def finish_populating_widget_popup(self, form, popup): # Or here, after the popup is done being populated by its owner. # We will attach our action to the context menu # for the 'Functions window' widget. # The action will be be inserted in a submenu of # the context menu, named 'Others'. if idaversion.get_widget_type(form) == idaapi.BWN_CALL_STACK: #line = form.GetCurrentLine() pass elif idaversion.get_widget_type(form) == idaapi.BWN_DISASM or \ idaversion.get_widget_type(form) == idaapi.BWN_DUMP: #regs =['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp', 'esp', 'ax', 'bx', 'cx', 'dx', 'ah', 'al', 'bh', 'bl', 'ch', 'cl', 'dh', 'dl'] regs = idaapi.ph_get_regnames() idaapi.attach_action_to_popup(form, popup, "revCursor:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "dis:action", 'RESim/') highlighted = idaversion.getHighlight() if highlighted is not None: if highlighted in regs: idaapi.attach_action_to_popup(form, popup, "modReg:action", 'RESim/') else: addr = getHex(highlighted) if addr is not None or regFu.isHighlightedEffective(): idaapi.attach_action_to_popup(form, popup, "rev:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "dataWatch:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "addDataWatch:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "revData:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "modMemory:action", 'RESim/') idaapi.attach_action_to_popup(form, popup, "stringMemory:action", 'RESim/') opnum = idaapi.get_opnum() if opnum >= 0: idaapi.attach_action_to_popup(form, popup, "structField:action", 'RESim/')
def trackRegister(self): highlighted = idaversion.getHighlight() if highlighted is None or not self.isReg(highlighted): print('%s not in reg list' % highlighted) print('%s' % str(self.reg_list)) return c=idaapi.Choose([], "back track to source of selected register", 1) c.width=50 c.list = self.reg_list chose = c.choose() if chose == 0: print('user canceled') return else: highlighted = self.reg_list[chose-1] print 'backtrack to source of to %s...' % highlighted command = "@cgc.revTaintReg('%s')" % highlighted simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command) print('trackRegister got simicsString %s' % simicsString) eip = None if self.checkNoRev(simicsString): eip = gdbProt.getEIPWhenStopped() self.signalClient() else: return curAddr = idaversion.get_reg_value(self.PC) print('Current instruction (0x%x) is as far back as we can trace reg %s' % (curAddr, highlighted)) self.showSimicsMessage() bookmark_list = self.bookmark_view.updateBookmarkView() return eip
def activate(self, ctx): addr = getRefAddr() if addr is None: highlighted = idaversion.getHighlight() addr = getHex(highlighted) ''' if regFu.isHighlightedEffective(): addr = regFu.getOffset() else: highlighted = idaversion.getHighlight() addr = getHex(highlighted) ''' sas = setAddrValue.SetAddrValue() sas.Compile() sas.iAddr.value = addr sas.iOffset.value = 0 sas.iRawHex.value = idaversion.get_wide_dword(sas.iAddr.value) ok = sas.Execute() if ok != 1: return val = sas.iRawHex.value addr = sas.iAddr.value offset = sas.iOffset.value new_addr = addr+offset simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.writeWord(0x%x, 0x%x)");' % (new_addr, val)) time.sleep(2) self.isim.updateBookmarkView() self.isim.updateDataWatch() idaversion.refresh_debugger_memory() idaversion.refresh_idaview_anyway() idaversion.refresh_choosers() print('Bookmarks cleared -- select origin bookmark to return to this cycle') print('Note: data watches previous to this point are retained, but associated bookmarks are deleted')
