def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
if not self.check(hx_view):
return
ea = ctx.cur_ea
c_number = hx_view.item.e
number_value = c_number.numval()
ordinal = _choose_structure_by_size(number_value)
if ordinal:
number_format_old = c_number.n.nf
number_format_new = idaapi.number_format_t()
number_format_new.flags = idaapi.FF_1STRO | idaapi.FF_0STRO
operand_number = number_format_old.opnum
number_format_new.opnum = operand_number
number_format_new.props = number_format_old.props
number_format_new.type_name = idaapi.create_numbered_type_name(ordinal)
c_function = hx_view.cfunc
number_formats = c_function.numforms # type: idaapi.user_numforms_t
# print "(number) flags: {0:#010X}, type_name: {1}, opnum: {2}".format(
# number_format.flags,
# number_format.type_name,
# number_format.opnum
# )
operand_locator = idaapi.operand_locator_t(ea, ord(operand_number) if operand_number else 0)
if operand_locator in number_formats:
del number_formats[operand_locator]
number_formats[operand_locator] = number_format_new
c_function.save_user_numforms()
hx_view.refresh_view(True)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
func_ea = hx_view.cfunc.entry_ea
obj = api.ReturnedObject(func_ea)
origin = cache.temporary_structure.main_offset
visitor = DeepReturnVisitor(hx_view.cfunc, origin, obj, cache.temporary_structure)
visitor.process()
def update(self, ctx):
if IDA7:
vdui = idaapi.get_widget_vdui(ctx.widget)
return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET
else:
vdui = idaapi.get_tform_vdui(ctx.form)
return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
def activate(self, ctx):
global potential_negatives
hx_view = idaapi.get_widget_vdui(ctx.widget)
result = type_library.choose_til()
if not result:
return
selected_library, max_ordinal, is_local_types = result
lvar_idx = hx_view.item.e.v.idx
candidate = potential_negatives[lvar_idx]
structures = candidate.find_containing_structures(selected_library)
items = list(
map(lambda x: [str(x[0]), "0x{0:08X}".format(x[1]), x[2], x[3]],
structures))
structure_chooser = forms.MyChoose(
items, "Select Containing Structure",
[["Ordinal", 5], ["Offset", 10], ["Member_name", 20],
["Structure Name", 20]], 165)
selected_idx = structure_chooser.Show(modal=True)
if selected_idx != -1:
if not is_local_types:
type_library.import_type(selected_library,
items[selected_idx][3])
lvar = hx_view.cfunc.get_lvars()[lvar_idx]
lvar_cmt = re.sub("```.*```", '', lvar.cmt)
hx_view.set_lvar_cmt(
lvar, lvar_cmt + "```{0}+{1}```".format(
structures[selected_idx][3], structures[selected_idx][1]))
hx_view.refresh_view(True)
def activate(self, ctx):
if self.action == ACTION_HX_REMOVERETTYPE:
if IDA7:
vdui = idaapi.get_widget_vdui(ctx.widget)
else:
vdui = idaapi.get_tform_vdui(ctx.form)
self.remove_rettype(vdui)
vdui.refresh_ctext()
elif self.action == ACTION_HX_COPYEA:
ea = idaapi.get_screen_ea()
if ea != idaapi.BADADDR:
copy_to_clip("0x%X" % ea)
print "Address 0x%X has been copied to clipboard" % ea
elif self.action == ACTION_HX_COPYNAME:
if IDA7:
name = idaapi.get_highlight(idaapi.get_current_viewer())[0]
else:
name = idaapi.get_highlighted_identifier()
if name:
copy_to_clip(name)
print "%s has been copied to clipboard" % name
else:
return 0
return 1
def activate(self, ctx):
if self.action == ACTION_HX_REMOVERETTYPE:
if IDA7:
vdui = idaapi.get_widget_vdui(ctx.widget)
else:
vdui = idaapi.get_tform_vdui(ctx.form)
self.remove_rettype(vdui)
vdui.refresh_ctext()
elif self.action == ACTION_HX_COPYEA:
ea = idaapi.get_screen_ea()
if ea != idaapi.BADADDR:
copy_to_clip("0x%X" % ea)
print("Address 0x%X has been copied to clipboard" % ea)
elif self.action == ACTION_HX_COPYNAME:
if IDA7:
name = idaapi.get_highlight(idaapi.get_current_viewer())[0]
else:
name = idaapi.get_highlighted_identifier()
if name:
copy_to_clip(name)
print("%s has been copied to clipboard" % name)
elif self.action == ACTION_HX_GOTOCLIP:
loc = parse_location(clip_text())
print("Goto location 0x%x" % loc)
Jump(loc)
else:
return 0
return 1
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
if not self.check(hx_view):
return
data = []
offset = hx_view.item.e.m
struct_type = idaapi.remove_pointer(hx_view.item.e.x.type)
ordinal = helper.get_ordinal(struct_type)
result = struct_xrefs.XrefStorage().get_structure_info(ordinal, offset)
for xref_info in result:
data.append([
idaapi.get_short_name(xref_info.func_ea) + "+" + hex(int(xref_info.offset)),
xref_info.type,
xref_info.line
])
field_name = helper.get_member_name(struct_type, offset)
chooser = forms.MyChoose(
data,
"Cross-references to {0}::{1}".format(struct_type.dstr(), field_name),
[["Function", 20 | idaapi.CHCOL_PLAIN],
["Type", 2 | idaapi.CHCOL_PLAIN],
["Line", 40 | idaapi.CHCOL_PLAIN]]
)
idx = chooser.Show(True)
if idx == -1:
return
xref = result[idx]
idaapi.open_pseudocode(xref.func_ea + xref.offset, False)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
ri = self.extract_recast_info(hx_view.cfunc, hx_view.item)
if not ri:
return 0
if isinstance(ri, RecastLocalVariable):
hx_view.set_lvar_type(ri.local_variable, ri.recast_tinfo)
elif isinstance(ri, RecastGlobalVariable):
idaapi.apply_tinfo2(ri.global_variable_ea, ri.recast_tinfo,
idaapi.TINFO_DEFINITE)
elif isinstance(ri, RecastArgument):
if ri.recast_tinfo.is_array():
ri.recast_tinfo.convert_array_to_ptr()
helper.set_func_argument(ri.func_tinfo, ri.arg_idx,
ri.recast_tinfo)
idaapi.apply_tinfo2(ri.func_ea, ri.func_tinfo,
idaapi.TINFO_DEFINITE)
elif isinstance(ri, RecastReturn):
cfunc = helper.decompile_function(ri.func_ea)
if not cfunc:
return 0
func_tinfo = idaapi.tinfo_t()
cfunc.get_func_type(func_tinfo)
helper.set_func_return(func_tinfo, ri.recast_tinfo)
idaapi.apply_tinfo2(cfunc.entry_ea, func_tinfo,
idaapi.TINFO_DEFINITE)
elif isinstance(ri, RecastStructure):
tinfo = idaapi.tinfo_t()
tinfo.get_named_type(idaapi.cvar.idati, ri.structure_name)
ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati,
ri.structure_name)
if ordinal == 0:
return 0
udt_member = idaapi.udt_member_t()
udt_member.offset = ri.field_offset * 8
idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)
if udt_member.offset != ri.field_offset * 8:
print("[Info] Can't handle with arrays yet")
elif udt_member.type.get_size() != ri.recast_tinfo.get_size():
print("[Info] Can't recast different sizes yet")
else:
udt_data = idaapi.udt_type_data_t()
tinfo.get_udt_details(udt_data)
udt_data[idx].type = ri.recast_tinfo
tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
tinfo.set_numbered_type(idaapi.cvar.idati, ordinal,
idaapi.NTF_REPLACE, ri.structure_name)
else:
raise NotImplementedError
hx_view.refresh_view(True)
return 0
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
if self.check(hx_view):
insn = hx_view.item.it.to_specific_type
inverse_if(insn.cif)
hx_view.refresh_ctext()
invert(hx_view.cfunc.entry_ea, insn.ea)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
obj = self.__extract_propagate_info(hx_view.cfunc, hx_view.item)
if obj:
cfunc = hx_view.cfunc
visitor = _NamePropagator(hx_view, cfunc, obj)
visitor.process()
hx_view.refresh_view(True)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
result = self.__extract_rename_info(hx_view.cfunc, hx_view.item)
if result:
lvar, name = result
while not hx_view.rename_lvar(lvar, name, True):
name = '_' + name
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
cfunc = hx_view.cfunc
origin = cache.temporary_structure.main_offset
if self._can_be_scanned(cfunc, hx_view.item):
obj = api.ScanObject.create(cfunc, hx_view.item)
visitor = NewShallowSearchVisitor(cfunc, origin, obj, cache.temporary_structure)
visitor.process()
def activate(self, ctx):
if self.action == ACTION_HX_REMOVE_RET_TYPE[0]:
vdui = idaapi.get_widget_vdui(ctx.widget)
self.remove_rettype(vdui)
vdui.refresh_ctext()
else:
return 0
return 1
def activate(self, ctx):
vu = idaapi.get_widget_vdui(ctx.widget)
if not vu or not self.sel:
print "No vdui? Strange, since this action should be enabled only for pseudocode views."
return 0
form = XrefsForm(self.sel)
form.Show()
return 1
def activate(self, ctx):
vu = idaapi.get_widget_vdui(ctx.widget)
if not vu or not self.sel:
print("No vdui? Strange, since this action should be enabled only for pseudocode views.")
return 0
form = XrefsForm(self.sel)
form.Show()
return 1
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
result = self.__extract_rename_info(hx_view.cfunc, hx_view.item)
if result:
func_tinfo, address, arg_index, name = result
helper.set_func_arg_name(func_tinfo, arg_index, name)
idaapi.apply_tinfo(address, func_tinfo, idaapi.TINFO_DEFINITE)
hx_view.refresh_view(True)
def refresh_pseudocode_view():
"""
Refresh the pseudocode view in IDA.
"""
names = ['Pseudocode-%c' % chr(ord('A') + i) for i in range(5)]
for name in names:
widget = idaapi.find_widget(name)
if widget:
vu = idaapi.get_widget_vdui(widget)
vu.refresh_view(True)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
cfunc = hx_view.cfunc
origin = cache.temporary_structure.main_offset
if self._can_be_scanned(cfunc, hx_view.item):
obj = api.ScanObject.create(cfunc, hx_view.item)
if helper.FunctionTouchVisitor(cfunc).process():
hx_view.refresh_view(True)
visitor = NewDeepSearchVisitor(hx_view.cfunc, origin, obj, cache.temporary_structure)
visitor.process()
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
current_widget = idaapi.get_current_widget()
form_type = idaapi.get_widget_type(current_widget)
vu = idaapi.get_widget_vdui(current_widget)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif form_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
opnum = idaapi.get_opnum()
if opnum != -1:
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
op_addr = idc.get_operand_value(cursor_addr, opnum)
op_func = idaapi.get_func(op_addr)
if op_func and op_func.start_ea == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.start_ea == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
def refresh_views():
"""
Refresh the IDA views.
"""
# refresh IDA views
idaapi.refresh_idaview_anyway()
# refresh hexrays
current_widget = idaapi.get_current_widget()
vu = idaapi.get_widget_vdui(current_widget)
if vu:
vu.refresh_ctext()
def view_click(self, view, event):
form_type = idaapi.get_widget_type(view)
decomp_view = idaapi.get_widget_vdui(view)
if not form_type:
return
# check if view is decomp or disassembly before doing expensive ea lookup
if not decomp_view and not form_type == idaapi.BWN_DISASM:
return
ea = idc.get_screen_ea()
if not ea:
return
controller.update_active_context(ea)
def activate(self, ctx):
vu = idaapi.get_widget_vdui(ctx.widget)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
if function_details.rettype.equals_to(const.VOID_TINFO):
function_details.rettype = idaapi.tinfo_t(const.PVOID_TINFO)
else:
function_details.rettype = idaapi.tinfo_t(idaapi.BT_VOID)
function_tinfo.create_func(function_details)
idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
print(dir(ctx))
line_numbers = get_selected_lines(hx_view)
print("Selected lines: %s" % (line_numbers))
objs = list()
for n in line_numbers:
objs += get_obj_ids(hx_view, n)
unique_objs = set(objs)
print("Object ids: %s" % unique_objs)
return
def activate(self, ctx):
vu = idaapi.get_widget_vdui(ctx.widget)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
del_arg = vu.item.get_lvar()
function_details.erase(
[x for x in function_details if x.name == del_arg.name][0])
function_tinfo.create_func(function_details)
idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def update(self, ctx):
if ctx.widget_type != idaapi.BWN_PSEUDOCODE:
return idaapi.AST_DISABLE_FOR_WIDGET
vu = idaapi.get_widget_vdui(ctx.widget)
vu.get_current_item(idaapi.USE_KEYBOARD)
item = vu.item
self.sel = None
if item.citype == idaapi.VDI_EXPR and item.it.to_specific_type.opname in ('obj', 'memref', 'memptr'):
# if an expression is selected. verify that it's either a cot_obj, cot_memref or cot_memptr
self.sel = item.it.to_specific_type
elif item.citype == idaapi.VDI_FUNC:
# if the function itself is selected, show xrefs to it.
self.sel = item.f
return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
def update(self, ctx):
if ctx.widget_type != idaapi.BWN_PSEUDOCODE:
return idaapi.AST_DISABLE_FOR_WIDGET
vu = idaapi.get_widget_vdui(ctx.widget)
vu.get_current_item(idaapi.USE_KEYBOARD)
item = vu.item
self.sel = None
if item.citype == idaapi.VDI_EXPR and item.it.to_specific_type.opname in (
'obj', 'memref', 'memptr'):
# if an expression is selected. verify that it's either a cot_obj, cot_memref or cot_memptr
self.sel = item.it.to_specific_type
elif item.citype == idaapi.VDI_FUNC:
# if the function itself is selected, show xrefs to it.
self.sel = item.f
return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
def refresh_views():
"""
Refresh the IDA views.
