def show_microcode():
"""Generates and displays microcode for an address range.
An address range can be a selection of code or that of
the current function."""
sel, sea, eea = kw.read_range_selection(None)
pfn = ida_funcs.get_func(kw.get_screen_ea())
if not sel and not pfn:
return (False, "Position cursor within a function or select range")
if not sel and pfn:
sea = pfn.start_ea
eea = pfn.end_ea
addr_fmt = "%016x" if ida_ida.inf_is_64bit() else "%08x"
fn_name = (ida_funcs.get_func_name(pfn.start_ea) if pfn else "0x%s-0x%s" %
(addr_fmt % sea, addr_fmt % eea))
F = ida_bytes.get_flags(sea)
if not ida_bytes.is_code(F):
return (False, "The selected range must start with an instruction")
text, mmat, mba_flags = ask_desired_maturity()
if text is None and mmat is None:
return (True, "Cancelled")
if not sel and pfn:
mbr = hr.mba_ranges_t(pfn)
else:
mbr = hr.mba_ranges_t()
mbr.ranges.push_back(ida_range.range_t(sea, eea))
hf = hr.hexrays_failure_t()
ml = hr.mlist_t()
mba = hr.gen_microcode(mbr, hf, ml, hr.DECOMP_WARNINGS, mmat)
if not mba:
return (False, "0x%s: %s" % (addr_fmt % hf.errea, hf.desc()))
vp = printer_t()
mba.set_mba_flags(mba_flags)
mba._print(vp)
mcv = microcode_viewer_t()
if not mcv.Create(
mba, "0x%s-0x%s (%s)" %
(addr_fmt % sea, addr_fmt % eea, text), text, fn_name, vp.get_mc()):
return (False, "Error creating viewer")
mcv.Show()
return (True, "Successfully generated microcode for 0x%s..0x%s" %
(addr_fmt % sea, addr_fmt % eea))
def main():
idaapi.autoWait()
info = dict()
info["arch"] = dict()
info["arch"]["is_32bit"] = ida_ida.inf_is_32bit()
info["arch"]["is_64bit"] = ida_ida.inf_is_64bit()
info["imports"] = get_imports()
functions = get_functions()
info["histogram"] = dict()
for f_ea in functions:
disasm = get_mnemonics(f_ea)
h = histogram(disasm)
h_d = dict()
for t in h:
h_d[t[0]] = t[1]
info["histogram"][functions[f_ea]] = h_d
write_result(idc.ARGV[1], info)
ida_pro.qexit(0)
def init_hexrays():
ALL_DECOMPILERS = {
ida_idp.PLFM_386: "hexrays",
ida_idp.PLFM_ARM: "hexarm",
ida_idp.PLFM_PPC: "hexppc",
ida_idp.PLFM_MIPS: "hexmips",
}
cpu = ida_idp.ph.id
decompiler = ALL_DECOMPILERS.get(cpu, None)
if not decompiler:
print("No known decompilers for architecture with ID: %d" %
ida_idp.ph.id)
return False
if ida_ida.inf_is_64bit():
if cpu == ida_idp.PLFM_386:
decompiler = "hexx64"
else:
decompiler += "64"
if ida_loader.load_plugin(
decompiler) and ida_hexrays.init_hexrays_plugin():
return True
else:
print('Couldn\'t load or initialize decompiler: "%s"' % decompiler)
return False
# * run `ida64` on test program `simple_appcall_win64.exe`, or
# `ida` on test program `simple_appcall_win32.exe`, and wait for
# auto-analysis to finish
# * select the 'windows debugger' (either local, or remote)
# * run this script
#
import os
import sys
sys.path.append(os.path.dirname(__file__))
# Windows binaries don't have any symbols, thus we'll have
# to assign names to addresses of interest before we can
# appcall them by name.
import ida_ida
if ida_ida.inf_is_64bit():
ref4_ea = 0x140001000
ref8_ea = 0x140001060
else:
ref4_ea = 0x401000
ref8_ea = 0x401050
import simple_appcall_common
appcall_hooks = simple_appcall_common.appcall_hooks_t(
name_funcs=[
(ref4_ea, "ref4"),
(ref8_ea, "ref8"),
])
appcall_hooks.hook()
appcall_hooks.run()
def is_32bit():
return not ida_ida.inf_is_64bit()
