def run(self, arg): start, end = sark.get_selection() struct_name = idc.AskStr(self._prev_struct_name, "Struct Name") if not struct_name: return self._prev_struct_name = struct_name common_reg = sark.structure.get_common_register(start, end) reg_name = idc.AskStr(common_reg, "Register") if not reg_name: return offsets, operands = sark.structure.infer_struct_offsets( start, end, reg_name) try: sark.structure.create_struct_from_offsets(struct_name, offsets) except sark.exceptions.SarkStructAlreadyExists: yes_no_cancel = idc.AskYN( idaapi.ASKBTN_NO, "Struct already exists. Modify?\n" "Cancel to avoid applying the struct.") if yes_no_cancel == idaapi.ASKBTN_CANCEL: return elif yes_no_cancel == idaapi.ASKBTN_YES: sid = sark.structure.get_struct(struct_name) sark.structure.set_struct_offsets(offsets, sid) else: # yes_no_cancel == idaapi.ASKBTN_NO: pass sark.structure.apply_struct(start, end, reg_name, struct_name)
def run(self, arg): start, end = sark.get_selection() struct_name = idc.AskStr(self._prev_struct_name, "Struct Name") if not struct_name: return self._prev_struct_name = struct_name common_reg = sark.structure.get_common_register(start, end) reg_name = idc.AskStr(common_reg, "Register") if not reg_name: return offsets, operands = sark.structure.infer_struct_offsets(start, end, reg_name) try: sark.structure.create_struct_from_offsets(struct_name, offsets) except sark.exceptions.SarkStructAlreadyExists: yes_no_cancel = idc.AskYN(idaapi.ASKBTN_NO, "Struct already exists. Modify?\n" "Cancel to avoid applying the struct.") if yes_no_cancel == idaapi.ASKBTN_CANCEL: return elif yes_no_cancel == idaapi.ASKBTN_YES: sid = sark.structure.get_struct(struct_name) sark.structure.set_struct_offsets(offsets, sid) else: # yes_no_cancel == idaapi.ASKBTN_NO: pass sark.structure.apply_struct(start, end, reg_name, struct_name)
def copy_current_file_offset(): """Get the file-offset mapped to the current address.""" start, end = sark.get_selection() try: file_offset = sark.core.get_fileregion_offset(start) clipboard.copy("0x{:08X}".format(file_offset)) except sark.exceptions.NoFileOffset: message("The current address cannot be mapped to a valid offset of the input file.")
def apply_enum_by_name(enum, member_name): member_value = enum.members[member_name].value for line in sark.lines(*sark.get_selection()): for operand in line.insn.operands: if operand.type.is_imm: if operand.imm == member_value: idc.OpEnumEx(line.ea, operand.n, enum.eid, enum.members[member_name].serial) elif operand.type.is_displ or operand.type.is_phrase: if operand.addr == member_value: idc.OpEnumEx(line.ea, operand.n, enum.eid, enum.members[member_name].serial)
def run(self, arg): start, end = sark.get_selection() if not sark.structure.selection_has_offsets(start, end): message('No structure offsets in selection. Operation cancelled.') idaapi.warning( 'No structure offsets in selection. Operation cancelled.') return struct_name = idc.AskStr(self._prev_struct_name, "Struct Name") if not struct_name: message("No structure name provided. Operation cancelled.") return self._prev_struct_name = struct_name common_reg = sark.structure.get_common_register(start, end) reg_name = idc.AskStr(common_reg, "Register") if not reg_name: message("No offsets found. Operation cancelled.") return try: offsets, operands = sark.structure.infer_struct_offsets( start, end, reg_name) except sark.exceptions.InvalidStructOffset: message( "Invalid offset found. Cannot create structure.", "Make sure there are no negative offsets in the selection.") return except sark.exceptions.SarkInvalidRegisterName: message( "Invalid register name {!r}. Cannot create structs.".format( reg_name)) return try: sark.structure.create_struct_from_offsets(struct_name, offsets) except sark.exceptions.SarkStructAlreadyExists: yes_no_cancel = idc.AskYN( idaapi.ASKBTN_NO, "Struct already exists. Modify?\n" "Cancel to avoid applying the struct.") if yes_no_cancel == idaapi.ASKBTN_CANCEL: return elif yes_no_cancel == idaapi.ASKBTN_YES: sid = sark.structure.get_struct(struct_name) sark.structure.set_struct_offsets(offsets, sid) else: # yes_no_cancel == idaapi.ASKBTN_NO: pass sark.structure.apply_struct(start, end, reg_name, struct_name)
def get_common_value(): values = defaultdict(int) for line in sark.lines(*sark.get_selection()): for operand in line.insn.operands: if operand.type.is_imm: values[operand.imm] += 1 elif operand.type.is_displ or operand.type.is_phrase: values[operand.addr] += 1 # Ignore 0 as it is usually not interesting values[0] = 0 # Get the most common value common_value = max(values.iteritems(), key=lambda x: x[1])[0] return common_value
def run(self, arg): start, end = sark.get_selection() struct_name = idc.AskStr(self._prev_struct_name, "Struct Name") if not struct_name: message("No structure name provided. Operation cancelled.") return self._prev_struct_name = struct_name common_reg = sark.structure.get_common_register(start, end) reg_name = idc.AskStr(common_reg, "Register") if not reg_name: message("No offsets found. Operation cancelled.") return try: offsets, operands = sark.structure.infer_struct_offsets(start, end, reg_name) except sark.exceptions.InvalidStructOffset: message("Invalid offset found. Cannot create structure.", "Make sure there are no negative offsets in the selection.") return except sark.exceptions.SarkInvalidRegisterName: message("Invalid register name {!r}. Cannot create structs.".format(reg_name)) return try: sark.structure.create_struct_from_offsets(struct_name, offsets) except sark.exceptions.SarkStructAlreadyExists: yes_no_cancel = idc.AskYN(idaapi.ASKBTN_NO, "Struct already exists. Modify?\n" "Cancel to avoid applying the struct.") if yes_no_cancel == idaapi.ASKBTN_CANCEL: return elif yes_no_cancel == idaapi.ASKBTN_YES: sid = sark.structure.get_struct(struct_name) sark.structure.set_struct_offsets(offsets, sid) else: # yes_no_cancel == idaapi.ASKBTN_NO: pass sark.structure.apply_struct(start, end, reg_name, struct_name)
def run(self, arg): start, _ = sark.get_selection() regnamePluginStarter(start)
def copy_current_address(): start, end = sark.get_selection() clipboard.copy("0x{:08X}".format(start))
def copy_current_selection(): start, end = sark.get_selection() buffer = sark.data.read_memory(start, end) clipboard.copy(buffer.encode("hex-bytes"))
def run(self, arg): print arg start, _ = sark.get_selection() oregamiPluginStarter(start, tabMode=False, recursive_bool=False)
def run(self, arg): start, _ = sark.get_selection() typeregterPluginStarter(start)
def run(arg): start, _ = sark.get_selection() regname_plugin_starter(start)