def handleMessage(self):
#idaapi.msg("[QIRA Plugin] Received from QIRA web: %s\n" % (self.data,))
dat = self.data.split(" ")
if dat[0] == "setaddress" and dat[1] != "undefined":
try:
a = idaapi.toEA(0, int(str(dat[1][2:]),16))
jump_to(a)
except e:
idaapi.msg("[QIRA Plugin] Error processing the address\n")
def handleMessage(self):
#idaapi.msg("[QIRA Plugin] Received from QIRA web: %s\n" % (self.data,))
dat = self.data.split(" ")
if dat[0] == "setaddress" and dat[1] != "undefined":
try:
a = idaapi.toEA(0, int(str(dat[1][2:]), 16))
jump_to(a)
except e:
idaapi.msg("[QIRA Plugin] Error processing the address\n")
def parse_msg(msg):
dat = msg.split(" ")
if dat[0] == "setaddress" and dat[1] != "undefined":
try:
a = idaapi.toEA(0, int(str(dat[1][2:]), 16))
#idaapi.msg("[q2i Plugin] parse_msg : %s\n" % a)
jump_to(a)
except:
idaapi.msg("[q2i Plugin] Error processing the address\n")
def set_qira_address(la):
global qira_address
ea = 0
if qira_address is not None and qira_address != BADADDR:
ea = idaapi.toEA(0, qira_address)
idaapi.del_bpt(ea)
qira_address = la
idaapi.add_bpt(qira_address, 0, BPT_SOFT)
EnableBpt(qira_address, False)
def handle_message_queue():
global msg_queue
while len(msg_queue) > 0:
dat = msg_queue[0].split(" ")
msg_queue = msg_queue[1:]
if dat[0] == "setaddress" and dat[1] != "undefined":
try:
a = idaapi.toEA(0, int(str(dat[1][2:]),16))
jump_to(a)
except e:
idaapi.msg("[QIRA Plugin] Error processing the address\n")
def set_qira_address(self, sea):
# Check if there is a BreakPoint and delete is before processing.
if (self.qira_address is not None) and (
self.qira_address != idc.BADADDR):
qea = idaapi.toEA(0, self.qira_address)
if idc.CheckBpt(qea) != -1:
idaapi.del_bpt(qea)
# Update qira_address and set BreakPont.
self.qira_address = sea
idaapi.add_bpt(self.qira_address, 0, idaapi.BPT_SOFT)
idc.EnableBpt(self.qira_address, False)
# debugging
if DEBUG:
idaapi.msg(
"[%s] set_qira_address: 0x%x\n" %
(self.wanted_name, self.qira_address,))
def handleMessage(self):
# debugging
if DEBUG:
idaapi.msg(
"[%s] Received from QIRA web: %s\n" %
(self.qira.wanted_name, self.data,))
dat = self.data.split(" ")
if (dat[0] == "setaddress") and (dat[1] != "undefined"):
try:
qs_ea = idaapi.toEA(0, int(str(dat[1][2:]), 16))
# debugging
if DEBUG:
idaapi.msg(
"[%s] EA address 0x%x\n" %
(self.qira.wanted_name, qs_ea,))
self.qsjump_to(qs_ea)
except AttributeError:
idaapi.msg(
"[%s] Error processing the address\n" %
(self.qira.wanted_name,))
# .data section and is not executable) then the use of the interface will
# happen through the code segment ('cs:qword_...') :
# Ex: lea r8, qword_1234
# mov rax, cs:qword_1234
# call qword ptr [rax]
#
# Similar to far call in real-mode : https://c9x.me/x86/html/file_module_x86_id_26.html.
if "qword_" in dispatch_proto_offset:
dispatch_proto_offset = "cs:" + dispatch_proto_offset
f.write(" [+] SW Dispatch proto interface offset = {} \n".format(
dispatch_proto_offset))
# Init Unicorn Engine
emu = init_emu()
(start, end) = get_emu_range(idaapi.toEA(0, next_call))
nb_calls_to_register = extract_smi_number(emu, start, end,
dispatch_proto_addr,
dispatch_proto_offset)
# If no call found at all, the interface is probably accessed from another
# function. Get fcts that ref it and scan them.
if nb_calls_to_register == 0:
seen = []
for addr in XrefsTo(int(dispatch_proto_offset.split('_')[1], 16),
flags=0):
a = addr.frm
if a == dispatch_proto_addr: