Пример #1
0
def load_filters(reload=False):
    global FILTERS

    print("%s: %sloading filters..." % (PLUGIN_NAME, "re" if reload else ""))
    if reload:
        FILTERS = {}
    filterdir = os.path.join(os.path.dirname(__file__), FILTER_DIR)
    if os.path.exists(filterdir):
        for entry in os.listdir(filterdir):
            if entry.lower().endswith(
                    ".py") and entry.lower() != "__init__.py":
                mod, ext = os.path.splitext(entry)
                if mod not in FILTERS:
                    try:
                        ida_idaapi.require("%s.%s" % (FILTER_DIR, mod),
                                           FILTER_DIR)
                        flt = sys.modules["%s.%s" %
                                          (FILTER_DIR, mod)].FILTER_INIT()
                        if flt:
                            print("  loaded: \"%s\"" % (mod))
                            FILTERS[mod] = flt
                    except ModuleNotFoundError:
                        print("  failed: \"%s\"" % (mod))
        apply_cfg(reload, FILTERS)
    return
Пример #2
0
import traceback
from typing import Dict, List

import ida_bytes
import ida_idaapi
import ida_kernwin
import ida_nalt
import idc

ida_idaapi.require('patterns')

cached_patterns: Dict[str, List[int]] = dict()


def bin_search(bin_str: str) -> List[int]:
    if not isinstance(bin_str, str):
        raise ValueError('bin_str must be a string')

    if bin_str in cached_patterns:
        return cached_patterns[bin_str]

    bin_list = bin_str.split()
    image = bytearray()
    mask = bytearray()

    # Create the mask and convert '?' to 'CC'.
    for i in range(len(bin_list)):
        byte = bin_list[i]
        if byte == '?':
            image.append(int('CC', 16))
            mask.append(0)
Пример #3
0
import idc
import ida_kernwin

import idawilli
import idawilli.dbg

# removeme
import ida_idaapi
ida_idaapi.require('idawilli')
ida_idaapi.require('idawilli.dbg')


def main():
    path = ida_kernwin.ask_file(False, "*", "file to load")
    if not path:
        return

    with open(path, "rb") as f:
        buf = tuple(f.read())

    if len(buf) == 0:
        print("empty file, cancelling")
        return

    size = idawilli.align(len(buf), 0x1000)
    print("size: 0x%x" % (len(buf)))
    print("aligned size: 0x%x" % (size))

    addr = idawilli.dbg.allocate_rwx(size)
    print("allocated 0x%x bytes at 0x%x" % (size, addr))
Пример #4
0
import ida_idaapi
import ida_kernwin
import ida_name
import idc

ida_idaapi.require('tdinfo_structs')


class TdinfoParserException(Exception):
    pass


class TdinfoParserSymbolAlreadyAppliedException(TdinfoParserException):
    pass


class TdinfoParserIdaSetNameFailedException(TdinfoParserException):
    pass


class TdinfoParserUnsupportedSymbolClassException(TdinfoParserException):
    pass


def _parse_exe_file():
    input_file_path = ida_kernwin.ask_file(False, idc.get_input_file_path(),
                                           'Input file')
    parsed_file = tdinfo_structs.DOS_MZ_EXE_STRUCT.parse_file(input_file_path)

    print('Borland TLink symbolic information version: {}.{}'.format(
        parsed_file.tdinfo_header.major_version,