def load_from_persistent():
global PersistentStorage
global Storage
PersistentStorage = Netnode(NetnodeName)
if StorageName not in PersistentStorage:
PersistentStorage[StorageName] = []
Storage = PersistentStorage[StorageName]
def populate_items(self):
import pydevd
# pydevd.settrace('localhost', port=31337, stdoutToServer=True, stderrToServer=True, suspend=False)
self.items = []
n = Netnode("$HexRaysPyTools:ReplacedLVars")
for func_ea in n.keys():
l = n[func_ea]
if type(func_ea) == int:
func_ea = str(func_ea)
for target_ea in l:
target_idx, path, new_idx = l[target_ea]
if type(target_ea) == int:
target_ea = str(target_ea)
self.items.append([
func_ea, target_ea,
str(target_idx),
str(new_idx),
str(path)
])
def OnDeleteLine(self, n):
# print("del %d " % n)
func_ea, target_ea, target_idx, new_idx, path = self.items[n]
func_ea = int(func_ea, 10)
net = Netnode("$HexRaysPyTools:ReplacedLVars")
if func_ea in net:
l = net[func_ea]
if target_ea in l:
del l[target_ea]
net[func_ea] = l
if len(net[func_ea]) == 0:
del net[func_ea]
self.items.pop(n)
self.obj.RefreshField(self.obj.controls['cEChooser'])
return n
def process_replace_lvars(cfunc):
n = Netnode("$HexRaysPyTools:ReplacedLVars")
if cfunc.entry_ea in n:
l = n[cfunc.entry_ea]
for target_ea in l:
target_idx, path, new_idx = l[target_ea]
target_ea = int(target_ea, 10)
visitor = ReplaceLVarVisitor(cfunc)
nodes = visitor.process()
for node in nodes:
if node.is_expr(
) and node.ea == target_ea and node.op == path[0][1]:
node = traverse_path(node, path)
if node.op == idaapi.cot_var and node.v.idx == target_idx:
node.to_specific_type.v.idx = new_idx
break
visitor.recalc_parent_types()
def hexrays_events_callback(*args):
if fDebug:
pydevd.settrace('localhost', port=31337, stdoutToServer=True, stderrToServer=True, suspend=False)
hexrays_event = args[0]
from HexRaysPyTools.Config import hex_pytools_config
if hexrays_event == idaapi.hxe_populating_popup:
form, popup, hx_view = args[1:]
item = hx_view.item # current ctree_item_t
for ac in hex_pytools_config.actions_refs.values():
if ac.ForPopup and hex_pytools_config[ac.name] and ac.check(hx_view.cfunc,item):
idaapi.attach_action_to_popup(form, popup, ac.name, None)
# if Actions.RecastStructMember.check(hx_view.cfunc,item):
# if hex_pytools_config[Actions.RecastStructMember.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RecastStructMember.name, None)
#
# if Actions.SimpleCreateStruct.check(hx_view.cfunc,item):
# if hex_pytools_config[Actions.SimpleCreateStruct.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.SimpleCreateStruct.name, None)
#
# if Actions.RecastItemRight.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.RecastItemRight.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RecastItemRight.name, None)
#
# if Actions.RecastItemLeft.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.RecastItemLeft.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RecastItemLeft.name, None)
#
# if Actions.RenameOther.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.RenameOther.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RenameOther.name, None)
#
# if Actions.RenameInside.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.RenameInside.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RenameInside.name, None)
#
# if Actions.RenameOutside.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.RenameOutside.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RenameOutside.name, None)
#
# if Actions.SwapThenElse.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.SwapThenElse.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.SwapThenElse.name, None)
#
# if Actions.ShallowScanVariable.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.ShallowScanVariable.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.ShallowScanVariable.name, None)
# if hex_pytools_config[Actions.DeepScanVariable.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.DeepScanVariable.name, None)
# if hex_pytools_config[Actions.RecognizeShape.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RecognizeShape.name, None)
#
# if Actions.CreateNewField.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.CreateNewField.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.CreateNewField.name, None)
#
# if Actions.CreateVtable.check(hx_view.cfunc, item):
# if hex_pytools_config[Actions.CreateVtable.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.CreateVtable.name, None)
#
# if Actions.AddRemoveReturn.check(hx_view.cfunc, item) and hex_pytools_config[Actions.AddRemoveReturn.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.AddRemoveReturn.name, None)
# if Actions.ConvertToUsercall.check(hx_view.cfunc, item) and hex_pytools_config[Actions.ConvertToUsercall.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.ConvertToUsercall.name, None)
# if Actions.DeepScanReturn.check(hx_view.cfunc, item) and hex_pytools_config[Actions.DeepScanReturn.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.DeepScanReturn.name, None)
#
# if Actions.RemoveArgument.check(hx_view.cfunc,item) and hex_pytools_config[Actions.RemoveArgument.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.RemoveArgument.name, None)
#
# if Actions.GetStructureBySize.check(hx_view.cfunc,item) and hex_pytools_config[Actions.GetStructureBySize.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.GetStructureBySize.name, None)
#
# if Actions.SelectContainingStructure.check(hx_view.cfunc,item) and hex_pytools_config[Actions.SelectContainingStructure.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.SelectContainingStructure.name, None)
#
# if Actions.ResetContainingStructure.check(hx_view.cfunc,item):
# if hex_pytools_config[Actions.ResetContainingStructure.name]:
# idaapi.attach_action_to_popup(form, popup, Actions.ResetContainingStructure.name, None)
elif hexrays_event == idaapi.hxe_double_click:
hx_view = args[1]
item = hx_view.item
if item.citype == idaapi.VDI_EXPR and item.e.op == idaapi.cot_memptr:
# Look if we double clicked on expression that is member pointer. Then get tinfo_t of the structure.
# After that remove pointer and get member name with the same offset
if item.e.x.op == idaapi.cot_memref and item.e.x.x.op == idaapi.cot_memptr:
vtable_tinfo = item.e.x.type.get_pointed_object()
method_offset = item.e.m
class_tinfo = item.e.x.x.x.type.get_pointed_object()
vtable_offset = item.e.x.x.m
elif item.e.x.op == idaapi.cot_memptr:
vtable_tinfo = item.e.x.type.get_pointed_object()
method_offset = item.e.m
class_tinfo = item.e.x.x.type.get_pointed_object()
vtable_offset = item.e.x.m
else:
return 0
#print vtable_tinfo.get_type_name()
#print method_offset
udt_member = idaapi.udt_member_t()
udt_member.offset = method_offset * 8
vtable_tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)
func_ea = Helper.get_virtual_func_address(udt_member.name, class_tinfo, vtable_offset)
if func_ea:
idaapi.open_pseudocode(func_ea, 0)
return 1
n = Netnode("$ VTables")
vt_name = vtable_tinfo.get_type_name()
if vt_name in n:
l = n[vt_name]
#print l
info = idaapi.get_inf_structure()
if info.is_32bit():
ptr_size = 4
elif info.is_64bit():
ptr_size = 8
else:
ptr_size = 2
if method_offset%ptr_size == 0 and method_offset/ptr_size < len(l):
idaapi.open_pseudocode(l[method_offset/ptr_size] + idaapi.get_imagebase(), 0)
elif hexrays_event == idaapi.hxe_maturity:
cfunc, level_of_maturity = args[1:]
if level_of_maturity == idaapi.CMAT_BUILT:
# print '=' * 40
# print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
# print '=' * 40
# print cfunc
# First search for CONTAINING_RECORD made by Ida
visitor = NegativeOffsets.SearchVisitor(cfunc)
visitor.apply_to(cfunc.body, None)
negative_lvars = visitor.result