"""
# refresh IDA views
idaapi.refresh_idaview_anyway()
# NOTE/COMPAT: refresh hexrays view, if active
if using_ida7api:
current_widget = idaapi.get_current_widget()
vu = idaapi.get_widget_vdui(current_widget)
else:
current_tform = idaapi.get_current_tform()
vu = idaapi.get_tform_vdui(current_tform)
if vu:
vu.refresh_ctext()
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
cfunc = hx_view.cfunc
if not self._can_be_scanned(cfunc, hx_view.item):
return
obj = api.ScanObject.create(cfunc, hx_view.item)
tmp_struct = TemporaryStructureModel()
visitor = NewShallowSearchVisitor(cfunc, 0, obj, tmp_struct)
visitor.process()
tinfo = tmp_struct.get_recognized_shape()
if tinfo:
tinfo.create_ptr(tinfo)
if obj.id == api.SO_LOCAL_VARIABLE:
hx_view.set_lvar_type(obj.lvar, tinfo)
elif obj.id == api.SO_GLOBAL_OBJECT:
idaapi.apply_tinfo(obj.obj_ea, tinfo, idaapi.TINFO_DEFINITE)
hx_view.refresh_view(True)
def activate(self, ctx):
if self.action == ACTION_HX_REMOVERETTYPE:
vdui = idaapi.get_widget_vdui(ctx.widget)
self.remove_rettype(vdui)
vdui.refresh_ctext()
elif self.action == ACTION_HX_COPYEA:
ea = idaapi.get_screen_ea()
if ea != idaapi.BADADDR:
copy_to_clip("0x%X" % ea)
print("Address 0x%X has been copied to clipboard" % ea)
elif self.action == ACTION_HX_COPYNAME:
copy_highlight_name()
elif self.action == ACTION_HX_PASTENAME:
paste_highlight_name()
elif self.action == ACTION_HX_GOTOCLIP:
goto_clip_text()
else:
return 0
return 1
def activate(self, ctx):
vu = idaapi.get_widget_vdui(ctx.widget)
function_tinfo = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(function_tinfo):
return
function_details = idaapi.func_type_data_t()
function_tinfo.get_func_details(function_details)
convention = idaapi.CM_CC_MASK & function_details.cc
if convention == idaapi.CM_CC_CDECL:
function_details.cc = idaapi.CM_CC_SPECIAL
elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL,
idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL):
function_details.cc = idaapi.CM_CC_SPECIALP
elif convention == idaapi.CM_CC_ELLIPSIS:
function_details.cc = idaapi.CM_CC_SPECIALE
else:
return
function_tinfo.create_func(function_details)
idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo,
idaapi.TINFO_DEFINITE)
vu.refresh_view(True)
def activate(self, ctx):
hx_view = idaapi.get_widget_vdui(ctx.widget)
if not self.__can_be_part_of_assert(hx_view.cfunc, hx_view.item):
return
# So we clicked on function an func argument that is a string. Now we extract
# argument index and address of assert function
expr_arg = hx_view.item.it.to_specific_type
expr_call = hx_view.cfunc.body.find_parent_of(
expr_arg).to_specific_type
arg_idx, _ = helper.get_func_argument_info(expr_call, expr_arg)
assert_func_ea = expr_call.x.obj_ea
# Iterate through all places where assert function and rename using helper class
all_callers = helper.get_funcs_calling_address(assert_func_ea)
for caller_ea in all_callers:
cfunc = helper.decompile_function(caller_ea)
if cfunc:
_RenameUsingAssertVisitor(cfunc, assert_func_ea,
arg_idx).process()
hx_view.refresh_view(True)
def update(self, ctx):
vdui = idaapi.get_widget_vdui(ctx.widget)
return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET
def activate(self, ctx):
vdui = idaapi.get_widget_vdui(ctx.widget)
self.inverter.invert_if_event(vdui)
return 1
def update(self, ctx):
if IDA7:
vdui = idaapi.get_widget_vdui(ctx.widget)
return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET
vdui = idaapi.get_tform_vdui(ctx.form)
return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
