def run(self): '''Start the plugin.''' if not idaapi.init_hexrays_plugin(): print "HRDEV Error: Failed to initialise Hex-Rays plugin." return function_name = idaapi.get_func_name(idaapi.get_screen_ea()) demangled_name = self.tools.demangle_name(function_name) file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name)) cache_path = os.path.sep.join([self.current_dir, 'data', 'cache', self._bin_name]) if not os.path.isdir(cache_path): os.mkdir(cache_path) complete_path = os.path.sep.join([cache_path, file_name]) if not os.path.isfile(complete_path): src = str(idaapi.decompile(idaapi.get_screen_ea())) self.tools.save_file(complete_path, src) self.tools.set_file_path(complete_path) max_title = self.config_main.getint('etc', 'max_title') self.gui = include.gui.Canvas(self.config_main, self.config_theme, self.tools, demangled_name[:max_title]) self.gui.Show('HRDEV') self.parser = include.syntax.Parser(self) self.parser.run(complete_path) return
def init(self): """ Ensure plugin's line modification function is called whenever needed. If Hex-Rays is not installed, or is not initialized yet, then plugin will not load. To ensure that the plugin loads after Hex-Rays, please name your plugin's .py file with a name that starts lexicographically after "hexx86f" """ try: if idaapi.init_hexrays_plugin(): def hexrays_event_callback(event, *args): if event == idaapi.hxe_refresh_pseudocode: # We use this event instead of hxe_text_ready because # MacOSX doesn't seem to work well with it # TODO: Look into this vu, = args self.run_over_cfunc(vu.cfunc) return 0 idaapi.install_hexrays_callback(hexrays_event_callback) else: return idaapi.PLUGIN_SKIP except AttributeError: print "init_hexrays_plugin() not found. Skipping Hex-Rays plugin." return idaapi.PLUGIN_KEEP
def _init_hexrays_hooks(self): """ Install Hex-Rrays hooks (when available). NOTE: This is called when the ui_ready_to_run event fires. """ if idaapi.init_hexrays_plugin(): idaapi.install_hexrays_callback(self._hooks.hxe_callback)
def versions(): """Returns IDA & Python versions""" import sys return { 'python': sys.version, 'ida': idaapi.get_kernel_version(), 'hexrays': idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None }
def init(self): if idaapi.init_hexrays_plugin(): i = hexrays_callback_info() idaapi.register_action( idaapi.action_desc_t(force_width_actname, "Force lvar width", force_width_action_handler_t(i), "Shift-W")) idaapi.install_hexrays_callback(i.event_callback) print 'Hex-Rays lvar width forcer by ecx86 loaded!' else: print 'Force lvar width: Hexrays is not available.'
def hook(self): if self._available is None: if not idaapi.init_hexrays_plugin(): logger.info("Hex-Rays SDK is not available") self._available = False else: idaapi.install_hexrays_callback(self._hxe_callback) self._available = True if self._available: self._installed = True
def init(): if not idaapi.init_hexrays_plugin(): logging.error("Failed to initialize Hex-Rays SDK") return idaapi.PLUGIN_SKIP action_manager.initialize() hx_callback_manager.initialize() cache.temporary_structure = TemporaryStructureModel() const.init() XrefStorage().open() return idaapi.PLUGIN_KEEP
def _init_hexrays_hooks(self): """ Install Hex-Rays hooks (when available). """ result = False if idaapi.init_hexrays_plugin(): logger.debug("HexRays present, installing hooks...") result = idaapi.install_hexrays_callback(self._hxe_callback) logger.debug("HexRays hooked: %r" % result)
def versions(): """Returns IDA & Python versions""" import sys return { "python": sys.version, "ida": idaapi.get_kernel_version(), "hexrays": idaapi.get_hexrays_version() if idaapi.init_hexrays_plugin() else None, }
