Пример #1
0
def reload_all_modules():
    manager_info_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), MANAGER_INFO_FILENAME)

    with open(manager_info_path, "r") as f:
        manager_info = json.load(f)

    for module_name in manager_info["module_list"]:
        idaapi.require(module_name)
Пример #2
0
 def run(self, arg):
     idaapi.require('view')
     idaapi.require('view.main_view')
     main_window = view.main_view.MainView()
     if self.windows is None or not self.windows.isVisible():
         self.windows = QtWidgets.QMainWindow()
         main_window.setupUi(self.windows)
         self.windows.showNormal()
     pass
Пример #3
0
 def __init__(self, token):
     idaapi.require('saramIDAHelpers')
     idaapi.require('saramIDAHelpers.saram_py2_scaffold')
     self._saram_conf = saramIDAHelpers.saram_py2_scaffold.saram_conf
     self._send = saramIDAHelpers.saram_py2_scaffold.saram_py2_new_section
     self.token = token
     self.command = None
     self.output = None
     self._comment = None
Пример #4
0
 def run(self, arg):
     try:
         idaapi.msg("StackStrings run() called with %d!\n" % arg)
         idaapi.require('flare')
         idaapi.require('flare.stackstrings')
         flare.stackstrings.main()
         idaapi.msg("StackStrings run() done")
     except Exception, err:
         idaapi.msg("Exception during run: %s\n" % str(err))
         raise
Пример #5
0
 def run(self, arg):
     try:
         idaapi.msg("StackStrings run() called with %d!\n" % arg)
         idaapi.require('flare')
         idaapi.require('flare.stackstrings')
         flare.stackstrings.main()
         idaapi.msg("StackStrings run() done")
     except Exception, err:
         idaapi.msg("Exception during run: %s\n" % str(err))
         raise
Пример #6
0
    def init(self):
        """
        初始化方法
        """
        idaapi.msg(">>> jack sparrow util plugin starts. {0}\n".format(
            datetime.now()))

        # 导入python目录下的功能模块
        idaapi.require("util")
        idaapi.require("util.plugin_util_impl")

        return idaapi.PLUGIN_OK  # return PLUGIN_KEEP
Пример #7
0
    def run(self, arg):
        import traceback
        try:
            idaapi.msg('devirtualize_plugin:starting\n')
            idaapi.require('devirtualize')
            idaapi.require('devirtualize.type')
            idaapi.require('devirtualize.view')
            idaapi.require('devirtualize.graph')

            devirtualize.type.build_types()
            devirtualize.view.register_vptr_translator()
            devirtualize.graph.register_actions()
            idaapi.msg('devirtualize_plugin:finished\n')
        except:
            idaapi.msg(traceback.format_exc())
Пример #8
0
    def init(self):
        idaapi.msg("apply_callee_type_plugin:init\n")
        idaapi.require("flare")
        idaapi.require("flare.apply_callee_type")
        idaapi.require("flare.jayutils")

        # hack -> stashing a flag under idaapi to prevent multiple menu items from appearing
        if hasattr(sys.modules["idaapi"], "_apply_callee_type_plugin_installFlag"):
            # print 'Skipping menu install: already present'
            pass
        else:
            self.ex_addmenu_item_ctx = idaapi.add_menu_item(
                "Edit/Operand type/Manual", "ApplyCalleeType", "Alt-J", 0, doApplyCallee, tuple("hello world")
            )
            if self.ex_addmenu_item_ctx is None:
                print "Failed to init apply_callee_type_plugin"

            setattr(sys.modules["idaapi"], "_apply_callee_type_plugin_installFlag", True)
        return idaapi.PLUGIN_OK
Пример #9
0
    def init(self):
        idaapi.msg('apply_callee_type_plugin:init\n')
        idaapi.require('flare')
        idaapi.require('flare.apply_callee_type')
        idaapi.require('flare.jayutils')

        #hack -> stashing a flag under idaapi to prevent multiple menu items from appearing
        if hasattr(sys.modules['idaapi'], '_apply_callee_type_plugin_installFlag'):
            #print 'Skipping menu install: already present'
            pass
        else:
            self.ex_addmenu_item_ctx = idaapi.add_menu_item(
                "Edit/Operand type/Manual", 
                "ApplyCalleeType", 
                "Alt-J", 
                0, 
                doApplyCallee, 
                tuple("hello world")
            )
            if self.ex_addmenu_item_ctx  is None:
                print 'Failed to init apply_callee_type_plugin'

            setattr(sys.modules['idaapi'], '_apply_callee_type_plugin_installFlag', True)
        return idaapi.PLUGIN_OK
Пример #10
0
def require_package():
    idaapi.require('FixTools')
    idaapi.require('FixTools.fixTools')
    idaapi.require('FixTools.Terminal')
Пример #11
0
# implied. See the License for the specific language governing
# permissions and limitations under the License.
########################################################################
#
# IDA Plugin wrapper for stack strings search
#
########################################################################


import logging

import idc 
import idautils  
import idaapi

idaapi.require('flare')
idaapi.require('flare.stackstrings')

PLUGIN_COMMENT = "This is a comment"
PLUGIN_HELP = "This is help"
PLUGIN_NAME = "StackStrings"
PLUGIN_WANTED_HOTKEY = "Alt-0"

# get the IDA version number
ida_major, ida_minor = map(int, idaapi.get_kernel_version().split("."))
using_ida7api = (ida_major > 6)
ex_addmenu_item_ctx = None 


class stackstrings_plugin_t(idaapi.plugin_t):
    flags = idaapi.PLUGIN_KEEP
Пример #12
0
try:
    from PySide import QtCore, QtGui
except:
    from PyQt5 import QtCore, QtWidgets

import idaapi
import idc
import tempfile

try:
    import hrdev_plugin.include.syntax
    import hrdev_plugin.include.gui
    import hrdev_plugin.include.helper

    idaapi.require('hrdev_plugin.include.syntax')
    idaapi.require('hrdev_plugin.include.gui')
    idaapi.require('hrdev_plugin.include.helper')
except Exception, e:
    print e


class Plugin(object):
    '''Implements the main plugin class, entry point.'''
    def __init__(self):
        super(Plugin, self).__init__()

        self.tools = hrdev_plugin.include.helper.Tools(self)
        self.config_main = ConfigParser.ConfigParser()
        self.config_theme = ConfigParser.ConfigParser()
Пример #13
0
import idc
import idautils
import idaapi

idaapi.require("AddBP")
idaapi.require("vtableAddress")


def get_all_functions():
    for func in idautils.Functions():
        print hex(func), idc.GetFunctionName(func)


def get_xref_code_to_func(func_addr):
    a = idautils.XrefsTo(func_addr, 1)
    addr = {}
    for xref in a:
        frm = xref.frm  # ea in func
        start = idc.GetFunctionAttr(frm,
                                    idc.FUNCATTR_START)  # to_xref func addr
        func_name = idc.GetFunctionName(start)  # to_xref func name
        addr[func_name] = [xref.iscode, start]
    return addr


def add_bp_to_virtual_calls(cur_addr, end):
    while cur_addr < end:
        if cur_addr == idc.BADADDR:
            break
        elif idc.GetMnem(cur_addr) == 'call':
            if True in [
Пример #14
0
# Copyright (C) 2020 Alibaba Group Holding Limited

import idaapi
from idaapi import *
from idc import *

from HelperUtils import *
idaapi.require("HelperUtils")

# Stunned panda face icon data.
icon_data = "".join([
    "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52\x00\x00\x00\x10\x00\x00\x00\x10\x08\x06\x00\x00\x00\x1F\xF3\xFF\x61\x00\x00\x02\xCA\x49\x44\x41\x54\x78\x5E\x65",
    "\x53\x6D\x48\x53\x6F\x14\x3F\xBA\xB5\xB7\xA0\x8D\x20\x41\xF2\xBA\x5D\xB6\x0F\x56\xF4\x41\xA2\xC0\x9C\xE9\xB4\x29\x4A\x7D\xB0\x22\x7A\x11\x02\x23\x48\x2A\xD4\x74\x53\x33\x3F\xD4",
    "\x3E\x4A\x50\x19\xE4\xB0\xD0\x22\xCD\x44\x45\x4A\x31\x8C\x92\xA2\x3E\x65\x0A\x4D\xCB\x96\x7E\xE8\xD5\x97\xCC\xFE\xFE\x37\xA7\x77\xDB\xBD\xA7\xE7\x3C\xBE\x05\x9E\xED\xB7\xB3\xF3",
    "\x7B\x39\xF7\xEE\x19\x17\xA8\xAC\x56\xDB\x54\x82\x60\x41\xB3\x59\xBC\xFF\xAC\xF9\xCA\xB5\xAE\x86\xCA\xF9\x4E\xAF\x1B\x3B\xEA\x5D\x48\x9D\x66\xE2\x49\x27\x9F\xD5\x66\x9B\xA2\x1C",
    "\x22\x02\xD0\x40\xE4\x81\x6C\x3B\x76\x37\x56\xE3\x37\x5F\x2F\x62\xE8\x0B\xD3\x66\x19\x7E\x53\xA7\x99\x78\xAE\x1F\x64\x3E\x21\x71\x69\x09\x5F\x20\x98\x2D\x58\x70\x24\x07\x07\x7B",
    "\x6F\xB0\x79\x82\x61\x81\x21\xCC\xDE\x21\x54\x16\x02\xD4\x69\x26\x9E\x74\xEE\xCB\xCF\x4D\xC7\x44\xB3\x88\x7C\x81\xC5\x22\xFE\x6C\xB9\xE9\x46\x67\x46\x1A\x8A\x16\x2B\x0A\x5B\x05",
    "\x74\x66\x65\xE1\x98\x6F\x00\x31\x32\x87\x9F\x59\x77\x66\x66\x61\x42\xBC\xC0\xF5\x6C\x47\x1A\x36\xD7\xB9\x51\x14\xC5\x1E\xBE\xA0\xC3\x5B\xD9\x98\x99\xE1\xC0\xCE\xBE\x57\x48\xD7",
    "\x9A\x63\x68\xEA\x7C\x8A\xF6\x14\x3B\x9F\xF6\xA6\xA4\x60\xEB\xE3\x3E\x9C\x5F\xD6\x5A\x7A\xFA\x71\xBF\xC3\x81\x3D\x4D\x35\x0D\x7C\xC1\xF3\x87\x57\x43\xF9\x87\x8F\x21\x95\x5E\xAB",
    "\x41\x83\x4E\x83\x54\xDB\x92\x76\x20\xCA\xBF\xD0\x99\x9D\xBB\x4E\xDB\xBD\xC7\x8E\x2F\x5A\x3D\x74\x3D\x50\x03\x80\x7E\x7A\x7A\x06\x46\x47\xFD\xA0\x33\x6C\x84\x18\x46\x0C\xBD\x1F",
    "\x86\x2D\x71\x71\x00\x52\x10\x16\x17\xE6\xC1\xE7\x1B\x61\x9A\x81\x69\x31\x30\xFC\x61\x14\xB4\x3A\x3D\x20\x82\x1E\x58\xA9\x15\x05\x41\x14\x05\xB8\x58\xEE\x82\x7D\xE9\x99\x20\xCB",
    "\x32\x94\x95\x95\xC3\xA5\xD2\x53\x00\x51\x09\xAA\x4B\x0B\xA1\xB8\xA4\x0C\x52\x53\x33\x40\xA5\x52\x81\xDB\x5D\x01\xA2\x45\x00\x45\x51\x80\x2A\x36\x12\x8D\x42\x49\x51\x01\x44\xE5",
    "\x18\x90\x22\x0A\x98\x8C\x46\xF0\x54\x14\x42\x6D\x7D\x3B\xE4\x1C\x75\x41\xAD\xB7\x1D\x3C\x55\x85\x60\x32\x19\x41\x8A\x2A\xDC\x57\x5C\x74\x12\x28\x47\xA5\x8E\x44\xE4\xF0\x76\x5B",
    "\x82\xA6\xCD\x5B\x0D\xB2\x12\xE6\xE4\x06\xB5\x1A\x66\xA7\x26\x41\x92\xC2\xA0\xD5\x6A\x60\x67\x92\x19\xAE\x7B\xCE\x70\x4D\x15\xAB\x01\xAD\xC1\x08\x3F\x46\x64\x6E\x8E\x9D\xF9\x13",
    "\xE8\x1A\xFF\xE4\x63\x8A\x0E\xE6\x02\x41\xF8\x3F\x18\x82\x40\x28\x04\xFD\xDD\x75\xF0\xB6\xFF\x2E\x75\x9A\x89\x27\x9D\xFB\xC8\x4F\x39\xBE\xE0\xB4\xAB\xCE\x35\xFE\x71\x00\x16\x17",
    "\x25\x76\x50\x26\x76\x6B\x61\x86\x08\xE4\x1D\xAF\x81\xBC\x13\x97\xA9\xD3\x4C\x3C\xE9\xDC\x47\x7E\xCA\xF1\x05\x0C\x5F\x7D\xFE\xEF\x35\x03\xAF\x9F\x00\xB0\x73\x30\x9A\xE2\x81\x0E",
    "\xF6\xC1\xED\x52\xB8\x77\xAB\x98\x3A\xCD\xC4\x73\x9D\x7C\x6F\xDE\xF9\xCF\x53\x0E\xFE\xA9\xCD\xAE\xB3\x87\xCE\x75\x35\x54\xE1\xD0\xCB\x47\x38\x39\x36\x88\xFF\x4D\xF8\x57\x41\x33",
    "\xF1\xA4\x93\x0F\x00\x36\xAD\x3E\x4C\x6B\xC5\xC9\x5D\x77\x6A\x2F\xB4\x31\xA3\xC4\x40\x4F\x21\x0F\xD1\x4C\x3C\xE9\x2B\xE1\xF5\x0B\xD6\x90\xC8\x90\x4C\xE6\x35\xD0\xCC\x79\x5E\xFF",
    "\x2E\xF8\x0B\x2F\x3D\xE5\xC3\x97\x06\xCF\xCF\x00\x00\x00\x00\x49\x45\x4E\x44\xAE\x42\x60\x82"
])
Пример #15
0
from PySide import QtCore, QtGui
from PySide.QtCore import QRect
from PySide.QtCore import Qt
from PySide.QtGui import QFrame
from PySide.QtGui import QHBoxLayout
from PySide.QtGui import QPainter
from PySide.QtGui import QPlainTextEdit
from PySide.QtGui import QTextFormat
from PySide.QtGui import QWidget
from PySide.QtGui import QTextEdit

import idaapi
import include.syntax
import include.helper

idaapi.require('include.syntax')
idaapi.require('include.helper')


class LNTextEdit(QFrame):
    '''Redefined QPLainTextEditor with additional features.'''

    class NumberBar(QWidget):
        '''Number bar class.'''

        def __init__(self, config_theme, edit):

            QWidget.__init__(self, edit)

            self.config_theme = config_theme
            self.edit = edit
Пример #16
0
information check out github: https://github.com/ax330d/hrdev/.
'''

import re
import os
import ConfigParser

from PySide import QtGui
import idaapi
import idc

import include.syntax
import include.gui
import include.helper

idaapi.require('include.syntax')
idaapi.require('include.gui')
idaapi.require('include.helper')

__author__ = 'Arthur Gerkis'
__version__ = '0.0.1 (beta)'


class Plugin(object):
    '''Implements the main plugin class, entry point.'''
    def __init__(self, real_dir):
        super(Plugin, self).__init__()
        self.tools = include.helper.Tools(self)
        self.config_main = ConfigParser.ConfigParser()
        self.config_theme = ConfigParser.ConfigParser()
Пример #17
0
import idaapi
idaapi.require('installer')

from installer import Installer

installer = Installer()
installer.start()
Пример #18
0
from PySide import QtCore, QtGui
from PySide.QtCore import QRect
from PySide.QtCore import Qt
from PySide.QtGui import QFrame
from PySide.QtGui import QHBoxLayout
from PySide.QtGui import QPainter
from PySide.QtGui import QPlainTextEdit
from PySide.QtGui import QTextFormat
from PySide.QtGui import QWidget
from PySide.QtGui import QTextEdit

import idaapi
import hrdev_plugin.include.syntax
import hrdev_plugin.include.helper

idaapi.require('hrdev_plugin.include.syntax')
idaapi.require('hrdev_plugin.include.helper')


class LNTextEdit(QFrame):
    '''Redefined QPLainTextEditor with additional features.'''

    class NumberBar(QWidget):
        '''Number bar class.'''

        def __init__(self, config_theme, edit):

            QWidget.__init__(self, edit)

            self.config_theme = config_theme
            self.edit = edit
Пример #19
0
        if encoding == codec_info.name:
            return codec_info

    codecs.register(sark_search_function)


# Register the hex-bytes codec.
register_sark_codecs()

# Since some of our code can be used outside of IDA, namely the `plumbing` module
# when used in the codecs proxy, we want to allow importing specific modules outside
# IDA.
try:
    import idaapi

    idaapi.require('sark.code')
    idaapi.require('sark.core')
    idaapi.require('sark.exceptions')
    idaapi.require('sark.graph')
    idaapi.require('sark.structure')
    idaapi.require('sark.codeblocks')
    idaapi.require('sark.data')
    idaapi.require('sark.debug')
    idaapi.require('sark.enum')
    idaapi.require('sark.ui')

    from .code import *
    from .codeblocks import CodeBlock, get_nx_graph, get_block_start, FlowChart
    from .data import read_ascii_string, get_string
    from .core import set_name, is_function
    from .enum import Enum, enums, add_enum, remove_enum
Пример #20
0
import idaapi


idaapi.require('sark.code.base')
idaapi.require('sark.code.xref')
idaapi.require('sark.code.location')
idaapi.require('sark.code.function')
idaapi.require('sark.code.switch')
idaapi.require('sark.code.instruction')
idaapi.require('sark.code.segment')


from .base import *
from .location import Location, locations
from .function import Function, functions
from .switch import Switch, is_switch
from .segment import Segment, segments
Пример #21
0
 def run(self, arg):
     #idaapi.msg("Shellcode Hashes run() called with %d!\n" % arg)
     idaapi.require('flare')
     idaapi.require('flare.shellcode_hash_search')
     flare.shellcode_hash_search.main()
Пример #22
0
import idaapi

idaapi.require('idabuddy')
idaapi.require('sequences')
import sequences
from sark.qt import QtCore, form_to_widget, get_widget, QtWidgets, connect_method_to_signal

from idabuddy import AutoPopup


def get_idaview(title=None, form=None, widget=None):
    if form is not None:
        ida_widget = form_to_widget(form)
    elif widget is not None:
        ida_widget = widget
    else:
        ida_widget = get_widget(title)
    ida_holder = ida_widget.children()[0]
    idaview = ida_holder.children()[0]
    return idaview


# Get all ida views in <6.7
#
def iter_all_idaviews():
    '''Does return duplicates!'''
    for widget in QtWidgets.qApp.allWidgets():
        window_title = widget.windowTitle()
        if not window_title.startswith(u'IDA View-'):
            continue
        idaview = get_idaview(title=str(window_title))
Пример #23
0
#!c:\\python27\python.exe
# -*- coding: utf-8 -*-
# pylint: disable=E1101
# pylint: disable=F0401
# pylint: disable=C0103

"""This file contains all classes related to parsing and highlighting."""

from PySide import QtGui, QtCore
import clang.cindex
import idaapi
import hrdev_plugin.include.helper

idaapi.require("hrdev_plugin.include.helper")


class Parser(object):
    """Implements parser to parse Hex-Rays decompiler output."""

    def __init__(self, plugin):
        super(Parser, self).__init__()
        self.plugin = plugin
        self.config_main = self.plugin.config_main
        self.gui = self.plugin.gui
        self.tools = self.plugin.tools

        self._token_kinds = hrdev_plugin.include.helper.AttributeDict()
        self._token_kinds.punctiation = []
        self._token_kinds.kkeyword = []
        self._token_kinds.identifier = []
        self._token_kinds.literal = []
Пример #24
0
'''

__author__ = "JiaYu"
__license__ = "MIT"
__version__ = "1.0"
__email__ = ["*****@*****.**"]

#import common, strings, pclntbl, moduledata, types_builder, itab
import idautils, idc, idaapi

import sys
import string

sys.setrecursionlimit(10000)

idaapi.require("common")
idaapi.require("strings")
idaapi.require("pclntbl")
idaapi.require("moduledata")
idaapi.require("types_builder")
idaapi.require("itab")
idaapi.require("idc")

def main():
    # find and parsefirfst moduledata
    firstmoddata_addr = moduledata.find_first_moduledata_addr()
    firstmoddata = moduledata.ModuleData(firstmoddata_addr)
    firstmoddata.parse()

    common._info("pclntbl addr: 0x%x\n" % firstmoddata.pclntbl_addr)
    # parse pclntab(functions/srcfiles and function pointers)
Пример #25
0
#!c:\\python27\python.exe
# -*- coding: utf-8 -*-
'''IDA PDB Loader.'''

