Python源码示例:idaapi.IDA_SDK_VERSION
示例1
def is_32bit():
'''Returns if the sample is 32bit or not.
Returns:
bool: True is 32bit or False.
'''
if (idaapi.IDA_SDK_VERSION < 730):
info = IDAW.get_inf_structure()
if info.is_64bit():
return False
elif info.is_32bit():
return True
return False
else:
return IDAW.inf_is_32bit()
示例2
def OnSelectLine(self, n):
item = self.items[n]
jump_ea = int(item[0], 16)
# Only jump for valid addresses
if idaapi.IDA_SDK_VERSION < 700:
valid_addr = idc.isEnabled(jump_ea)
else:
valid_addr = idc.is_mapped(jump_ea)
if valid_addr:
idc.Jump(jump_ea)
示例3
def __getattribute__(self, name):
default = '[1st] default'
if (idaapi.IDA_SDK_VERSION >= 700) and (name in IDAWrapper.mapping):
name = IDAWrapper.mapping[name]
val = getattr(idaapi, name, default)
if val == default:
val = getattr(idautils, name, default)
if val == default:
val = getattr(idc, name, default)
if val == default:
msg = 'Unable to find {}'.format(name)
idaapi.execute_ui_requests((FIRSTUI.Requests.Print(msg),))
return
if hasattr(val, '__call__'):
def call(*args, **kwargs):
holder = [None] # need a holder, because 'global' sucks
def trampoline():
holder[0] = val(*args, **kwargs)
return 1
# Execute the request using MFF_WRITE, which should be safe for
# any possible request at the expense of speed. In my testing,
# though, it wasn't noticably slower than MFF_FAST. If this
# is observed to impact performance, consider creating a list
# that maps API calls to the most appropriate flag.
idaapi.execute_sync(trampoline, idaapi.MFF_WRITE)
return holder[0]
return call
else:
return val
示例4
def get_architecture():
'''Returns the architecture the sample is built for.
The values are normalized for the FIRST server. It altered then
FIRST will not match on other functions with the same architecture.
Returns:
str. String representation of the architecture associated with
the sample. Examples: intel32, intel64, arm32, mips, etc.
'''
info = IDAW.get_inf_structure()
proc = info.procName.lower()
proc = FIRST.Info.processor_map.get(proc, proc)
if proc in FIRST.Info.include_bits:
bits = 16
if (idaapi.IDA_SDK_VERSION < 730):
if info.is_64bit():
bits = 64
elif info.is_32bit():
bits = 32
else:
if IDAW.inf_is_64bit():
bits = 64
elif IDAW.inf_is_32bit():
bits = 32
return '{}{}'.format(proc, bits)
return proc
示例5
def _cancel_action(self, job_id):
if idaapi.IDA_SDK_VERSION < 710:
return
idaapi.cancel_exec_request(job_id)
#------------------------------------------------------------------------------
# Painting - HexRays (Decompilation / Source)
#------------------------------------------------------------------------------
示例6
def init(self):
NO_HOTKEY = ""
SETMENU_INS = 0
NO_ARGS = tuple()
logger.debug("[+] %s.init()" % self.__class__.__name__)
self.menuitems = []
logger.debug("[+] setting up menus for ida version %s" % idaapi.IDA_SDK_VERSION)
if idaapi.IDA_SDK_VERSION >= 700:
# >= 700
action_desc = idaapi.action_desc_t("tintinweb:batchdecompile:load", self.wanted_name, IdaDecompileUiActionHandler(self))
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(''.join(self.wanted_menu), "tintinweb:batchdecompile:load", idaapi.SETMENU_APP)
else:
menu = idaapi.add_menu_item(self.wanted_menu[0],
self.wanted_menu[1],
NO_HOTKEY,
SETMENU_INS,
self.menu_config,
NO_ARGS)
self.menuitems.append(menu)
return idaapi.PLUGIN_KEEP
示例7
def term(self):
logger.debug("[+] %s.term()" % self.__class__.__name__)
if idaapi.IDA_SDK_VERSION < 700:
for menu in self.menuitems:
idaapi.del_menu_item(menu)
示例8
def __init__(self, server, *args, **kwargs):
self.server = server
self._version = ("IDA Pro", str(idaapi.IDA_SDK_VERSION))
return
示例9
def __getattribute__(self, name):
default = '[1st] default'
if (idaapi.IDA_SDK_VERSION >= 700) and (name in IDAWrapper.mapping):
name = IDAWrapper.mapping[name]
val = getattr(idaapi, name, default)
if val == default:
val = getattr(idautils, name, default)
if val == default:
val = getattr(idc, name, default)
if val == default:
msg = 'Unable to find {}'.format(name)
idaapi.execute_ui_requests((FIRSTUI.Requests.Print(msg),))
return
if hasattr(val, '__call__'):
def call(*args, **kwargs):
holder = [None] # need a holder, because 'global' sucks
def trampoline():
holder[0] = val(*args, **kwargs)
return 1
idaapi.execute_sync(trampoline, idaapi.MFF_FAST)
return holder[0]
return call
else:
return val
示例10
def init(self):
# register popup menu handlers
try:
# Register Auto Fix IDB handler
VxHunterMCFixIDB.register(self, "Auto Fix IDB With symbol table")
# Register Fix Code handler
VxHunterMCFixCode.register(self, "Fix Code from start address to end address")