def decompile_and_get(self, ea): decompiler_plugin = get_decompiler_plugin() if not init_hexrays_plugin() and not (load_plugin(decompiler_plugin) and init_hexrays_plugin()): return False f = get_func(ea) if f is None: return False try: cfunc = decompile(f) except: Warning("Error decompiling function: %s" % str(sys.exc_info())[1]) return False if cfunc is None: # Failed to decompile return False cmts = idaapi.restore_user_cmts(cfunc.entry_ea) if cmts is not None: for tl, cmt in cmts.iteritems(): self.pseudo_comments[tl.ea - self.get_base_address()] = [ str(cmt), tl.itp ] sv = cfunc.get_pseudocode() self.pseudo[ea] = [] first_line = None for sline in sv: line = tag_remove(sline.line) if line.startswith("//"): continue if first_line is None: first_line = line else: self.pseudo[ea].append(line) return first_line
def check_ida(self): if idaapi.IDA_SDK_VERSION < 730: BinaryAILog.log(BinaryAILog.ERROR, "Need IDA >= 7.3") return False if not idaapi.init_hexrays_plugin(): BinaryAILog.log(BinaryAILog.ERROR, "Hex-Rays decompiler not exists") return False if not idaapi.is_idaq(): BinaryAILog.log(BinaryAILog.INFO, "Plugin should not be loaded in idaq mode") return False return True
def init(self): """ This method is called when IDA is loading the plugin. It will first load the configuration file, then initialize all the modules. """ if idaapi.init_hexrays_plugin(): self.hexrays_hooks = HexRaysHooks() self.core_hook = CPPHooks() self.gui_hook = CPPUIHooks() self.hook() self.install_hotkey() keep = ida_idaapi.PLUGIN_KEEP return keep
def run(self): '''Start the plugin.''' if not idaapi.init_hexrays_plugin(): print "HRDEV Error: Failed to initialise Hex-Rays plugin." return function_name = idaapi.get_func_name(idaapi.get_screen_ea()) demangled_name = self.tools.demangle_name(function_name) src = idaapi.decompile(idaapi.get_screen_ea()) file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name)) cache_path = os.path.sep.join( [tempfile.gettempdir(), 'hrdev_cache', self._bin_name]) # Create required directories if they dont exist tmp_dir_path = os.path.sep.join([tempfile.gettempdir(), 'hrdev_cache']) if not os.path.isdir(tmp_dir_path): os.mkdir(tmp_dir_path) if not os.path.isdir(cache_path): os.mkdir(cache_path) complete_path = os.path.sep.join([cache_path, file_name]) idaapi.msg("HRDEV cache path: {}\n".format(complete_path)) # Check if file is already in cache if not os.path.isfile(complete_path) or \ self.config_main.getboolean('etc', 'disable_cache'): self.tools.save_file(complete_path, str(src)) self.tools.set_file_path(complete_path) lvars = {} for v in src.lvars: _type = idaapi.print_tinfo('', 0, 0, idaapi.PRTYPE_1LINE, v.tif, '', '') lvars[str(v.name)] = "{} {} {}".\ format(_type, str(v.name), str(v.cmt)) max_title = self.config_main.getint('etc', 'max_title') self.gui = hrdev_plugin.include.gui.Canvas(self.config_main, self.config_theme, self.tools, lvars, demangled_name[:max_title]) self.gui.Show('HRDEV') self.parser = hrdev_plugin.include.syntax.Parser(self, lvars) self.parser.run(complete_path) return
def run(self): '''Start the plugin.''' if not idaapi.init_hexrays_plugin(): print "HRDEV Error: Failed to initialise Hex-Rays plugin." return function_name = idaapi.get_func_name(idaapi.get_screen_ea()) demangled_name = self.tools.demangle_name(function_name) file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name)) cache_path = os.path.sep.join([tempfile.gettempdir(), 'hrdev_cache', self._bin_name]) # Create require directories if they dont exist tmp_dir_path = os.path.sep.join([tempfile.gettempdir(), 'hrdev_cache']) if not os.path.isdir(tmp_dir_path): os.mkdir(tmp_dir_path) if not os.path.isdir(cache_path): os.mkdir(cache_path) complete_path = os.path.sep.join([cache_path, file_name]) idaapi.msg("HRDEV cache path: {}\n".format(complete_path)) src = idaapi.decompile(idaapi.get_screen_ea()) lvars = {} for v in src.lvars: _type = idaapi.print_tinfo('', 0, 0, idaapi.PRTYPE_1LINE, v.tif, '', '') lvars[str(v.name)] = "{} {} {}".