def finish_populating_widget_popup(self, form, popup): form_type = idaapi.get_widget_type(form) if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP: idaapi.attach_action_to_popup(form, popup, ACTION_PASTE, None) idaapi.attach_action_to_popup(form, popup, ACTION_DUMPER, None) idaapi.attach_action_to_popup(form, popup, ACTION_JMP, None) t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t( ), idaapi.get_current_viewer() if idaapi.read_selection( view, t0, t1) or idc.get_item_size(idc.get_screen_ea()) > 1: idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None) idaapi.attach_action_to_popup(form, popup, ACTION_FILLNOP, None) for action in ACTION_CONVERT: idaapi.attach_action_to_popup(form, popup, action, "Convert/") if form_type == idaapi.BWN_DISASM and (ARCH, BITS) in [ (idaapi.PLFM_386, 32), (idaapi.PLFM_386, 64), (idaapi.PLFM_ARM, 32), ]: idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def curpos(self, vu): # cursor pos changed -> highlight nodes that belong to current line if self.cg: vu.get_current_item(ida_hexrays.USE_KEYBOARD) line_numbers = [] objs = [] w = vu.ct p0 = idaapi.twinpos_t() p1 = idaapi.twinpos_t() if ida_kernwin.read_selection(w, p0, p1): place0 = p0.place(w) place1 = p1.place(w) a = place0.as_simpleline_place_t(place0).n b = place1.as_simpleline_place_t(place1).n line_numbers = [i for i in range(a, b + 1)] else: line_numbers = [vu.cpos.lnnum] for n in line_numbers: objs += self._get_obj_ids(vu, n) highlight = vu.item.e if vu.item.is_citem() else None self._update_graph( cfunc=None, objs=objs, highlight=highlight.obj_id if highlight else None) return 0
def selection(cls): '''Return the current address range of whatever is selected''' view = idaapi.get_current_viewer() left, right = idaapi.twinpos_t(), idaapi.twinpos_t() ok = idaapi.read_selection(view, left, right) if not ok: raise internal.exceptions.DisassemblerError("{:s}.selection() : Unable to read the current selection.".format('.'.join((__name__, cls.__name__)))) pl_l, pl_r = left.place(view), right.place(view) return _database.address.head(pl_l.ea), _database.address.tail(pl_r.ea)
def selection(cls): '''Return the current address range of whatever is selected''' view = idaapi.get_current_viewer() left, right = idaapi.twinpos_t(), idaapi.twinpos_t() ok = idaapi.read_selection(view, left, right) if not ok: raise internal.exceptions.DisassemblerError(u"{:s}.selection() : Unable to read the current selection.".format('.'.join((__name__, cls.__name__)))) pl_l, pl_r = left.place(view), right.place(view) ea_l, ea_r = internal.interface.address.inside(pl_l.ea, pl_r.ea) return internal.interface.bounds_t(ea_l, ea_r)
def finish_populating_widget_popup(self, form, popup): form_type = idaapi.get_widget_type(form) if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP: t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t( ), idaapi.get_current_viewer() if idaapi.read_selection(view, t0, t1) \ or idc.get_item_size(idc.get_screen_ea()) > 1: idaapi.attach_action_to_popup(form, popup, GOLANG_FUNC, None) idaapi.attach_action_to_popup(form, popup, GOLANG_STRING, None) idaapi.attach_action_to_popup(form, popup, RENAME_POINTER, None)
def get_selected_lines(vdui): vdui.get_current_item(idaapi.USE_KEYBOARD) line_numbers = [] w = vdui.ct p0 = idaapi.twinpos_t() p1 = idaapi.twinpos_t() if idaapi.read_selection(w, p0, p1): place0 = p0.place(w) place1 = p1.place(w) a = place0.as_simpleline_place_t(place0).n b = place1.as_simpleline_place_t(place1).n line_numbers = [i for i in range(a, b + 1)] else: line_numbers = [vdui.cpos.lnnum] return line_numbers
def activate(self, ctx): t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t( ), idaapi.get_current_viewer() if idaapi.read_selection(view, t0, t1): start, end = t0.place(view).toea(), t1.place(view).toea() end += idaapi.get_item_size(end) else: start = idaapi.get_screen_ea() if start == idaapi.BADADDR: print('Easy Nop :: Screen EA == idaapi.BADADDR') return 0 end = start + idaapi.get_item_size(start) if start == idaapi.BADADDR: print('Easy Nop :: Selection EA == idaapi.BADADDR') return 0 if start == end: print('Easy Nop :: Nothing to nop') return 0 for x in range(start, end): # Maybe theres a smarter way to get the nop value for different archs e.g. Assemble('nop') -> 0x90 idaapi.patch_byte(x, 0x90) for x in range(start + 1, end): idaapi.hide_item(x) # Must do this else it bugs out on 2x 1 byte instructions being nopped idaapi.hide_item(start) idaapi.unhide_item(start) # Search for hidden nops and add to count while idaapi.get_byte(end) == 0x90 and idaapi.is_hidden_item( end) == True: end += 1 count = end - start if count > 1: idaapi.set_cmt(start, "truncated nops (%d)" % (count), False) print(end) print(start) return 1
