def goto(shift=False): print("GhIDA:: [DEBUG] goto called") symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: return False address = gl.get_address_for_symbol(symbol) if not address: return False print("OnDblClick, shift=%d, selection:%s, address:%s" % (shift, symbol, address)) # Update IDA DISASM view idaapi.jumpto(address) # Update IDA DECOMP view ea = gl.convert_address(address) print("GhIDA:: [DEBUG] update view to %s" % ea) DECOMP_VIEW.switch_to_address(ea) return True
def activate(self, ctx): cur_ea = ida_kernwin.get_screen_ea() pfn = ida_funcs.get_func(cur_ea) if pfn: v = ida_kernwin.get_current_viewer() result = ida_kernwin.get_highlight(v) if result: stkvar_name, _ = result frame = ida_frame.get_frame(cur_ea) sptr = ida_struct.get_struc(frame.id) mptr = ida_struct.get_member_by_name(sptr, stkvar_name) if mptr: fii = ida_funcs.func_item_iterator_t() ok = fii.set(pfn) while ok: ea = fii.current() F = ida_bytes.get_flags(ea) for n in range(ida_ida.UA_MAXOP): if not ida_bytes.is_stkvar(F, n): continue insn = ida_ua.insn_t() if not ida_ua.decode_insn(insn, ea): continue v = ida_frame.calc_stkvar_struc_offset( pfn, insn, n) if v >= mptr.soff and v < mptr.eoff: print("Found xref at 0x%08x, operand #%d" % (ea, n)) ok = fii.next_code() else: print("No stack variable named \"%s\"" % stkvar_name) else: print("Please position the cursor within a function")
def highlight_symbol_in_DISASM(): """ Select a symbol in the DECOMP view, highlight the corresponding symbols in IDA DISASM view. """ # print("GhIDA:: [DEBUG] highlight_symbol_in_DISASM called") disasm_widget = idaapi.find_widget('IDA View-A') symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: # TODO improve it # Highlight a non-existing symbole idaapi.set_highlight(disasm_widget, 'aaabbbccc', 1) return True converted_symbol = from_ghidra_to_ida_syntax_conversion(symbol) if converted_symbol: # Update IDA DISASM view idaapi.set_highlight(disasm_widget, converted_symbol, 1) else: # TODO improve it # Highlight a non-existing symbole idaapi.set_highlight(disasm_widget, 'aaabbbccc', 1) return True
def arachno(): """gets textual representation of currently selected identifier from any current IDA view, opens a new browser tab and googles for it """ r = kw.get_highlight(kw.get_current_viewer()) if r: webbrowser.open("https://google.com/search?q=%s" % r[0], new=2)
def make_name(): """rename current item""" """TODO:replace with custom implementation that allows parameters such as name and flags ("create name anyway") to be set """ cv = ida_kernwin.get_current_viewer() if cv: hx = ida_kernwin.get_widget_type(cv) == ida_kernwin.BWN_PSEUDOCODE ida_kernwin.process_ui_action("hx:Rename" if hx else "MakeName") return
def getHighlight(): if idaapi.IDA_SDK_VERSION <= 699: retval = idaapi.get_highlighted_identifier() else: v = ida_kernwin.get_current_viewer() t = ida_kernwin.get_highlight(v) retval = None if t is None: print('Nothing highlighted in viewer %s' % str(v)) else: retval, flags = t return retval
def get_curr_highlighted_str(): """ Return the currently highlighted identifier or None if nothing is highlighted. This get it from the current view. :return: The string of the highlighted object or None if nothing is highlighted. """ t = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if t is None: return t return t[0]
def OnDblClick(self, node_id): target_ea = self.items[node_id].ea r = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if r: text, _ = r # ghetto-convert hex strings to int try: target_ea = int(text, 16) except ValueError: pass ida_kernwin.jumpto(target_ea) return True
def get_highlighted_identifier(): """ Get currently highlighted text. :return: Highlighted text or "" """ fn = _get_fn_by_version(ida_kernwin, 'get_highlight', 'get_highlighted_identifier', idaapi) if idaapi.IDA_SDK_VERSION >= 700: viewer = ida_kernwin.get_current_viewer() highlight = fn(viewer) if highlight and highlight[1]: return highlight[0] return fn()
def rename_func(): """rename function, suggests current identifier as function name""" name = _get_identifier() if name: str = ida_kernwin.ask_str(name, -1, "Rename function") if str: f = ida_funcs.get_func(ida_kernwin.get_screen_ea()) if f: if ida_name.set_name(f.start_ea, str, ida_name.SN_NOCHECK): cv = ida_kernwin.get_current_viewer() if ida_kernwin.get_widget_type( cv) == ida_kernwin.BWN_PSEUDOCODE: vd = ida_hexrays.get_widget_vdui(cv) if vd: vd.refresh_view(True) return
def get_cursor_reg(ea): #print 'get_cursor_reg' if 'get_highlight' in dir(ida_kernwin): #in IDA 7.1 w = ida_kernwin.get_current_viewer() t = ida_kernwin.get_highlight(w) reg = None if t: reg, _ = t else: #in IDA 6.98 reg = ida_kernwin.get_highlighted_identifier() if reg is None: return None reg = get_reg_canon_name(ea, reg) if reg in idautils.GetRegisterList(): return reg return None
def runToUserSpace(self): #self.bookmark_view.runToUserSpace() #time.sleep(3) print('runToUser do resynch') v = ida_kernwin.get_current_viewer() r = ida_kernwin.get_view_renderer_type(v) dotoggle = False ''' work around ida bug "nrect(26)" error ''' if r == ida_kernwin.TCCRT_GRAPH: dotoggle = True ida_kernwin.process_ui_action("ToggleRenderer") print('resynch to server') simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.resynch()");') time.sleep(1) eip = gdbProt.getEIPWhenStopped() print('resynch got eip 0x%x now sig client' % eip) if dotoggle: ida_kernwin.process_ui_action("ToggleRenderer") self.signalClient()
def run(self, arg): # Get the highlighted identifier v = ida_kernwin.get_current_viewer() ident, ok = ida_kernwin.get_highlight(v) if not ok: print "No identifier was highlighted" return ident = self.sanitize_name(ident) print "Looking up '%s' in MSDN online" % ident d = feedparser.parse(get_url(ident)) if len(d['entries']) > 0: url = d['entries'][0].link if arg > 0: print("URL: %s" % url) else: import webbrowser webbrowser.open_new_tab(url) else: print "API documentation not found for: %s" % ident
def run(self, arg): # Get the highlighted identifier v = ida_kernwin.get_current_viewer() ident, ok = ida_kernwin.get_highlight(v) if not ok: print("No identifier was highlighted") return ident = self.sanitize_name(ident) print("Looking up '%s' in MSDN online" % ident) d = feedparser.parse(get_url(ident)) if len(d['entries']) > 0: url = d['entries'][0].link if arg > 0: print("URL: %s" % url) else: import webbrowser webbrowser.open_new_tab(url) else: print("API documentation not found for: %s" % ident)
def run(self, arg): # Get the highlighted identifier v = ida_kernwin.get_current_viewer() ident, ok = ida_kernwin.get_highlight(v) if not ok: print "No identifier was highlighted" return ident = self.sanitize_name(ident) print "Looking up '%s' in MSDN online" % ident qurl = "https://social.msdn.microsoft.com/search/en-US/feed?query=%s&format=RSS&theme=feed%%2fen-us" d = feedparser.parse(qurl % ident) if len(d['entries']) > 0: url = d['entries'][0].link if arg > 0: print("URL: %s" % url) else: import webbrowser webbrowser.open_new_tab(url) else: print "API documentation not found for: %s" % ident
def highlight_symbol_in_DECOMP(): """ Select a symbol in the IDA DISASM view, highlight the corresponding symbol in DECOMP view. """ # print("GhIDA:: [DEBUG] highlight_symbol_in_DECOMP called") symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: return converted_symbol = from_ida_to_ghidra_syntax_conversion(symbol) decompiler_widget = idaapi.find_widget('Decompiled Function') if converted_symbol: # Update IDA DECOMP view idaapi.set_highlight(decompiler_widget, converted_symbol, 1) else: idaapi.set_highlight(decompiler_widget, 'aaabbbccc', 1) return
def grab_focus(title): done = False limit = 10 i = 0 while not done: form = find_widget(title) if form is None: print('No form titled %s' % title) break activate_widget(form, True) cur_form = get_current_widget() if form == cur_form: done = True else: cur_form = ida_kernwin.get_current_viewer() if cur_form == form: print('**but the viewer matches?') done = True else: print('failed grab focus %s' % title) time.sleep(1) i = i + 1 if i > limit: done = True
def for_each_call_to(callback, va=None): """For each xref to va that is a call, pass xref va to callback. Falls back to highlighted identifier or current location if va is unspecified. """ if not va: v = ida_kernwin.get_current_viewer() hi = ida_kernwin.get_highlight(v) if hi and hi[1]: nm = hi[0] va = idc.get_name_ea_simple(nm) if va >= idaapi.cvar.inf.maxEA: va = None va = va or idc.here() # Obtain and de-duplicate addresses of xrefs that are calls callsites = set([ x.frm for x in idautils.XrefsTo(va) if idc.print_insn_mnem(x.frm) == 'call' ]) for va in callsites: callback(va)
def __init__(self): self.prev_node = None self.graph_viewer = ida_kernwin.get_current_viewer()
def rename_symbol(self): """ Rename the symbol "symbol" with the new name provided by the user in the Pop-Up """ # Get the symbol symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: idaapi.warning("Select a symbol") return False # Get the address address = gl.get_address_for_symbol(symbol) if not address: print("GhIDA:: [!] Symbol %s not found" % symbol) return False # Display a Pop-up to get the new name new_name = gl.display_rename_form(address, symbol) if not new_name or len(new_name) == 0: return # Check for white_spaces in the new symbol name for letter in new_name: if not (letter.isdigit() or letter.isalpha() or letter == '_'): print("GhIDA:: [!] symbol name contains invalid char") return # Check if new_name is already used if gl.check_if_symbol_is_used(new_name): print("GhIDA:: [!] symble name already used") return # Update symbol name in SYMBLE DICT: gl.updated_symbol_name_for_address(symbol, address, new_name) # Update symbol name in IDA DISASM view. print("GhIDA:: [DEBUG] New symbol name: %s" % new_name) # Update symbol name in the decompiled view new_code = gl.rename_variable_in_text(self.__decompiled, symbol, new_name) self.update(self.__ea, new_code) # Add comments comment_list = COMMENTS_CACHE.get_comments_cache(self.__ea) if comment_list: self.add_comments(comment_list) print("GhIDA:: [INFO] Symbol name updated in IDA DECOMP view.") if idc.set_name(address, new_name): # Refresh the view idaapi.request_refresh(idaapi.IWID_DISASMS) # Highlight the new identifier gl.highlight_symbol_in_DISASM() print("GhIDA:: [INFO] Symbol name updated in IDA DISASM view.") return print("GhIDA:: [!] IDA DISASM rename error") return
def get_current_viewer(self): self.current_viewer = ida_kernwin.get_current_viewer() print("get current_viewer")
def _get_identifier(): """helper function""" r = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) return r[0] if r else None