def activate(self, ctx): if self.action == ACTION_HX_REMOVERETTYPE: if IDA7: vdui = idaapi.get_widget_vdui(ctx.widget) else: vdui = idaapi.get_tform_vdui(ctx.form) self.remove_rettype(vdui) vdui.refresh_ctext() elif self.action == ACTION_HX_COPYEA: ea = idaapi.get_screen_ea() if ea != idaapi.BADADDR: copy_to_clip("0x%X" % ea) print "Address 0x%X has been copied to clipboard" % ea elif self.action == ACTION_HX_COPYNAME: if IDA7: name = idaapi.get_highlight(idaapi.get_current_viewer())[0] else: name = idaapi.get_highlighted_identifier() if name: copy_to_clip(name) print "%s has been copied to clipboard" % name else: return 0 return 1
def activate(self, ctx): vu = idaapi.get_tform_vdui(ctx.form) if not vu or not self.sel: print "No vdui? Strange, since this action should be enabled only for pseudocode views." return 0 form = XrefsForm(self.sel) form.Show() return 1
def refresh_views(): """ Refresh the IDA views. """ # refresh IDA views idaapi.refresh_idaview_anyway() # refresh hexrays view, if active current_tform = idaapi.get_current_tform() vu = idaapi.get_tform_vdui(current_tform) if vu: vu.refresh_ctext()
def get_cursor_func_ref(): """ Get the function reference under the user cursor. Returns BADADDR or a valid function address. """ current_tform = idaapi.get_current_tform() tform_type = idaapi.get_tform_type(current_tform) # get the hexrays vdui (if available) vu = idaapi.get_tform_vdui(current_tform) # # hexrays view is active # if vu: cursor_addr = vu.item.get_ea() # # disassembly view is active # elif tform_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() # # if the cursor is over an operand value that has a function ref, # use that as a valid rename target # op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum()) op_func = idaapi.get_func(op_addr) if op_func and op_func.startEA == op_addr: return op_addr # unsupported/unknown view is active else: return idaapi.BADADDR # # if the cursor is over a function definition or other reference, use that # as a valid rename target # cursor_func = idaapi.get_func(cursor_addr) if cursor_func and cursor_func.startEA == cursor_addr: return cursor_addr # fail return idaapi.BADADDR
def update(self, ctx): vu = idaapi.get_tform_vdui(ctx.form) if not vu: return idaapi.AST_DISABLE_FOR_FORM else: vu.get_current_item(idaapi.USE_KEYBOARD) item = vu.item self.sel = None if item.citype == idaapi.VDI_EXPR and item.it.to_specific_type.opname in ('obj', 'memref', 'memptr'): # if an expression is selected. verify that it's either a cot_obj, cot_memref or cot_memptr self.sel = item.it.to_specific_type elif item.citype == idaapi.VDI_FUNC: # if the function itself is selected, show xrefs to it. self.sel = item.f return idaapi.AST_ENABLE if self.sel else idaapi.AST_DISABLE
def activate(self, ctx): # ctx - action_activation_ctx_t vu = idaapi.get_tform_vdui(ctx.form) function_tinfo = idaapi.tinfo_t() if not vu.cfunc.get_func_type(function_tinfo): return function_details = idaapi.func_type_data_t() function_tinfo.get_func_details(function_details) convention = idaapi.CM_CC_MASK & function_details.cc if convention == idaapi.CM_CC_CDECL: function_details.cc = idaapi.CM_CC_SPECIAL elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL, idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL): function_details.cc = idaapi.CM_CC_SPECIALP elif convention == idaapi.CM_CC_ELLIPSIS: function_details.cc = idaapi.CM_CC_SPECIALE else: return function_tinfo.create_func(function_details) idaapi.apply_tinfo2(vu.cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE) vu.refresh_view(True)