\ format(_type, str(v.name), str(v.cmt)) # Check if file is already in cache if not os.path.isfile(complete_path): self.tools.save_file(complete_path, str(src)) self.tools.set_file_path(complete_path) max_title = self.config_main.getint('etc', 'max_title') self.gui = hrdev_plugin.include.gui.Canvas(self.config_main, self.config_theme, self.tools, lvars, demangled_name[:max_title]) self.gui.Show('HRDEV') self.parser = hrdev_plugin.include.syntax.Parser(self) self.parser.run(complete_path) return
def load_plugin_decompiler(): ''' load the hexray plugins :return: success or not ''' is_ida64 = GetIdbPath().endswith(".i64") if not is_ida64: idaapi.load_plugin("hexrays") idaapi.load_plugin("hexarm") else: idaapi.load_plugin("hexx64") if not idaapi.init_hexrays_plugin(): l.error('[+] decompiler plugins load failed. IDAdb: %s' % GetInputFilePath()) idc.Exit(0)
def init(self): # just go when we have hexrays if not idaapi.init_hexrays_plugin(): return idaapi.PLUGIN_SKIP # initialize the menu actions our plugin will inject self._init_action_bulk() self._init_action_copy() # initialize plugin hooks self._init_hooks() # done idaapi.msg("%s %s initialized...\n" % (self.wanted_name, VERSION)) return idaapi.PLUGIN_KEEP
def init(self): idaapi.msg('[*] Pwndbg XML RPC plugin loaded.\n') if idaapi.init_hexrays_plugin(): addon = idaapi.addon_info_t() addon.id = "com.pwndbg.pwndbg" addon.name = "Pwndbg XML RPC" addon.producer = "pwndbg" addon.url = "https://github.com/pwndbg/pwndbg" addon.version = "1.0.0.0" idaapi.register_addon(addon) self.pwndbgRPC = PwndbgRPC() return idaapi.PLUGIN_KEEP
def run(self, arg): """ Launch when you press Ctrl-Shift-M """ if idaapi.init_hexrays_plugin(): if not ComIDA.hxehook: ComResultsForm(find_com_references()).show() ComIDA.hxehook = ComIdaHook() ComIDA.hxehook.hook() else: ComIDA.hxehook.unhook() ComIDA.hxehook = None ComIDA.log("%s is %sabled now." % (ComIDA.wanted_name, "en" if ComIDA.hxehook else "dis"))
def _init_hexrays_hooks(self): """ Install Hex-Rrays hooks (when available). NOTE: This is called when the ui_ready_to_run event fires. """ if idaapi.init_hexrays_plugin(): idaapi.install_hexrays_callback(self._hxe_callback) # # we only use self._hooks (UI_Hooks) to install our hexrays hooks. # since this 'init' function should only ever be called once, remove # our UI_Hooks now to clean up after ourselves. # self._hooks.unhook()
def init(self): if not idaapi.init_hexrays_plugin(): log.error("Decompiler is not ready") return idaapi.PLUGIN_SKIP if not idaapi.install_hexrays_callback(callback): log.error("Failed to install hexrays callback") return idaapi.PLUGIN_SKIP log.info( "Hex-Rays version %s has been detected; %s is ready to use", idaapi.get_hexrays_version(), self.wanted_name, ) self.inited = True return idaapi.PLUGIN_KEEP
def init(): if not idaapi.init_hexrays_plugin(): print "[ERROR] Failed to initialize Hex-Rays SDK" return idaapi.PLUGIN_SKIP Cache.temporary_structure = TemporaryStructureModel() # Actions.register(Actions.CreateVtable) Actions.register(Actions.ShowGraph) Actions.register(Actions.ShowClasses) Actions.register(Actions.GetStructureBySize) Actions.register(Actions.RemoveArgument) Actions.register(Actions.AddRemoveReturn) Actions.register(Actions.ConvertToUsercall) Actions.register(Actions.ShallowScanVariable, Cache.temporary_structure) Actions.register(Actions.DeepScanVariable, Cache.temporary_structure) Actions.register(Actions.DeepScanReturn, Cache.temporary_structure) Actions.register(Actions.DeepScanFunctions, Cache.temporary_structure) Actions.register(Actions.RecognizeShape) Actions.register(Actions.CreateNewField) Actions.register(Actions.SelectContainingStructure, potential_negatives) Actions.register(Actions.ResetContainingStructure) Actions.register(Actions.RecastItemRight) Actions.register(Actions.RecastItemLeft) Actions.register(Actions.RenameOther) Actions.register(Actions.RenameInside) Actions.register(Actions.RenameOutside) Actions.register(Actions.RenameUsingAssert) Actions.register(Actions.SwapThenElse) Actions.register(Actions.FindFieldXrefs) Actions.register(Actions.PropagateName) Actions.register(Actions.GuessAllocation) idaapi.attach_action_to_menu('View/Open