# FIXME: fails to find non-mangled names, pdbparse bug?

import traceback

import idautils
import idaapi
import idc

import pdbparse.symlookup
idaapi.require('pdbparse.symlookup')

__author__ = 'Arthur Gerkis'
__version__ = '0.0.2'


class Plugin(object):
    '''IDA Pro Plugin'''
    def __init__(self):
        super(Plugin, self).__init__()
        self.symbol_path = ''
        self.image_base = 0
        self.PDBLookup = None

    def run(self):
        '''Public function.'''

        self.symbol_path = idc.AskFile(0, '*.pdb', 'Choose PDB file...')
Пример #26
0
#!c:\\python27\python.exe
# -*- coding: utf-8 -*-
# pylint: disable=E1101
# pylint: disable=F0401
# pylint: disable=C0103
'''This file contains all classes related to parsing and highlighting.'''

from PySide import QtGui, QtCore
import clang.cindex
import idaapi
import include.helper
idaapi.require('include.helper')


class Parser(object):
    '''Implements parser to parse Hex-Rays decompiler output.'''
    def __init__(self, plugin):
        super(Parser, self).__init__()
        self.plugin = plugin
        self.config_main = self.plugin.config_main
        self.gui = self.plugin.gui
        self.tools = self.plugin.tools

        self._token_kinds = include.helper.AttributeDict()
        self._token_kinds.punctiation = []
        self._token_kinds.kkeyword = []
        self._token_kinds.identifier = []
        self._token_kinds.literal = []
        self._token_kinds.comment = []

        self._replacer_literal = None
Пример #27
0
 def run(self, arg):
     idaapi.msg("StructTyper run() called with %d!\n" % arg)
     idaapi.require('flare')
     idaapi.require('flare.struct_typer')
     flare.struct_typer.main()
Пример #28
0
# @file srchUtils
# utilities for searching for things in the IDB, as well as in binaries (and against the IDB) go here!
import idaapi
import idautils

idaapi.require("IDAItems.Data")
idaapi.require("IDAItems.Function")
idaapi.require("TerminalModule")

from Definitions import Architecture, Paths

import idc
from IDAItems import Function, Data
import TerminalModule


class srch(TerminalModule.TerminalModule, object):
    def __init__(self, fmt='[+] srch (IDB/binary searching utils)'):
        """
        This module is responsible for printing disassemblies and necessary compoents
        of disassemblies
        """
        super(srch, self).__init__(fmt)

        self.registerCommand(self, self.nextarm, "nextarm", "<search_ea> [ui=True]")
        self.registerCommand(self, self.nextascii, "nextascii", "<search_ea> [ui=True]")
        self.registerCommand(self, self.nextfakeinst, "nextfakeinst", "<search_ea> [ui=True]")
        self.registerCommand(self, self.nextname, "nextname", "<search_ea> [ui=True]")
        self.registerCommand(self, self.nextknown, "nextknown", "<search_ea> [ui=True]")
        self.registerCommand(self, self.nextbin, "nextbin", "<search_ea> [ui=True]")
        self.registerCommand(self, self.nextred, "nextred", "<search_ea> [ui=True]")
Пример #29
0
# -*- coding: utf-8 -*-

import ctypes
import sys
import re
import importlib
import idaapi
idaapi.require("Patterns")
idaapi.require("Matcher")
idaapi.require("ast_helper")
idaapi.require("traverse")
import ready_patterns

EVENTS_HEXR = {
    0: 'hxe_flowchart',
    1: 'hxe_prolog',
    2: 'hxe_preoptimized',
    3: 'hxe_locopt',
    4: 'hxe_prealloc',
    5: 'hxe_glbopt',
    6: 'hxe_structural',
    7: 'hxe_maturity',
    8: 'hxe_interr',
    9: 'hxe_combine',
    10: 'hxe_print_func',
    11: 'hxe_func_printed',
    12: 'hxe_resolve_stkaddrs',
    100: 'hxe_open_pseudocode',
    101: 'hxe_switch_pseudocode',
    102: 'hxe_refresh_pseudocode',
    103: 'hxe_close_pseudocode',
Пример #30
0
import time
import idaapi
import idaversion
import idc
import idautils
import bpUtils
import gdbProt
#import okTextForm
import waitDialog
import functionSig
#import reHooks
#import dbgHooks
import regFu
import menuMod
idaapi.require("idaSIM")
idaapi.require("stackTrace")
idaapi.require("dataWatch")
idaapi.require("branchNotTaken")
idaapi.require("writeWatch")
idaapi.require("bookmarkView")
idaapi.require("reHooks")
idaapi.require("dbgHooks")
idaapi.require("menuMod")
idaapi.require("colorBlocks")
from idaapi import Choose
'''
    Ida script to reverse execution of Simics to the next breakpoint.
    Since Ida does not know about reverse exectution, the general approach is to 
    tell Simics to reverse and then tell Ida to continue forward.
    The script installs its functions as a hotkeys.
Пример #31
0
from __future__ import print_function
import idc
import idautils
import ida_frame
import ida_struct
import idaapi
import sys, os
idaapi.require("AddBP")

REGISTERS = [
    'eax', 'ebx', 'ecx', 'edx', 'rax', 'rbx', 'rcx', 'rdx', 'r9', 'r10', 'r8'
]


def get_processor_architecture():
    info = idaapi.get_inf_structure()
    if info.is_64bit():
        return "64"
    elif info.is_32bit():
        return ""
    else:
        return "Error"


def get_local_var_value_64(loc_var_name):
    frame = ida_frame.get_frame(idc.here())
    loc_var = ida_struct.get_member_by_name(frame, loc_var_name)
    loc_var_start = loc_var.soff
    loc_var_ea = loc_var_start + idc.GetRegValue("RSP")
    loc_var_value = idc.read_dbg_qword(
        loc_var_ea
Пример #32
0
#place this file in get_user_idadir()
#the next line is set by install.cmd
CUSTOM_SCRIPT_DIR = 'F:/NOTES/re/ida_python'
#don't touch the previous line
import sys
sys.path.append(CUSTOM_SCRIPT_DIR)
import idaapi
idaapi.require('hexnum')

idaapi.enable_extlang_python(True)
Пример #33
0
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. See the License for the specific language governing
# permissions and limitations under the License.
########################################################################
#
# IDA Plugin wrapper for shellcode hash search.
#
########################################################################


import idc 
import idautils  
import idaapi

idaapi.require('flare')
idaapi.require('flare.shellcode_hash_search')

class shellcode_search_plugin_t(idaapi.plugin_t):
    flags = idaapi.PLUGIN_UNL
    comment = "This is a comment"

    help = "This is help"
    wanted_name = "Shellcode Hashes"
    wanted_hotkey = ""

    def init(self):
        return idaapi.PLUGIN_OK

    def run(self, arg):
        flare.shellcode_hash_search.main()
Пример #34
0
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
'''
go_parser.py:
IDA Plugin for Golang Executable file parsing.
'''

__author__ = "JiaYu"
__license__ = "MIT"
__version__ = "1.0"
__email__ = ["*****@*****.**"]

import idc, idaapi
idaapi.require("common")

#ADDR_SZ = 8
START_EA = 0x98C710
END_EA = 0x990F58

curr_addr = START_EA
while curr_addr <= END_EA:
    curr_str_addr = common.read_mem(curr_addr)
    curr_str_len = common.read_mem(curr_addr + common.ADDR_SZ)
    if curr_str_addr > 0 and curr_str_addr != idc.BADADDR and curr_str_len > 1:
        if idc.MakeStr(curr_str_addr, curr_str_addr + curr_str_len):
            idaapi.autoWait()

            curr_str = str(idc.GetManyBytes(curr_str_addr, curr_str_len))
            print("@ 0x%x: %s" % (curr_str_addr, curr_str))

    curr_addr += 2 * common.ADDR_SZ
Пример #35
0
import idaapi
from idaapi import Form, Choose2, plugin_t # for gui stuff
import idc
import idautils
import inspect
import struct
import binascii

"""Help with analyzing binary and bootrom libraries for various CPU architectures

This module wraps IDA Pro's IDAAPI, IDC, and IDAUTILS python libraries to
provide useful and (hopefully) easy-to-use search functions for a disassembly.

The base BinAnalyze class provides some very basic search and function
creation funcionality, while processor-specific analyzers are expected to
increase its usefulness.

Note: please import this module using:
idaapi.require()
Especially while testing and modifying it
(see http://www.hexblog.com/?p=749 for information on why)


"""

class BinAnalyze():
    def __init__(self):
        return

    """
    The 'get' mnemonics are meant to be implemented in a derived class.
Пример #36
0
# ClassInformer python
# Nicolas Guigo / NCC Group
# Tyler Colgan / NCC Group
# 03/2017

import idaapi
from idc import *
from idc_bc695 import *

idaapi.require("utils")
idaapi.require("msvc")
idaapi.require("gcc")
idaapi.require("classdiagram")
from idaapi import autoIsOk
from msvc import run_msvc
from gcc import run_gcc
from classdiagram import ClassDiagram

def show_classes(classes):
    c = ClassDiagram("Class Diagram", classes)
    c.Show()

def isGcc():
    gcc_info = FindText(0x0, SEARCH_CASE|SEARCH_DOWN, 0, 0, "N10__cxxabiv117__class_type_infoE")
    return gcc_info != BADADDR

def main():
    print("Starting ClassInformerPython")
    if autoIsOk():
        classes = run_gcc() if isGcc() else run_msvc()
        print(classes)
Пример #37
0
#!/usr/bin/python
# coding: utf-8
#
# HeapViewer - by @danigargu
#

import idaapi
import os
import sys

PLUGIN_DIR = idaapi.idadir(os.path.join("plugins", "heap_viewer"))
sys.path.append(PLUGIN_DIR)

idaapi.require('plugin_gui')

#------------------------------------------------------------------------

from plugin_gui import HeapPluginForm, PLUGNAME

# -----------------------------------------------------------------------
class HeapViewPlugin(idaapi.plugin_t):
    flags = 0
    comment = ""
    help = ""
    wanted_name = PLUGNAME
    wanted_hotkey = "Ctrl-H"

    def init(self):
        self.icon_id = 0
        return idaapi.PLUGIN_KEEP
Пример #38
0
import ida_ua, idc, idaapi, ida_funcs

idaapi.require("maze_deobf_utils")
#import maze_deobf_utils as mdu


class RecursiveDescent(object):
    '''
        @brief Recurse descent disassembly for a single function (no calls followed)
    '''
    def __init__(self, Start_ea, Approach):

        self.deferred_targets = []
        self.instructions_walked = []
        self.wrong_functions = []

        self.entry_point = Start_ea
        self.deferred_targets.append(Start_ea)

        self.emulators = Eumulators()

        self.deobf_approach = Approach

    def GetInstuctionTargetAddress(self, Target_insn):
        '''
            @brief Return the operand value for a unirary instruction that contains a target 
                    address (JMP, JNZ, JZ, push, call, etc).
        '''

        target_ea = 0
Пример #39
0
import os
import random

import idaapi
import sark
import yaml

idaapi.require('interaction')

from interaction import ask_next, ask_ok, Link, use_defaults, Span, embed_images

SAYINGS = yaml.load(open(os.path.join(os.path.dirname(__file__), 'sayings.yml'), 'rb'))
BASIC_SAYINGS = SAYINGS['basic']
ADDRESS_SAYINGS = SAYINGS['address']


def go_cancel():
    go = Link('Go', href='go', color='green', text_decoration='underscore')
    cancel = Link('Cancel', href='cancel', color='red', text_decoration='underscore')
    return '{go}    {cancel}'.format(cancel=cancel, go=go)


def ask_go_cancel(query):
    return '{query}{br}{gocancel}'.format(**use_defaults(query=query, gocancel=go_cancel()))


def say_multiple(buddy, *text):
    last_text = text[-1]
    text = iter(text[:-1])

    def _messenger(*args, **kwargs):
Пример #40
0
# permissions and limitations under the License.
########################################################################
#
# Mostly a glorified wrapper around the apply_callee_tinfo() idasdk function.
# Useful for when IDA doesn't apply stack analysis to an indirect call,
# and you can identify the function prototype during reverse engineering.
#
########################################################################

import sys

import idc
import idautils
import idaapi

idaapi.require('flare')
idaapi.require('flare.apply_callee_type')
idaapi.require('flare.jayutils')

PLUGIN_HELP = "This is help"
PLUGIN_NAME = "ApplyCalleeType"
PREFERRED_SHORTCUT = "Alt-J"
PLUGIN_COMMENT = "Apply callee type to indirect call location"
ACTION_NAME = 'flare:apply_callee_type'
MENU_PATH = "Edit/Operand type/Manual"

# get the IDA version number
ida_major, ida_minor = list(map(int, idaapi.get_kernel_version().split(".")))
using_ida7api = (ida_major > 6)

ex_addmenu_item_ctx = None
Пример #41
0
# -*- coding: utf-8 -*-

import ctypes
import sys
import re
import importlib
import idaapi
idaapi.require("Patterns.__init__")
idaapi.require("Patterns.Instructions")
idaapi.require("Patterns.Expressions")
idaapi.require("Patterns.Pattern")
idaapi.require("Matcher")
idaapi.require("ast_helper")
from Matcher import *
from ast_helper import *
from Patterns.Instructions import *
from Patterns.Expressions import *
from traverse import *
import ready_patterns

EVENTS_HEXR = {
    0: 'hxe_flowchart',
    1: 'hxe_prolog',
    2: 'hxe_preoptimized',
    3: 'hxe_locopt',
    4: 'hxe_prealloc',
    5: 'hxe_glbopt',
    6: 'hxe_structural',
    7: 'hxe_maturity',
    8: 'hxe_interr',
    9: 'hxe_combine',
Пример #42
0
##
# @Author Lan
# This represents the concept of modulized functions/data. A set of functions may be related, or were belonging to
# A single file or set of files when compiled together.
# This encapsulates all Names that begin with <ModuleName> and count them as belonging to the same module.
##
import idaapi
import idautils
import idc_bc695

idaapi.require('BinarySearcher')
idaapi.require('Definitions.Architecture')
idaapi.require('IDAItems.GameFile')
idaapi.require('IDAItems.Function')

from BinarySearcher import BinarySearcher
from Definitions.Architecture import ROM_SEG
from IDAItems.GameFile import GameFile
from IDAItems import Function


class ModuleException(Exception):
    def __init__(self, s):
        super(Exception, self).__init__(s)


class Module:
    def __init__(self, *args):
        """
        Creates a module with the name moduleName. This could be exported from the database, or it could be a new
        module to include in the database!
Пример #43
0
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
import idc, idaapi
idaapi.require("moduledata")
idaapi.require("common")
from common import read_mem, ADDR_SZ
from common import _debug, _error, _info

import sys
sys.setrecursionlimit(10000)

STANDARD_PACKAGES = ['archive/tar', 'archive/zip', 'bufio', 'builtin', 'bytes', 'compress/bzip2', 'compress/flate', 'compress/gzip', 'compress/lzw', 'compress/zlib', 'container/heap', 'container/list', 'container/ring', 'context', 'crypto', 'crypto/aes', 'crypto/cipher', 'crypto/des', 'crypto/dsa', 'crypto/ecdsa', 'crypto/ed25519', 'crypto/elliptic', 'crypto/hmac', 'crypto/md5', 'crypto/rand', 'crypto/rc4', 'crypto/rsa', 'crypto/sha1', 'crypto/sha256', 'crypto/sha512', 'crypto/subtle', 'crypto/tls', 'crypto/x509', 'crypto/x509/pkix', 'database/sql', 'database/sql/driver', 'debug/dwarf', 'debug/elf', 'debug/gosym', 'debug/macho', 'debug/pe', 'debug/plan9obj', 'encoding', 'encoding/ascii85', 'encoding/asn1', 'encoding/base32', 'encoding/base64', 'encoding/binary', 'encoding/csv', 'encoding/gob', 'encoding/hex', 'encoding/json', 'encoding/pem', 'encoding/xml', 'errors', 'expvar', 'flag', 'fmt', 'go/ast', 'go/build', 'go/constant', 'go/doc', 'go/format', 'go/importer', 'go/parser', 'go/printer', 'go/scanner', 'go/token', 'go/types', 'hash', 'hash/adler32', 'hash/crc32', 'hash/crc64', 'hash/fnv', 'html', 'html/template', 'image', 'image/color', 'image/color/palette', 'image/draw', 'image/gif', 'image/jpeg', 'image/png', 'index/suffixarray', 'io', 'io/ioutil', 'log', 'log/syslog', 'math', 'math/big', 'math/bits', 'math/cmplx', 'math/rand', 'mime', 'mime/multipart', 'mime/quotedprintable', 'net', 'net/http', 'net/http/cgi', 'net/http/cookiejar', 'net/http/fcgi', 'net/http/httptest', 'net/http/httptrace', 'net/http/httputil', 'net/http/pprof', 'net/mail', 'net/rpc', 'net/rpc/jsonrpc', 'net/smtp', 'net/textproto', 'net/url', 'os', 'os/exec', 'os/signal', 'os/user', 'path', 'path/filepath', 'plugin', 'reflect', 'regexp', 'regexp/syntax', 'runtime', 'runtime/cgo', 'runtime/debug', 'runtime/pprof', 'runtime/race', 'runtime/trace', 'sort', 'strconv', 'strings', 'sync', 'sync/atomic', 'syscall', 'syscall/js', 'testing', 'testing/iotest', 'testing/quick', 'text/scanner', 'text/tabwriter', 'text/template', 'text/template/parse', 'time', 'unicode', 'unicode/utf16', 'unicode/utf8', 'unsafe']


class TypesParser():
    '''
    Parse and construct all the types
    '''

    RAW_TYPES = ['Bool','Int','Int8','Int16','Int32','Int64','Uint','Uint8','Uint16','Uint32','Uint64','Uintptr','Float32','Float64','Complex64','Complex128', 'UnsafePointer', 'String']
    
    def __init__(self, firstmoduledata):
        self.moddata = firstmoduledata
        self.parsed_types = dict()
        self.itabs = list()

    def is_raw_type(self, kind):
        return kind in self.RAW_TYPES

    def build_all_types(self, depth=1):
        _info("Building all types...")
Пример #44
0
import functionSig
#import reHooks
#import dbgHooks
import regFu
import menuMod
import bookmarkView
import idaSIM
import stackTrace
import dataWatch
import branchNotTaken
import writeWatch
import reHooks
import dbgHooks
import ida_dbg
import menuMod
'''
idaapi.require("idaSIM")
idaapi.require("stackTrace")
idaapi.require("dataWatch")
idaapi.require("branchNotTaken")
idaapi.require("writeWatch")
idaapi.require("bookmarkView")
idaapi.require("reHooks")
idaapi.require("dbgHooks")
idaapi.require("menuMod")
'''
from idaapi import Choose
'''
    Ida script to reverse execution of Simics to the next breakpoint.
    Since Ida does not know about reverse exectution, the general approach is to 
    tell Simics to reverse and then tell Ida to continue forward.
Пример #45
0
#!c:\\python27\python.exe
# -*- coding: utf-8 -*-
# pylint: disable=E1101
# pylint: disable=F0401
# pylint: disable=C0103
'''This file contains all classes related to parsing and highlighting.'''

from PySide import QtGui, QtCore
import clang.cindex
import idaapi
import hrdev_plugin.include.helper
idaapi.require('hrdev_plugin.include.helper')


class Parser(object):
    '''Implements parser to parse Hex-Rays decompiler output.'''
    def __init__(self, plugin):
        super(Parser, self).__init__()
        self.plugin = plugin
        self.config_main = self.plugin.config_main
        self.gui = self.plugin.gui
        self.tools = self.plugin.tools

        self._token_kinds = hrdev_plugin.include.helper.AttributeDict()
        self._token_kinds.punctiation = []
        self._token_kinds.kkeyword = []
        self._token_kinds.identifier = []
        self._token_kinds.literal = []
        self._token_kinds.comment = []
        self._token_kinds.imported_functions = []
        self._token_kinds.banned_functions = []