def finish_populating_tform_popup(self, form, popup): # Or here, after the popup is done being populated by its owner. # We will attach our action to the context menu # for the 'Functions window' widget. # The action will be be inserted in a submenu of # the context menu, named 'Others'. if idaapi.get_tform_type(form) == idaapi.BWN_CALL_STACK: #line = form.GetCurrentLine() pass elif idaapi.get_tform_type(form) == idaapi.BWN_DISASM: #regs =['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp', 'esp', 'ax', 'bx', 'cx', 'dx', 'ah', 'al', 'bh', 'bl', 'ch', 'cl', 'dh', 'dl'] regs = idaapi.ph_get_regnames() idaapi.attach_action_to_popup(form, popup, "revCursor:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "dis:action", 'RESim/') highlighted = idaapi.get_highlighted_identifier() if highlighted is not None: if highlighted in regs: idaapi.attach_action_to_popup(form, popup, "modReg:action", 'RESim/') else: addr = getHex(highlighted) if addr is not None or regFu.isHighlightedEffective(): idaapi.attach_action_to_popup(form, popup, "rev:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "dataWatch:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "revData:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "modMemory:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "stringMemory:action", 'RESim/')
def finish_populating_tform_popup(self, form, popup): """ A right click menu is about to be shown. """ # # disassembly window # if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS: # # if the user cursor isn't hovering over a function ref, there # is nothing for us to do # if get_cursor_func_ref() == idaapi.BADADDR: return # # the user cursor is hovering over a valid target for a recursive # function prefix. insert the prefix action entry into the menu # idaapi.attach_action_to_popup(form, popup, prefix_t.ACTION_RECURSIVE, "Rename", idaapi.SETMENU_APP) # # functions window # elif idaapi.get_tform_type(form) == idaapi.BWN_FUNCS: # inject the 'Bulk' function prefix action idaapi.attach_action_to_popup(form, popup, prefix_t.ACTION_BULK, "Delete function(s)...", idaapi.SETMENU_INS) # inject the 'Clear prefix' action idaapi.attach_action_to_popup(form, popup, prefix_t.ACTION_CLEAR, "Delete function(s)...", idaapi.SETMENU_INS) # inject a menu separator idaapi.attach_action_to_popup(form, popup, None, "Delete function(s)...", idaapi.SETMENU_INS) # done return 0
def finish_populating_tform_popup(self, form, popup): # Insert the action once the context menu # has been populated. # Submenu Others if idaapi.get_tform_type(form) == idaapi.BWN_FUNCS: idaapi.attach_action_to_popup(form, popup, ACTION_EXEC_TREE, 'Function Tracer/')
def finish_populating_widget_popup(self, form, popup): try: b = idaapi.get_widget_type(form) == idaapi.BWN_DISASM except: b = idaapi.get_tform_type(form) == idaapi.BWN_DISASM if b: # Add separator idaapi.attach_action_to_popup(form, popup, None, None) # Add actions try: currentAddress = idc.get_screen_ea() except: currentAddress = idc.ScreenEA() if currentAddress in [ node.node_id for node in self.cc.PatternGenerator.targetNodes ]: idaapi.attach_action_to_popup(form, popup, "grap:pg:remove_target", None) elif self.cc.PatternGenerator.rootNode is None or currentAddress != self.cc.PatternGenerator.rootNode.node_id: idaapi.attach_action_to_popup(form, popup, "grap:pg:set_root", None) idaapi.attach_action_to_popup(form, popup, "grap:pg:add_target", None)
def populating_tform_popup(self, form, popup): global highlight if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: highlight = idaapi.get_highlight(form) if highlight: idaapi.update_action_label("search:action", "Search Google for \"" + highlight[0] + "\"") idaapi.attach_action_to_popup(form, popup, "search:action", None)
def finish_populating_tform_popup(self, form, popup): # disassembly window if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS: if get_cursor_func_ref() == idaapi.BADADDR: return idaapi.attach_action_to_popup( form, popup, funcref_t.ACTION_COPY ) # functions window elif idaapi.get_tform_type(form) == idaapi.BWN_FUNCS: idaapi.attach_action_to_popup(form, popup, funcref_t.ACTION_BULK, "Copy All", idaapi.SETMENU_INS) return 0
def finish_populating_tform_popup(self, form, popup): # Or here, after the popup is done being populated by its owner. if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphFrom.get_name(), '') idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphTo.get_name(), '')
def get_custom_viewer_hint(self, view, place): try: tform = idaapi.get_current_tform() if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM: return None curline = idaapi.get_custom_viewer_curline(view, True) _, x, y = idaapi.get_custom_viewer_place(view, True) ea = place.toea() # "color" is a bit of misnomer: its the type of the symbol currently hinted color = get_color_at_char(curline, x) if color != idaapi.COLOR_ADDR: return None # for COLOR_ADDR tokens, we get something like: # 401000sub_401000 # so we will need to prune the address from the start before we can use it :-( token = get_token_at_char(curline, x) # enumerate the operands of the instruction at this address # and search the token for the operand text func_name = None for i in range(3): o = idc.GetOpnd(ea, i) if not o: break # if we have `offset sub_401000`, we want: `sub_401000` if ' ' in o: o = o.partition(' ')[2] if o in token: func_name = o break if not func_name: return None # get the address given the function name fva = idc.LocByName(func_name) if not fva: return None # ensure its actually a function if not idaapi.get_func(fva): return None # this magic constant "1" is the number of "important lines" to display by default. # the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines. return render_function_hint(fva), 1 except Exception as e: print( 'CallsHintsPlugin: error: %s. Get in touch with @williballenthin.' % (str(e))) return None
def finish_populating_tform_popup(self, form, popup): # Or here, after the popup is done being populated by its owner. if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, MarkReachableNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkUnReachableNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkReachingNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkNotReachingNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkExits.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkClearHandler.get_name(), "Mark/")
def finish_populating_tform_popup(self, form, popup): tft = idaapi.get_tform_type(form) if tft == idaapi.BWN_DISASM: # Note the 'None' as action name (1st parameter). # That's because the action will be deleted immediately # after the context menu is hidden anyway, so there's # really no need giving it a valid ID. desc = idaapi.action_desc_t(None, 'Decode IOCTL', IOCTLDecodeHandler()) idaapi.attach_dynamic_action_to_popup(form, popup, desc, None)
def finish_populating_tform_popup(self, form, popup): # We'll add our action to all "IDA View-*"s. # If we wanted to add it only to "IDA View-A", we could # also discriminate on the widget's title: # # if idaapi.get_tform_title(form) == "IDA View-A": # ... # if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, act_name, None)
def finish_populating_tform_popup(self, form, popup): # Or here, after the popup is done being populated by its owner. if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, MarkReachableNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkUnReachableNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkReachingNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkNotReachingNodesHandler.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkExits.get_name(), "Mark/") idaapi.attach_action_to_popup(form, popup, MarkClearHandler.get_name(), "Mark/")
def finish_populating_tform_popup(self, form, popup): tft = idaapi.get_tform_type(form) if tft == idaapi.BWN_DISASM: # Define a silly handler. # Note the 'None' as action name (1st parameter). # That's because the action will be deleted immediately # after the context menu is hidden anyway, so there's # really no need giving it a valid ID. idaapi.attach_action_to_popup(form, popup, MyHandler.get_name(), "-")
def finish_populating_tform_popup(self, form, popup): form_type = idaapi.get_tform_type(form) if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP: if idaapi.read_selection() or ItemSize(ScreenEA()) > 1: idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None) for action in ACTION_CONVERT: idaapi.attach_action_to_popup(form, popup, action, "Convert/") if form_type == idaapi.BWN_DISASM and (arch, bits) in [(idaapi.PLFM_386, 32), (idaapi.PLFM_386, 64), (idaapi.PLFM_ARM, 32),]: idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def get_cursor_func_ref(): """ Get the function reference under the user cursor. Returns BADADDR or a valid function address. """ current_tform = idaapi.get_current_tform() tform_type = idaapi.get_tform_type(current_tform) # get the hexrays vdui (if