subviews/Local types', Actions.ShowClasses.name, idaapi.SETMENU_APP) idaapi.install_hexrays_callback(hexrays_events_callback) Const.init() XrefStorage().open() return idaapi.PLUGIN_KEEP
def decompile_func(ea): if not idaapi.init_hexrays_plugin(): return False f = idaapi.get_func(ea) if f is None: return False cfunc = idaapi.decompile(f) if cfunc is None: # Failed to decompile return False lines = [] sv = cfunc.get_pseudocode() for sline in sv: line = idaapi.tag_remove(sline.line) lines.append(line) return "\n".join(lines)
def init(self): # Some initialization global hexnight_cb_info, hexnight_cb, inttype if idaapi.init_hexrays_plugin() and idaapi.ph_get_id() == idaapi.PLFM_ARM: inttype = idaapi.get_int_type_by_width_and_sign(4, True) hexnight_cb_info = hexrays_callback_info() hexnight_cb = hexnight_cb_info.event_callback if idaapi.install_hexrays_callback(hexnight_cb): print "Hexnight plugin installed" addon = idaapi.addon_info_t(); addon.id = "org.xerub.hexnight"; addon.name = "Hexnight"; addon.producer = "xerub"; addon.url = "https://twitter.com/xerub"; addon.version = "7.0"; idaapi.register_addon( addon ); return idaapi.PLUGIN_KEEP print "Hexnight plugin failed" return idaapi.PLUGIN_SKIP
def main(): if not idaapi.init_hexrays_plugin(): return False print "Hex-rays version %s has been detected" % idaapi.get_hexrays_version() f = idaapi.get_func(idaapi.get_screen_ea()); if f is None: print "Please position the cursor within a function" return True cfunc = idaapi.decompile(f); if cfunc is None: print "Failed to decompile!" return True sv = cfunc.get_pseudocode(); for sline in sv: print idaapi.tag_remove(sline.line); return True
def init(self): # Some initialization global hexlight_cb_info, hexlight_cb if idaapi.init_hexrays_plugin(): hexlight_cb_info = hexrays_callback_info() hexlight_cb = hexlight_cb_info.event_callback if not idaapi.install_hexrays_callback(hexlight_cb): # print "could not install hexrays_callback" return idaapi.PLUGIN_SKIP print("Hexlight plugin installed") addon = idaapi.addon_info_t() addon.id = "milan.bohacek.hexlight" addon.name = "Hexlight" addon.producer = "Milan Bohacek" addon.url = "*****@*****.**" addon.version = "6.95" idaapi.register_addon(addon) return idaapi.PLUGIN_KEEP #print "init_hexrays_plugin failed" return idaapi.PLUGIN_SKIP
def __init__(self): self.enabled = False self.prev_ea = None self.discarded_ea = None self.last_func = None self.vdui_t = None self.cfunc = None self.eamap = None self.safe_mode = False self.event_cb = HexEventCb(self).event_cb if not idaapi.init_hexrays_plugin(): print("[sync] hexrays not available") else: version = idaapi.get_hexrays_version() print("[sync] hexrays #{} found".format(version)) major, minor, revision, build_date = [int(x) for x in version.split('.')] if (major < 7) or (major >= 7 and minor < 2): print("[sync] hexrays version >= 7.2 is needed") self.safe_mode = True
def init(self): """ This method is called when IDA is loading the plugin. It will first load the configuration file, then initialize all the modules. """ if idaapi.init_hexrays_plugin(): self.is_decompiler_on = True else: log.warn("Hex-Rays decompiler is not available") self.cpp_hooks = CPPHooks() self.gui_hooks = CPPUIHooks() if not self.hook(): log.warn("Failed to set hooks") return idaapi.PLUGIN_SKIP self.install_hotkey() log.info("Im up") return idaapi.PLUGIN_KEEP
