def versions():
"""Returns IDA & Python versions"""
import sys
return {
'python': sys.version,
'ida': idaapi.get_kernel_version(),
'hexrays': idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None
}
def is_ida_version_supported():
"""
Check which IDA version is supported
"""
major, minor = map(int, idaapi.get_kernel_version().split("."))
if major >= 7:
return True
print("GhIDA:: [!] IDA Pro 7.xx supported only")
return False
def is_using_pyqt5():
if hasattr(idaapi, "get_kernel_version"):
_ida_version_major, _ida_version_minor = map(
int,
idaapi.get_kernel_version().split("."))
return _ida_version_major > 6 or (_ida_version_major == 6
and _ida_version_minor >= 9)
else:
return False
def is_supported_ida_version():
version = float(idaapi.get_kernel_version())
if version < 7.4 or version >= 8:
warning_msg = "This plugin does not support your IDA Pro version"
logger.warning(warning_msg)
logger.warning(
"Your IDA Pro version is: %s. Supported versions are: IDA >= 7.4 and IDA < 8.0."
% version)
return False
return True
def _init_version(self):
# retrieve IDA's version #
disassembler_version = idaapi.get_kernel_version()
major, minor = map(int, disassembler_version.split("."))
# save the version number components for later use
self._version_major = major
self._version_minor = minor
self._version_patch = 0
def is_supported_ida_version():
version = idaapi.get_kernel_version()
if version not in SUPPORTED_IDA_VERSIONS:
warning_msg = "This plugin does not support your IDA Pro version"
logger.warning(warning_msg)
logger.warning(
"Your IDA Pro version is: %s. Supported versions are: %s." %
(version, ", ".join(SUPPORTED_IDA_VERSIONS)))
return False
return True
def versions():
"""Returns IDA & Python versions"""
import sys
return {
'python':
sys.version,
'ida':
idaapi.get_kernel_version(),
'hexrays':
idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None
}
def string_decode(string):
if idaapi.get_kernel_version()[0] == '7':
# IDA 7 only has UTF-8 strings
string_u = string.decode('UTF-8')
else:
# IDA 6 uses the system locale
# on Linux it's usually UTF-8 but we can't be sure
# on Windows getfilesystemencoding returns "mbcs"
# but it decodes cpXXXX correctly apparently
string_u = string.decode(sys.getfilesystemencoding())
return string_u
def versions():
"""Returns IDA & Python versions"""
import sys
return {
"python":
sys.version,
"ida":
idaapi.get_kernel_version(),
"hexrays":
idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None,
}
def is_ida_version(requested):
rv = requested.split(".")
kv = idaapi.get_kernel_version().split(".")
count = min(len(rv), len(kv))
if not count:
return False
for i in xrange(count):
if int(kv[i]) < int(rv[i]):
return False
return True
def __version__():
# api doesn't exist, go back to a crazy version.
if not hasattr(idaapi, 'get_kernel_version'):
return 6, 0, 6.0
import math
res = str(idaapi.get_kernel_version()) # force it to a str because IDA 7.0 "fixed" it
major, minor = map(int, res.split('.', 2))
minor = int("{:<02d}".format(minor))
if minor > 0:
count = math.floor(math.log(minor) / math.log(10) + 1)
return major, minor, float(major) + minor/10**count
return major, minor, float(major)
def load_idb(path):
cmd = idaapi.idadir('ida')
if float(idaapi.get_kernel_version()) < 7:
cmd += 'q'
if path.endswith('.i64'):
cmd += '64'
my_path = os.path.abspath(os.path.expanduser(__file__))
if os.path.islink(my_path):
my_path = os.readlink(my_path)
f = os.path.join(os.path.dirname(os.path.dirname(my_path)), 'run.py')
p = QProcess()
p.startDetached(cmd, ['-S%s' % f, path])
wait(3)
idc.ProcessUiAction('Quit', 0)
# -*- coding: utf-8 -*-
"""
Send RVA to clipboard in a WinDBG compatible format
0.3 Fixed broken behavior
0.2 Python3 (IDA >= 7.4)
0.1 Python2 (IDA <= 7.3)
"""
import os, tkinter
from tkinter.constants import FALSE
import idaapi, idc
import ida_expr, ida_kernwin, ida_nalt
ida_version_below_74 = idaapi.get_kernel_version() < "7.4"
PLUGIN_NAME = "CopyRva"
PLUGIN_HOTKEY = "Ctrl-Alt-H"
PLUGIN_VERSION = "0.3"
PLUGIN_AUTHOR = "@_hugsy_"
#
# Hashmap of filenames pointing to how they should be aliased
#
ALIASES = {
"ntoskrnl": "nt",
}
def get_rva() -> int:
ea = idc.get_screen_ea()
import glob
import os
import itertools
import idaapi
import idc
PLUGINS_LIST = "plugins-{}.list".format(idaapi.get_kernel_version())
USER_PLUGIN_LIST_PATH = os.path.join(idaapi.get_user_idadir(), PLUGINS_LIST)
SYS_PLUGIN_LIST_PATH = os.path.join(idaapi.idadir(idaapi.CFG_SUBDIR),
PLUGINS_LIST)
if idc.GetIdbPath():
PROJECT_PLUGIN_LIST_PATH = os.path.join(os.path.dirname(idc.GetIdbPath()),
PLUGINS_LIST)
else:
PROJECT_PLUGIN_LIST_PATH = None
def message(*messages):
for msg in messages:
for line in msg.splitlines():
idaapi.msg("[PluginLoader] {}\n".format(line))
def iter_without_duplicates(*iterables):
visited = set()
chained_iterables = itertools.chain(*iterables)
for item in chained_iterables:
if item in visited:
continue
yield item
import idautils
import idaapi
idaapi.require('flare')
idaapi.require('flare.apply_callee_type')
idaapi.require('flare.jayutils')
PLUGIN_HELP = "This is help"
PLUGIN_NAME = "ApplyCalleeType"
PREFERRED_SHORTCUT = "Alt-J"
PLUGIN_COMMENT = "Apply callee type to indirect call location"
ACTION_NAME = 'flare:apply_callee_type'
MENU_PATH = "Edit/Operand type/Manual"
# get the IDA version number
ida_major, ida_minor = list(map(int, idaapi.get_kernel_version().split(".")))
using_ida7api = (ida_major > 6)
ex_addmenu_item_ctx = None
def installMenuIda7():
class ApplyCalleeHandler(idaapi.action_handler_t):
def activate(self, ctx):
doApplyCallee()
return 1
def update(self, ctx):
return idaapi.AST_ENABLE_FOR_WIDGET if ctx.widget_type == idaapi.BWN_DISASM else idaapi.AST_DISABLE_FOR_WIDGET
ret = idaapi.register_action(
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
########################################################################
import re
import idaapi
if re.match("^6.[0-8]$", idaapi.get_kernel_version()):
from PySide import QtGui, QtCore
def qtcore():
return QtCore
def formtowidget(pluginform, form):
return pluginform.FormToPySideWidget(form)
def qabstractitemview():
return QtGui.QAbstractItemView
def qwidget():
return QtGui.QWidget
def qtabwidget():
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
########################################################################
import re
import idaapi
if re.match("^6.[0-8]$", idaapi.get_kernel_version()):
from PySide import QtGui, QtCore
def qtcore():
return QtCore
def formtowidget(pluginform, form):
return pluginform.FormToPySideWidget(form)
def qabstractitemview():
return QtGui.QAbstractItemView
def qwidget():
return QtGui.QWidget
ipyida_stub_target_path = os.path.join(idaapi.get_user_idadir(), "plugins",
"ipyida.py")
if not os.path.exists(os.path.dirname(ipyida_stub_target_path)):
os.makedirs(os.path.dirname(ipyida_stub_target_path), 0o755)
# Make sure ipyida module is not the ipyida.py in the plugins folder, otherwise
# pkg_resources will try to get file from there. This happends when package is
# uninstalled, but ipyida.py is still in the plugin folder.
if 'ipyida' in sys.modules:
del sys.modules['ipyida']
shutil.copyfile(
pkg_resources.resource_filename("ipyida", "ipyida_plugin_stub.py"),
ipyida_stub_target_path)
print("[+] ipyida.py added to user plugins")
idaapi.load_plugin(ipyida_stub_target_path)
_ida_version = pkg_resources.parse_version(idaapi.get_kernel_version())
if os.name == 'nt' and _ida_version < pkg_resources.parse_version("7.4"):
# No party for Windows with old IDA
print(
"[+] IPyIDA Installation successful. Use <Shift+.> to open the console."
)
else:
print(
"[🍺] IPyIDA Installation successful. Use <Shift+.> to open the console."
)
def using_pyqt5():
major, minor = map(int, idaapi.get_kernel_version().split("."))
return (major == 6 and minor >= 9)
import idaapi
#------------------------------------------------------------------------------
# Compatability File
#------------------------------------------------------------------------------
#
# This file is used to reduce the number of compatibility checks made
# throughout the plugin for varying versions of IDA.
#
# get the IDA version number
major, minor = map(int, idaapi.get_kernel_version().split("."))
#------------------------------------------------------------------------------
# IDA 7 API - COMPAT
#------------------------------------------------------------------------------
#
# We use the 'using_ida7api' global throughout the code to determine if
# the IDA 7 API is available, and should be used.
#
using_ida7api = (major > 6)
#------------------------------------------------------------------------------
# Pyside --> PyQt5 - COMPAT
#------------------------------------------------------------------------------
#
# As of IDA 6.9, Hex-Rays has started using PyQt5 versus PySide on Qt4.
#
using_pyqt5 = using_ida7api or (major == 6 and minor >= 9)
import idaapi
import idautils
import jayutils
QT_AVAILABLE = True
try:
from PyQt5 import QtWidgets, QtCore
from shellcode_widget import ShellcodeWidget
except ImportError:
print 'Falling back to simple dialog-based GUI. \nPlease consider installing the HexRays PyQt5 build available at \n"http://hex-rays.com/products/ida/support/download.shtml"'
QT_AVAILABLE = False
# get the IDA version number
ida_major, ida_minor = map(int, idaapi.get_kernel_version().split("."))
using_ida7api = (ida_major > 6)
#logger = jayutils.configLogger('shellcode_hash', logging.DEBUG)
logger = jayutils.configLogger('shellcode_hash', logging.INFO)
class RejectionException(Exception):
pass
############################################################
# SQL queries
############################################################
sql_lookup_hash_value='''
select
h.hash_val,
import idaapi
import librgb
from librgb.qt_shims import QtGui # important for PySide legacy IDA
from librgb.qt_shims import QtWidgets
try:
MAJOR, MINOR = map(int, idaapi.get_kernel_version().split("."))
except AttributeError:
MAJOR, MINOR = 6, 6
USING_IDA7API = MAJOR > 6
USING_PYQT5 = USING_IDA7API or (MAJOR == 6 and MINOR >= 9)
class DockableShim(object):
def __init__(self, title):
self._title = title
# IDA 7+ Widgets
if USING_IDA7API:
import sip
self._form = idaapi.create_empty_widget(self._title)
self.widget = sip.wrapinstance(long(self._form), QtWidgets.QWidget)
# legacy IDA PluginForm's
else:
self._form = idaapi.create_tform(self._title, None)
if USING_PYQT5:
self.widget = idaapi.PluginForm.FormToPyQtWidget(self._form)
else:
self.widget = idaapi.PluginForm.FormToPySideWidget(self._form)
import os
import sys
import time
import logging
import binascii
import tempfile
import functools
import idaapi
import idautils
if int(idaapi.get_kernel_version()[0]) < 7:
idaapi.warning(
"Lighthouse has deprecated support for IDA 6, please upgrade.")
raise ImportError
from .api import DisassemblerCoreAPI, DisassemblerContextAPI
from ..qt import *
from ..misc import is_mainthread, get_string_between
logger = logging.getLogger("Lighthouse.API.IDA")
#------------------------------------------------------------------------------
# Utils
#------------------------------------------------------------------------------
def execute_sync(function, sync_type):
"""
Synchronize with the disassembler for safe database access.
def using_pyqt5():
major, minor = map(int, idaapi.get_kernel_version().split("."))
return (major == 6 and minor >= 9)
def is_using_pyqt5():
if hasattr(idaapi, "get_kernel_version"):
_ida_version_major, _ida_version_minor = map(int, idaapi.get_kernel_version().split("."))
return _ida_version_major > 6 or (_ida_version_major == 6 and _ida_version_minor >= 9)
else:
return False
def is_gte_ida74():
major, minor = map(int, idaapi.get_kernel_version().split("."))
return (major == 7 and minor >= 4)