def finish_populating_widget_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
# We will attach our action to the context menu
# for the 'Functions window' widget.
# The action will be be inserted in a submenu of
# the context menu, named 'Others'.
if idaversion.get_widget_type(form) == idaapi.BWN_CALL_STACK:
#line = form.GetCurrentLine()
pass
elif idaversion.get_widget_type(form) == idaapi.BWN_DISASM or \
idaversion.get_widget_type(form) == idaapi.BWN_DUMP:
#regs =['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp', 'esp', 'ax', 'bx', 'cx', 'dx', 'ah', 'al', 'bh', 'bl', 'ch', 'cl', 'dh', 'dl']
regs = idaapi.ph_get_regnames()
idaapi.attach_action_to_popup(form, popup, "revCursor:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "dis:action", 'RESim/')
highlighted = idaversion.getHighlight()
if highlighted is not None:
if highlighted in regs:
idaapi.attach_action_to_popup(form, popup, "modReg:action", 'RESim/')
else:
addr = getHex(highlighted)
if addr is not None or regFu.isHighlightedEffective():
idaapi.attach_action_to_popup(form, popup, "rev:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "dataWatch:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "addDataWatch:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "revData:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "modMemory:action", 'RESim/')
idaapi.attach_action_to_popup(form, popup, "stringMemory:action", 'RESim/')
opnum = idaapi.get_opnum()
if opnum >= 0:
idaapi.attach_action_to_popup(form, popup, "structField:action", 'RESim/')
def trackRegister(self):
highlighted = idaversion.getHighlight()
if highlighted is None or not self.isReg(highlighted):
print('%s not in reg list' % highlighted)
print('%s' % str(self.reg_list))
return
c=idaapi.Choose([], "back track to source of selected register", 1)
c.width=50
c.list = self.reg_list
chose = c.choose()
if chose == 0:
print('user canceled')
return
else:
highlighted = self.reg_list[chose-1]
print 'backtrack to source of to %s...' % highlighted
command = "@cgc.revTaintReg('%s')" % highlighted
simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command)
print('trackRegister got simicsString %s' % simicsString)
eip = None
if self.checkNoRev(simicsString):
eip = gdbProt.getEIPWhenStopped()
self.signalClient()
else:
return
curAddr = idaversion.get_reg_value(self.PC)
print('Current instruction (0x%x) is as far back as we can trace reg %s' % (curAddr, highlighted))
self.showSimicsMessage()
bookmark_list = self.bookmark_view.updateBookmarkView()
return eip
def activate(self, ctx):
addr = getRefAddr()
if addr is None:
highlighted = idaversion.getHighlight()
addr = getHex(highlighted)
'''
if regFu.isHighlightedEffective():
addr = regFu.getOffset()
else:
highlighted = idaversion.getHighlight()
addr = getHex(highlighted)
'''
sas = setAddrValue.SetAddrValue()
sas.Compile()
sas.iAddr.value = addr
sas.iOffset.value = 0
sas.iRawHex.value = idaversion.get_wide_dword(sas.iAddr.value)
ok = sas.Execute()
if ok != 1:
return
val = sas.iRawHex.value
addr = sas.iAddr.value
offset = sas.iOffset.value
new_addr = addr+offset
simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.writeWord(0x%x, 0x%x)");' % (new_addr, val))
time.sleep(2)
self.isim.updateBookmarkView()
self.isim.updateDataWatch()
idaversion.refresh_debugger_memory()
idaversion.refresh_idaview_anyway()
idaversion.refresh_choosers()
print('Bookmarks cleared -- select origin bookmark to return to this cycle')
print('Note: data watches previous to this point are retained, but associated bookmarks are deleted')
def registerMath(self):
retval = None
if regFu.isHighlightedEffective():
retval = regFu.getOffset()
else:
#regs =['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp']
highlighted = idaversion.getHighlight()
retval = None
if highlighted is not None:
print 'highlighted is %s' % highlighted
if self.isReg(highlighted):
retval = idaversion.get_reg_value(highlighted)
else:
try:
retval = int(highlighted, 16)
except:
pass
if retval is None:
''' TBD this is broken, manually manage register list? '''
for reg in self.reg_list:
if highlighted.startswith(reg):
rest = highlighted[len(reg):]
value = None
try:
value = int(rest[1:])
except:
pass
if value is not None:
if rest.startswith('+'):
regvalue = idaversion.get_reg_value(reg)
retval = regvalue + value
elif rest.startswith('-'):
regvalue = idaversion.get_reg_value(reg)
retval = regvalue - value
return retval
def wroteToRegister(self):
highlighted = idaversion.getHighlight()
'''
if highlighted is None or highlighted not in self.reg_list:
print('%s not in reg list' % highlighted)
c=idaapi.Choose([], "Run backward until selected register modified", 1)
c.width=50
c.list = self.reg_list
chose = c.choose()
if chose == 0:
print('user canceled')
return
else:
highlighted = self.reg_list[chose-1]
'''
print 'Looking for a write to %s...' % highlighted
command = "@cgc.revToModReg('%s')" % highlighted
simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command)
eip = None
if self.checkNoRev(simicsString):
eip = gdbProt.getEIPWhenStopped()
self.signalClient()
else:
return
curAddr = idaversion.get_reg_value(self.PC)
print('Current instruction (0x%x) wrote to reg %s' % (curAddr, highlighted))
return eip
def revTo(self):
highlighted = idaversion.getHighlight()
addr = reHooks.getHex(highlighted)
command = '@cgc.revToAddr(0x%x, extra_back=0)' % (addr)
#print('cmd: %s' % command)
simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command)
eip = gdbProt.getEIPWhenStopped()
self.isim.signalClient()
def isHighlightedEffective():
ip = idaversion.get_screen_ea()
instr = idc.GetDisasm(ip)
if '[' in instr:
val = instr.split('[', 1)[1].split(']')[0]
highlighted = idaversion.getHighlight()
if highlighted in val:
return True
else:
return False
def activate(self, ctx):
highlighted = idaversion.getHighlight()
current = idaversion.getRegVarValue(highlighted)
default = '%x' % current
print('default %s' % default)
#prompt = 'Value to write to %s (in hex, no prefix)' % highlighted
#print('prompt is %s' % prompt)
#enc = prompt.encode('utf-8')
value = idc.AskStr(default, 'reg value ?')
if value is None:
return
reg_param = "'%s'" % highlighted
simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.writeRegValue(%s, 0x%s)");' % (reg_param, value))
def getOffset():
'''
Assuming an offset, e.g., "var_11" is highlighted, and
assuming bp is proper, get the calculated address.
'''
retval = None
ip = idaversion.get_screen_ea()
print('ip is 0x%x' % ip)
highlighted = idaversion.getHighlight()
print('highlighted is %s' % highlighted)
ov0 = idc.print_operand(ip, 0)
ov1 = idc.print_operand(ip, 1)
print('op0 %s op1 %s' % (ov0, ov1))
if highlighted in ov0:
index = 0
want = ov0
else:
index = 1
want = ov1
''' Convert to numberic from symbol '''
idc.op_seg(ip, index)
if '[' in want and '+' in want or '-' in want:
op = idc.print_operand(ip, index)
print('op is %s' % op)
val = op.split('[', 1)[1].split(']')[0]
print('val %s' % val)
if '+' in val:
reg, value = val.split('+')
else:
reg, value = val.split('-')
reg_val = idaversion.get_reg_value(reg)
try:
value = value.strip('h')
value = int(value, 16)
except:
print('unable to parse int from %s' % value)
idc.op_stkvar(ip, 0)
return retval
if '+' in val:
retval = reg_val + value
else:
retval = reg_val - value
print('effective addr is 0x%x' % retval)
''' Convert back to symbol, e.g., var_11'''
idc.op_stkvar(ip, index)
return retval
def activate(self, ctx):
if regFu.isHighlightedEffective():
addr = regFu.getOffset()
else:
highlighted = idaversion.getHighlight()
addr = getHex(highlighted)
if addr is None:
print('ModMemoryHandler unable to parse hex from %s' %
highlighted)
return
sas = setAddrString.SetAddrString()
sas.Compile()
sas.iAddr.value = addr
val = ''
for i in range(8):
c = idaversion.get_wide_byte(addr + i)
if c >= 0x20 and c <= 0x7e:
val = val + chr(c)
else:
val = val + '.'
sas.iStr1.value = val
ok = sas.Execute()
if ok != 1:
return
self.last_data_mem_set = sas.iStr1.value
#sparm = "'%s'" % sas.iStr1.value
sparm = "'%s'" % str(sas.iStr1.value).strip()
dog = 'SendGDBMonitor("@cgc.writeString(0x%x, %s)");' % (
sas.iAddr.value, sparm)
print('dog is <%s>' % dog)
simicsString = gdbProt.Evalx(
'SendGDBMonitor("@cgc.writeString(0x%x, %s)");' %
(sas.iAddr.value, sparm))
time.sleep(2)
self.isim.updateBookmarkView()
self.isim.updateDataWatch()
idaversion.refresh_debugger_memory()
idaversion.refresh_idaview_anyway()
idaversion.refresh_choosers()
print(
'Bookmarks cleared -- select origin bookmark to return to this cycle'
)
print(
'Note: data watches previous to this point are retained, but associated bookmarks are deleted'
)
def activate(self, ctx):
highlighted = idaversion.getHighlight()
addr = getHex(highlighted)
count = self.last_data_watch_count
gac = getAddrCount.GetAddrCount()
gac.Compile()
gac.iAddr.value = addr
gac.iRawHex.value = count
ok = gac.Execute()
if ok != 1:
return
count = gac.iRawHex.value
addr = gac.iAddr.value
self.last_data_watch_count = count
simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.addDataWatch(0x%x, %d)");' % (addr, count))
print('add watch of %d bytes from 0x%x' % (count, addr))
def wroteToRegister(self):
highlighted = idaversion.getHighlight()
if highlighted is None or highlighted not in self.reg_list:
print('%s not in reg list' % highlighted)
highlighted = idaversion.ask_str('Wrote to register:', 'Which register?')
print 'Looking for a write to %s...' % highlighted
command = "@cgc.revToModReg('%s')" % highlighted
simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command)
eip = None
if self.checkNoRev(simicsString):
eip = gdbProt.getEIPWhenStopped()
self.signalClient()
else:
return
curAddr = idaversion.get_reg_value(self.PC)
print('Current instruction (0x%x) wrote to reg %s' % (curAddr, highlighted))
return eip
def activate(self, ctx):
highlighted = idaversion.getHighlight()
addr = getHex(highlighted)
count = self.last_data_watch_count
gac = getAddrCount.GetAddrCount()
gac.Compile()
gac.iAddr.value = addr
gac.iRawHex.value = count
ok = gac.Execute()
if ok != 1:
return
count = gac.iRawHex.value
addr = gac.iAddr.value
print('watch %d bytes from 0x%x' % (count, addr))
self.last_data_watch_count = count
simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.watchData(0x%x, %d)");' % (addr, count))
eip = gdbProt.getEIPWhenStopped()
self.isim.signalClient()
self.isim.showSimicsMessage()
def trackRegister(self):
highlighted = idaversion.getHighlight()
if highlighted is None or not self.isReg(highlighted) or highlighted not in self.reg_list:
print('%s not in reg list' % highlighted)
print('%s' % str(self.reg_list))
highlighted = idaversion.ask_str('Track register:', 'Which register?')
print 'backtrack to source of to %s...' % highlighted
command = "@cgc.revTaintReg('%s')" % highlighted
simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command)
print('trackRegister got simicsString %s' % simicsString)
eip = None
if self.checkNoRev(simicsString):
eip = gdbProt.getEIPWhenStopped()
self.signalClient()
else:
return
curAddr = idaversion.get_reg_value(self.PC)
print('Current instruction (0x%x) is as far back as we can trace reg %s' % (curAddr, highlighted))
self.showSimicsMessage()
bookmark_list = self.bookmark_view.updateBookmarkView()
return eip