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) origin = self.temporary_structure.main_offset var_type = self.check(hx_view.item) if var_type == "LOCAL": variable = hx_view.item.get_lvar() # lvar_t index = list(hx_view.cfunc.get_lvars()).index(variable) scanner = ShallowSearchVisitor(hx_view.cfunc, origin, index) elif var_type == "GLOBAL": gvar = hx_view.item.it.to_specific_type name = idc.GetTrueName(gvar.obj_ea) tinfo = gvar.type scanner = ShallowSearchVisitor(hx_view.cfunc, origin, global_variable=(name, tinfo)) else: return scanner.process() for field in scanner.candidates: self.temporary_structure.add_row(field) scanner.clear()
def get_cursor_func_ref(): current_tform = idaapi.get_current_tform() tform_type = idaapi.get_tform_type(current_tform) # get the hexrays vdui (if available) vu = idaapi.get_tform_vdui(current_tform) if vu: cursor_addr = vu.item.get_ea() elif tform_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() op_addr = idc.GetOperandValue(cursor_addr, idaapi.get_opnum()) op_func = idaapi.get_func(op_addr) if op_func and op_func.startEA == op_addr: return op_addr else: return idaapi.BADADDR cursor_func = idaapi.get_func(cursor_addr) if cursor_func and cursor_func.startEA == cursor_addr: return cursor_addr return idaapi.BADADDR
def update(self, ctx): if IDA7: vdui = idaapi.get_widget_vdui(ctx.widget) return idaapi.AST_ENABLE_FOR_WIDGET if vdui else idaapi.AST_DISABLE_FOR_WIDGET vdui = idaapi.get_tform_vdui(ctx.form) return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
def activate(self, ctx): vdui = idaapi.get_tform_vdui(ctx.form) self.inverter.invert_if_event(vdui) return 1
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) result = self.check(hx_view.cfunc, hx_view.item) if result: if result[0] == RECAST_LOCAL_VARIABLE: tinfo, lvar = result[1:] if hx_view.set_lvar_type(lvar, tinfo): hx_view.refresh_view(True) elif result[0] == RECAST_GLOBAL_VARIABLE: tinfo, address = result[1:] if idaapi.apply_tinfo2(address, tinfo, idaapi.TINFO_DEFINITE): hx_view.refresh_view(True) elif result[0] == RECAST_ARGUMENT: arg_index, func_tinfo, arg_tinfo, address = result[1:] func_data = idaapi.func_type_data_t() func_tinfo.get_func_details(func_data) func_data[arg_index].type = arg_tinfo new_func_tinfo = idaapi.tinfo_t() new_func_tinfo.create_func(func_data) if idaapi.apply_tinfo2(address, new_func_tinfo, idaapi.TINFO_DEFINITE): hx_view.refresh_view(True) elif result[0] == RECAST_RETURN: return_type, func_address = result[1:] try: cfunc = idaapi.decompile( func_address) if func_address else hx_view.cfunc except idaapi.DecompilationFailure: print "[ERROR] Ida failed to decompile function" return function_tinfo = idaapi.tinfo_t() cfunc.get_func_type(function_tinfo) func_data = idaapi.func_type_data_t() function_tinfo.get_func_details(func_data) func_data.rettype = return_type function_tinfo.create_func(func_data) if idaapi.apply_tinfo2(cfunc.entry_ea, function_tinfo, idaapi.TINFO_DEFINITE): hx_view.refresh_view(True) elif result[0] == RECAST_STRUCTURE: structure_name, field_offset, new_type = result[1:] tinfo = idaapi.tinfo_t() tinfo.get_named_type(idaapi.cvar.idati, structure_name) ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati, structure_name) if ordinal: udt_member = idaapi.udt_member_t() udt_member.offset = field_offset * 8 idx = tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member) if udt_member.offset != field_offset * 8: print "[Info] Can't handle with arrays yet" elif udt_member.type.get_size() != new_type.get_size(): print "[Info] Can't recast different sizes yet" else: udt_data = idaapi.udt_type_data_t() tinfo.get_udt_details(udt_data) udt_data[idx].type = new_type tinfo.create_udt(udt_data, idaapi.BTF_STRUCT) tinfo.set_numbered_type(idaapi.cvar.idati, ordinal, idaapi.NTF_REPLACE, structure_name) hx_view.refresh_view(True)
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) lvar = hx_view.cfunc.get_lvars()[hx_view.item.e.v.idx] hx_view.set_lvar_cmt(lvar, re.sub("```.*```", '', lvar.cmt)) hx_view.refresh_view(True)
def update(self, ctx): vdui = idaapi.get_tform_vdui(ctx.form) return idaapi.AST_ENABLE_FOR_FORM if vdui else idaapi.AST_DISABLE_FOR_FORM
def get_cursor_func_ref(): """ Get the function reference under the user cursor. Returns BADADDR or a valid function address. """ # NOTE / COMPAT: if using_ida7api: current_widget = idaapi.get_current_widget() form_type = idaapi.get_widget_type(current_widget) vu = idaapi.get_widget_vdui(current_widget) else: current_tform = idaapi.get_current_tform() form_type = idaapi.get_tform_type(current_tform) vu = idaapi.get_tform_vdui(current_tform) # # hexrays view is active # if vu: cursor_addr = vu.item.get_ea() # # disassembly view is active # elif form_type == idaapi.BWN_DISASM: cursor_addr = idaapi.get_screen_ea() opnum = idaapi.get_opnum() if opnum != -1: # # if the cursor is over an operand value that has a function ref, # use that as a valid rename target # # NOTE/COMPAT: if using_ida7api: op_addr = idc.get_operand_value(cursor_addr, opnum) else: op_addr = idc.GetOperandValue(cursor_addr, opnum) op_func = idaapi.get_func(op_addr) # NOTE/COMPAT: if using_ida7api: if op_func and op_func.start_ea == op_addr: return op_addr else: if op_func and op_func.startEA == op_addr: return op_addr # unsupported/unknown view is active else: return idaapi.BADADDR # # if the cursor is over a function definition or other reference, use that # as a valid rename target # cursor_func = idaapi.get_func(cursor_addr) # NOTE/COMPAT: if using_ida7api: if cursor_func and cursor_func.start_ea == cursor_addr: return cursor_addr else: if cursor_func and cursor_func.startEA == cursor_addr: return cursor_addr # fail return idaapi.BADADDR
def update(self, ctx): vdui = idaapi.get_tform_vdui(ctx.form) if vdui: return idaapi.AST_ENABLE_FOR_FORM else: return idaapi.AST_DISABLE_FOR_FORM
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) variable = hx_view.item.get_lvar() # lvar_t self.scan(hx_view, variable)
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.widget) result = self.check(hx_view.cfunc, hx_view.item) if result is None: return struct_tinfo, offset, idx = result ordinal = struct_tinfo.get_ordinal() struct_name = struct_tinfo.dstr() if (offset + idx) % 2: default_field_type = "_BYTE" elif (offset + idx) % 4: default_field_type = "_WORD" else: default_field_type = "_DWORD" declaration = idaapi.asktext( 0x10000, "{0} field_{1:X}".format(default_field_type, offset + idx), "Enter new structure member:" ) if declaration is None: return result = self.__parse_declaration(declaration) if result is None: return field_tinfo, field_name = result field_size = field_tinfo.get_size() udt_data = idaapi.udt_type_data_t() udt_member = idaapi.udt_member_t() struct_tinfo.get_udt_details(udt_data) udt_member.offset = offset * 8 struct_tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member) gap_size = udt_member.size // 8 gap_leftover = gap_size - idx - field_size if gap_leftover < 0: print "[ERROR] Too big size for the field. Type with maximum {0} bytes can be used".format(gap_size - idx) return iterator = udt_data.find(udt_member) iterator = udt_data.erase(iterator) if gap_leftover > 0: udt_data.insert(iterator, TemporaryStructureModel.get_padding_member(offset + idx + field_size, gap_leftover)) udt_member = idaapi.udt_member_t() udt_member.offset = offset * 8 + idx udt_member.name = field_name udt_member.type = field_tinfo udt_member.size = field_size iterator = udt_data.insert(iterator, udt_member) if idx > 0: udt_data.insert(iterator, TemporaryStructureModel.get_padding_member(offset, idx)) struct_tinfo.create_udt(udt_data, idaapi.BTF_STRUCT) struct_tinfo.set_numbered_type(idaapi.cvar.idati, ordinal, idaapi.BTF_STRUCT, struct_name) hx_view.refresh_view(True)
def check(ctx): hx_view = idaapi.get_tform_vdui(ctx.form) return hx_view.cfunc.get_rettype().equals_to(Const.VOID_TINFO)