# Second get saved information from comments
lvars = cfunc.get_lvars()
for idx in xrange(len(lvars)):
result = NegativeOffsets.parse_lvar_comment(lvars[idx])
if result and result.tinfo.equals_to(lvars[idx].type().get_pointed_object()):
negative_lvars[idx] = result
# Third make an analysis of local variables that a structure pointers and have reference that pass
# through structure boundaries. This variables will be considered as potential pointers to substructure
# and will get a menu on right click that helps to select Containing Structure from different libraries
structure_pointer_variables = {}
for idx in set(range(len(lvars))) - set(negative_lvars.keys()):
if lvars[idx].type().is_ptr():
pointed_tinfo = lvars[idx].type().get_pointed_object()
if pointed_tinfo.is_udt():
structure_pointer_variables[idx] = pointed_tinfo
if structure_pointer_variables:
visitor = NegativeOffsets.AnalyseVisitor(structure_pointer_variables, potential_negatives)
visitor.apply_to(cfunc.body, None)
if negative_lvars:
visitor = NegativeOffsets.ReplaceVisitor(negative_lvars)
visitor.apply_to(cfunc.body, None)
elif level_of_maturity == idaapi.CMAT_TRANS1:
visitor = SwapThenElseVisitor(cfunc.entry_ea)
visitor.apply_to(cfunc.body, None)
elif level_of_maturity == idaapi.CMAT_TRANS2:
return 0
# print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
# print '=' * 40
# print cfunc
visitor = SpaghettiVisitor()
visitor.apply_to(cfunc.body, None)
return 0
def hexrays_events_callback(*args):
if fDebug:
pydevd.settrace('localhost',
port=31337,
stdoutToServer=True,
stderrToServer=True,
suspend=False)
hexrays_event = args[0]
from HexRaysPyTools.Settings import hex_pytools_config
if hexrays_event == idaapi.hxe_populating_popup:
form, popup, hx_view = args[1:]
item = hx_view.item # current ctree_item_t
for ac in hex_pytools_config.actions_refs.values():
if ac.ForPopup and hex_pytools_config[ac.name] and ac.check(
hx_view.cfunc, item):
idaapi.attach_action_to_popup(form, popup, ac.name, None)
# if Actions.GuessAllocation.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.GuessAllocation.name, None)
#
# if Actions.RecastItemRight.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.RecastItemRight.name, None)
#
# if Actions.RecastItemLeft.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.RecastItemLeft.name, None)
#
# if Actions.RenameOther.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.RenameOther.name, None)
#
# if Actions.RenameInside.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.RenameInside.name, None)
#
# if Actions.RenameOutside.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.RenameOutside.name, None)
#
# if Actions.RenameUsingAssert.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.RenameUsingAssert.name, None)
#
# if Actions.SwapThenElse.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.SwapThenElse.name, None)
#
# if Actions.ShallowScanVariable.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.ShallowScanVariable.name, None)
# idaapi.attach_action_to_popup(form, popup, Actions.DeepScanVariable.name, None)
# idaapi.attach_action_to_popup(form, popup, Actions.RecognizeShape.name, None)
#
# if Actions.CreateNewField.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.CreateNewField.name, None)
#
# if Actions.FindFieldXrefs.check(item):
# idaapi.attach_action_to_popup(form, popup, Actions.FindFieldXrefs.name, None)
#
# if Actions.PropagateName.check(hx_view.cfunc, item):
# idaapi.attach_action_to_popup(form, popup, Actions.PropagateName.name, None)
#
# if item.citype == idaapi.VDI_FUNC:
# # If we clicked on function
# if not hx_view.cfunc.entry_ea == idaapi.BADADDR: # Probably never happen
# idaapi.attach_action_to_popup(form, popup, Actions.AddRemoveReturn.name, None)
# idaapi.attach_action_to_popup(form, popup, Actions.ConvertToUsercall.name, None)
