def exit(tests): idbname = re.sub(r'\.i(db|64)$', '_' + tests + '.i\\1', idc.GetIdbPath()) if tests == 'yatest': YaCo.yaco.commit_cache() # save intermediate bases if debug: idc.SaveBase(idbname)
def __init__(self, settings_filename): """ Prepare for execution """ SkelUtils.header() g_logger.info("[+] Init Skelenox") # Load settings self.skel_settings = SkelConfig(settings_filename) self.skel_conn = SkelConnection(self.skel_settings) # If having 3 idbs in your current path bother you, change this self.crit_backup_file = idc.GetIdbPath()[:-4] + "_backup_preskel_.idb" self.backup_file = idc.GetIdbPath()[:-4] + "_backup_.idb" atexit.register(self.end_skelenox) g_logger.info( "Backuping IDB before any intervention (_backup_preskel_)") idc.SaveBase(self.crit_backup_file, idaapi.DBFL_TEMP) g_logger.info("Creating regular backup file IDB (_backup_)") idc.SaveBase(self.backup_file, idaapi.DBFL_TEMP) self.last_saved = time.time() if self.skel_hooks is not None: self.skel_hooks.cleanup_hooks() if not self.skel_conn.get_online(): g_logger.error("Cannot get online =(") # Synchronize the sample self.skel_sync_agent = SkelSyncAgent() self.skel_sync_agent.setup_config(settings_filename) # setup hooks self.skel_hooks = SkelHooks(self.skel_conn) # setup UI self.skel_ui = SkelUI(settings_filename) # setup skelenox terminator self.setup_terminator() g_logger.info("Skelenox init finished")
def backup_database(): """ Backup the database to a file similar to IDA's snapshot function. """ time_string = strftime('%Y%m%d%H%M%S') file = idc.GetInputFile() if not file: raise NoInputFileException('No input file provided') input_file = rsplit(file, '.', 1)[0] backup_file = '%s_%s.idb' % (input_file, time_string) g_logger.info('Backing up database to file ' + backup_file) idc.SaveBase(backup_file, idaapi.DBFL_BAK)
def save_and_commit(self): try: idc.SaveBase("") self.commit_cache() except Exception, e: ex = traceback.format_exc() logger.error("An error occurred during YaCo commit") logger.error("%s", ex) traceback.print_exc() Warning( "An error occured during YaCo commit : please relaunch IDA") raise e
def run(self, *args, **kwargs): try: print("YaCo: waiting for auto analysis to finish\n") idc.Wait() print("YaCo: saving base in current state\n") idc.SaveBase("") import_yaco_paths() import YaCo if not YaCo.start(): idc.Warning("YaCo: already started") except Exception, e: print("YaCo: error during run") print(traceback.format_exc()) logger = logging.getLogger("YaCo") if logger is not None: try: logger.error("YaCo: error during run") logger.error(traceback.format_exc()) except: pass raise e
def copy_idb_to_local_file(suffix=None, subdir=None, use_hardlink=False): local_file_name = get_local_idb_name(idc.GetIdbPath(), suffix) if subdir is not None: (head, tail) = os.path.split(local_file_name) local_file_name = os.path.join(head, subdir, tail) (head, tail) = os.path.split(local_file_name) if os.path.exists(head) is False: os.mkdir(head) if use_hardlink: (idb_dir, idb_name) = os.path.split(idc.GetIdbPath()) original_idb_name = os.path.splitext(idb_name)[0] new_idb_name = os.path.splitext(local_file_name)[0] (head, tail) = os.path.split(local_file_name) logger.info("looking for copy-possible files in %s" % head) for f in os.listdir(head): (list_file_name, list_file_ext) = os.path.splitext(f) logger.info( "checking if %s:%s is to be copied to %s as source name" % (list_file_name, list_file_ext, original_idb_name)) if (list_file_name == original_idb_name and (list_file_ext in set([".nam", ".til"]) or (list_file_ext.startswith(".id") and list_file_ext[-1:].isdigit()))): new_name = os.path.join(idb_dir, new_idb_name + list_file_ext) f = os.path.join(idb_dir, f) logger.info("Linking %s to %s" % (f, new_name)) try: os.remove(new_name) except: pass os.system("/bin/cp --reflink=auto %s %s" % (f, new_name)) else: idc.SaveBase(local_file_name) remove_ida_temporary_files(local_file_name) return local_file_name
#!/usr/bin/python from __future__ import print_function from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler import threading import idautils import idc import idaapi # Save the database so nothing gets lost. if idaapi.IDA_SDK_VERSION >= 700: idaapi.save_database(idc.GetIdbPath()) else: idc.SaveBase(idc.GetIdbPath()) HOST, PORT = "0.0.0.0", 1337 DEBUG = True # class Gef: # """ # Top level class where exposed methods are declared. # """ # def __init__(self, server, *args, **kwargs): # self.server = server # self._version = ("IDA Pro", str(idaapi.IDA_SDK_VERSION)) # return # def _dispatch(self, method, params): # """
def DumpDatabase(idb_name): fn_print("Saving database to %s" % idb_name) idc.SaveBase(idb_name)
def store_idb(self): if self.have_idb: idc.SaveBase(idc.GetIdbPath()) self.cc.store_idb()
def yainit_start(self): idc.SaveBase('') import YaCo YaCo.start_tests()
def copy_idb_to_original_file(suffix=None): orig_file_name = get_original_idb_name(idc.GetIdbPath(), suffix) idc.SaveBase(orig_file_name) remove_ida_temporary_files(orig_file_name) return orig_file_name
def yainit_start(self): idc.SaveBase('') import YaCo import ImportExport.YaToolRepoManager ImportExport.YaToolRepoManager.IDA_IS_INTERACTIVE = False YaCo.start()
def run(self, *args, **kwargs): print("yaco: waiting for auto analysis...\n") idc.Wait() print("yaco: saving current base...\n") idc.SaveBase("") start()
def yainit_start(self): idc.SaveBase('') import YaCo YaCo.IDA_IS_INTERACTIVE = False YaCo.start()
import idc import idaapi import sys idc.Wait() if len(idc.ARGV) == 2: tmp_dir = idc.ARGV[1] for tmp_file in sorted(os.listdir(tmp_dir)): if tmp_file.endswith('.dmp'): with open("{}/{}".format(tmp_dir, tmp_file)) as f: data = f.read() start_addr = int(tmp_file.split('.')[0], 16) stop_addr = (start_addr + len(data)) | 0xfff idc.SegCreate(start_addr, stop_addr, 0, 1, 0, idaapi.scPub) idc.SetSegmentType(start_addr, idc.SEG_CODE) idaapi.put_many_bytes(start_addr, data) # reanalyze after adding all the new sections idc.AnalyzeArea(0, idc.BADADDR) # compresses the DB idc.SaveBase('{}.idb'.format(idc.GetInputFile()), flags=idaapi.DBFL_COMP) idc.Exit(0)
def yainit_start(self): idc.SaveBase('') import YaCo import repository repository.IDA_IS_INTERACTIVE = False YaCo.start()
from __future__ import print_function import idaapi import idautils import idc import functools import datetime import threading import xmlrpclib from SimpleXMLRPCServer import SimpleXMLRPCServer import idaapi import idautils import idc # Save the database so nothing gets lost. idc.SaveBase(idc.GetIdbPath() + '.' + datetime.datetime.now().isoformat()) xmlrpclib.Marshaller.dispatch[type( 0L)] = lambda _, v, w: w("<value><i8>%d</i8></value>" % v) xmlrpclib.Marshaller.dispatch[type( 0)] = lambda _, v, w: w("<value><i8>%d</i8></value>" % v) port = 8888 orig_LineA = idc.LineA def LineA(*a, **kw): v = orig_LineA(*a, **kw) if v and v.startswith('\x01\x04; '): v = v[4:] return v
import idautils import idc # Wait for any processing to get done idaapi.autoWait() # On Windows with NTFS filesystem a filepath with ':' # is treated as NTFS ADS (Alternative Data Stream) # and so saving file with such name fails dt = datetime.datetime.now().isoformat().replace(':', '-') # Save the database so nothing gets lost. if idaapi.IDA_SDK_VERSION >= 700: idaapi.save_database(idc.GetIdbPath() + '.' + dt) else: idc.SaveBase(idc.GetIdbPath() + '.' + dt) DEBUG_MARSHALLING = False def create_marshaller(use_format=None, just_to_str=False): assert use_format or just_to_str, 'Either pass format to use or make it converting the value to str.' def wrapper(_marshaller, value, appender): if use_format: marshalled = use_format % value elif just_to_str: marshalled = '<value><string>%s</string></value>' % escape( str(value)) if DEBUG_MARSHALLING:
def exit(tests): idbname = re.sub(r'\.i(db|64)$', '_' + tests + '.i\\1', idc.GetIdbPath()) if debug or tests == 'yatest': idc.SaveBase(idbname)