def main():
# This should be run before the renamer, as it will find and help define more functions
func_added = runtime_init()
info('Found and successfully created %d functions!' % func_added)
# This should prevent the script from locking up due to the auto initalizer
idaapi.autoWait()
# Should be run after the function initializer,
renamed = renamer_init()
info('Found and successfully renamed %d functions!' % renamed)
# Attempt to rename all function pointers after we have all the functions and proper function names
pointers_renamed = pointer_renamer()
info('Found and successfully renamed %d function pointers!' % pointers_renamed)
# Attempt to find all string loading idioms
strings_added = strings_init()
info('Found and successfully created %d strings!' % strings_added)
python类autoWait()的实例源码
def PLUGIN_ENTRY():
"""
IDAPython plugin wrapper
"""
idaapi.autoWait()
return SkelenoxPlugin()
def add(start, **end):
"""Make a function at the address ``start``.
If the address ``end`` is specified, then stop processing the function at it's address.
"""
start = interface.address.inside(start)
end = end.get('end', idaapi.BADADDR)
ok = idaapi.add_func(start, end)
idaapi.autoWait()
return ok
def add(start, **end):
"""Make a function at the address ``start``.
If the address ``end`` is specified, then stop processing the function at it's address.
"""
start = interface.address.inside(start)
end = end.get('end', idaapi.BADADDR)
ok = idaapi.add_func(start, end)
idaapi.autoWait()
return ok
def add(start, **end):
"""Make a function at the address ``start``.
If the address ``end`` is specified, then stop processing the function at it's address.
"""
start = interface.address.inside(start)
end = end.get('end', idaapi.BADADDR)
ok = idaapi.add_func(start, end)
idaapi.autoWait()
return ok
def add(start, **end):
"""Make a function at the address ``start``.
If the address ``end`` is specified, then stop processing the function at it's address.
"""
start = interface.address.inside(start)
end = end.get('end', idaapi.BADADDR)
ok = idaapi.add_func(start, end)
idaapi.autoWait()
return ok
def wait():
return idaapi.autoWait()
def add(start, **end):
"""Make a function at the address ``start``.
If the address ``end`` is specified, then stop processing the function at it's address.
"""
start = interface.address.inside(start)
end = end.get('end', idaapi.BADADDR)
ok = idaapi.add_func(start, end)
idaapi.autoWait()
return ok
def add(start, **end):
"""Make a function at the address ``start``.
If the address ``end`` is specified, then stop processing the function at it's address.
"""
start = interface.address.inside(start)
end = end.get('end', idaapi.BADADDR)
ok = idaapi.add_func(start, end)
idaapi.autoWait()
return ok
def add(start, **end):
"""Make a function at the address ``start``.
If the address ``end`` is specified, then stop processing the function at it's address.
"""
start = interface.address.inside(start)
end = end.get('end', idaapi.BADADDR)
ok = idaapi.add_func(start, end)
idaapi.autoWait()
return ok
def check_address(address):
# Checks if given address contains virtual table. Returns True if more than 2 function pointers found
# Also if table's addresses point to code in executable section, than tries to make functions at that addresses
functions_count = 0
while True:
func_address = idaapi.get_64bit(address) if Const.EA64 else idaapi.get_32bit(address)
# print "[INFO] Address 0x{0:08X}".format(func_address)
if Helper.is_code_ea(func_address) or Helper.is_imported_ea(func_address):
functions_count += 1
address += Const.EA_SIZE
else:
segment = idaapi.getseg(func_address)
if segment and segment.perm & idaapi.SEGPERM_EXEC:
idc.MakeUnknown(func_address, 1, idaapi.DOUNK_SIMPLE)
if idc.MakeFunction(func_address):
functions_count += 1
address += Const.EA_SIZE
continue
break
idaapi.autoWait()
return functions_count
def wait_for_analysis_to_finish(self):
logger.debug("[+] waiting for analysis to finish...")
idaapi.autoWait()
idc.Wait()
logger.debug("[+] analysis finished.")
def main():
if os.getenv("DIAPHORA_AUTO") is not None:
file_out = os.getenv("DIAPHORA_EXPORT_FILE")
if file_out is None:
raise Exception("No export file specified!")
use_decompiler = os.getenv("DIAPHORA_USE_DECOMPILER")
if use_decompiler is None:
use_decompiler = False
idaapi.autoWait()
if os.path.exists(file_out):
if g_bindiff is not None:
g_bindiff = None
remove_file(file_out)
log("Database %s removed" % repr(file_out))
bd = CIDABinDiff(file_out)
bd.use_decompiler_always = use_decompiler
bd.export()
idaapi.qexit(0)
else:
_diff_or_export(True)
def Wait():
"""
Process all entries in the autoanalysis queue
Wait for the end of autoanalysis
@note: This function will suspend execution of the calling script
till the autoanalysis queue is empty.
"""
return idaapi.autoWait()
def set_start_stop(self, ftype):
assert_ida_available()
import idc
import idaapi
import idautils
fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
for x in idautils.Functions()}
start = idc.BeginEA()
stop = 0
if ftype == PE:
start, stop = fun_mapping["start"]
else:
if not idc.isCode(idc.GetFlags(start)):
if idc.MakeCode(start) == 0:
print "Fail to decode instr !"
idaapi.autoWait()
if idc.GetFunctionName(start) == "":
if idc.MakeFunction(start) == 0:
print "Fail to create function !"
idaapi.autoWait()
fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
for x in idautils.Functions()}
if "main" in fun_mapping:
start, stop = fun_mapping["main"]
elif "start" in fun_mapping:
if "__libc_start_main" in fun_mapping:
instrs = list(idautils.FuncItems(fun_mapping["start"][0]))
instrs.reverse()
for inst in instrs:
arg1 = idc.GetOperandValue(inst, 0)
if idc.GetMnem(inst) == "push":
start, stop = arg1, fun_mapping["start"][1]
break
else:
start, stop = fun_mapping["start"]
self.config.start, self.config.stop = start, stop
def disassemble_from_trace(self):
try:
index = self.traces_tab.currentIndex()
trace = self.core.traces[self.id_map[index]]
self.disassemble_button.setFlat(True)
found_match = False
for k, inst in trace.instrs.items():
if k in trace.metas:
for name, arg1, arg2 in trace.metas[k]:
if name == "wave":
self.parent.log("LOG", "Wave n°%d encountered at (%s,%x) stop.." % (arg1, k, inst.address))
prev_inst = trace.instrs[k-1]
idc.MakeComm(prev_inst.address, "Jump into Wave %d" % arg1)
self.disassemble_button.setFlat(False)
return
# TODO: Check that the address is in the address space of the program
if not idc.isCode(idc.GetFlags(inst.address)):
found_match = True
# TODO: Add an xref with the previous instruction
self.parent.log("LOG", "Addr:%x not decoded as an instruction" % inst.address)
if idc.MakeCode(inst.address) == 0:
self.parent.log("ERROR", "Fail to decode at:%x" % inst.address)
else:
idaapi.autoWait()
self.parent.log("SUCCESS", "Instruction decoded at:%x" % inst.address)
if not found_match:
self.parent.log("LOG", "All instruction are already decoded")
self.disassemble_button.setFlat(False)
except KeyError:
print "No trace found to use"
def main():
base_addr = 0
ea = 0
idc.MakeFunction(ea)
# heuristic
while(true):
mnemonic = idc.GetMnem(ea)
if "LDR" in mnemonic:
base_str = idc.GetOpnd(ea, 1)
base_addr = int(base_str.split("=")[1], 16)
break
ea += 4
print("[+] rebasing to address 0x%x" % (base_addr))
idc.rebase_program(base_addr, idc.MSF_FIXONCE)
idaapi.autoWait()
segment_start = base_addr
segment_end = idc.GetSegmentAttr(segment_start, idc.SEGATTR_END)
ea = segment_start
print("[+] searching and defining functions")
while ea != idc.BADADDR:
ea = idc.FindBinary(ea, idc.SEARCH_DOWN, "BF A9", 16)
if ea != idc.BADADDR:
ea = ea - 2
if (ea % 4) == 0 and idc.GetFlags(ea) < 0x200:
# print("[+] defining a function at 0x%x" % (ea))
idc.MakeFunction(ea)
ea = ea + 4
idc.AnalyzeArea(segment_start, segment_end)
idaapi.autoWait()