def registerMath(self): retval = None if regFu.isHighlightedEffective(): retval = regFu.getOffset() else: #regs =['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp'] highlighted = idaversion.getHighlight() retval = None if highlighted is not None: print 'highlighted is %s' % highlighted if self.isReg(highlighted): retval = idaversion.get_reg_value(highlighted) else: try: retval = int(highlighted, 16) except: pass if retval is None: ''' TBD this is broken, manually manage register list? ''' for reg in self.reg_list: if highlighted.startswith(reg): rest = highlighted[len(reg):] value = None try: value = int(rest[1:]) except: pass if value is not None: if rest.startswith('+'): regvalue = idaversion.get_reg_value(reg) retval = regvalue + value elif rest.startswith('-'): regvalue = idaversion.get_reg_value(reg) retval = regvalue - value return retval
def wroteToRegister(self): highlighted = idaversion.getHighlight() ''' if highlighted is None or highlighted not in self.reg_list: print('%s not in reg list' % highlighted) c=idaapi.Choose([], "Run backward until selected register modified", 1) c.width=50 c.list = self.reg_list chose = c.choose() if chose == 0: print('user canceled') return else: highlighted = self.reg_list[chose-1] ''' print 'Looking for a write to %s...' % highlighted command = "@cgc.revToModReg('%s')" % highlighted simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command) eip = None if self.checkNoRev(simicsString): eip = gdbProt.getEIPWhenStopped() self.signalClient() else: return curAddr = idaversion.get_reg_value(self.PC) print('Current instruction (0x%x) wrote to reg %s' % (curAddr, highlighted)) return eip
def revTo(self): highlighted = idaversion.getHighlight() addr = reHooks.getHex(highlighted) command = '@cgc.revToAddr(0x%x, extra_back=0)' % (addr) #print('cmd: %s' % command) simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command) eip = gdbProt.getEIPWhenStopped() self.isim.signalClient()
def isHighlightedEffective(): ip = idaversion.get_screen_ea() instr = idc.GetDisasm(ip) if '[' in instr: val = instr.split('[', 1)[1].split(']')[0] highlighted = idaversion.getHighlight() if highlighted in val: return True else: return False
def activate(self, ctx): highlighted = idaversion.getHighlight() current = idaversion.getRegVarValue(highlighted) default = '%x' % current print('default %s' % default) #prompt = 'Value to write to %s (in hex, no prefix)' % highlighted #print('prompt is %s' % prompt) #enc = prompt.encode('utf-8') value = idc.AskStr(default, 'reg value ?') if value is None: return reg_param = "'%s'" % highlighted simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.writeRegValue(%s, 0x%s)");' % (reg_param, value))
def getOffset(): ''' Assuming an offset, e.g., "var_11" is highlighted, and assuming bp is proper, get the calculated address. ''' retval = None ip = idaversion.get_screen_ea() print('ip is 0x%x' % ip) highlighted = idaversion.getHighlight() print('highlighted is %s' % highlighted) ov0 = idc.print_operand(ip, 0) ov1 = idc.print_operand(ip, 1) print('op0 %s op1 %s' % (ov0, ov1)) if highlighted in ov0: index = 0 want = ov0 else: index = 1 want = ov1 ''' Convert to numberic from symbol ''' idc.op_seg(ip, index) if '[' in want and '+' in want or '-' in want: op = idc.print_operand(ip, index) print('op is %s' % op) val = op.split('[', 1)[1].split(']')[0] print('val %s' % val) if '+' in val: reg, value = val.split('+') else: reg, value = val.split('-') reg_val = idaversion.get_reg_value(reg) try: value = value.strip('h') value = int(value, 16) except: print('unable to parse int from %s' % value) idc.op_stkvar(ip, 0) return retval if '+' in val: retval = reg_val + value else: retval = reg_val - value print('effective addr is 0x%x' % retval) ''' Convert back to symbol, e.g., var_11''' idc.op_stkvar(ip, index) return retval