# Register Fix Ascii handler
VxHunterMCFixAscii.register(self, "Fix Ascii string table with giving address")
# Register Load symbol file handler
VxHunterMCLoadSymbolFile.register(self, "Load VxWorks symbol file")
except Exception as err:
print("Got Error!!!: %s" % err)
# setup popup menu
if idaapi.IDA_SDK_VERSION >= 700:
# Add menu IDA >= 7.0
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCFixIDB.get_name(), idaapi.SETMENU_APP)
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCFixCode.get_name(), idaapi.SETMENU_APP)
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCFixAscii.get_name(), idaapi.SETMENU_APP)
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCLoadSymbolFile.get_name(), idaapi.SETMENU_APP)
else:
# add Vxhunter menu
menu = idaapi.add_menu_item("Edit/VxHunter/", "Auto Fix IDB1", "", 1, self.handler_auto_fix_idb, None)
if menu is not None:
pass
print("=" * 80)
return idaapi.PLUGIN_KEEP
示例11
def fix_vxworks_idb(load_address, vx_version, symbol_table_start, symbol_table_end):
current_image_base = idaapi.get_imagebase()
symbol_interval = 16
if vx_version == 6:
symbol_interval = 20
symbol_table_start += load_address
symbol_table_end += load_address
ea = symbol_table_start
shift_address = load_address - current_image_base
while shift_address >= 0x70000000:
idaapi.rebase_program(0x70000000, 0x0008)
shift_address -= 0x70000000
idaapi.rebase_program(shift_address, 0x0008)
while ea < symbol_table_end:
# for VxWorks 6 unknown symbol format
if idc.Byte(ea + symbol_table_end - 2) == 3:
ea += symbol_interval
continue
offset = 4
if idaapi.IDA_SDK_VERSION >= 700:
idc.create_strlit(idc.Dword(ea + offset), idc.BADADDR)
else:
idc.MakeStr(idc.Dword(ea + offset), idc.BADADDR)
sName = idc.GetString(idc.Dword(ea + offset), -1, idc.ASCSTR_C)
print("Found %s in symbol table" % sName)
if sName:
sName_dst = idc.Dword(ea + offset + 4)
if vx_version == 6:
sName_type = idc.Dword(ea + offset + 12)
else:
sName_type = idc.Dword(ea + offset + 8)
idc.MakeName(sName_dst, sName)
if sName_type in need_create_function:
# flags = idc.GetFlags(ea)
print("Start fix Function %s at %s" % (sName, hex(sName_dst)))
idc.MakeCode(sName_dst) # might not need
idc.MakeFunction(sName_dst, idc.BADADDR)
ea += symbol_interval
print("Fix function by symbol table finish.")
print("Start IDA auto analysis, depending on the size of the firmware this might take a few minutes.")
idaapi.autoWait()
示例12
def fix_ascii(self, address):
string_table_start_address = self.get_string_table_start_address(address)
string_address = string_table_start_address
while True:
if string_address:
print("Start Make string at address: %s" % hex(string_address))
if idaapi.IDA_SDK_VERSION >= 700:
idc.create_strlit(string_address, idc.BADADDR)
else:
idc.MakeStr(string_address, idc.BADADDR)
string_address = self.get_next_ascii_string_address(string_address)
else:
break
示例13
def getByte(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.Byte(ea)
else:
return idc.get_wide_byte(ea)
示例14
def getSegEnd(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.SegEnd(ea)
else:
return idc.get_segm_end(ea)
示例15
def MakeDWord(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.MakeDword(ea)
else:
return ida_bytes.create_data(ea, FF_DWORD, 4, idaapi.BADADDR)
示例16
def MakeQWord(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.MakeQword(ea)
else:
return ida_bytes.create_data(ea, FF_QWORD, 8, idaapi.BADADDR)
示例17
def MakeName(self, ea, name):
if idaapi.IDA_SDK_VERSION < 700:
return idc.MakeNameEx(ea, name, 256)
else:
return idc.set_name(ea, name, 256)
示例18
def __init__(self):
self._installed_views = set()
if idaapi.IDA_SDK_VERSION >= 670:
self._hooks = self._create_hooks(self._install_idabuddy)
self._install_timer = None
else:
self._install_timer = QtCore.QTimer()
connect_method_to_signal(self._install_timer, 'timeout()', self._on_install_timer)
self._hooks = None
示例19
def detectBackend():
backend = ""
version = ""
try:
import idaapi
import idautils
backend = "IDA"
version = idaapi.IDA_SDK_VERSION
except:
pass
return (backend, version)
示例20
def __init__(self):
if not IdaInterface.instance:
if idaapi.IDA_SDK_VERSION >= 740:
IdaInterface.instance = Ida74Interface()
else:
IdaInterface.instance = Ida73Interface()
示例21
def init(self):
global initialized
if initialized is False:
initialized = True
if idaapi.IDA_SDK_VERSION >= 700:
# populating action menus
action_desc = idaapi.action_desc_t(
'my:aboutaction', # The action name. This acts like an ID and must be unique
'About!', # The action text.
AboutHandler(), # The action handler.
'', # Optional: the action shortcut
'About X64dbg ida', # Optional: the action tooltip (available in menus/toolbar)
) # Optional: the action icon (shows when in menus/toolbars) use numbers 1-255
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/x64dbgida/',
'my:aboutaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:eksportaction',
'Export x64dbg database',
EksportHandler(),
'',
'Export x64dbg database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/x64dbgida/',
'my:eksportaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:importaction',
'Import (uncompressed) database',
ImportHandler(),
'',
'Import (uncompressed) database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/x64dbgida/',
'my:importaction',
idaapi.SETMENU_APP)
else:
print("Use version 1.0")
return idaapi.PLUGIN_KEEP
示例22
def execute_paint(function):
"""
A function decorator to safely paint the IDA database from any thread.
"""
@functools.wraps(function)
def wrapper(*args, **kwargs):
#
# the first argument passed to this decorator will be the
# IDAPainter class instance
#
ida_painter = args[0]
#
# we wrap up the remaining args (and paint function) into a single
# packaged up callable object (a functools.partial)
#
ff = functools.partial(function, *args, **kwargs)
#
# if we are using a 'bugged' downlevel version of IDA, package another
# callable to 'synchronize' a database write. This callable will get
# passed to the main thread and executed through the Qt event loop.
#
# the execute_sync should technically happy in-line, avoiding the
# possibility of deadlocks or aborts as described above.
#
if idaapi.IDA_SDK_VERSION < 710:
fff = functools.partial(idaapi.execute_sync, ff, idaapi.MFF_WRITE)
ida_painter._signal.mainthread.emit(fff)
return idaapi.BADADDR
#
# in IDA 7.1, the MFF_NOWAIT bug is definitely fixed, so we can just
# use it to schedule our paint action ... as designed.
#
return idaapi.execute_sync(ff, idaapi.MFF_NOWAIT | idaapi.MFF_WRITE)
return wrapper
#------------------------------------------------------------------------------
# IDA Painter
#------------------------------------------------------------------------------
示例23
def kernelcache_process(untag_pointers=True):
"""Process the kernelcache in IDA for the first time.
This function performs all the standard processing available in this module:
* Convert iOS 12's new static tagged pointers into normal kernel pointers.
* Parse the kernel's `__PRELINK_INFO.__info` section into a dictionary.
* Renames segments in IDA according to the names from the __PRELINK_INFO dictionary (split
kext format kernelcaches only).
* Converts pointers in data segments into offsets.
* Locates virtual method tables, converts them to offsets, and adds vtable symbols.
* Locates OSMetaClass instances for top-level classes and adds OSMetaClass symbols.
* Symbolicates offsets in `__got` sections and stub functions in `__stubs` sections.
* Symbolicates methods in vtables based on the method names in superclasses.
* Creates IDA structs representing the C++ classes in the kernel.
"""
import idaapi
import idc
def autoanalyze():
idc.Wait()
autoanalyze()
if (kernel.kernelcache_format == kernel.KC_12_MERGED
and untag_pointers
and idaapi.IDA_SDK_VERSION < 720):
print 'Processing tagged kernelcache pointers'
tagged_pointers.untag_pointers()
autoanalyze()
segment.initialize_segments()
print 'Initializing data offsets'
offset.initialize_data_offsets()
autoanalyze()
print 'Initializing vtables'
vtable.initialize_vtables()
autoanalyze()
vtable.initialize_vtable_symbols()
autoanalyze()
metaclass.initialize_metaclass_symbols()
if kernel.kernelcache_format == kernel.KC_11_NORMAL:
print 'Creating offset and stub symbols'
offset.initialize_offset_symbols()
autoanalyze()
stub.initialize_stub_symbols()
autoanalyze()
print 'Propagating vtable method symbols'
vtable.initialize_vtable_method_symbols()
print 'Initializing class structs'
class_struct.initialize_vtable_structs()
class_struct.initialize_class_structs()
autoanalyze()
print 'Done'
