def run(self, _): """ This method is called when IDA is running the plugin as a script. """ ida_kernwin.warning( "ida_medigate C++ plugin cannot be run as a script") return False
def create_segments(li): # create RAM segment create_ram_segment() # create segment for I/O registers # NES uses memory mapped I/O create_ioreg_segment() # create SRAM segment if supported by cartridge # if( INES_MASK_SRAM( hdr.rom_control_byte_0 ) ) create_sram_segment() # create segment for expansion ROM create_exprom_segment() # load trainer, if one is present if (INES_MASK_TRAINER(hdr.rom_control_byte_0)): warning( "This ROM image seems to have a trainer.\n" "By default, this loader assumes the trainer to be mapped to $7000.\n" ) load_trainer(li) # create segment for PRG ROMs create_rom_segment()
def run(self, _): """ This method is called when IDA is running the plugin as a script. Because IDArling isn't runnable per se, we need to return False. """ ida_kernwin.warning("IDArling cannot be run as a script") return False
def handle_new(self): new_name = self.new_name_w.text().encode('ascii', 'replace').strip().decode() if not itanium_mangler.check_identifier(new_name): ida_kernwin.warning('The name "%s" is invalid' % new_name) return struct_id = idc.get_struc_id(new_name) if struct_id != idc.BADADDR: if util.ask_yes_no( 'The struct "%s" already exists. Do you want to select it anyways?' % new_name): self.struct_id = struct_id self.accept() return return self.struct_id = idaapi.add_struc(idc.BADADDR, new_name, False) if self.struct_id == idc.BADADDR: ida_kernwin.warning('Creating struct with the name "%s" failed' % new_name) return self.accept()
def __init__(self, f_debug, db_path, min_bytes, f_ex_libthunk, f_update, f_ana_exp, ana_pre, f_ana_cmp = False, f_fol_cmp = False, ana_fol='', threshold = None, threshold_cfg = None, max_bytes_for_score = None, ratio = 0): self.f_debug = f_debug self.conn = sqlite3.connect(db_path) self.cur = self.conn.cursor() self.init_db() self.in_memory_db() self.min_bytes = min_bytes self.f_ex_libthunk = f_ex_libthunk # for export self.f_update = f_update self.f_ana_exp = f_ana_exp self.ana_pre = ana_pre if f_ana_exp: self.ana_pat = re.compile(self.ana_pre) # for compare self.f_ana_cmp = f_ana_cmp self.f_fol_cmp = f_fol_cmp self.ana_fol = ana_fol self.threshold = threshold self.threshold_cfg = threshold_cfg self.max_bytes_for_score = max_bytes_for_score self.ratio = float(ratio) self.idb_path = get_idb_path() self.sha256 = ida_nalt.retrieve_input_file_sha256() try: self.sha256 = self.sha256.lower() except AttributeError: message = 'ida_nalt.retrieve_input_file_sha256() returned None. Probably the IDB was generated by old IDA (<6.9). Check the version by ida_netnode.cvar.root_node.supstr(ida_nalt.RIDX_IDA_VERSION)' error(message) ida_kernwin.warning(message) self.md5 = ida_nalt.retrieve_input_file_md5().lower()
def OnCreate(self, form): self.form = form self.parent = self.FormToPyQtWidget(form) vl = QVBoxLayout() hl = QHBoxLayout() hl2 = QHBoxLayout() hl3 = QHBoxLayout() hl4 = QHBoxLayout() flt = QLabel() flt.setText('Filter:') hl.addWidget(flt) self.cb = QCheckBox('Sync') self.cb.setChecked(True) self.cb.stateChanged.connect(self._toggle_sync) hl2.addWidget(self.cb) self.status = QLabel() self.status.setText('Cyber, cyber!') hl4.addWidget(self.status) self.pw = PixelWidget(self.parent, IDACyberForm.idbh) self.pw.setFocusPolicy(Qt.StrongFocus | Qt.WheelFocus) self.pw.statechanged.connect(self._update_widget) self.pw.next_filter.connect(self._select_next_filter) self.pw.prev_filter.connect(self._select_prev_filter) self.filterlist = self._load_filters(self.pw) if not len(self.filterlist): ida_kernwin.warning( "IDACyber: no filters found within /plugins/cyber/") return self.pw.set_filter(self.filterlist[0][1], 0) self.pw.set_addr(ida_kernwin.get_screen_ea()) self.filterChoser = QComboBox() self.filterChoser.addItems( [obj.name for filter, obj in self.filterlist]) self.filterChoser.currentIndexChanged.connect(self._select_filter) hl.addWidget(self.filterChoser) hl.addStretch(1) vl.addWidget(self.pw) vl.addLayout(hl) vl.addLayout(hl2) vl.addLayout(hl3) vl.addLayout(hl4) self.parent.setLayout(vl) if IDACyberForm.hook is not None: IDACyberForm.hook.new_ea.connect(self._change_screen_ea) self.clean_init = True return
def ChangeVariableType(func_ea, lvar, tif): lsi = ida_hexrays.lvar_saved_info_t() lsi.ll = lvar lsi.type = ida_typeinf.tinfo_t(tif) if not ida_hexrays.modify_user_lvar_info(func_ea, ida_hexrays.MLI_TYPE, lsi): ida_kernwin.warning("Could not modify lvar type for %s" % lvar.name) return False return True
def init(self): if ida_hexrays.init_hexrays_plugin(): self.hooks = callinfo_provider_t() self.hooks.hook() ida_kernwin.warning( "Installed callinfo provider sample (vds21.py)\n" +\ "Please note that it is just an example\n" +\ "and will spoil your decompilations!") return ida_idaapi.PLUGIN_KEEP # keep us in the memory
def generate(self): idaapi.visit_patched_bytes(0, idaapi.BADADDR, self.get_patch_byte) if len(self.patched_bytes) == 0: msg = 'Cannot generate patch because there is no patch applied.' print('genpatch: %s' % msg) ida_kernwin.warning(msg) return False template_path = '' for path in sys.path: if 'plugins' in path: template_path = os.path.join(path, 'patch_template.txt') patch_path = idc.get_input_file_path() + '_patch.py' template_data = None with open(template_path, "r") as f: template_data = f.readlines() lines = 13 with open(patch_path, "w") as f: for data in self.patched_bytes: template_data.insert(lines, "# address: 0x%x\n" % data['begin_addr']) lines += 1 template_data.insert(lines, "# function name: %s\n" % data['name']) lines += 1 template_data.insert( lines, "# comment: %s\n" % data['comment'].replace('\n', ' ')) lines += 1 template_data.insert( lines, "matches = re.findall('%s', target_data)\n" % data['original']) lines += 1 template_data.insert(lines, "if len(matches) == 1:\n") lines += 1 template_data.insert( lines, " target_data = target_data.replace('%s', '%s')\n" % (data['original'], data['patched'])) lines += 1 template_data.insert(lines, "else:\n") lines += 1 template_data.insert( lines, ' print("Patch pattern isn\'t unique")\n') lines += 1 template_data.insert(lines, " sys.exit()\n") lines += 1 f.writelines(template_data) msg = 'Successfully generated patch to %s from Patched Bytes' % patch_path print('genpatch: %s' % msg) ida_kernwin.info(msg) return True
def _register_action(self, hotkey, desc): actname = HRDevHelper.get_action_name(desc) print(actname) if ida_kernwin.register_action( ida_kernwin.action_desc_t(actname, desc, hotkey_handler_t(), hotkey, None, -1)): self._registered_actions[actname] = (desc, hotkey) else: ida_kernwin.warning("%s: failed registering action" % PLUGIN_NAME)