available) vu = idaapi.get_tform_vdui(current_tform) # # hexrays view is active # if vu: cursor_addr = vu.item.get_ea() # # disassembly view is active # elif tform_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() # # if the cursor is over an operand value that has a function ref, # use that as a valid rename target # op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum()) op_func = idaapi.get_func(op_addr) if op_func and op_func.startEA == op_addr: return op_addr # unsupported/unknown view is active else: return idaapi.BADADDR # # if the cursor is over a function definition or other reference, use that # as a valid rename target # cursor_func = idaapi.get_func(cursor_addr) if cursor_func and cursor_func.startEA == cursor_addr: return cursor_addr # fail return idaapi.BADADDR
def get_cursor_func_ref(): """ Get the function reference under the user cursor. Returns BADADDR or a valid function address. """ current_tform = idaapi.get_current_tform() tform_type = idaapi.get_tform_type(current_tform) # get the hexrays vdui (if available) vu = idaapi.get_tform_vdui(current_tform) # # hexrays view is active # if vu: cursor_addr = vu.item.get_ea() # # disassembly view is active # elif tform_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() # # if the cursor is over an operand value that has a function ref, # use that as a valid rename target # op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum()) op_func = idaapi.get_func(op_addr) if op_func and op_func.startEA == op_addr: return op_addr # unsupported/unknown view is active else: return idaapi.BADADDR # # if the cursor is over a function definition or other reference, use that # as a valid rename target # cursor_func = idaapi.get_func(cursor_addr) if cursor_func and cursor_func.startEA == cursor_addr: return cursor_addr # fail return idaapi.BADADDR
def finish_populating_tform_popup(self, form, popup): # Or here, after the popup is done being populated by its owner. # We will attach our action to the context menu # for the 'Functions window' widget. # The action will be be inserted in a submenu of # the context menu, named 'Others'. if not self.is_closed and idaapi.get_tform_type(form) == idaapi.BWN_DISASMS: addr = idc.ScreenEA() for addr_from, addr_to in self.addrs: if addr == addr_from: idaapi.attach_action_to_popup( form, popup, "pyrebox:show_funcs", "PyREBox/") break
def finish_populating_tform_popup(self, form, popup): form_type = idaapi.get_tform_type(form) if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP: if idaapi.read_selection() or ItemSize(ScreenEA()) > 1: idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None) idaapi.attach_action_to_popup(form, popup, ACTION_FILLNOP, None) for action in ACTION_CONVERT: idaapi.attach_action_to_popup(form, popup, action, "Convert/") if form_type == idaapi.BWN_DISASM and (ARCH, BITS) in [(idaapi.PLFM_386, 32), (idaapi.PLFM_386, 64), (idaapi.PLFM_ARM, 32),]: idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
def finish_populating_tform_popup(self, form, popup): # TODO - Attach to the functions view. # if idaapi.get_tform_type(form) == idaapi.BWN_FUNCS: # idaapi.attach_action_to_popup( # form, popup, "my:disasmsaction", None) # Attach to the disassembler view only if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS: idaapi.attach_action_to_popup(form, popup, "my:disasmsaction", None) idaapi.attach_action_to_popup(form, popup, "my:disasmtracker", None) idaapi.attach_action_to_popup(form, popup, "my:invalidatecache", None)
def finish_populating_tform_popup(self, form, popup): tft = idaapi.get_tform_type(form) if tft != idaapi.BWN_DISASM: return if not device_type.is_driver(): return pos = idc.ScreenEA() # If the second argument to the current selected instruction is an immediately # then give the option to decode it. if idc.GetOpType(pos, 1) == 5: register_dynamic_action(form, popup, 'Decode IOCTL', DecodeHandler()) if pos in ioctl_tracker.ioctl_locs: register_dynamic_action(form, popup, 'Invalid IOCTL', InvalidHandler()) register_dynamic_action(form, popup, 'Decode All IOCTLs in Function', DecodeAllHandler()) if len(ioctl_tracker.ioctl_locs) > 0: register_dynamic_action(form, popup, 'Show All IOCTLs', ShowAllHandler())