def init(self): """ This is called by IDA when it is loading the plugin. """ # describe a custom IDA UI action action_desc = idaapi.action_desc_t( self.ACTION_LOAD_FILE, # Name. Acts as an ID. Must be unique. "BbTrace Flow File...", # Label. That's what users see. IDACtxEntry(self.interactive_load_file ), # Handler. Called when activated, and for updating None, # Shortcut (optional) "Load bbtrace flow file...", # Tooltip (optional) ACT_ICON) # Icon ID (optional) # register the action with IDA result = idaapi.register_action(action_desc) if not result: RuntimeError("Failed to register load_file action with IDA") # attach the action to the File-> dropdown menu result = idaapi.attach_action_to_menu( "File/Load file/", # Relative path of where to add the action self.ACTION_LOAD_FILE, # The action ID (see above) idaapi.SETMENU_APP # We want to append the action after ^ ) if not result: RuntimeError("Failed action attach load_file") if idaapi.init_hexrays_plugin(): idaapi.install_hexrays_callback(self.hexrays_event) else: print('hexrays is not available.') self.display = None print("BBTrace initialized.") return idaapi.PLUGIN_KEEP
def main(): if not idaapi.init_hexrays_plugin(): return False print "Hex-rays version %s has been detected" % idaapi.get_hexrays_version( ) f = idaapi.get_func(idaapi.get_screen_ea()) if f is None: print "Please position the cursor within a function" return True cfunc = idaapi.decompile(f) if cfunc is None: print "Failed to decompile!" return True sv = cfunc.get_pseudocode() for i in xrange(0, sv.size()): line = idaapi.tag_remove(str(sv[i])) print line return True
def init(self): # Some initialization global hexnight_cb_info, hexnight_cb, inttype if idaapi.init_hexrays_plugin() and idaapi.ph_get_id( ) == idaapi.PLFM_ARM and idaapi.BADADDR > 0xFFFFFFFF: inttype = idaapi.get_int_type_by_width_and_sign(4, True) enu = idaapi.add_enum(0, myenum, 0) for i in regs.keys(): idaapi.add_enum_member(enu, regs[i], i) hexnight_cb_info = hexrays_callback_info() hexnight_cb = hexnight_cb_info.event_callback if idaapi.install_hexrays_callback(hexnight_cb): print "Hexnight plugin installed" addon = idaapi.addon_info_t() addon.id = "org.xerub.hexnight" addon.name = "Hexnight" addon.producer = "xerub" addon.url = "https://twitter.com/xerub" addon.version = "6.95" idaapi.register_addon(addon) return idaapi.PLUGIN_KEEP print "Hexnight plugin failed" return idaapi.PLUGIN_SKIP
def init(): if fDebug: pydevd.settrace('localhost', port=31337, stdoutToServer=True, stderrToServer=True,suspend=False) if not idaapi.init_hexrays_plugin(): print "[ERROR] Failed to initialize Hex-Rays SDK" return idaapi.PLUGIN_SKIP Helper.temporary_structure = TemporaryStructureModel() hex_pytools_config = Config() for ac in hex_pytools_config.actions: if hex_pytools_config.actions[ac]: Actions.register(hex_pytools_config.actions_refs[ac]) # Actions.register(Actions.CreateVtable) # Actions.register(Actions.ShowGraph) # Actions.register(Actions.ShowClasses) # Actions.register(Actions.GetStructureBySize) # Actions.register(Actions.RemoveArgument) # Actions.register(Actions.AddRemoveReturn) # Actions.register(Actions.ConvertToUsercall) # Actions.register(Actions.ShallowScanVariable, Helper.temporary_structure) # Actions.register(Actions.DeepScanVariable, Helper.temporary_structure) # Actions.register(Actions.RecognizeShape) # Actions.register(Actions.SelectContainingStructure, potential_negatives) # Actions.register(Actions.ResetContainingStructure) # Actions.register(Actions.RecastItemRight) # Actions.register(Actions.RecastItemLeft) # Actions.register(Actions.RenameInside) # Actions.register(Actions.RenameOutside) idaapi.attach_action_to_menu('View/Open subviews/Local types', Actions.ShowClasses.name, idaapi.SETMENU_APP) idaapi.install_hexrays_callback(hexrays_events_callback) Helper.touched_functions.clear() Const.init() return idaapi.PLUGIN_KEEP
def main(): if not idaapi.init_hexrays_plugin(): return False print "Hex-rays version %s has been detected" % idaapi.get_hexrays_version() idaapi.install_hexrays_callback(event_callback)
def init(self): self.hexrays_inited = False self.registered_actions = [] self.registered_hx_actions = [] global ARCH global BITS ARCH = idaapi.ph_get_id() info = idaapi.get_inf_structure() if info.is_64bit(): BITS = 64 elif info.is_32bit(): BITS = 32 else: BITS = 16 print("LazyIDA (v1.0.0.3) plugin has been loaded.") # Register menu actions menu_actions = ( idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80), idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8), idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201), idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9), idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9), idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160), ) for action in menu_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Register hotkey actions hotkey_actions = ( idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0), idaapi.action_desc_t(ACTION_GOTOCLIP, "Goto clip EA", hotkey_action_handler_t(ACTION_GOTOCLIP), "Shift-G", "Goto clipboard EA", 0), ) for action in hotkey_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Add ui hook self.ui_hook = UI_Hook() self.ui_hook.hook() # Add hexrays ui callback if idaapi.init_hexrays_plugin(): addon = idaapi.addon_info_t() addon.id = "tw.l4ys.lazyida" addon.name = "LazyIDA" addon.producer = "Lays" addon.url = "https://github.com/L4ys/LazyIDA" addon.version = "1.0.0.3" idaapi.register_addon(addon) hx_actions = ( idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"), idaapi.action_desc_t(ACTION_HX_COPYEA, "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"), idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"), idaapi.action_desc_t(ACTION_HX_GOTOCLIP, "Goto clipboard ea", hexrays_action_handler_t(ACTION_HX_GOTOCLIP), "Shift-G"), ) for action in hx_actions: idaapi.register_action(action) self.registered_hx_actions.append(action.name) self.hx_hook = HexRays_Hook() idaapi.install_hexrays_callback(self.hx_hook.callback) self.hexrays_inited = True return idaapi.PLUGIN_KEEP
if int(kv[i]) < int(rv[i]): return False return True # ----------------------------------------------------------------------------- def get_callers(name): for xr in idautils.CodeRefsTo(idaapi.get_name_ea(idaapi.BADADDR, name), True): fn = idaapi.get_func(xr) if fn: yield fn.startEA # ----------------------------------------------------------------------------- if not idaapi.init_hexrays_plugin(): print "This script requires the HexRays decompiler plugin." else: func_list = [] for name in MEMCPY_FAM: func_list += get_callers(name) func_list = set(func_list) nfuncs = len(func_list) print "Checking %d functions." % (nfuncs) choser = MrsPicky("MrsPicky") choser.Show() if is_ida_version("7.3"): aborted = False
def init(self): self.hexrays_inited = False self.registered_actions = [] self.registered_hx_actions = [] global arch global bits arch = idaapi.ph_get_id() info = idaapi.get_inf_structure() if info.is_64bit(): bits = 64 elif info.is_32bit(): bits = 32 else: bits = 16 print "LazyIDA (Python Version) (v1.0.0.1) plugin has been loaded." # Register menu actions menu_actions = ( idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80), idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8), idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201), idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9), idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160), ) for action in menu_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Register hotkey actions hotkey_actions = ( idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0), ) for action in hotkey_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Add ui hook self.ui_hook = UI_Hook() self.ui_hook.hook() # Add hexrays ui callback if idaapi.init_hexrays_plugin(): hx_actions = ( idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"), idaapi.action_desc_t(ACTION_HX_COPYEA , "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"), idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"), ) for action in hx_actions: idaapi.register_action(action) self.registered_hx_actions.append(action.name) self.hx_hook = HexRays_Hook() idaapi.install_hexrays_callback(self.hx_hook.callback) self.hexrays_inited = True return idaapi.PLUGIN_KEEP
def init(self): self.hexrays_inited = False self.registered_actions = [] self.registered_hx_actions = [] global ARCH global BITS ARCH = idaapi.ph_get_id() info = idaapi.get_inf_structure() if info.is_64bit(): BITS = 64 elif info.is_32bit(): BITS = 32 else: BITS = 16 print "LazyIDA (v1.0.0.3) plugin has been loaded." # Register menu actions menu_actions = ( idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80), idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8), idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201), idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9), idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9), idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160), ) for action in menu_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Register hotkey actions hotkey_actions = ( idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0), ) for action in hotkey_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Add ui hook self.ui_hook = UI_Hook() self.ui_hook.hook() # Add hexrays ui callback if idaapi.init_hexrays_plugin(): addon = idaapi.addon_info_t() addon.id = "tw.l4ys.lazyida" addon.name = "LazyIDA" addon.producer = "Lays" addon.url = "https://github.com/L4ys/LazyIDA" addon.version = "1.0.0.3" idaapi.register_addon(addon) hx_actions = ( idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"), idaapi.action_desc_t(ACTION_HX_COPYEA, "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"), idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"), ) for action in hx_actions: idaapi.register_action(action) self.registered_hx_actions.append(action.name) self.hx_hook = HexRays_Hook() idaapi.install_hexrays_callback(self.hx_hook.callback) self.hexrays_inited = True return idaapi.PLUGIN_KEEP
if len(str(lv.name)): print " Name: %s" % (str(lv.name), ) if len(str(lv.type)): #~ print_type_to_one_line(buf, sizeof(buf), idati, .c_str()); print " Type: %s" % (str(lv.type), ) if len(str(lv.cmt)): print " Comment: %s" % (str(lv.cmt), ) except: traceback.print_exc() return 0 def handle_retrieved_mapping(self, lm): return 0 def get_info_mapping_for_saving(self): return None # Now iterate over all user definitions dli = dump_lvar_info_t(); idaapi.restore_user_lvar_settings(entry_ea, dli) return if idaapi.init_hexrays_plugin(): run() else: print 'dump user info: hexrays is not available.'
print " %x: insn %s" % (ins.ea, ins.opname) return class hexrays_callback_info(object): def __init__(self): return def event_callback(self, event, *args): try: if event == idaapi.hxe_maturity: cfunc, maturity = args if maturity == idaapi.CMAT_BUILT: cbv = cblock_visitor_t() cbv.apply_to(cfunc.body, None) except: traceback.print_exc() return 0 if idaapi.init_hexrays_plugin(): i = hexrays_callback_info() idaapi.install_hexrays_callback(i.event_callback) else: print 'cblock visitor: hexrays is not available.'