def load_cfg(reload=False): """loads xray configuration from file. Creates and loads default config if none is present.""" global PATTERN_LIST global HIGH_CONTRAST global DO_FILTER cfg_file = get_cfg_filename() kw.msg("%s: %sloading %s...\n" % (PLUGIN_NAME, "re" if reload else "", cfg_file)) if not os.path.isfile(cfg_file): kw.msg("%s: %s does not exist! creating default config... " % (PLUGIN_NAME, cfg_file)) try: with open(cfg_file, "w") as f: f.write(DEFAULT_CFG) kw.msg("success!\n") except: kw.msg("failed!\n") return False return load_cfg(reload=True) PATTERN_LIST = [] config = ConfigParser.RawConfigParser() config.readfp(open(cfg_file)) # read all sections for section in config.sections(): expr_list = [] if section.startswith("group_"): for k,v in config.items(section): if k.startswith("expr_"): expr_list.append(v) try: bgcolor = swapcol(int(config.get(section, "bgcolor"), 16)) except: bgcolor = swapcol(0x000000) try: hint = config.get(section, "hint") except: hint = None PATTERN_LIST.append(ConfigGroupSection(expr_list, bgcolor, hint)) elif section == "global": try: HIGH_CONTRAST = config.getboolean(section, "high_contrast") except: HIGH_CONTRAST = False if not reload: try: DO_FILTER = config.getboolean(section, "auto_enable") except: DO_FILTER = False if not len(PATTERN_LIST): kw.warning("Config file does not contain any regular expressions.") return True
def init(self): """Set up menu hooks and implements search methods.""" valid_config = False self.menu = None config_file = os.path.join(idaapi.get_user_idadir(), 'virustotal.conf') vtsetup = VTpluginSetup(config_file) if vtsetup.check_version(): ida_kernwin.info( 'VirusTotal\'s IDA Pro Plugin\nNew version available!') logging.info('[VT Plugin] There\'s a new version of this plugin!') else: logging.debug('[VT Plugin] No update available.') if os.path.exists(config_file): valid_config = vtsetup.read_config() else: answer = vtsetup.show_warning() if answer == 1: # OK vtsetup.auto_upload = True valid_config = vtsetup.write_config() elif answer == 0: # NO vtsetup.auto_upload = False valid_config = vtsetup.write_config() elif answer == -1: # Cancel valid_config = False if valid_config: checksample = CheckSample(vtsetup.auto_upload, vtsetup.file_path) checksample.start() self.menu = Popups() self.menu.hook() arch_info = idaapi.get_inf_structure() try: if arch_info.procName in self.SUPPORTED_PROCESSORS: VTGrepWildcards.register(self, 'Search for similar code') VTGrepWildCardsStrict.register( self, 'Search for similar code (strict)') VTGrepWildCardsFunction.register( self, 'Search for similar functions') else: logging.info('\n - Processor detected: %s', arch_info.procName) logging.info( ' - Searching for similar code is not available.') VTGrepBytes.register(self, 'Search for bytes') VTGrepStrings.register(self, 'Search for string') except: logging.error('[VT Plugin] Unable to register popups actions.') else: logging.info( '[VT Plugin] Plugin disabled, restart IDA to proceed. ') ida_kernwin.warning('Plugin disabled, restart IDA to proceed.') return idaapi.PLUGIN_KEEP
def verify_project(self): """ Verify a valid project is currently active. Show IDA warning if not. :return: None """ try: super(IdaLoader, self).verify_project() except IOError as e: ida_kernwin.warning(e.message) raise e
def _set_user_func(self): while True: func_def = ask_text( 0, self.func_def, "Please define function (must return tuple(RR,GG,BB) format") if func_def is None: break res, s = self._compile(func_def) if res: break warning("%s" % s)
def add_node(self, i): for k_obj_id in self.reverse.keys(): if i.obj_id == k_obj_id: ida_kernwin.warning("bad ctree - duplicate nodes! (i.ea=%x)" % i.ea) return -1 n = self.cg.add_node() if n <= len(self.cg.items): self.cg.items.append(i) self.cg.items[n] = i self.reverse[i.obj_id] = n return n
def add_node(self, i): for k in self.reverse.keys(): if i.obj_id == k.obj_id: ida_kernwin.warning("bad ctree - duplicate nodes! (i.ea=%x)" % i.ea) self.cg.dump() return -1 n = self.cg.add_node() if n <= len(self.cg.items): self.cg.items.append(i) self.cg.items[n] = i self.reverse[i] = n return n
def search_function_with_wildcards(): addr_current = idc.get_screen_ea() addr_func = idaapi.get_func(addr_current) if not addr_func: logging.error( '[VT Plugin] Current address doesn\'t belong to a function') ida_kernwin.warning( 'Point the cursor in an area beneath a function.') else: search_vt = vtgrep.VTGrepSearch(addr_start=addr_func.start_ea, addr_end=addr_func.end_ea) search_vt.search(True, False)
def activate(self, ctx): if self.name == HRDevHelper.get_action_name( HRDevHelper.act_show_ctree): show_ctree_graph() elif self.name == HRDevHelper.get_action_name( HRDevHelper.act_show_sub_tree): show_ctree_graph(create_subgraph=True) elif self.name == HRDevHelper.get_action_name( HRDevHelper.act_show_context): context_viewer_t.open() else: ida_kernwin.warning("Not implemented") return 1
def log(cls, level, msg, debug): if level == 'console': msg_t = '%s\n' % msg else: msg_t = '[%s] %s\n' % (level, msg) if cls.log_fd: if cls.enable_dbg or debug: cls.log_fd.write(msg_t) cls.log_fd.flush() ida_kernwin.msg(msg_t) if level == 'warn' or level == 'erro': ida_kernwin.warning(msg_t)
def init(self): result = idaapi.PLUGIN_SKIP if ida_hexrays.init_hexrays_plugin(): try: self.config = load_cfg() except: ida_kernwin.warning(( "%s failed parsing %s.\n" "If fixing this config file manually doesn't help, please delete the file and re-run the plugin.\n\n" "The plugin will now terminate." % (PLUGIN_NAME, get_cfg_filename()))) else: result = idaapi.PLUGIN_KEEP return result
def _set_user_expr(self): while True: xpr = askstr(0, self.xpr, "Please enter expression") if xpr is None: break try: c = 0 r, g, b = eval(xpr) self.xpr = xpr break except: warning("Invalid expression!") continue
def on_mb_click(self, event, addr, size, mouse_offs): if event.button() == Qt.RightButton: if self.torch: self.flicker_idx = self.flicker_values[self.numframes / 2] if self.timer: unregister_timer(self.timer) self.timer = None else: warning("!!!Bug!!!") else: self._enable_timer() self.torch = not self.torch self.pw.on_filter_request_update() return
def add_node(self, i): for k, _ in self.reverse: if i.obj_id == k.obj_id: ida_kernwin.warning("bad ctree - duplicate nodes! (i.ea=%x)" % i.ea) self.cg.dump() return -1 n = self.cg.add_node() if n <= len(self.cg.items): self.cg.items.append(i) self.cg.items[n] = i self.reverse.append((i, n)) return n
def _set_pattern(self): while True: pat = ask_str(self.pattern, 0, "Regular expression:") if pat is None: break try: c = 0 prog = re.compile(pat) self.pattern = pat self.regex = prog break except: warning("Invalid expression!") continue
def _set_pattern(self): while True: pat = askstr(0, self.pattern, "Please specify pattern") if pat is None: break try: c = 0 prog = re.compile(pat) self.pattern = pat self.regex = prog break except: warning("Invalid pattern!") continue
def create_struct(name, fields, size): struct_id = idaapi.get_struc_id(name) # print struct_id if struct_id != idaapi.BADADDR: i = ida_kernwin.ask_yn( 0, "A class structure for %s already exists. Are you sure you want to remake it?" % name) if i == idaapi.BADADDR: return if i == 1: idaapi.del_struc_members(idaapi.get_struc(struct_id), 0, idaapi.get_struc_size(struct_id)) # struct_id = idc.AddStrucEx(idaapi.BADADDR, name + "_vtbl", 0) else: struct_id = idaapi.add_struc(idaapi.BADADDR, name, 0) if struct_id == idaapi.BADADDR: Warning( "Could not create the class structure!.\nPlease check something.") return sptr = idaapi.get_struc(struct_id) for off in fields: off, type_name, type_kind, field_name = fields[off] print( "Process field. Off = 0x%04X, type_name = %s (%d: %s), field_name = %s" % (off, type_name, type_kind, type_sizes[type_kind][0], field_name)) type_size = type_sizes[type_kind][1] ret = ida_struct.add_struc_member(sptr, field_name.decode(), off, flags_dict[type_size], None, type_size) if ret != 0: ida_kernwin.warning("Unknown error! Err = %d" % ret) return mptr = ida_struct.get_member(sptr, off) ida_struct.set_member_cmt( mptr, " --> %s (%d: %s)" % (type_name.decode(), type_kind, type_sizes[type_kind][0]), False) struct_size = ida_struct.get_struc_size(sptr) if size < struct_size: ida_kernwin.warning( "Struct create error! final size (%d) > instanse size (%d)" % (struct_size, size)) elif size > struct_size: for i in range(size - struct_size): ida_struct.add_struc_member(sptr, "dummy%d" % i, idaapi.BADADDR, idaapi.FF_BYTE, None, 1)
def run(self, _): fn = ida_funcs.get_func(ida_kernwin.get_screen_ea()) if fn is None: ida_kernwin.warning("Please position the cursor within a function") return True mmat = MCExplorer.ask_desired_maturity() if mmat == 0: return True hf = ida_hexrays.hexrays_failure_t() mba = Native.gen_microcode(fn, hf, None, 0, mmat) if not mba: return True fn_name = ida_funcs.get_func_name(fn.start_ea) mmat_name = LEVELS[mmat - 1] MCTextView(mba, fn_name, mmat_name).Show() return True
def activate(self, ctx): vu = ida_hexrays.get_widget_vdui(ctx.widget) if not IsPtrSizedLvar(vu): return 1 lvar = vu.item.get_lvar() name = ida_kernwin.ask_str( "", ida_kernwin.HIST_IDENT, "Please enter the API name for which to set the type") if name is None: return 1 ptrTif = GetTypeSignature(name) if ptrTif is None: ida_kernwin.warning("Could not get type for \"%s\"" % name) return 1 ChangeVariableType(vu.cfunc.entry_ea, lvar, ptrTif) vu.cfunc.refresh_func_ctext() return 1
def OnKeydown(self, vkey, shift): if vkey == ord("G"): g = microcode_graphviewer_t(self._mba, self.title, self.lines) if g: g.Show() self._fit_graph(g) self._dock_widgets( g, dockpos=kw.DP_FLOATING if shift else kw.DP_RIGHT) return True elif vkey == ord("I"): """TODO: at some point, the textual representation of the mba should manually be created. -> we would no longer have to parse the textual output that is created by the gen_microcode() function .> we may insert COLOR_ADDR tags which would allow us to contextually link different viewers""" widget = self.GetWidget() line = kw.get_custom_viewer_curline(widget, False) line = ida_lines.tag_remove(line) p = line.find(" ") if p != -1 and '.' in line[:p]: block, serial = line.split('.')[:2] serial = serial.strip().split(' ')[0] g = microcode_insnviewer_t(self._mba, self.mmat_name, self.fn_name, int(block), int(serial)) if g: g.Show() self._fit_graph(g) self._dock_widgets( g, dockpos=kw.DP_FLOATING if shift else kw.DP_TAB) else: message = ( "There is something wrong with the output generated by gen_microcode()!\n" "Please rerun '%s.py'!" % PLUGIN_NAME) if line.startswith(";") or not (len(line)): message = "Please position the cursor on a microcode instruction." kw.warning(message) return True return False
def search(self, wildcards=False, strict=False): """Processes current selection and generates a valid query for VTGrep. Args: wildcards: search replacing offsets and memory locations with widlcards (True) or look for a sequence of bytes (False) strict: All the inmediate values (constants) are wildcarded (True) or wildcard only values that are identified as offsets or memory addresses (False) Checks current lines selected in the disassembly window, call the appropriate method to generate a valid query. Finally, open the (default) web browser to launch the query. """ str_buf = None if self.string_searching: # str_buf = self.string_searching.encode("utf-8").hex() str_buf = binascii.hexlify(self.string_searching).decode('utf-8') else: str_buf = self.