# if Actions.DeepScanReturn.check(hx_view):
# idaapi.attach_action_to_popup(form, popup, Actions.DeepScanReturn.name, None)
#
# elif item.citype == idaapi.VDI_LVAR:
# # If we clicked on argument
# local_variable = hx_view.item.get_lvar() # idaapi.lvar_t
# if local_variable.is_arg_var:
# idaapi.attach_action_to_popup(form, popup, Actions.RemoveArgument.name, None)
#
# elif item.citype == idaapi.VDI_EXPR:
# if item.e.op == idaapi.cot_num:
# # number_format = item.e.n.nf # idaapi.number_format_t
# # print "(number) flags: {0:#010X}, type_name: {1}, opnum: {2}".format(
# # number_format.flags,
# # number_format.type_name,
# # number_format.opnum
# # )
# idaapi.attach_action_to_popup(form, popup, Actions.GetStructureBySize.name, None)
# elif item.e.op == idaapi.cot_var:
# # Check if we clicked on variable that is a pointer to a structure that is potentially part of
# # containing structure
# if item.e.v.idx in potential_negatives:
# idaapi.attach_action_to_popup(form, popup, Actions.SelectContainingStructure.name, None)
# if Actions.ResetContainingStructure.check(hx_view.cfunc.get_lvars()[item.e.v.idx]):
# idaapi.attach_action_to_popup(form, popup, Actions.ResetContainingStructure.name, None)
elif hexrays_event == idaapi.hxe_double_click:
hx_view = args[1]
item = hx_view.item
if item.citype == idaapi.VDI_EXPR and item.e.op in (
idaapi.cot_memptr,
idaapi.cot_memref) and item.e.x.op in (idaapi.cot_memptr,
idaapi.cot_memref):
vtable_tinfo = item.e.x.type
if vtable_tinfo.is_ptr():
vtable_tinfo = vtable_tinfo.get_pointed_object()
n = Netnode("$ VTables")
vt_name = vtable_tinfo.get_type_name()
if vt_name in n:
method_offset = item.e.m
l = n[vt_name]
# print l
info = idaapi.get_inf_structure()
if not Const.EA64:
ptr_size = 4
else:
ptr_size = 8
# else idc.__EA64__:
# ptr_size = 8
# else:
# ptr_size = 2
if method_offset % ptr_size == 0 and method_offset / ptr_size < len(
l):
idaapi.open_pseudocode(
l[method_offset / ptr_size] + idaapi.get_imagebase(),
0)
return 1
if item.citype == idaapi.VDI_EXPR and Helper.is_func_call(item,hx_view.cfunc) and item.e.op in (idaapi.cot_memptr, idaapi.cot_memref) \
and hx_view.cfunc.body.find_parent_of(item.e).op not in (idaapi.cot_memref, idaapi.cot_memptr):
# Look if we double clicked on expression that is member pointer. Then get tinfo_t of the structure.
# After that remove pointer and get member name with the same offset
if item.e.op == idaapi.cot_memptr and item.e.x.op == idaapi.cot_memref and item.e.x.x.op == idaapi.cot_memptr:
vtable_tinfo = item.e.x.type.get_pointed_object()
method_offset = item.e.m
class_tinfo = item.e.x.x.x.type.get_pointed_object()
vtable_offset = item.e.x.x.m
elif item.e.op == idaapi.cot_memptr and item.e.x.op == idaapi.cot_memptr:
vtable_tinfo = item.e.x.type.get_pointed_object()
method_offset = item.e.m
class_tinfo = item.e.x.x.type.get_pointed_object()
vtable_offset = item.e.x.m
elif item.e.op == idaapi.cot_memptr and item.e.x.op == idaapi.cot_ptr:
vtable_tinfo = item.e.x.type.get_pointed_object()
method_offset = item.e.m
class_tinfo = None
vtable_offset = None
elif item.e.op == idaapi.cot_memref and item.e.x.op == idaapi.cot_memptr and not item.e.x.type.is_ptr(
):
vtable_tinfo = item.e.x.type
method_offset = item.e.m
class_tinfo = None
vtable_offset = None
else:
func_offset = item.e.m
struct_tinfo = item.e.x.type.get_pointed_object()
func_ea = Helper.get_virtual_func_address(
Helper.get_member_name(struct_tinfo, func_offset))
if func_ea:
idaapi.jumpto(func_ea)
return 0
#print vtable_tinfo.get_type_name()
#print method_offset
udt_member = idaapi.udt_member_t()
udt_member.offset = method_offset * 8
vtable_tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)
func_ea = Helper.get_virtual_func_address(udt_member.name,
class_tinfo,
vtable_offset)
func_name = Helper.get_member_name(vtable_tinfo, method_offset)
