def initialize_ui():
widget.register_dockwidget(BreakpointsWidget.DebugBreakpointsWidget, "Debugger Breakpoints", Qt.BottomDockWidgetArea, Qt.Horizontal, False)
widget.register_dockwidget(RegistersWidget.DebugRegistersWidget, "Debugger Registers", Qt.RightDockWidgetArea, Qt.Vertical, False)
widget.register_dockwidget(ThreadsWidget.DebugThreadsWidget, "Debugger Threads", Qt.BottomDockWidgetArea, Qt.Horizontal, False)
widget.register_dockwidget(StackWidget.DebugStackWidget, "Debugger Stack", Qt.LeftDockWidgetArea, Qt.Vertical, False)
widget.register_dockwidget(ModulesWidget.DebugModulesWidget, "Debugger Modules", Qt.BottomDockWidgetArea, Qt.Horizontal, False)
widget.register_dockwidget(ConsoleWidget.DebugConsoleWidget, "Debugger Console", Qt.BottomDockWidgetArea, Qt.Horizontal, False)
PluginCommand.register_for_address("Debugger\\Toggle Breakpoint", "sets/clears breakpoint at right-clicked address", cb_bp_toggle, is_valid=valid_bp_toggle)
PluginCommand.register("Debugger\\Process\\Run", "Start new debugging session", cb_process_run, is_valid=valid_process_run)
PluginCommand.register("Debugger\\Process\\Restart", "Restart debugging session", cb_process_restart, is_valid=valid_process_restart)
PluginCommand.register("Debugger\\Process\\Quit", "Terminate debugged process and end session", cb_process_quit, is_valid=valid_process_quit)
# PluginCommand.register("Debugger\\Process\\Attach", "Attach to running process", cb_process_attach, is_valid=valid_process_attach)
PluginCommand.register("Debugger\\Process\\Detach", "Detach from current debugged process", cb_process_detach, is_valid=valid_process_detach)
PluginCommand.register("Debugger\\Process\\Settings", "Open adapter settings menu", cb_process_settings, is_valid=valid_process_settings)
PluginCommand.register("Debugger\\Control\\Pause", "Pause execution", cb_control_pause, is_valid=valid_control_pause)
PluginCommand.register("Debugger\\Control\\Resume", "Resume execution", cb_control_resume, is_valid=valid_control_resume)
PluginCommand.register("Debugger\\Control\\Step Into (Assembly)", "Step into assembly", cb_control_step_into_asm, is_valid=valid_control_step_into_asm)
PluginCommand.register("Debugger\\Control\\Step Into (IL)", "Step into IL", cb_control_step_into_il, is_valid=valid_control_step_into_il)
PluginCommand.register("Debugger\\Control\\Step Over (Assembly)", "Step over function call", cb_control_step_over_asm, is_valid=valid_control_step_over_asm)
PluginCommand.register("Debugger\\Control\\Step Over (IL)", "Step over function call", cb_control_step_over_il, is_valid=valid_control_step_over_il)
PluginCommand.register("Debugger\\Control\\Step Return", "Step until current function returns", cb_control_step_return, is_valid=valid_control_step_return)
ViewType.registerViewType(DebugView.DebugViewType())
def initialize_ui():
widget.register_dockwidget(BreakpointsWidget.DebugBreakpointsWidget,
"Breakpoints", Qt.BottomDockWidgetArea,
Qt.Horizontal, False)
widget.register_dockwidget(RegistersWidget.DebugRegistersWidget,
"Registers", Qt.RightDockWidgetArea,
Qt.Vertical, False)
widget.register_dockwidget(ThreadsWidget.DebugThreadsWidget, "Threads",
Qt.BottomDockWidgetArea, Qt.Horizontal, False)
widget.register_dockwidget(StackWidget.DebugStackWidget, "Stack",
Qt.LeftDockWidgetArea, Qt.Vertical, False)
widget.register_dockwidget(ModulesWidget.DebugModulesWidget, "Modules",
Qt.BottomDockWidgetArea, Qt.Horizontal, False)
# TODO: Needs adapter support
# widget.register_dockwidget(ConsoleWidget.DebugConsoleWidget, "Debugger Console", Qt.BottomDockWidgetArea, Qt.Horizontal, False)
PluginCommand.register_for_address(
"Set Breakpoint",
"sets breakpoint at right-clicked address",
cb_bp_set,
is_valid=require_adapter)
PluginCommand.register_for_address(
"Clear Breakpoint",
"clears breakpoint at right-clicked address",
cb_bp_clr,
is_valid=require_adapter)
ViewType.registerViewType(DebugView.DebugViewType())
def register_commands():
"""
Register commands
"""
PluginCommand.register_for_address(
"Resolve Shared Library Import",
"Resolves an import from a shared library, and jumps to its definition.",
action=resolve_imports,
is_valid=is_valid,
)
def register_commands():
from .deoptimization import (
annotate_operations_ending_at_address,
annotate_operations_in_function,
)
PluginCommand.register_for_address(
"Deoptimize Operations - Line",
"Uses z3 to deoptimize divisions and modulos ending at the specified line.",
action=annotate_operations_ending_at_address,
)
PluginCommand.register_for_function(
"Deoptimize Operations - Function",
"Uses z3 to deoptimize divisions and modulos through the current function.",
action=annotate_operations_in_function,
)
def init_module():
init_load_ops()
init_store_ops()
init_alu_ops()
init_jmp_ops()
init_ret_ops()
init_misc_ops()
#EtherTypeRenderer().register_type_specific()
EtherTypeRenderer().register_generic()
#for full_opcode in InstructionNames:
# log('0x%x : %s' % (full_opcode, InstructionNames[full_opcode]))
BPFArch.register()
arch = Architecture['BPF']
arch.register_calling_convention(DefaultCallingConvention(arch, 'default'))
arch.standalone_platform.default_calling_convention = arch.calling_conventions['default']
XTBPFView.register()
BPFView.register()
PluginCommand.register_for_address('BPF Annotate IP', 'Converts BPF K value to IP', annotate_ip_at)
# Perform lookup
f = open(toc, "r")
found = False
for line in f:
if line.startswith(lookupstr + ","):
found = True
break
f.close()
if (found):
try:
# Extract info
result = line.split(",")
print result[0] + " = " + result[1]
# Open Intel proc manual to page for selected opcode
subprocess.Popen([browser, '-url', manual + result[2]])
except:
log_error("Couldn't find info for the selected opcode!")
else:
log_error("No table of contents entry for this opcode!")
# Create a plugin command so that the user can right click on an instruction and invoke the command
PluginCommand.register_for_address("Proc Manual",
"Lookup asm instruction in proc manual",
proc_manual)
addr, HighlightStandardColor.RedHighlightColor)
# Add the instruction to the list associated with the current view
bv.session_data.angr_avoid.add(addr)
def solve(bv):
if len(bv.session_data.angr_find) == 0:
show_message_box(
"Angr Solve", "You have not specified a goal instruction.\n\n" +
"Please right click on the goal instruction and select \"Find Path to This Instruction\" to "
+ "continue.", MessageBoxButtonSet.OKButtonSet,
MessageBoxIcon.ErrorIcon)
return
# Start a solver thread for the path associated with the view
s = Solver(bv.session_data.angr_find, bv.session_data.angr_avoid, bv)
s.start()
# Register commands for the user to interact with the plugin
PluginCommand.register_for_address(
"Find Path to This Instruction",
"When solving, find a path that gets to this instruction", find_instr)
PluginCommand.register_for_address(
"Avoid This Instruction",
"When solving, avoid paths that reach this instruction", avoid_instr)
PluginCommand.register(
"Solve With Angr",
"Attempt to solve for a path that satisfies the constraints given", solve)
@db_required
def display_bb_viewer(bv):
dock_handler = None
for wg in QApplication.allWidgets():
wg_win = wg.window()
dock_handler = wg_win.findChild(DockHandler, "__DockHandler")
if dock_handler:
break
if dock_handler is None:
print("Could not find DockHandler")
return
dock_widget = BBViewerWidget("Basic Block viewer", dock_handler.parent(),
bv, LOADED_DB)
dock_handler.addDockWidget(dock_widget, Qt.RightDockWidgetArea,
Qt.Vertical, True)
PluginCommand.register("Wakare\\Load trace database", "Loads a trace database",
db_load)
PluginCommand.register_for_address("Wakare\\Branch xrefs from",
"Displays xrefs from a branch",
display_branch_xrefs)
PluginCommand.register("Wakare\\Show basic block viewer",
"Displays information about basic blocks",
display_bb_viewer)
data = bv.read(tbl + (i * addrsize), addrsize)
if len(data) == addrsize:
if addrsize == 4:
ptr = struct.unpack("<I", data)[0]
else:
ptr = struct.unpack("<Q", data)[0]
# If the pointer is within the binary, add it as a destination and continue
# to the next entry
if (ptr >= bv.start) and (ptr < bv.end):
print "Found destination 0x%x" % ptr
branches.append((arch, ptr))
else:
# Once a value that is not a pointer is encountered, the jump table is ended
break
else:
# Reading invalid memory
break
i += 1
# Set the indirect branch targets on the jump instruction to be the list of targets discovered
func.set_user_indirect_branches(jump_addr, branches)
# Create a plugin command so that the user can right click on an instruction referencing a jump table and
# invoke the command
PluginCommand.register_for_address("Process jump table",
"Look for jump table destinations",
find_jump_table)
return "str_" + "XXX"
varname = "str_"
varname += _RE_REPLACE_UNDERSCORE.sub("_", s)
varname = _RE_COMPRESS_UNDERSCORE.sub("_", varname)
return varname
def define_str_var(bv, addr):
a = get_address_from_inst(bv, addr)
if not a:
a = addr
data = bv.read(a, MAX_STRING_LENGTH)
if not data:
log_alert("failed to read from 0x{:x}".format(a))
if b"\x00" in data:
length = data.find(b"\x00") + 1
else:
log_info("not a null-terminated string: {!r}".format(data))
log_alert("doesn't look like a null-terminated-string")
return
varname = get_string_varname(data[:length])
t = bv.parse_type_string("char {}[{}]".format(varname, length))
bv.define_user_data_var(a, t[0])
sym = binaryninja.types.Symbol('DataSymbol', a, varname[:21], varname)
bv.define_user_symbol(sym)
# Register commands for the user to interact with the plugin
PluginCommand.register_for_address("Define string variable",
"Define string variable", define_str_var)
print('WARNING: unfamiliar call operand in {}'.format(instruction))
continue
symbol = bv.get_symbol_at(instruction.prefix_operands[2])
if symbol and symbol.type == SymbolType.ImportedFunctionSymbol:
#print(symbol.name)
#demangler.demangleImport(bv, instruction.prefix_operands[2])
#demangler.demangleImport(bv, symbol.name)
name = symbol.name
if name[:2] == '__':
name = name[1:]
try:
result = demangler.demangleSymbolAsNode(bv, name)
if not result:
skipped.append(symbol.name)
print('SKIPPING: {}'.format(symbol.name))
continue
successful.append(symbol.name)
print(result)
#print(demangler.getNodeTreeAsString(result))
except Exception as e:
logging.exception(e)
print(len(skipped))
print(skipped)
print(len(successful))
print(successful)
PluginCommand.register("Define Objective-C classes", "Parses the objc_classlist section to define Objective C and Swift classes", define_classes)
PluginCommand.register_for_address("Demangle Swift symbol", "Demangles the Swift symbol name at the given address", demangler.demangleAddress)
PluginCommand.register_for_function("Demangle imported Swift symbols", "Demangles the imported Swift symbol names in the given function", demangleImportsInFunction)
if not ok:
return False
global g_bn_hook_manager
if g_bn_hook_manager is None:
g_bn_hook_manager = hook_manager_create(bv)
if (g_bn_hook_manager is None):
show_message_box(
'Unimplemented',
'This plugin does not support executables of type {} yet.'.
format(bv.view_type),
icon=MessageBoxIcon.ErrorIcon)
return False
ok = g_bn_hook_manager.install_hook(hook)
if not ok:
show_message_box('Install Fail',
'The hook failed to install.',
icon=MessageBoxIcon.ErrorIcon)
return False
return True
PluginCommand.register_for_address(
'Insert Custom Hook',
'jumps to a custom piece of code, and jumps back, allowing the binary to continue as originally programmed',
insert_hook)