__create_query(wildcards, strict) if wildcards and str_buf is not None: str_buf = self.__sanitize(self.__reduce_query(str_buf)) # After creating the search string, checks if new size is valid if str_buf is None: logging.error('[VTGREP] Invalid query length or area selected.') ida_kernwin.warning('Invalid query length or area selected.') else: len_query = len(str_buf) if len_query and self._MIN_QUERY_SIZE >= len_query: logging.error('[VTGREP] The query produced is too short.') ida_kernwin.warning('The query produced is too short.') elif len_query and len_query > self._MAX_QUERY_SIZE: logging.error('[VTGREP] The query produced is too long.') ida_kernwin.warning('The query produced is too long.') else: str_buf = '{' + str_buf + '}' vtgrep_url = 'www.virustotal.com/gui/search/content:{}/files' url = 'https://{}'.format(quote(vtgrep_url.format(str_buf))) try: webbrowser.open_new(url) except: logging.error( '[VTGREP] Error while opening the web browser.') ida_kernwin.warning('Error while opening the web browser.')
def load_cfg(): """loads xray configuration from file or creates default config if none is present.""" global PATTERN_LIST global BGCOLOR cfg_file = get_cfg_filename() kw.msg("%s: loading %s... " % (PLUGIN_NAME, cfg_file)) if not os.path.isfile(cfg_file): kw.msg("failed!\n" "> file does not exist: %s\n" "> creating default config... " % cfg_file) try: with open(cfg_file, "w") as f: f.write(DEFAULT_CFG) kw.msg("success!\n") except: kw.msg("failed!\n") return False return load_cfg() PATTERN_LIST = [] # TODO: error-handling config = ConfigParser.ConfigParser() config.read(cfg_file) # read all regex expressions for _, v in config.items("regex"): PATTERN_LIST.append(v) # read bg color BGCOLOR = swapcol(int(config.get("ui", "bgcolor"), 16)) if not len(PATTERN_LIST): kw.warning("Config file does not contain any regular expressions.") kw.msg("success!\n") return True
def main(): if not ida_dbg.is_debugger_on(): ida_kernwin.warning("Please run the process first!") return if ida_dbg.get_process_state() != -1: ida_kernwin.warning("Please suspend the debugger first!") return # get all debug namesp dn = ida_name.get_debug_names(ida_ida.cvar.inf.min_ea, ida_ida.cvar.inf.max_ea) # initiate a nearest name search (using debug names) nn = ida_name.NearestName(dn) ret, callstack = CallStackWalk(nn) if ret: title = "Call stack walker (thread %X)" % (ida_dbg.get_current_thread()) ida_kernwin.close_chooser(title) c = CallStackWalkChoose(title, callstack) c.Show(True) else: ida_kernwin.warning("Failed to walk the stack:" + callstack)
This script fetches the API reference (from MSDN) of a given highlighted identifier and returns the results in a new web browser page. This script depends on the feedparser package: http://code.google.com/p/feedparser/ """ from __future__ import print_function # ----------------------------------------------------------------------- import ida_kernwin import ida_name import ida_idaapi try: import feedparser except: ida_kernwin.warning('Feedparser package not installed') def get_url(ident): """ Note: This code is left in a separate, toplevel function so that tests can easily override it and provide a replacement file:// URL and work on machines without an internet connection """ try: # This is a 'hook' to enable testing on machines disconnected # from the internet (we're not testing feedparser's HTTPS URL # download capabilities anyway) import sys return sys.modules["__main__"].get_url(ident) except: return "https://social.msdn.microsoft.com/search/en-US/feed?query=%s&format=RSS&theme=feed%%2fen-us" % ident