def handle_set_vtable_range(self): if self.edit_class is None: return p0 = idaapi.twinpos_t() p1 = idaapi.twinpos_t() view = idaapi.get_current_viewer() success = idaapi.read_selection(view, p0, p1) if not success: idaapi.warning('Please, select region in ida dissasembler') ea0 = p0.place(view).ea ea1 = p1.place(view).ea # Check selection if ea0 == idc.BADADDR or ea1 == idc.BADADDR: return if ea0 > ea1: return if ea0 != idc.get_screen_ea() and ea1 != idc.get_screen_ea(): return # Warning for large ranges if (ea1 - ea0) > 0x1000: if not util.ask_yes_no( 'Warning: The VTable range is longer than 0x1000 bytes. Continue?', False): return try: self.edit_class.set_vtable_range(ea0, ea1) self.update_fields() except ValueError as e: idaapi.warning(str(e))
def activate(self, ctx): if self.action in ACTION_CONVERT: # convert t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t( ), idaapi.get_current_viewer() if idaapi.read_selection(view, t0, t1): start, end = t0.place(view).toea(), t1.place(view).toea() size = end - start elif idc.get_item_size(idc.get_screen_ea()) > 1: start = idc.get_screen_ea() size = idc.get_item_size(start) end = start + size else: return False data = idc.get_bytes(start, size) if isinstance(data, str): # python2 compatibility data = bytearray(data) name = idc.get_name(start, idc.GN_VISIBLE) if not name: name = "data" if data: print("\n[+] Dump 0x%X - 0x%X (%u bytes) :" % (start, end, size)) if self.action == ACTION_CONVERT[0]: # escaped string print('"%s"' % "".join("\\x%02X" % b for b in data)) elif self.action == ACTION_CONVERT[1]: # hex string print("".join("%02X" % b for b in data)) elif self.action == ACTION_CONVERT[2]: # C array output = "unsigned char %s[%d] = {" % (name, size) for i in range(size): if i % 16 == 0: output += "\n " output += "0x%02X, " % data[i] output = output[:-2] + "\n};" print(output) elif self.action == ACTION_CONVERT[3]: # C array word data += b"\x00" array_size = (size + 1) // 2 output = "unsigned short %s[%d] = {" % (name, array_size) for i in range(0, size, 2): if i % 16 == 0: output += "\n " output += "0x%04X, " % u16(data[i:i + 2]) output = output[:-2] + "\n};" print(output) elif self.action == ACTION_CONVERT[4]: # C array dword data += b"\x00" * 3 array_size = (size + 3) // 4 output = "unsigned int %s[%d] = {" % (name, array_size) for i in range(0, size, 4): if i % 32 == 0: output += "\n " output += "0x%08X, " % u32(data[i:i + 4]) output = output[:-2] + "\n};" print(output) elif self.action == ACTION_CONVERT[5]: # C array qword data += b"\x00" * 7 array_size = (size + 7) // 8 output = "unsigned long %s[%d] = {" % (name, array_size) for i in range(0, size, 8): if i % 32 == 0: output += "\n " output += "%#018X, " % u64(data[i:i + 8]) output = output[:-2] + "\n};" print(output.replace("0X", "0x")) elif self.action == ACTION_CONVERT[6]: # python list print("[%s]" % ", ".join("0x%02X" % b for b in data)) elif self.action == ACTION_CONVERT[7]: # python list word data += b"\x00" print("[%s]" % ", ".join("0x%04X" % u16(data[i:i + 2]) for i in range(0, size, 2))) elif self.action == ACTION_CONVERT[8]: # python list dword data += b"\x00" * 3 print("[%s]" % ", ".join("0x%08X" % u32(data[i:i + 4]) for i in range(0, size, 4))) elif self.action == ACTION_CONVERT[9]: # python list qword data += b"\x00" * 7 print("[%s]" % ", ".join( "%#018X" % u64(data[i:i + 8]) for i in range(0, size, 8)).replace("0X", "0x")) elif self.action == ACTION_XORDATA: t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t( ), idaapi.get_current_viewer() if idaapi.read_selection(view, t0, t1): start, end = t0.place(view).toea(), t1.place(view).toea() else: if idc.get_item_size(idc.get_screen_ea()) > 1: start = idc.get_screen_ea() end = start + idc.get_item_size(start) else: return False data = idc.get_bytes(start, end - start) if isinstance(data, str): # python2 compatibility data = bytearray(data) x = idaapi.ask_long(0, "Xor with...") if x: x &= 0xFF print("\n[+] Xor 0x%X - 0x%X (%u bytes) with 0x%02X:" % (start, end, end - start, x)) print(repr("".join(chr(b ^ x) for b in data))) elif self.action == ACTION_FILLNOP: t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t( ), idaapi.get_current_viewer() if idaapi.read_selection(view, t0, t1): start, end = t0.place(view).toea(), t1.place(view).toea() idaapi.patch_bytes(start, b"\x90" * (end - start)) print("\n[+] Fill 0x%X - 0x%X (%u bytes) with NOPs" % (start, end, end - start)) elif self.action == ACTION_SCANVUL: print("\n[+] Finding Format String Vulnerability...") found = [] for addr in idautils.Functions(): name = idc.get_func_name(addr) if "printf" in name and "v" not in name and idc.get_segm_name( addr) in (".text", ".plt", ".idata"): xrefs = idautils.CodeRefsTo(addr, False) for xref in xrefs: vul = self.check_fmt_function(name, xref) if vul: found.append(vul) if found: print("[!] Done! %d possible vulnerabilities found." % len(found)) ch = VulnChoose("Vulnerability", found, None, False) ch.Show() else: print("[-] No format string vulnerabilities found.") else: return 0 return 1