def zero_reg(self):
reg = self.get_selected_reg()
if not reg:
return
idc.set_reg_value(0, reg)
self.reload_info()
def dec_reg(self):
reg = self.get_selected_reg()
if not reg:
return
val = dbg.to_uint(self.reg_vals[reg] - 1)
idc.set_reg_value(val, reg)
self.reload_info()
def toggle_value(self):
reg = self.get_selected_reg()
if not reg:
return
val = dbg.to_uint(~self.reg_vals[reg])
idc.set_reg_value(val, reg)
self.reload_info()
def force_save_eip_generation(self, eip): if (eip == self.addr["writePrologue"] and self.save_eip): self.is_write_prologue_state = True elif (eip == self.addr["hasReachableExceptionsRet"] and self.save_eip and self.is_write_prologue_state): idc.set_reg_value(1, "EAX") self.is_write_prologue_state = False
def get_dbg_brk_linux32():
'''
Return the current brk value in the debugged process (only x86 Linux)
'''
#TODO this method is so weird, find a unused address to inject code not the base address
code = ""
code += '\xb8-\x00\x00\x00' #mov eax, sys_brk ; 45
code += '1\xdb' #xor ebx, ebx
code += '\xcd\x80' #int 0x80
eax = idc.get_reg_value("eax")
ebx = idc.get_reg_value("ebx")
eip = idc.get_reg_value("eip")
efl = idc.get_reg_value("efl")
base = idaapi.get_imagebase()
#inj = idc.next_head(eip) #skip current instr
inj = base
save = idc.get_bytes(inj, len(code), use_dbg=True)
for i in xrange(len(code)):
idc.patch_dbg_byte(inj + i, ord(code[i]))
#idc.MakeCode(inj)
idc.set_reg_value(inj, "eip")
idaapi.step_into()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
idaapi.step_into()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
idaapi.step_into()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
brk_res = idc.get_reg_value("eax")
idc.set_reg_value(eax, "eax")
idc.set_reg_value(ebx, "ebx")
idc.set_reg_value(eip, "eip")
idc.set_reg_value(efl, "efl")
for i in xrange(len(save)):
idc.patch_dbg_byte(inj + i, ord(save[i]))
save = idc.get_bytes(inj, len(code), use_dbg=True)
#idc.MakeCode(inj)
return brk_res
def get_dbg_brk_linux64():
'''
Return the current brk value in the debugged process (only x86_64 Linux)
'''
#TODO this method is so weird, find a unused address to inject code not the base address
code = ""
code += 'H\xc7\xc0\x0c\x00\x00\x00' #mov rax, sys_brk ; 12
code += 'H1\xff' #xor rdi, rdi
code += '\x0f\x05' #syscall
rax = idc.get_reg_value("rax")
rdi = idc.get_reg_value("rdi")
rip = idc.get_reg_value("rip")
efl = idc.get_reg_value("efl")
base = idaapi.get_imagebase()
#inj = idc.next_head(rip) #skip current instr
inj = base
save = idc.get_bytes(inj, len(code), use_dbg=True)
for i in xrange(len(code)):
idc.patch_dbg_byte(inj + i, ord(code[i]))
#idc.MakeCode(inj)
idc.set_reg_value(inj, "rip")
idaapi.step_into()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
idaapi.step_into()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
idaapi.step_into()
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
brk_res = idc.get_reg_value("rax")
idc.set_reg_value(rax, "rax")
idc.set_reg_value(rdi, "rdi")
idc.set_reg_value(rip, "rip")
idc.set_reg_value(efl, "efl")
for i in xrange(len(save)):
idc.patch_dbg_byte(inj + i, ord(save[i]))
save = idc.get_bytes(inj, len(code), use_dbg=True)
#idc.MakeCode(inj)
return brk_res
def modify_value(self):
reg = self.get_selected_reg()
if not reg:
return
reg_val = idc.get_reg_value(reg)
b = idaapi.ask_str("0x%X" % reg_val, 0, "Modify register value")
if b is not None:
try:
value = int(idaapi.str2ea(b))
idc.set_reg_value(value, reg)
self.reload_info()
if reg == dbg.registers.flags:
self.reload_flags_view()
except:
idaapi.warning("Invalid expression")
def switch_value(self):
lineno = self.GetLineNo()
if lineno > len(dbg.registers.flags):
return
line = self.GetLine(lineno)
line = idaapi.tag_remove(line[0])
flag = line[:4].strip()
new_val = not self.flag_vals[flag]
rc = idc.set_reg_value(int(new_val), flag)
if not rc:
idaapi.warning("Unable to update the register value")
return
self.parent.reload_view()
def __setattr__(self, name, value):
#print "cpu.set(%s)" % name
return idc.set_reg_value(value, name)
def set_reg_value(reg, value):
if idaapi.IDA_SDK_VERSION <= 699:
idc.SetRegValue(reg, value)
else:
idc.set_reg_value(reg, value)
def __setattr__(self, name, value):
return idc.set_reg_value(value, name)
def set_reg(self, name, value):
idc.set_reg_value(value, name)
def __call__(self):
try:
self.result = idc.set_reg_value(self.value, self.register)
except Exception as e:
l.debug("write_register exception %s" % (e))
self.exception = True
