def sync_ask_rename():
"""
Dialog asking renaming confirmation to the user
"""
rename_flag = 0
if force or idc.ask_yn(
rename_flag, "Replace %s by %s" %
(get_name(), name["data"])) == 1:
logger.debug("[x] renaming %s @ 0x%x as %s", get_name(),
name["address"], name["data"])
ida_name.set_name(name["address"],
name["data"].encode('ascii', 'ignore'),
ida_name.SN_AUTO)
def run(self):
"""
Launch the hooks!
"""
idaapi.disable_script_timeout()
init_sync = 0
if idc.ask_yn(init_sync,
"Do you want to push your names and comments") == 1:
self.send_names()
self.send_comments()
if self.skel_settings.use_ui:
self.skel_ui.Show()
self.skel_sync_agent.start()
self.skel_hooks.hook()
def sync_ask_rename():
"""
Dialog asking renaming confirmation to the user
"""
rename_flag = 0
if force or idc.ask_yn(rename_flag, "Replace %s by %s" %
(get_name(), name["data"])) == 1:
logger.debug("[x] renaming %s @ 0x%x as %s",
get_name(),
name["address"],
name["data"])
ida_name.set_name(
name["address"], name["data"].encode(
'ascii', 'ignore'),
ida_name.SN_AUTO)
def run(self):
"""
Launch the hooks!
"""
idaapi.disable_script_timeout()
init_sync = 0
if idc.ask_yn(init_sync,
"Do you want to push your names and comments") == 1:
self.send_names()
self.send_comments()
if self.skel_settings.use_ui:
self.skel_ui.Show()
self.skel_sync_agent.start()
self.skel_hooks.hook()
def parse_function(ea):
func = ida_funcs.func_t(ea)
res = ida_funcs.find_func_bounds(func, ida_funcs.FIND_FUNC_DEFINE)
if res == ida_funcs.FIND_FUNC_UNDEF:
idc.ask_yn(1, 'can not find func bounds.')
exit(0)
addr = func.start_ea
hit_count = 0
gnm_name = ''
packet_count = 0
while addr < func.end_ea:
if idc.print_insn_mnem(addr) == 'call':
sub_name = idc.print_operand(addr, 0)
if 'SetAllocatedNodes@SchedulerProxy' in sub_name:
arg_addrs = ida_typeinf.get_arg_addrs(addr)
gnm_name_arg_addr = arg_addrs[1]
if idc.print_insn_mnem(gnm_name_arg_addr) != 'lea':
idc.ask_yn(
1, 'gnm name not passed by lea: {:X}'.format(
gnm_name_arg_addr))
exit(0)
name_addr = idc.get_operand_value(gnm_name_arg_addr, 1)
gnm_name = idc.get_strlit_contents(name_addr).decode('ascii')
hit_count += 1
if 'set_packet_count' in sub_name:
# we need to manually set set_packet_count function's type (press key Y)
# or get_arg_addrs will return None
arg_addrs = ida_typeinf.get_arg_addrs(addr)
packet_count_arg_addr = arg_addrs[1]
packet_count_inst = idc.print_insn_mnem(packet_count_arg_addr)
if packet_count_inst == 'mov':
op_type = idc.get_operand_type(packet_count_arg_addr, 1)
if op_type == idc.o_imm:
packet_count = idc.get_operand_value(
packet_count_arg_addr, 1)
else:
packet_count = 0
elif packet_count_inst == 'lea':
packet_count = 0
else:
idc.ask_yn(
1, 'packet count passed by {} at {:X}'.format(
packet_count_inst, packet_count_arg_addr))
exit(0)
hit_count += 1
if hit_count == 2:
break
addr = idc.next_head(addr)
return gnm_name, packet_count
def main(doAllFuncs=True):
#doAllFuncs=False
#jayutils.configLogger(__name__, logging.DEBUG)
jayutils.configLogger(__name__, logging.INFO)
logger = jayutils.getLogger('stackstrings')
logger.debug('Starting up now')
filePath = jayutils.getInputFilepath()
if filePath is None:
self.logger.info('No input file provided. Stopping')
return
vw = jayutils.loadWorkspace(filePath)
ea = idc.here()
res = -1
if using_ida7api:
res = idc.ask_yn(0, 'Use basic-block local aggregator')
else:
res = idc.AskYN(0, 'Use basic-block local aggregator')
if res == idaapi.ASKBTN_CANCEL:
print 'User canceled'
return
uselocalagg = (res == 1)
ranges = getFuncRanges(ea, doAllFuncs)
for funcStart, funcEnd in ranges:
try:
logger.debug('Starting on function: 0x%x', funcStart)
stringList = runStrings(vw, funcStart, uselocalagg)
for node, string in stringList:
if isLikelyFalsePositiveString(string):
#if it's very likely a FP, skip annotating
continue
print '0x%08x: %s' % (node[0], string)
#print '0x%08x: 0x%08x: %s %s' % (node[0], node[1], binascii.hexlify(string), string)
if using_ida7api:
idc.set_cmt(node[0], string.strip(), 0)
else:
idc.MakeComm(node[0], string.strip())
except Exception, err:
logger.exception('Error during parse: %s', str(err))
def OnFormChange(self, fid):
if fid == self.rOptMD5.id or fid == self.rOptFile.id:
input = (self.cfg.md5sum, self.cfg.infile)
if fid == self.rOptMD5.id:
c1 = self.rOptMD5
c2 = self.rOptFile
idx = 0
else:
c1 = self.rOptFile
c2 = self.rOptMD5
idx = 1
v = not self.GetControlValue(c1)
if v: idx = not idx
# Uncheck the opposite input type
self.SetControlValue(c2, v)
# Set input field depending on input type
self.SetControlValue(self.txtInput, input[idx])
#
# Report button
#
elif fid == self.btnReport.id:
input = self.GetControlValue(self.txtInput)
as_file = self.GetControlValue(self.rOptFile)
apikey = self.GetControlValue(self.txtApiKey)
ok, r = VtReport(self.cfg.apikey,
filename=input if as_file else None,
md5sum=None if as_file else input)
# Error?
if not ok:
idc.warning(r)
return 1
# Pass the result
self.EChooser.SetItems(r)
# We have results and it was a file? Print its MD5
if r and as_file:
print("%s: %s" % (vt.LAST_FILE_HASH, input))
# Refresh the embedded chooser control
# (Could also clear previous results if not were retrieved during this run)
self.RefreshField(self.cEChooser)
# Store the input for the caller
self.cfg.input = input
# No results and file as input was supplied?
if r is None:
if as_file:
# Propose to upload
if idc.ask_yn(
0,
"HIDECANCEL\nNo previous results. Do you want to submit the file:\n\n'%s'\n\nto VirusTotal?"
% input) == 0:
return 1
try:
r = vt.scan_file(input)
except Exception as e:
idc.warning("Exceptio during upload: %s" % str(e))
else:
if r is None:
idc.warning("Failed to upload the file!")
else:
idc.warning(
"File uploaded. Check again later to get the analysis report. Scan id: %s"
% r)
else:
idc.warning("No results found for hash: %s" % input)
return 1
# --------------------------------------------------------------------------
def ProcessUiActions(actions, flags=0):
"""
@param actions: A string containing a list of actions separated by semicolon, a list or a tuple
@param flags: flags to be passed to process_ui_action()
@return: Boolean. Returns False if the action list was empty or execute_ui_requests() failed.
"""
# Instantiate a helper
helper = __process_ui_actions_helper(actions, flags)
return False if len(helper) < 1 else idaapi.execute_ui_requests((helper,))
# --------------------------------------------------------------------------
class print_req_t(object):
def __init__(self, s):
self.s = s
def __call__(self):
idaapi.msg("%s" % self.s)
return False # Don't reschedule
if idc.ask_yn(1,("HIDECANCEL\nDo you want to run execute_ui_requests() example?\n"
"Press NO to execute ProcessUiActions() example\n")):
idaapi.execute_ui_requests(
(print_req_t("Hello"), print_req_t(" world\n")) )
else:
ProcessUiActions("JumpQ;JumpName")
# --------------------------------------------------------------------------
def ProcessUiActions(actions, flags=0):
"""
@param actions: A string containing a list of actions separated by semicolon, a list or a tuple
@param flags: flags to be passed to process_ui_action()
@return: Boolean. Returns False if the action list was empty or execute_ui_requests() failed.
"""
# Instantiate a helper
helper = __process_ui_actions_helper(actions, flags)
return False if len(helper) < 1 else idaapi.execute_ui_requests((helper, ))
# --------------------------------------------------------------------------
class print_req_t(object):
def __init__(self, s):
self.s = s
def __call__(self):
idaapi.msg("%s" % self.s)
return False # Don't reschedule
if idc.ask_yn(
1, ("HIDECANCEL\nDo you want to run execute_ui_requests() example?\n"
"Press NO to execute ProcessUiActions() example\n")):
idaapi.execute_ui_requests((print_req_t("Hello"), print_req_t(" world\n")))
else:
ProcessUiActions("JumpQ;JumpName")
import idautils
import idaapi
import idc
ea = ScreenEA()
if idaapi.isCode(idaapi.getFlags(ea)):
cmd = idc.GetDisasm(ea)
prt_str = "Current cmd: %s" % cmd
select = idc.ask_yn(ASKBTN_YES, prt_str)
if select == ASKBTN_YES:
length = idc.AskLong(1, "Instruction Number:")
if length > 0:
n = 0
print ""
oplist = []
for i in xrange(length):
if idaapi.isCode(idaapi.getFlags(ea)):
n += 1
cmd = idc.GetDisasm(ea)
print cmd
if cmd[:3] == "mov":
op1 = idc.get_operand_value(ea, 0)
op2 = idc.get_operand_value(ea, 1)
oplist.append((op1, op2))
#print hex(op1),hex(op2)
else:
break
ea = idc.NextHead(ea)
print "Process %d Instructions" % n
oplist.sort()
for (i, j) in oplist: