def run(self, arg):
"""
Ask user for BAP args to pass, BIR attributes to print; and run BAP.
Allows users to also use {screen_ea} in the BAP args to get the
address at the location pointed to by the cursor.
"""
args_msg = "Arguments that will be passed to `bap'"
# If a user is not fast enough in providing the answer
# IDA Python will popup a modal window that will block
# a user from providing the answer.
idaapi.disable_script_timeout()
args = idaapi.askstr(ARGS_HISTORY, '--passes=', args_msg)
if args is None:
return
attr_msg = "A comma separated list of attributes,\n"
attr_msg += "that should be propagated to comments"
attr_def = self.recipes.get(args, '')
attr = idaapi.askstr(ATTR_HISTORY, attr_def, attr_msg)
if attr is None:
return
# store a choice of attributes for the given set of arguments
# TODO: store recipes in IDA's database
self.recipes[args] = attr
ea = idc.ScreenEA()
attrs = []
if attr != '':
attrs = attr.split(',')
analysis = BapScripter(args, attrs)
analysis.on_finish(lambda bap: self.load_script(bap, ea))
analysis.run()
def AskForAction():
global ImpExpForm
#todo change [x for x in QtWidgets.QApplication.topLevelWidgets() if repr(x).find('QMainWindow') != -1][0] into something non-crazy
parent = [
x for x in QtWidgets.QApplication.topLevelWidgets()
if repr(x).find('QMainWindow') != -1
][0]
ImpExpForm = ActionPaletteForm_t(parent)
ImpExpForm.setModal(True)
idaapi.disable_script_timeout()
#ImpExpForm.setStyleSheet("background:transparent;");
ImpExpForm.setAttribute(QtCore.Qt.WA_DeleteOnClose, True)
#ImpExpForm.setAttribute(QtCore.Qt.WA_TranslucentBackground, True);
result = None
#print "result value:", repr( ImpExpForm.res )
#print "result action:", repr( ImpExpForm.action_name )
if ImpExpForm.exec_() == 1:
global last_command
last_command = ImpExpForm.action_name
result = last_command
del ImpExpForm
return result
def __init__(self, addr, kind):
super(PropagateTaint,self).__init__()
# If a user is not fast enough in providing the answer
# IDA Python will popup a modal window that will block
# a user from providing the answer.
idaapi.disable_script_timeout()
engine = idaapi.askstr(ENGINE_HISTORY, self.ENGINE, ask_engine) \
or self.ENGINE
depth = idaapi.asklong(self.DEPTH, ask_depth) \
or self.DEPTH
# don't ask for the loop depth as a user is already annoyed.
loop_depth = self.LOOP_DEPTH
self.action = 'propagating taint from {:s}0x{:X}'.format(
'*' if kind == 'ptr' else '',
addr)
propagate = 'run' if engine == 'primus' else 'propagate-taint'
self.passes = ['taint', propagate, 'map-terms','emit-ida-script']
self.script = self.tmpfile('py')
scheme = self.tmpfile('scm')
stdin=self.tmpfile('stdin')
stdout=self.tmpfile('stdout')
for (pat,color) in patterns:
scheme.write('(({0}) (color {1}))\n'.format(pat,color))
scheme.close()
name = idc.GetFunctionName(addr)
self.args += [
'--taint-'+kind, '0x{:X}'.format(addr),
'--passes', ','.join(self.passes),
'--map-terms-using', scheme.name,
'--emit-ida-script-attr', 'color',
'--emit-ida-script-file', self.script.name
]
if engine == 'primus':
self.args += [
'--run-entry-points={}'.format(name),
'--primus-limit-max-length={}'.format(depth),
'--primus-limit-max-visited={}'.format(loop_depth),
'--primus-promiscuous-mode',
'--primus-greedy-scheduler',
'--primus-propagate-taint-from-attributes',
'--primus-propagate-taint-to-attributes',
'--primus-lisp-channel-redirect=<stdin>:{0},<stdout>:{1}'.format(
stdin.name,
stdout.name)
]
def run(self):
"""
Launch the hooks!
"""
idaapi.disable_script_timeout()
init_sync = 0
if idc.ask_yn(init_sync,
"Do you want to push your names and comments") == 1:
self.send_names()
self.send_comments()
if self.skel_settings.use_ui:
self.skel_ui.Show()
self.skel_sync_agent.start()
self.skel_hooks.hook()
def run(self):
"""
Launch the hooks!
"""
idaapi.disable_script_timeout()
init_sync = 0
if idc.ask_yn(init_sync,
"Do you want to push your names and comments") == 1:
self.send_names()
self.send_comments()
if self.skel_settings.use_ui:
self.skel_ui.Show()
self.skel_sync_agent.start()
self.skel_hooks.hook()
def __init__(self, addr, kind):
super(PropagateTaint, self).__init__()
# If a user is not fast enough in providing the answer
# IDA Python will popup a modal window that will block
# a user from providing the answer.
idaapi.disable_script_timeout()
engine = idaapi.askstr(ENGINE_HISTORY, self.ENGINE, ask_engine) \
or self.ENGINE
depth = idaapi.asklong(self.DEPTH, ask_depth) \
or self.DEPTH
# don't ask for the loop depth as a user is already annoyed.
loop_depth = self.LOOP_DEPTH
self.action = 'propagating taint from {:s}0x{:X}'.format(
'*' if kind == 'ptr' else '', addr)
propagate = 'run' if engine == 'primus' else 'propagate-taint'
self.passes = ['taint', propagate, 'map-terms', 'emit-ida-script']
self.script = self.tmpfile('py')
scheme = self.tmpfile('scm')
stdin = self.tmpfile('stdin')
stdout = self.tmpfile('stdout')
for (pat, color) in patterns:
scheme.write('(({0}) (color {1}))\n'.format(pat, color))
scheme.close()
name = idc.GetFunctionName(addr)
self.args += [
'--taint-' + kind, '0x{:X}'.format(addr), '--passes',
','.join(self.passes), '--map-terms-using', scheme.name,
'--emit-ida-script-attr', 'color', '--emit-ida-script-file',
self.script.name
]
if engine == 'primus':
self.args += [
'--run-entry-points={}'.format(name),
'--primus-limit-max-length={}'.format(depth),
'--primus-limit-max-visited={}'.format(loop_depth),
'--primus-promiscuous-mode', '--primus-greedy-scheduler',
'--primus-propagate-taint-from-attributes',
'--primus-propagate-taint-to-attributes',
'--primus-lisp-channel-redirect=<stdin>:{0},<stdout>:{1}'.
format(stdin.name, stdout.name)
]
def run(self):
"""
Launch the hooks!
"""
idaapi.disable_script_timeout()
if self.skel_settings.initial_sync:
init_sync = 0
if idc.AskYN(init_sync,
"Do you want to synchronize defined names?") == 1:
self.send_names()
if idc.AskYN(init_sync,
"Do you want to synchronize defined comments?") == 1:
self.send_comments()
self.skel_ui.Show()
self.skel_sync_agent.start()
self.skel_hooks.hook()
def run(self):
"""
Launch the hooks!
"""
idaapi.disable_script_timeout()
if self.skel_settings.initial_sync:
init_sync = 0
if idc.AskYN(init_sync,
"Do you want to synchronize defined names?") == 1:
self.send_names()
if idc.AskYN(init_sync,
"Do you want to synchronize defined comments?") == 1:
self.send_comments()
self.skel_ui.Show()
self.skel_sync_agent.start()
self.skel_hooks.hook()
def init(self):
# Print header
print("=" * 60)
print("GhIDA Decompiler v{0}".format(gl.ghida_vv))
print("Andrea Marcelli <*****@*****.**>")
print("Cisco Talos, June 2019")
print("GhIDA Decompiler shortcut key is Ctrl-Alt-D")
print("=" * 60)
self.__uihooks = None
self.__seh = None
try:
import pygments
except Exception:
print("GhIDA:: [!] pygments library is missing")
print("pip2 install pygments")
return idaapi.PLUGIN_SKIP
try:
import requests
except Exception:
print("GhIDA:: [!] requests library is missing")
print("pip2 install requests")
return idaapi.PLUGIN_SKIP
load_configuration()
register_handlers()
# Avoid displaying Running python script dialog
# Otherwise, it breaks the UI and Cancel button
idaapi.disable_script_timeout()
# Hooking
self.__uihooks = DisasmsHooks()
self.__uihooks.hook()
self.__seh = ScreenEAHook()
self.__seh.hook()
return idaapi.PLUGIN_KEEP
def AskForAPI():
global ApiForm
#todo change [x for x in QtWidgets.QApplication.topLevelWidgets() if repr(x).find('QMainWindow') != -1][0] into something non-crazy
parent = [
x for x in QtWidgets.QApplication.topLevelWidgets()
if repr(x).find('QMainWindow') != -1
][0]
ApiForm = ApiPaletteForm_t(parent)
ApiForm.setModal(True)
idaapi.disable_script_timeout()
#ApiForm.setStyleSheet("background:transparent;");
ApiForm.setAttribute(QtCore.Qt.WA_DeleteOnClose, True)
#ApiForm.setAttribute(QtCore.Qt.WA_TranslucentBackground, True);
result = None
if ApiForm.exec_() == 1:
global last_api
last_api = ApiForm.action_name
result = last_api
del ApiForm
return result
def run(self, argument):
"""Execute the script when invoked."""
try:
# Remove the modal dialogue
old = idaapi.disable_script_timeout()
idaapi.show_wait_box("Decompiling function...")
self.decompiler.set_screen_address_to_decompile()
self.decompiler.decompile()
# Re-enable the original timeout.
idaapi.set_script_timeout(old)
except PointSourceException, err:
print "[-] Unable to run decompiler : %s" % err