_idp.ph.id, None)
if pair:
decompiler = pair[1 if ida_ida.cvar.inf.is_64bit() else 0]
if ida_loader.load_plugin(
decompiler) and ida_hexrays.init_hexrays_plugin():
eqty = ida_entry.get_entry_qty()
if eqty:
ea = ida_entry.get_entry(ida_entry.get_entry_ordinal(0))
print("Decompiling at: %X" % ea)
cf = ida_hexrays.decompile(ea)
if cf:
print(cf)
else:
print("Decompilation failed")
else:
print("No known entrypoint. Cannot decompile.")
else:
print("Couldn't load or initialize decompiler: \"%s\"" % decompiler)
else:
print("No known decompilers for architecture with ID: %d" % ida_idp.ph.id)
def update_vtable_struct(
functions_ea,
vtable_struct,
class_name,
this_type=None,
get_next_func_callback=get_vtable_line,
vtable_head=None,
ignore_list=None,
add_dummy_member=False,
pure_virtual_name=None,
parent_name=None,
add_func_this=True,
):
is_first_member = True
if this_type is None:
this_type = utils.get_typeinf_ptr(class_name)
if not add_func_this:
this_type = None
func, next_func = get_next_func_callback(
functions_ea, ignore_list=ignore_list, pure_virtual_name=pure_virtual_name
)
dummy_i = 1
while func is not None:
new_func_name, is_name_changed = update_func_name_with_class(func, class_name)
func_ptr = None
if ida_hexrays.init_hexrays_plugin():
if is_name_changed:
func_type = update_func_this(func, this_type)
else:
func_type = update_func_this(func, None)
if func_type is not None:
func_ptr = utils.get_typeinf_ptr(func_type)
else:
func_ptr = make_funcptr_pt(func, this_type)
if add_dummy_member:
utils.add_to_struct(vtable_struct, f"dummy_{dummy_i}", func_ptr)
dummy_i += 1
if is_first_member:
# We did an hack for vtables contained in union vtable with one dummy member
ptr_member = utils.add_to_struct(
vtable_struct, new_func_name, func_ptr, 0, overwrite=True
)
is_first_member = False
else:
ptr_member = utils.add_to_struct(
vtable_struct, new_func_name, func_ptr, is_offset=True
)
if ptr_member is None:
logging.exception(
"Couldn't add %s(%s) to %d",
new_func_name,
str(func_ptr),
vtable_struct.id,
)
ida_xref.add_dref(ptr_member.id, func, ida_xref.XREF_USER | ida_xref.dr_I)
func, next_func = get_next_func_callback(
next_func, ignore_list=ignore_list, pure_virtual_name=pure_virtual_name
)
vtable_size = ida_struct.get_struc_size(vtable_struct)
if vtable_head is None:
vtable_head = functions_ea
ida_bytes.del_items(vtable_head, ida_bytes.DELIT_SIMPLE, vtable_size)
ida_bytes.create_struct(vtable_head, vtable_size, vtable_struct.id)
if parent_name is None and this_type:
parent = utils.deref_struct_from_tinfo(this_type)
parent_name = ida_struct.get_struc_name(parent.id)
if parent_name == class_name:
parent_name = None
utils.set_name_retry(vtable_head, get_vtable_instance_name(class_name, parent_name))
def is_compatible():
"""Checks whether script is compatible with current IDA and
decompiler versions."""
min_ida_ver = "7.2"
return is_ida_version(min_ida_ver) and ida_hexrays.init_hexrays_plugin()
def _init_hx():
from ida_hexrays import init_hexrays_plugin
init_hexrays_plugin()
def init(self):
if ida_hexrays.init_hexrays_plugin():
self.optimizer = goto_optimizer_t()
self.optimizer.install()
return ida_idaapi.PLUGIN_KEEP # keep us in the memory
def init(self):
if ida_hexrays.init_hexrays_plugin():
self.vds6_hooks = vds6_hooks_t()
self.vds6_hooks.hook()
return ida_idaapi.PLUGIN_KEEP # keep us in the memory
if c == delim:
delim = None # literal ended
elif c == '"' or c == "'":
delim = c # string/char literal started
elif c.isspace():
end = l.lstrip()
nptr = my_tag_skipcodes(end, out)
dbg("end: '%s', nptr: '%s'" % (end, nptr))
# do not concatenate idents
if not is_cident_char(last) or not is_cident_char(nptr[0]):
l = end
c = l[0] if l else ''
dbg("new l: '%s'" % l)
last = l[0] if l else ''
sl.line = "".join(out)
class vds6_hooks_t(ida_hexrays.Hexrays_Hooks):
def func_printed(self, cfunc):
for sl in cfunc.get_pseudocode():
remove_spaces(sl)
return 0
if ida_hexrays.init_hexrays_plugin():
vds6_hooks = vds6_hooks_t()
vds6_hooks.hook()
else:
print('remove spaces: hexrays is not available.')
for i in range(0, nimps):
name = idaapi.get_import_module_name(i)
if not name:
continue
if "ntdll" in name:
idaapi.enum_import_names(i, imp_cb)
if nt_power_information is not None:
break
output_filename = basename(ida_nalt.get_input_file_path()) \
+ ida_nalt.get_root_filename() + ".dec"
if nt_power_information:
ida_auto.auto_wait()
if ida_loader.load_plugin("hexx64") and ida_hexrays.init_hexrays_plugin():
code_xrefs = idautils.CodeRefsTo(nt_power_information, 1)
for cx in code_xrefs:
cf = ida_hexrays.decompile(cx)
if cf:
with open(output_filename, "a") as fd:
fd.write(str(cf) + '\n')
else:
with open(output_filename, "a") as fd:
fd.write("[!] Decompilation failed\n")
else:
with open(output_filename, "a") as fd:
fd.write("[!] Decompiler loading failed\n")
else:
with open(output_filename, "a") as fd:
fd.write("[+] NtPowerInformation import was not found\n")
