def process_funcs(all_funcs): for func in all_funcs: # rename idc.set_name(func.start_ea, f"string_{func.start_ea:X}") # set type struc_id = idaapi.get_struc_id("std::string") # print(f"{struc_id:x}") if struc_id == idaapi.BADADDR: idc.set_local_type(-1, "struct std::string {char *ptr; size_t length; char buf[0x10];};", idaapi.PT_TYP) print("create std::string") func_tinfo = idaapi.tinfo_t() cfunc = idaapi.decompile(func.start_ea) cfunc.get_func_type(func_tinfo) func_details = idaapi.func_type_data_t() func_tinfo.get_func_details(func_details) std_string_tinfo = idaapi.tinfo_t() std_string_tinfo.get_named_type(idaapi.get_idati(), "std::string") std_string_ptr_tinfo = idaapi.tinfo_t() std_string_ptr_tinfo.create_ptr(std_string_tinfo) func_details[0].type = std_string_ptr_tinfo func_tinfo.create_func(func_details) idaapi.apply_tinfo(func.start_ea, func_tinfo, idaapi.TINFO_DEFINITE)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) result = self.__extract_rename_info(hx_view.cfunc, hx_view.item) if result: func_tinfo, address, arg_index, name = result helper.set_func_arg_name(func_tinfo, arg_index, name) idaapi.apply_tinfo(address, func_tinfo, idaapi.TINFO_DEFINITE) hx_view.refresh_view(True)
def commit(self): addresses = self.addresses if self.name_modified: self.name_modified = False if len(addresses) == 1: idaapi.set_name(addresses[0], self.name) if self.tinfo_modified: self.tinfo_modified = False if len(addresses) == 1: idaapi.apply_tinfo(addresses[0], self.tinfo.get_pointed_object(), idaapi.TINFO_DEFINITE)
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) if function_details.rettype.equals_to(const.VOID_TINFO): function_details.rettype = idaapi.tinfo_t(const.PVOID_TINFO) else: function_details.rettype = idaapi.tinfo_t(idaapi.BT_VOID) function_tinfo.create_func(function_details) idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) del_arg = vu.item.get_lvar() function_details.erase( [x for x in function_details if x.name == del_arg.name][0]) function_tinfo.create_func(function_details) idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def activate(self, ctx): sel = [] for idx in ctx.chooser_selection: # rename the function ea = get_name_ea_simple(self.items[idx][2]) sfname = str(self.items[idx][4]) #set_name(ea, sfname) idaapi.do_name_anyway(ea, sfname) success('{:#x}: renamed to {}'.format(ea, sfname)) # set the function prototype sptype = str(self.items[idx][5]) if sptype != 'None': tinfo = idaapi.tinfo_t() idaapi.parse_decl2(idaapi.cvar.idati, sptype, tinfo, 0) #idaapi.apply_callee_tinfo(ea, tinfo) if idaapi.apply_tinfo(ea, tinfo, 0): success('{:#x}: function prototype set to {}'.format( ea, sptype)) else: error( '{:#x}: function prototype set FAILED (maybe you should import the types?)' .format(ea)) if ask_yn(0, 'Do you import types from the secondary idb?' ) == 1: if self.import_types(): tinfo = idaapi.tinfo_t() idaapi.parse_decl2(idaapi.cvar.idati, sptype, tinfo, 0) if idaapi.apply_tinfo(ea, tinfo, 0): success('{:#x}: function prototype set to {}'. format(ea, sptype)) else: error( '{:#x}: function prototype set FAILED again' .format(ea)) # insert the comment score = self.items[idx][0] mmatch = self.items[idx][1] cmt = 'fn_fuzzy: ssdeep={}, machoc={}'.format(score, mmatch) set_func_cmt(ea, cmt, 1) #set_decomplier_cmt(ea, cmt) # not sure how to avoid orphan comment # update the Choose rows ida_kernwin.refresh_chooser(self.title)
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) cfunc = hx_view.cfunc if not self._can_be_scanned(cfunc, hx_view.item): return obj = api.ScanObject.create(cfunc, hx_view.item) tmp_struct = TemporaryStructureModel() visitor = NewShallowSearchVisitor(cfunc, 0, obj, tmp_struct) visitor.process() tinfo = tmp_struct.get_recognized_shape() if tinfo: tinfo.create_ptr(tinfo) if obj.id == api.SO_LOCAL_VARIABLE: hx_view.set_lvar_type(obj.lvar, tinfo) elif obj.id == api.SO_GLOBAL_OBJECT: idaapi.apply_tinfo(obj.obj_ea, tinfo, idaapi.TINFO_DEFINITE) hx_view.refresh_view(True)
def activate(self, ctx): vu = idaapi.get_widget_vdui(ctx.widget) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) convention = idaapi.CM_CC_MASK & function_details.cc if convention == idaapi.CM_CC_CDECL: function_details.cc = idaapi.CM_CC_SPECIAL elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL, idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL): function_details.cc = idaapi.CM_CC_SPECIALP elif convention == idaapi.CM_CC_ELLIPSIS: function_details.cc = idaapi.CM_CC_SPECIALE else: return function_tinfo.create_func(function_details) idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def remove_rettype(self, vu): if vu.item.citype == idaapi.VDI_FUNC: # current function ea = vu.cfunc.entry_ea old_func_type = idaapi.tinfo_t() if not vu.cfunc.get_func_type(old_func_type): return False elif vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr( ) and vu.item.e.type.is_funcptr(): # call xxx ea = vu.item.get_ea() old_func_type = idaapi.tinfo_t() func = idaapi.get_func(ea) if func: try: cfunc = idaapi.decompile(func) except idaapi.DecompilationFailure: return False if not cfunc.get_func_type(old_func_type): return False else: return False else: return False fi = idaapi.func_type_data_t() if ea != idaapi.BADADDR and old_func_type.get_func_details(fi): # Return type is already void if fi.rettype.is_decl_void(): # Restore ret type if ea not in self.ret_type: return True ret = self.ret_type[ea] else: # Save ret type and change it to void self.ret_type[ea] = fi.rettype ret = idaapi.BT_VOID # Create new function info with new rettype fi.rettype = idaapi.tinfo_t(ret) # Create new function type with function info new_func_type = idaapi.tinfo_t() new_func_type.create_func(fi) # Apply new function type if idaapi.apply_tinfo(ea, new_func_type, idaapi.TINFO_DEFINITE): return vu.refresh_view(True) return False
def activate(self, ctx): hx_view = idaapi.get_widget_vdui(ctx.widget) ri = self.extract_recast_info(hx_view.cfunc, hx_view.item) if not ri: return 0 if isinstance(ri, RecastLocalVariable): hx_view.set_lvar_type(ri.local_variable, ri.recast_tinfo) elif isinstance(ri, RecastGlobalVariable): idaapi.apply_tinfo(ri.global_variable_ea, ri.recast_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastArgument): if ri.recast_tinfo.is_array(): ri.recast_tinfo.convert_array_to_ptr() helper.set_func_argument(ri.func_tinfo, ri.arg_idx, ri.recast_tinfo) idaapi.apply_tinfo(ri.func_ea, ri.func_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastReturn): cfunc = helper.decompile_function(ri.func_ea) if not cfunc: return 0 func_tinfo = idaapi.tinfo_t() cfunc.get_func_type(func_tinfo) helper.set_func_return(func_tinfo, ri.recast_tinfo) idaapi.apply_tinfo(cfunc.entry_ea, func_tinfo, idaapi.TINFO_DEFINITE) elif isinstance(ri, RecastStructure): tinfo = idaapi.tinfo_t() tinfo.get_named_type(idaapi.cvar.idati, ri.structure_name) ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, ri.structure_name) if ordinal == 0: return 0 udt_member = idaapi.udt_member_t() udt_member.offset = ri.field_offset * 8 idx = tinfo.find_udt_member(udt_member, idaapi.STRMEM_OFFSET) if udt_member.offset != ri.field_offset * 8: print("[Info] Can't handle with arrays yet") elif udt_member.type.get_size() != ri.recast_tinfo.get_size(): print("[Info] Can't recast different sizes yet") else: udt_data = idaapi.udt_type_data_t() tinfo.get_udt_details(udt_data) udt_data[idx].type = ri.recast_tinfo tinfo.create_udt(udt_data, idaapi.BTF_STRUCT) tinfo.set_numbered_type(idaapi.cvar.idati, ordinal, idaapi.NTF_REPLACE, ri.structure_name) else: raise NotImplementedError hx_view.refresh_view(True) return 0
def add(name, types=None, fields=None, cmts=None, flags=0, lib=None): t = Type.add(name, types, fields, cmts, flags, lib) if not idaapi.apply_tinfo(0, t.ti, 0): print "[-] can't add struct `%s`" % name return Struct(name)