func_ea = Helper.get_virtual_func_address(func_name, class_tinfo,
vtable_offset)
if func_ea:
idaapi.open_pseudocode(func_ea, 0)
return 1
n = Netnode("$ VTables")
vt_name = vtable_tinfo.get_type_name()
struct_id = idaapi.get_struc_id(vt_name)
if vt_name in n:
l = n[vt_name]
#print l
info = idaapi.get_inf_structure()
if not Const.EA64:
ptr_size = 4
else:
ptr_size = 8
# else idc.__EA64__:
# ptr_size = 8
# else:
# ptr_size = 2
if method_offset % ptr_size == 0 and method_offset / ptr_size < len(
l):
idaapi.open_pseudocode(
l[method_offset / ptr_size] + idaapi.get_imagebase(),
0)
return 1
elif struct_id in n:
l = n[struct_id]
# print l
info = idaapi.get_inf_structure()
if not Const.EA64:
ptr_size = 4
else:
ptr_size = 8
# else idc.__EA64__:
# ptr_size = 8
# else:
# ptr_size = 2
if method_offset % ptr_size == 0 and method_offset / ptr_size < len(
l):
idaapi.open_pseudocode(
l[method_offset / ptr_size] + idaapi.get_imagebase(),
0)
return 1
elif hexrays_event == idaapi.hxe_maturity:
cfunc, level_of_maturity = args[1:]
if level_of_maturity == idaapi.CMAT_BUILT:
# print '=' * 40
# print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
# print '=' * 40
# print cfunc
# First search for CONTAINING_RECORD made by Ida
visitor = NegativeOffsets.SearchVisitor(cfunc)
visitor.apply_to(cfunc.body, None)
negative_lvars = visitor.result
# Second get saved information from comments
lvars = cfunc.get_lvars()
for idx in xrange(len(lvars)):
result = NegativeOffsets.parse_lvar_comment(lvars[idx])
if result and result.tinfo.equals_to(
lvars[idx].type().get_pointed_object()):
negative_lvars[idx] = result
# Third make an analysis of local variables that a structure pointers and have reference that pass
# through structure boundaries. This variables will be considered as potential pointers to substructure
# and will get a menu on right click that helps to select Containing Structure from different libraries
structure_pointer_variables = {}
for idx in set(range(len(lvars))) - set(negative_lvars.keys()):
if lvars[idx].type().is_ptr():
pointed_tinfo = lvars[idx].type().get_pointed_object()
if pointed_tinfo.is_udt():
structure_pointer_variables[idx] = pointed_tinfo
if structure_pointer_variables:
visitor = NegativeOffsets.AnalyseVisitor(
structure_pointer_variables, potential_negatives)
visitor.apply_to(cfunc.body, None)
if negative_lvars:
visitor = NegativeOffsets.ReplaceVisitor(negative_lvars)
visitor.apply_to(cfunc.body, None)
# cg = cfunc_graph_t(None)
# gb = graph_builder_t(cg)
# gb.apply_to(cfunc.body, None)
#
# import tempfile
# fname = tempfile.mktemp(suffix=".gdl")
# cg.gen_gdl(fname)
# ida_gdl.display_gdl(fname)
visitor = ArrayCorrector.ArrayCorrectorVisitorStage1(cfunc)
visitor.apply_to(cfunc.body, None)
#visitor.recalc_parent_types()
del visitor
elif level_of_maturity == idaapi.CMAT_TRANS1:
visitor = SwapThenElseVisitor(cfunc.entry_ea)
visitor.apply_to(cfunc.body, None)
elif level_of_maturity == idaapi.CMAT_TRANS2:
# print '=' * 40
# print '=' * 15, "LEVEL", level_of_maturity, '=' * 16
# print '=' * 40
# print cfunc
visitor = SpaghettiVisitor()
visitor.apply_to(cfunc.body, None)
process_replace_lvars(cfunc)
elif level_of_maturity == idaapi.CMAT_FINAL:
StructXrefVisitor(cfunc).process()
# elif level_of_maturity == idaapi.CMAT_FINAL:
# visitor = ArrayCorrector.ArrayCorrectorVisitorStage2(cfunc)
# visitor.apply_to_exprs(cfunc.body, None)
# visitor.recalc_parent_types()
# del visitor
# if hexrays_event in (idaapi.hxe_open_pseudocode,idaapi.hxe_switch_pseudocode,idaapi.hxe_refresh_pseudocode):
# vu = args[1]
# Helper.fix_automatic_naming(vu)
return 0
def clear_persist_storage():
n = Netnode("$HexRaysPyTools:ReplacedLVars")
n.kill()
def clear_all(self, code=0):
net = Netnode("$HexRaysPyTools:ReplacedLVars")
net.kill()
self.EChooser.populate_items()
self.RefreshField(self.controls['cEChooser'])