def get_custom_viewer_hint(self, view, place): try: tform = idaapi.get_current_tform() if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM: return None curline = idaapi.get_custom_viewer_curline(view, True) # sometimes get_custom_viewer_place() returns [x, y] and sometimes [place_t, x, y]. # we want the place_t. viewer_place = idaapi.get_custom_viewer_place(view, True) if len(viewer_place) != 3: return None _, x, y = viewer_place ea = place.toea() # "color" is a bit of misnomer: its the type of the symbol currently hinted color = get_color_at_char(curline, x) if color != idaapi.COLOR_ADDR: return None # grab the FAR references to code (not necessarilty a branch/call/jump by itself) far_code_references = [ xref.to for xref in idautils.XrefsFrom(ea, ida_xref.XREF_FAR) if idc.isCode(idc.GetFlags(xref.to)) ] if len(far_code_references) != 1: return None fva = far_code_references[0] # ensure its actually a function if not idaapi.get_func(fva): return None # this magic constant is the number of "important lines" to display by default. # the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines. return render_function_hint(fva), DEFAULT_IMPORTANT_LINES_NUM except Exception as e: logger.warning( 'unexpected exception: %s. Get in touch with @williballenthin.', e, exc_info=True) return None
def finish_populating_tform_popup(self, form, popup): tft = idaapi.get_tform_type(form) if tft == idaapi.BWN_DISASM: # Disassembly view descs = [] # Choose either selection or function annotation depending on cursor selection = idaapi.read_selection() if selection[0] == True: descs.append( idaapi.action_desc_t( None, 'Annotate selection with line info', ALI_DISASM_SelectionHandler( ACTION_ADD_ANNOTATION))) descs.append( idaapi.action_desc_t( None, 'Remove annotations from selection', ALI_DISASM_SelectionHandler( ACTION_DEL_ANNOTATION))) else: func = idaapi.get_func(ScreenEA()) if func is not None: descs.append( idaapi.action_desc_t( None, 'Annotate function with line info', ALI_DISASM_FunctionHandler( ACTION_ADD_ANNOTATION))) descs.append( idaapi.action_desc_t( None, 'Remove annotations from function', ALI_DISASM_FunctionHandler( ACTION_DEL_ANNOTATION))) # Add corresponding action to popup menu for d in descs: idaapi.attach_dynamic_action_to_popup(form, popup, d, None) elif tft == idaapi.BWN_FUNCS: # Functions view # Add action to popup menu idaapi.attach_action_to_popup( form, popup, type(ali_plugin).action_wfuncs_add_name, None, idaapi.SETMENU_INS) idaapi.attach_action_to_popup( form, popup, type(ali_plugin).action_wfuncs_del_name, None, idaapi.SETMENU_INS)
def get_cursor_func_ref(): current_tform = idaapi.get_current_tform() tform_type = idaapi.get_tform_type(current_tform) # get the hexrays vdui (if available) vu = idaapi.get_tform_vdui(current_tform) if vu: cursor_addr = vu.item.get_ea() elif tform_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum()) op_func = idaapi.get_func(op_addr) if op_func and op_func.startEA == op_addr: return op_addr else: return idaapi.BADADDR cursor_func = idaapi.get_func(cursor_addr) if cursor_func and cursor_func.startEA == cursor_addr: return cursor_addr return idaapi.BADADDR
def finish_populating_tform_popup(self, form, popup): """ A right click menu is about to be shown. (IDA 6.x) """ inject_prefix_actions(form, popup, idaapi.get_tform_type(form)) return 0
def finish_populating_tform_popup(self, form, popup): """ A right click menu is about to be shown. """ # # disassembly window # if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS: # # if the user cursor isn't hovering over a function ref, there # is nothing for us to do # if get_cursor_func_ref() == idaapi.BADADDR: return # # the user cursor is hovering over a valid target for a recursive # function prefix. insert the prefix action entry into the menu # idaapi.attach_action_to_popup( form, popup, prefix_t.ACTION_RECURSIVE, "Rename", idaapi.SETMENU_APP ) # # functions window # elif idaapi.get_tform_type(form) == idaapi.BWN_FUNCS: # inject the 'Bulk' function prefix action idaapi.attach_action_to_popup( form, popup, prefix_t.ACTION_BULK, "Delete function(s)...", idaapi.SETMENU_INS ) # inject the 'Clear prefix' action idaapi.attach_action_to_popup( form, popup, prefix_t.ACTION_CLEAR, "Delete function(s)...", idaapi.SETMENU_INS ) # inject a menu separator idaapi.attach_action_to_popup( form, popup, None, "Delete function(s)...", idaapi.SETMENU_INS ) # done return 0
def get_widget_type(form): if idaapi.IDA_SDK_VERSION <= 699: retval = idaapi.get_tform_type(form) else: retval = ida_kernwin.get_widget_type(form) return retval
def finish_populating_widget_popup(self, form, popup): try: b = idaapi.get_widget_type(form) == idaapi.BWN_DISASM except: b = idaapi.get_tform_type(form) == idaapi.BWN_DISASM if b: # Add separator idaapi.attach_action_to_popup(form, popup, None, None) # Add actions try: currentAddress = idc.get_screen_ea() except: currentAddress = idc.ScreenEA() #if currentAddress in [node.node_id for node in self.cc.PatternGenerator.targetNodes]: if currentAddress in self.cc.PatternGenerator.coloredNodes: idaapi.attach_action_to_popup(form, popup, "grap:pg:match_default", None) idaapi.attach_action_to_popup(form, popup, "grap:pg:match_full", None) idaapi.update_action_label( "grap:pg:match_full", self.cc.PatternGenerator.preview_match( currentAddress, "[grap] Full match", "match_full")) idaapi.attach_action_to_popup(form, popup, "grap:pg:match_opcode_arg1", None) idaapi.update_action_label( "grap:pg:match_opcode_arg1", self.cc.PatternGenerator.preview_match( currentAddress, "[grap] Opcode+arg1", "match_opcode_arg1")) idaapi.attach_action_to_popup(form, popup, "grap:pg:match_opcode_arg2", None) idaapi.update_action_label( "grap:pg:match_opcode_arg2", self.cc.PatternGenerator.preview_match( currentAddress, "[grap] Opcode+arg2", "match_opcode_arg2")) idaapi.attach_action_to_popup(form, popup, "grap:pg:match_opcode", None) idaapi.update_action_label( "grap:pg:match_opcode", self.cc.PatternGenerator.preview_match( currentAddress, "[grap] Opcode", "match_opcode")) idaapi.attach_action_to_popup(form, popup, "grap:pg:match_wildcard", None) idaapi.attach_action_to_popup(form, popup, "grap:pg:remove_target", None) for type in [ "match_default", "match_full", "match_opcode_arg1", "match_opcode_arg2", "match_opcode", "match_wildcard" ]: idaapi.update_action_icon("grap:pg:" + type, -1) if currentAddress not in self.cc.PatternGenerator.targetNodeType: type = "match_default" else: type = self.cc.PatternGenerator.targetNodeType[ currentAddress] idaapi.update_action_icon("grap:pg:" + type, self.selected_icon_number) elif self.cc.PatternGenerator.rootNode is None or currentAddress != self.cc.PatternGenerator.rootNode.node_id: idaapi.attach_action_to_popup(form, popup, "grap:pg:set_root", None) idaapi.attach_action_to_popup(form, popup, "grap:pg:add_target", None)
def cb(user_data, notification_code, va_list): ''' example hook_cb_t function that handles custom viewer hints. Args: user_data (ctypes.c_void_p): context supplied to callback registration notification_code (int): one of the UI_NOTIFICATIONS enum values va_list (ctypes.c_void_p): varargs that must be manually parsed Returns: int: see notifiication code documentation for interpretation Notes: - This is a closure that expects to have ''' # this function is called *a lot*, so don't do any heavy lifting # until you know its the event you want. # ctypes doesn't support varargs in callback functions. # so, we need to parse the remaining arguments ourselves. # # on windows, varargs are sequential stack locations. # so, lets access the members like an array of ints/pointers. # # WARNING: the following section that manually parses varargs is # probably architecture and platfrom dependent! va_list = ctypes.cast(va_list, c_long_p) if notification_code == UI_NOTIFICATIONS.UI_GET_EA_HINT: # ea is just a number: # # typedef uint32 ea_t # # via: https://www.hex-rays.com/products/ida/support/sdkdoc/pro_8h.html#a7b0aeaed04e477c02cf8ea3452002d1a ea = va_list[0] buf = ctypes.cast(va_list[1], ctypes.c_char_p) bufsize = va_list[2] print('ui_get_ea_hint:') print('>.. notification code: %s' % (notification_code)) print('>.. ea: %s' % (hex(ea))) print('>.. buf: %s' % (buf)) print('>.. bufsize: %s' % (hex(bufsize))) the_hint = datetime.datetime.now().isoformat(' ') self.dll.qstrncpy(buf, ctypes.c_char_p(the_hint), bufsize) print('<.. buf: %s' % (buf)) return 1 elif notification_code == UI_NOTIFICATIONS.UI_GET_CUSTOM_VIEWER_HINT: viewer = ctypes.cast(va_list[0], c_long_p) place = ctypes.cast(va_list[1], c_long_p) important_lines = ctypes.cast(va_list[2], c_long_p) hint = ctypes.cast(va_list[3], c_char_pp) if not place: print('ui_get_custom_viewer_hint: invalid place') return 0 print('ui_get_custom_viewer_hint:') print('>.. notification code: %s' % (notification_code)) print('>.. important lines: %s %s' % (important_lines, important_lines.contents)) print('>.. hint: %s %s' % (hint, hint.contents)) # so, we'd like to fetch the EA of the current view. # ideally, we'd do: # # ea = place.toea() # # but `place` is a raw c++ object pointer, and ctypes isn't that smart. # next best would be to do something like: # # place = self.dll.get_custom_viewer_place(viewer); # # however, this doesn't work because `get_custom_viewer_place` is not an exported routine. # it seems to be part of the IDA SDK static lib to which plugins link. # # next best would be to use `idaapi.get_custom_viewer_place`: # # place = idaapi.get_custom_viewer_place(viewer); # # but, this doesn't work because we're mixing a ctypes pointer with a swig function. # so, we'll fall back to querying the current viewer, and fetching the place from there. # let's only display for disassembly listings # # i only know how to test the view/form type using the `get_tform_type` function. # therefore, we'll first query the current tform, and subsequently the current custom_viewer. tform = idaapi.get_current_tform() if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM: return 0 viewer = idaapi.get_current_viewer() # `place` is a tuple (though techincally, a list), with elements: # - place_t proxy # - x position in characters # - y position in characters from top of screen/form (-1 in graph view) place, x, y = idaapi.get_custom_viewer_place(viewer, True) the_hint = '0x%08X: %s' % ( place.toea(), datetime.datetime.now().isoformat(' ')) important_lines[0] = ctypes.c_long(1) # we don't have access to the qstring c++ class methods, # so we'll use a dummy routine to correctly set our qstring contents. # `replace_tabs` assigns from a char * to a qstring *. # # relevant idasdk documentation: # # idaman THREAD_SAFE bool ida_export # replace_tabs ( # qstring *out, # const char *str, # int tabsize) self.dll.replace_tabs(hint, ctypes.c_char_p(the_hint), 4) print('<.. important lines: %s %s' % (important_lines, important_lines.contents)) print('<.. hint: %s %s' % (hint, hint.contents)) return 1 return 0
def finish_populating_tform_popup(self, form, popup): if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, idaview_handler.get_name(), "")
def finish_populating_tform_popup(self, form, popup): if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, CONTEXT_MENU_ACTION_NAME, None)
def finish_populating_tform_popup(self, form, popup): if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, plugin.add_to_search_handler.get_name(), '') idaapi.attach_action_to_popup(form, popup, plugin.clear_search_handler.get_name(), '')
def populating_tform_popup(self, form, popup): print "populating" if idaapi.get_tform_type(form) == idaapi.BWN_DISASM or idaapi.get_tform_type(form) == idaapi.BWN_DISASMS: idaapi.attach_action_to_popup(form, popup, "mee:DeepDecompile1", None) idaapi.attach_action_to_popup(form, popup, "mee:DeepDecompile3", None)
def finish_populating_tform_popup(self, form, popup): if idaapi.get_tform_type(form) == idaapi.BWN_DUMP: desc = idaapi.action_desc_t(None, 'Follow in hex dump', HexJumpHandler()) idaapi.attach_dynamic_action_to_popup(form, popup, desc, None)
def finish_populating_tform_popup(self, form, popup): if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, idaview_handler.get_name(), "")
def finish_populating_tform_popup(self, form, popup): if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, "My Plugin", "My Plugin") idaapi.attach_action_to_popup(form, popup, "My script", "My Plugin/")
def get_cursor_func_ref(): """ Get the function reference under the user cursor. Returns BADADDR or a valid function address. """ # NOTE / COMPAT: if using_ida7api: current_widget = idaapi.get_current_widget() form_type = idaapi.get_widget_type(current_widget) vu = idaapi.get_widget_vdui(current_widget) else: current_tform = idaapi.get_current_tform() form_type = idaapi.get_tform_type(current_tform) vu = idaapi.get_tform_vdui(current_tform) # # hexrays view is active # if vu: cursor_addr = vu.item.get_ea() # # disassembly view is active # elif form_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() opnum = idaapi.get_opnum() if opnum != -1: # # if the cursor is over an operand value that has a function ref, # use that as a valid rename target # # NOTE/COMPAT: if using_ida7api: op_addr = idc.get_operand_value(cursor_addr, opnum) else: op_addr = idc.GetOperandValue(cursor_addr, opnum) op_func = idaapi.get_func(op_addr) # NOTE/COMPAT: if using_ida7api: if op_func and op_func.start_ea == op_addr: return op_addr else: if op_func and op_func.startEA == op_addr: return op_addr # unsupported/unknown view is active else: return idaapi.BADADDR # # if the cursor is over a function definition or other reference, use that # as a valid rename target # cursor_func = idaapi.get_func(cursor_addr) # NOTE/COMPAT: if using_ida7api: if cursor_func and cursor_func.start_ea == cursor_addr: return cursor_addr else: if cursor_func and cursor_func.startEA == cursor_addr: return cursor_addr # fail return idaapi.BADADDR
