Пример #1
0
 def sync_ask_rename():
     """
         Dialog asking renaming confirmation to the user
     """
     rename_flag = 0
     if force or idc.ask_yn(
             rename_flag, "Replace %s by %s" %
         (get_name(), name["data"])) == 1:
         logger.debug("[x] renaming %s @ 0x%x as %s", get_name(),
                      name["address"], name["data"])
         ida_name.set_name(name["address"],
                           name["data"].encode('ascii', 'ignore'),
                           ida_name.SN_AUTO)
Пример #2
0
    def run(self):
        """
            Launch the hooks!
        """
        idaapi.disable_script_timeout()
        init_sync = 0
        if idc.ask_yn(init_sync,
                      "Do you want to push your names and comments") == 1:
            self.send_names()
            self.send_comments()

        if self.skel_settings.use_ui:
            self.skel_ui.Show()
        self.skel_sync_agent.start()
        self.skel_hooks.hook()
Пример #3
0
 def sync_ask_rename():
     """
         Dialog asking renaming confirmation to the user
     """
     rename_flag = 0
     if force or idc.ask_yn(rename_flag, "Replace %s by %s" %
                            (get_name(), name["data"])) == 1:
         logger.debug("[x] renaming %s @ 0x%x as %s",
                      get_name(),
                      name["address"],
                      name["data"])
         ida_name.set_name(
             name["address"], name["data"].encode(
                 'ascii', 'ignore'),
             ida_name.SN_AUTO)
Пример #4
0
    def run(self):
        """
            Launch the hooks!
        """
        idaapi.disable_script_timeout()
        init_sync = 0
        if idc.ask_yn(init_sync,
                      "Do you want to push your names and comments") == 1:
            self.send_names()
            self.send_comments()

        if self.skel_settings.use_ui:
            self.skel_ui.Show()
        self.skel_sync_agent.start()
        self.skel_hooks.hook()
Пример #5
0
def parse_function(ea):
    func = ida_funcs.func_t(ea)
    res = ida_funcs.find_func_bounds(func, ida_funcs.FIND_FUNC_DEFINE)

    if res == ida_funcs.FIND_FUNC_UNDEF:
        idc.ask_yn(1, 'can not find func bounds.')
        exit(0)

    addr = func.start_ea
    hit_count = 0
    gnm_name = ''
    packet_count = 0
    while addr < func.end_ea:
        if idc.print_insn_mnem(addr) == 'call':
            sub_name = idc.print_operand(addr, 0)
            if 'SetAllocatedNodes@SchedulerProxy' in sub_name:
                arg_addrs = ida_typeinf.get_arg_addrs(addr)
                gnm_name_arg_addr = arg_addrs[1]
                if idc.print_insn_mnem(gnm_name_arg_addr) != 'lea':
                    idc.ask_yn(
                        1, 'gnm name not passed by lea: {:X}'.format(
                            gnm_name_arg_addr))
                    exit(0)
                name_addr = idc.get_operand_value(gnm_name_arg_addr, 1)
                gnm_name = idc.get_strlit_contents(name_addr).decode('ascii')
                hit_count += 1
            if 'set_packet_count' in sub_name:
                # we need to manually set set_packet_count function's type (press key Y)
                # or get_arg_addrs will return None
                arg_addrs = ida_typeinf.get_arg_addrs(addr)
                packet_count_arg_addr = arg_addrs[1]
                packet_count_inst = idc.print_insn_mnem(packet_count_arg_addr)
                if packet_count_inst == 'mov':
                    op_type = idc.get_operand_type(packet_count_arg_addr, 1)
                    if op_type == idc.o_imm:
                        packet_count = idc.get_operand_value(
                            packet_count_arg_addr, 1)
                    else:
                        packet_count = 0
                elif packet_count_inst == 'lea':
                    packet_count = 0
                else:
                    idc.ask_yn(
                        1, 'packet count passed by {} at {:X}'.format(
                            packet_count_inst, packet_count_arg_addr))
                    exit(0)

                hit_count += 1
        if hit_count == 2:
            break
        addr = idc.next_head(addr)
    return gnm_name, packet_count
Пример #6
0
def main(doAllFuncs=True):
    #doAllFuncs=False
    #jayutils.configLogger(__name__, logging.DEBUG)
    jayutils.configLogger(__name__, logging.INFO)
    logger = jayutils.getLogger('stackstrings')
    logger.debug('Starting up now')
    filePath = jayutils.getInputFilepath()
    if filePath is None:
        self.logger.info('No input file provided. Stopping')
        return
    vw = jayutils.loadWorkspace(filePath)
    ea = idc.here()
    res = -1
    if using_ida7api:
        res = idc.ask_yn(0, 'Use basic-block local aggregator')
    else:
        res = idc.AskYN(0, 'Use basic-block local aggregator')
    if res == idaapi.ASKBTN_CANCEL:
        print 'User canceled'
        return
    uselocalagg = (res == 1)
    ranges = getFuncRanges(ea, doAllFuncs)
    for funcStart, funcEnd in ranges:
        try:
            logger.debug('Starting on function: 0x%x', funcStart)
            stringList = runStrings(vw, funcStart, uselocalagg)    
            for node, string in stringList:
                if isLikelyFalsePositiveString(string):
                    #if it's very likely a FP, skip annotating
                    continue
                print '0x%08x: %s' % (node[0], string)
                #print '0x%08x: 0x%08x: %s %s' % (node[0], node[1], binascii.hexlify(string), string)
                if using_ida7api:
                    idc.set_cmt(node[0], string.strip(), 0)
                else:
                    idc.MakeComm(node[0], string.strip())
        except Exception, err:
            logger.exception('Error during parse: %s', str(err))
Пример #7
0
    def OnFormChange(self, fid):
        if fid == self.rOptMD5.id or fid == self.rOptFile.id:
            input = (self.cfg.md5sum, self.cfg.infile)
            if fid == self.rOptMD5.id:
                c1 = self.rOptMD5
                c2 = self.rOptFile
                idx = 0
            else:
                c1 = self.rOptFile
                c2 = self.rOptMD5
                idx = 1

            v = not self.GetControlValue(c1)
            if v: idx = not idx

            # Uncheck the opposite input type
            self.SetControlValue(c2, v)

            # Set input field depending on input type
            self.SetControlValue(self.txtInput, input[idx])
        #
        # Report button
        #
        elif fid == self.btnReport.id:
            input = self.GetControlValue(self.txtInput)
            as_file = self.GetControlValue(self.rOptFile)
            apikey = self.GetControlValue(self.txtApiKey)

            ok, r = VtReport(self.cfg.apikey,
                             filename=input if as_file else None,
                             md5sum=None if as_file else input)

            # Error?
            if not ok:
                idc.warning(r)
                return 1

            # Pass the result
            self.EChooser.SetItems(r)

            # We have results and it was a file? Print its MD5
            if r and as_file:
                print("%s: %s" % (vt.LAST_FILE_HASH, input))

            # Refresh the embedded chooser control
            # (Could also clear previous results if not were retrieved during this run)
            self.RefreshField(self.cEChooser)

            # Store the input for the caller
            self.cfg.input = input

            # No results and file as input was supplied?
            if r is None:
                if as_file:
                    # Propose to upload
                    if idc.ask_yn(
                            0,
                            "HIDECANCEL\nNo previous results. Do you want to submit the file:\n\n'%s'\n\nto VirusTotal?"
                            % input) == 0:
                        return 1

                    try:
                        r = vt.scan_file(input)
                    except Exception as e:
                        idc.warning("Exceptio during upload: %s" % str(e))
                    else:
                        if r is None:
                            idc.warning("Failed to upload the file!")
                        else:
                            idc.warning(
                                "File uploaded. Check again later to get the analysis report. Scan id: %s"
                                % r)
                else:
                    idc.warning("No results found for hash: %s" % input)

        return 1
Пример #8
0
# --------------------------------------------------------------------------
def ProcessUiActions(actions, flags=0):
    """
    @param actions: A string containing a list of actions separated by semicolon, a list or a tuple
    @param flags: flags to be passed to process_ui_action()
    @return: Boolean. Returns False if the action list was empty or execute_ui_requests() failed.
    """

    # Instantiate a helper
    helper = __process_ui_actions_helper(actions, flags)
    return False if len(helper) < 1 else idaapi.execute_ui_requests((helper,))


# --------------------------------------------------------------------------
class print_req_t(object):
    def __init__(self, s):
        self.s = s
    def __call__(self):
        idaapi.msg("%s" % self.s)
        return False # Don't reschedule



if idc.ask_yn(1,("HIDECANCEL\nDo you want to run execute_ui_requests() example?\n"
                "Press NO to execute ProcessUiActions() example\n")):
    idaapi.execute_ui_requests(
       (print_req_t("Hello"), print_req_t(" world\n")) )
else:
    ProcessUiActions("JumpQ;JumpName")
Пример #9
0
# --------------------------------------------------------------------------
def ProcessUiActions(actions, flags=0):
    """
    @param actions: A string containing a list of actions separated by semicolon, a list or a tuple
    @param flags: flags to be passed to process_ui_action()
    @return: Boolean. Returns False if the action list was empty or execute_ui_requests() failed.
    """

    # Instantiate a helper
    helper = __process_ui_actions_helper(actions, flags)
    return False if len(helper) < 1 else idaapi.execute_ui_requests((helper, ))


# --------------------------------------------------------------------------
class print_req_t(object):
    def __init__(self, s):
        self.s = s

    def __call__(self):
        idaapi.msg("%s" % self.s)
        return False  # Don't reschedule


if idc.ask_yn(
        1, ("HIDECANCEL\nDo you want to run execute_ui_requests() example?\n"
            "Press NO to execute ProcessUiActions() example\n")):
    idaapi.execute_ui_requests((print_req_t("Hello"), print_req_t(" world\n")))
else:
    ProcessUiActions("JumpQ;JumpName")
Пример #10
0
import idautils
import idaapi
import idc

ea = ScreenEA()
if idaapi.isCode(idaapi.getFlags(ea)):
    cmd = idc.GetDisasm(ea)
    prt_str = "Current cmd: %s" % cmd
    select = idc.ask_yn(ASKBTN_YES, prt_str)
    if select == ASKBTN_YES:
        length = idc.AskLong(1, "Instruction Number:")
        if length > 0:
            n = 0
            print ""
            oplist = []
            for i in xrange(length):
                if idaapi.isCode(idaapi.getFlags(ea)):
                    n += 1
                    cmd = idc.GetDisasm(ea)
                    print cmd
                    if cmd[:3] == "mov":
                        op1 = idc.get_operand_value(ea, 0)
                        op2 = idc.get_operand_value(ea, 1)
                        oplist.append((op1, op2))
                        #print hex(op1),hex(op2)
                else:
                    break
                ea = idc.NextHead(ea)
            print "Process %d Instructions" % n
            oplist.sort()
        for (i, j) in oplist: