def goto(shift=False): print("GhIDA:: [DEBUG] goto called") symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: return False address = gl.get_address_for_symbol(symbol) if not address: return False print("OnDblClick, shift=%d, selection:%s, address:%s" % (shift, symbol, address)) # Update IDA DISASM view idaapi.jumpto(address) # Update IDA DECOMP view ea = gl.convert_address(address) print("GhIDA:: [DEBUG] update view to %s" % ea) DECOMP_VIEW.switch_to_address(ea) return True
def highlight_symbol_in_DISASM(): """ Select a symbol in the DECOMP view, highlight the corresponding symbols in IDA DISASM view. """ # print("GhIDA:: [DEBUG] highlight_symbol_in_DISASM called") disasm_widget = idaapi.find_widget('IDA View-A') symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: # TODO improve it # Highlight a non-existing symbole idaapi.set_highlight(disasm_widget, 'aaabbbccc', 1) return True converted_symbol = from_ghidra_to_ida_syntax_conversion(symbol) if converted_symbol: # Update IDA DISASM view idaapi.set_highlight(disasm_widget, converted_symbol, 1) else: # TODO improve it # Highlight a non-existing symbole idaapi.set_highlight(disasm_widget, 'aaabbbccc', 1) return True
def get_ea_from_highlight(): view = idaapi.get_current_viewer() thing = ida_kernwin.get_highlight(view) if thing and thing[1]: # we have a highligh, is it a valid name ? ea = idc.get_name_ea_simple(thing[0]) if ea != idaapi.BADADDR: return ea # get name at screen ea ea = idc.get_screen_ea() name = idc.get_name(ea, idaapi.GN_DEMANGLED) if name and thing[0] in name: return ea # Try to get full highlight name place = idaapi.get_custom_viewer_place(view, False) if place and len(place) == 3: # (plate_t, x, y) ea = place[0].toea() far_code_refs = [xref.to for xref in idautils.XrefsFrom(ea, ida_xref.XREF_FAR)] if far_code_refs: return far_code_refs[0] # First xref # Reach now, we do not have any valid name, return current screen ea return idc.get_screen_ea()
def get_selected_text(): """ Get the highlight text. If none, force IDA copy text and we will get from clipboard """ text = "" old_text = clip_text() view = idaapi.get_current_viewer() if view: thing = ida_kernwin.get_highlight(view) if thing and thing[1]: text = thing[0] # We not have a highlight text if not text: for action in idaapi.get_registered_actions(): if "Copy" in action: shortcut = idaapi.get_action_shortcut(action) state = idaapi.get_action_state(action) if ("Ctrl-C" in shortcut) and (state and state[0] and (state[1] <= idaapi.AST_ENABLE)): idaapi.process_ui_action(action) text = clip_text() if text != old_text: break if not text: plg_print("Could not get any highlight/auto copied text\n" \ "Search with old clipboard text: '%s'" % old_text) text = old_text return text
def activate(self, ctx): cur_ea = ida_kernwin.get_screen_ea() pfn = ida_funcs.get_func(cur_ea) if pfn: v = ida_kernwin.get_current_viewer() result = ida_kernwin.get_highlight(v) if result: stkvar_name, _ = result frame = ida_frame.get_frame(cur_ea) sptr = ida_struct.get_struc(frame.id) mptr = ida_struct.get_member_by_name(sptr, stkvar_name) if mptr: fii = ida_funcs.func_item_iterator_t() ok = fii.set(pfn) while ok: ea = fii.current() F = ida_bytes.get_flags(ea) for n in range(ida_ida.UA_MAXOP): if not ida_bytes.is_stkvar(F, n): continue insn = ida_ua.insn_t() if not ida_ua.decode_insn(insn, ea): continue v = ida_frame.calc_stkvar_struc_offset( pfn, insn, n) if v >= mptr.soff and v < mptr.eoff: print("Found xref at 0x%08x, operand #%d" % (ea, n)) ok = fii.next_code() else: print("No stack variable named \"%s\"" % stkvar_name) else: print("Please position the cursor within a function")
def arachno(): """gets textual representation of currently selected identifier from any current IDA view, opens a new browser tab and googles for it """ r = kw.get_highlight(kw.get_current_viewer()) if r: webbrowser.open("https://google.com/search?q=%s" % r[0], new=2)
def getHighlight(): if idaapi.IDA_SDK_VERSION <= 699: retval = idaapi.get_highlighted_identifier() else: v = ida_kernwin.get_current_viewer() t = ida_kernwin.get_highlight(v) retval = None if t is None: print('Nothing highlighted in viewer %s' % str(v)) else: retval, flags = t return retval
def get_curr_highlighted_str(): """ Return the currently highlighted identifier or None if nothing is highlighted. This get it from the current view. :return: The string of the highlighted object or None if nothing is highlighted. """ t = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if t is None: return t return t[0]
def OnDblClick(self, node_id): target_ea = self.items[node_id].ea r = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if r: text, _ = r # ghetto-convert hex strings to int try: target_ea = int(text, 16) except ValueError: pass ida_kernwin.jumpto(target_ea) return True
def get_cursor_reg(ea): #print 'get_cursor_reg' if 'get_highlight' in dir(ida_kernwin): #in IDA 7.1 w = ida_kernwin.get_current_viewer() t = ida_kernwin.get_highlight(w) reg = None if t: reg, _ = t else: #in IDA 6.98 reg = ida_kernwin.get_highlighted_identifier() if reg is None: return None reg = get_reg_canon_name(ea, reg) if reg in idautils.GetRegisterList(): return reg return None
def run(self, arg): # Get the highlighted identifier v = ida_kernwin.get_current_viewer() ident, ok = ida_kernwin.get_highlight(v) if not ok: print("No identifier was highlighted") return ident = self.sanitize_name(ident) print("Looking up '%s' in MSDN online" % ident) d = feedparser.parse(get_url(ident)) if len(d['entries']) > 0: url = d['entries'][0].link if arg > 0: print("URL: %s" % url) else: import webbrowser webbrowser.open_new_tab(url) else: print("API documentation not found for: %s" % ident)
def run(self, arg): # Get the highlighted identifier v = ida_kernwin.get_current_viewer() ident, ok = ida_kernwin.get_highlight(v) if not ok: print "No identifier was highlighted" return ident = self.sanitize_name(ident) print "Looking up '%s' in MSDN online" % ident d = feedparser.parse(get_url(ident)) if len(d['entries']) > 0: url = d['entries'][0].link if arg > 0: print("URL: %s" % url) else: import webbrowser webbrowser.open_new_tab(url) else: print "API documentation not found for: %s" % ident
def run(self, arg): # Get the highlighted identifier v = ida_kernwin.get_current_viewer() ident, ok = ida_kernwin.get_highlight(v) if not ok: print "No identifier was highlighted" return ident = self.sanitize_name(ident) print "Looking up '%s' in MSDN online" % ident qurl = "https://social.msdn.microsoft.com/search/en-US/feed?query=%s&format=RSS&theme=feed%%2fen-us" d = feedparser.parse(qurl % ident) if len(d['entries']) > 0: url = d['entries'][0].link if arg > 0: print("URL: %s" % url) else: import webbrowser webbrowser.open_new_tab(url) else: print "API documentation not found for: %s" % ident
def highlight_symbol_in_DECOMP(): """ Select a symbol in the IDA DISASM view, highlight the corresponding symbol in DECOMP view. """ # print("GhIDA:: [DEBUG] highlight_symbol_in_DECOMP called") symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: return converted_symbol = from_ida_to_ghidra_syntax_conversion(symbol) decompiler_widget = idaapi.find_widget('Decompiled Function') if converted_symbol: # Update IDA DECOMP view idaapi.set_highlight(decompiler_widget, converted_symbol, 1) else: idaapi.set_highlight(decompiler_widget, 'aaabbbccc', 1) return
def for_each_call_to(callback, va=None): """For each xref to va that is a call, pass xref va to callback. Falls back to highlighted identifier or current location if va is unspecified. """ if not va: v = ida_kernwin.get_current_viewer() hi = ida_kernwin.get_highlight(v) if hi and hi[1]: nm = hi[0] va = idc.get_name_ea_simple(nm) if va >= idaapi.cvar.inf.maxEA: va = None va = va or idc.here() # Obtain and de-duplicate addresses of xrefs that are calls callsites = set([ x.frm for x in idautils.XrefsTo(va) if idc.print_insn_mnem(x.frm) == 'call' ]) for va in callsites: callback(va)
def rename_symbol(self): """ Rename the symbol "symbol" with the new name provided by the user in the Pop-Up """ # Get the symbol symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) if ret and ret[1]: symbol = ret[0] if not symbol: idaapi.warning("Select a symbol") return False # Get the address address = gl.get_address_for_symbol(symbol) if not address: print("GhIDA:: [!] Symbol %s not found" % symbol) return False # Display a Pop-up to get the new name new_name = gl.display_rename_form(address, symbol) if not new_name or len(new_name) == 0: return # Check for white_spaces in the new symbol name for letter in new_name: if not (letter.isdigit() or letter.isalpha() or letter == '_'): print("GhIDA:: [!] symbol name contains invalid char") return # Check if new_name is already used if gl.check_if_symbol_is_used(new_name): print("GhIDA:: [!] symble name already used") return # Update symbol name in SYMBLE DICT: gl.updated_symbol_name_for_address(symbol, address, new_name) # Update symbol name in IDA DISASM view. print("GhIDA:: [DEBUG] New symbol name: %s" % new_name) # Update symbol name in the decompiled view new_code = gl.rename_variable_in_text(self.__decompiled, symbol, new_name) self.update(self.__ea, new_code) # Add comments comment_list = COMMENTS_CACHE.get_comments_cache(self.__ea) if comment_list: self.add_comments(comment_list) print("GhIDA:: [INFO] Symbol name updated in IDA DECOMP view.") if idc.set_name(address, new_name): # Refresh the view idaapi.request_refresh(idaapi.IWID_DISASMS) # Highlight the new identifier gl.highlight_symbol_in_DISASM() print("GhIDA:: [INFO] Symbol name updated in IDA DISASM view.") return print("GhIDA:: [!] IDA DISASM rename error") return
def _get_identifier(): """helper function""" r = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) return r[0] if r else None