def init(self): self.hexrays_inited = False self.registered_actions = [] self.registered_hx_actions = [] global arch global bits global is_cgc arch = idaapi.ph_get_id() info = idaapi.get_inf_structure() if info.is_64bit(): bits = 64 elif info.is_32bit(): bits = 32 else: bits = 16 is_cgc = "CGC" in idaapi.get_file_type_name() print "LazyIDA (Python Version) (v1.0.0.1) plugin has been loaded." # Register menu actions menu_actions = ( idaapi.action_desc_t(ACTION_CONVERT[0], "Convert to string", menu_action_handler_t(ACTION_CONVERT[0]), None, None, 80), idaapi.action_desc_t(ACTION_CONVERT[1], "Convert to hex string", menu_action_handler_t(ACTION_CONVERT[1]), None, None, 8), idaapi.action_desc_t(ACTION_CONVERT[2], "Convert to C/C++ array (BYTE)", menu_action_handler_t(ACTION_CONVERT[2]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[3], "Convert to C/C++ array (WORD)", menu_action_handler_t(ACTION_CONVERT[3]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[4], "Convert to C/C++ array (DWORD)", menu_action_handler_t(ACTION_CONVERT[4]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[5], "Convert to C/C++ array (QWORD)", menu_action_handler_t(ACTION_CONVERT[5]), None, None, 38), idaapi.action_desc_t(ACTION_CONVERT[6], "Convert to python list (BYTE)", menu_action_handler_t(ACTION_CONVERT[6]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[7], "Convert to python list (WORD)", menu_action_handler_t(ACTION_CONVERT[7]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[8], "Convert to python list (DWORD)", menu_action_handler_t(ACTION_CONVERT[8]), None, None, 201), idaapi.action_desc_t(ACTION_CONVERT[9], "Convert to python list (QWORD)", menu_action_handler_t(ACTION_CONVERT[9]), None, None, 201), idaapi.action_desc_t(ACTION_XORDATA, "Get xored data", menu_action_handler_t(ACTION_XORDATA), None, None, 9), idaapi.action_desc_t(ACTION_FILLNOP, "Fill with NOPs", menu_action_handler_t(ACTION_FILLNOP), None, None, 9), idaapi.action_desc_t(ACTION_SCANVUL, "Scan format string vulnerabilities", menu_action_handler_t(ACTION_SCANVUL), None, None, 160), ) for action in menu_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Register hotkey actions hotkey_actions = ( idaapi.action_desc_t(ACTION_COPYEA, "Copy EA", hotkey_action_handler_t(ACTION_COPYEA), "w", "Copy current EA", 0), ) for action in hotkey_actions: idaapi.register_action(action) self.registered_actions.append(action.name) # Add ui hook self.ui_hook = UI_Hook() self.ui_hook.hook() # Add idb hook self.idb_hook = IDB_Hook() self.idb_hook.hook() # Add idp hook self.idp_hook = IDP_Hook() self.idp_hook.hook() # Add hexrays ui callback if idaapi.init_hexrays_plugin(): hx_actions = ( idaapi.action_desc_t(ACTION_HX_REMOVERETTYPE, "Remove return type", hexrays_action_handler_t(ACTION_HX_REMOVERETTYPE), "v"), idaapi.action_desc_t(ACTION_HX_COPYEA , "Copy ea", hexrays_action_handler_t(ACTION_HX_COPYEA), "w"), idaapi.action_desc_t(ACTION_HX_COPYNAME, "Copy name", hexrays_action_handler_t(ACTION_HX_COPYNAME), "c"), ) for action in hx_actions: idaapi.register_action(action) self.registered_hx_actions.append(action.name) idaapi.install_hexrays_callback(hexrays_callback) self.hexrays_inited = True # Auto apply libcgc signature if is_cgc and os.path.exists(idaapi.get_sig_filename("libcgc.sig")): if "libcgc.sig" not in [idaapi.get_idasgn_desc(i)[0] for i in range(idaapi.get_idasgn_qty())]: idaapi.plan_to_apply_idasgn("libcgc.sig") return idaapi.PLUGIN_KEEP