def activate(self, ctx): if regFu.isHighlightedEffective(): addr = regFu.getOffset() else: highlighted = idaversion.getHighlight() addr = getHex(highlighted) if addr is None: print('ModMemoryHandler unable to parse hex from %s' % highlighted) return sas = setAddrString.SetAddrString() sas.Compile() sas.iAddr.value = addr val = '' for i in range(8): c = idaversion.get_wide_byte(addr + i) if c >= 0x20 and c <= 0x7e: val = val + chr(c) else: val = val + '.' sas.iStr1.value = val ok = sas.Execute() if ok != 1: return self.last_data_mem_set = sas.iStr1.value #sparm = "'%s'" % sas.iStr1.value sparm = "'%s'" % str(sas.iStr1.value).strip() dog = 'SendGDBMonitor("@cgc.writeString(0x%x, %s)");' % ( sas.iAddr.value, sparm) print('dog is <%s>' % dog) simicsString = gdbProt.Evalx( 'SendGDBMonitor("@cgc.writeString(0x%x, %s)");' % (sas.iAddr.value, sparm)) time.sleep(2) self.isim.updateBookmarkView() self.isim.updateDataWatch() idaversion.refresh_debugger_memory() idaversion.refresh_idaview_anyway() idaversion.refresh_choosers() print( 'Bookmarks cleared -- select origin bookmark to return to this cycle' ) print( 'Note: data watches previous to this point are retained, but associated bookmarks are deleted' )
def activate(self, ctx): highlighted = idaversion.getHighlight() addr = getHex(highlighted) count = self.last_data_watch_count gac = getAddrCount.GetAddrCount() gac.Compile() gac.iAddr.value = addr gac.iRawHex.value = count ok = gac.Execute() if ok != 1: return count = gac.iRawHex.value addr = gac.iAddr.value self.last_data_watch_count = count simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.addDataWatch(0x%x, %d)");' % (addr, count)) print('add watch of %d bytes from 0x%x' % (count, addr))
def wroteToRegister(self): highlighted = idaversion.getHighlight() if highlighted is None or highlighted not in self.reg_list: print('%s not in reg list' % highlighted) highlighted = idaversion.ask_str('Wrote to register:', 'Which register?') print 'Looking for a write to %s...' % highlighted command = "@cgc.revToModReg('%s')" % highlighted simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command) eip = None if self.checkNoRev(simicsString): eip = gdbProt.getEIPWhenStopped() self.signalClient() else: return curAddr = idaversion.get_reg_value(self.PC) print('Current instruction (0x%x) wrote to reg %s' % (curAddr, highlighted)) return eip
def activate(self, ctx): highlighted = idaversion.getHighlight() addr = getHex(highlighted) count = self.last_data_watch_count gac = getAddrCount.GetAddrCount() gac.Compile() gac.iAddr.value = addr gac.iRawHex.value = count ok = gac.Execute() if ok != 1: return count = gac.iRawHex.value addr = gac.iAddr.value print('watch %d bytes from 0x%x' % (count, addr)) self.last_data_watch_count = count simicsString = gdbProt.Evalx('SendGDBMonitor("@cgc.watchData(0x%x, %d)");' % (addr, count)) eip = gdbProt.getEIPWhenStopped() self.isim.signalClient() self.isim.showSimicsMessage()
def trackRegister(self): highlighted = idaversion.getHighlight() if highlighted is None or not self.isReg(highlighted) or highlighted not in self.reg_list: print('%s not in reg list' % highlighted) print('%s' % str(self.reg_list)) highlighted = idaversion.ask_str('Track register:', 'Which register?') print 'backtrack to source of to %s...' % highlighted command = "@cgc.revTaintReg('%s')" % highlighted simicsString = gdbProt.Evalx('SendGDBMonitor("%s");' % command) print('trackRegister got simicsString %s' % simicsString) eip = None if self.checkNoRev(simicsString): eip = gdbProt.getEIPWhenStopped() self.signalClient() else: return curAddr = idaversion.get_reg_value(self.PC) print('Current instruction (0x%x) is as far back as we can trace reg %s' % (curAddr, highlighted)) self.showSimicsMessage() bookmark_list = self.bookmark_view.updateBookmarkView() return eip