def finish_populating_tform_popup(self, form, popup): # Or here, after the popup is done being populated by its owner. if idaapi.get_tform_type(form) == idaapi.BWN_DISASM: idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphFrom.get_name(), '') idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphTo.get_name(), '')
def finish_populating_tform_popup(self, form, popup_handle): ALT = None if QtWidgets.QApplication.keyboardModifiers() == QtCore.Qt.AltModifier: ALT = True if get_tform_type(form) == BWN_IMPORTS: if ALT is not None: attach_action_to_popup(form, popup_handle, "fridalink:hook_imp_cpu", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:hook_imp_stack", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:hook_imp_backtrace", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:hook_imp_linkmem", "Frida Link/") attach_action_to_popup(form, popup_handle, "-", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:hook_imp_edit", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:unhook_imp_symbol", "Frida Link/") else: attach_action_to_popup(form, popup_handle, "fridalink:hook_imp_symbol", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:replace_imp_symbol", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:load_imp_module", "Frida Link/") elif get_tform_type(form) == BWN_FUNCS: attach_action_to_popup(form, popup_handle, "-", "") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_once", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_perm", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_cust", "Frida Link/") attach_action_to_popup(form, popup_handle, "fridalink:replace_func", "Frida Link/") elif get_tform_type(form) == BWN_DISASM: attach_action_to_popup(form, popup_handle, "", None) allowNewInstHook = False allowEditInstHook = False allowNewFuncHook = False allowEditFuncHook = False allowNewFuncReplace = False allowEditFuncReplace = False if self.pluginInstance.replacedFunction(): allowEditFuncReplace = True else: if self.pluginInstance.hookedInstruction() == False: allowNewInstHook = True if self.pluginInstance.hookedFunction() == False: allowNewFuncHook = True allowNewFuncReplace = True else: allowEditFuncHook = True else: allowEditInstHook = True if self.pluginInstance.hookedFunction() == False: allowNewFuncHook = True else: allowEditFuncHook = True if allowNewInstHook: attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_once", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_perm", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_brk_once", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_brk_perm", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_cust", "Frida Link/Instruction/") if allowEditInstHook: attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_cpu", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_stack", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_backtrace", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_linkmem", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "-", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:hook_inst_edit", "Frida Link/Instruction/") attach_action_to_popup(form, popup_handle, "fridalink:unhook_inst", "Frida Link/Instruction/") if allowEditFuncHook: attach_action_to_popup(form, popup_handle, "fridalink:hook_func_cpu", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_stack", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_backtrace", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_linkmem", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "-", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_edit", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:unhook_func", "Frida Link/Function/") if allowNewFuncHook: attach_action_to_popup(form, popup_handle, "fridalink:hook_func_once", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_perm", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:hook_func_cust", "Frida Link/Function/") if allowNewFuncReplace: attach_action_to_popup(form, popup_handle, "fridalink:replace_func", "Frida Link/Function/") if allowEditFuncReplace: attach_action_to_popup(form, popup_handle, "fridalink:replace_func_edit", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:replace_func_del", "Frida Link/Function/") attach_action_to_popup(form, popup_handle, "fridalink:get_real_address", "Frida Link/") return 0