def color_head(ea):
flags = idc.GetFlags(ea)
if not idc.isCode(flags):
return
mnem = idc.GetMnem(ea)
if mnem == 'call':
logger.debug('call: 0x%x', ea)
idc.SetColor(ea, idc.CIC_ITEM, CALL_COLOR)
elif mnem == 'xor':
if idc.GetOpnd(ea, 0) != idc.GetOpnd(ea, 1):
logger.debug('non-zero xor: 0x%x', ea)
idc.SetColor(ea, idc.CIC_ITEM, ENCRYPT_COLOR)
elif mnem in ('sdit', 'sgdt', 'sldt', 'smsw', 'str', 'in', 'cpuid'):
logger.debug('anti-vm: 0x%x', ea)
idc.SetColor(ea, idc.CIC_ITEM, ANTIANALYSIS_COLOR)
elif mnem == 'in':
if idc.GetOpnd(ea, 0) in ("3", "2D"):
logger.debug('anti-debug: 0x%x', ea)
idc.SetColor(ea, idc.CIC_ITEM, ANTIANALYSIS_COLOR)
elif mnem in ('rdtsc', 'icebp'):
logger.debug('anti-debug: 0x%x', ea)
idc.SetColor(ea, idc.CIC_ITEM, ANTIANALYSIS_COLOR)
python类CIC_ITEM的实例源码
def heatmap_trace(self):
try:
index = self.traces_tab.currentIndex()
trace = self.core.traces[self.id_map[index]]
if self.heatmaped:
self.heatmap_button.setText("Heatmap")
color = lambda x: 0xffffff
else:
self.heatmap_button.setText("Heatmap undo")
self.heatmap_button.setFlat(True)
hit_map = trace.address_hit_count
color_map = self.compute_step_map(set(hit_map.values()))
print color_map
color = lambda x: color_map[hit_map[x]]
for inst in trace.instrs.values():
if idc.isCode(idc.GetFlags(inst.address)):
c = color(inst.address)
idc.SetColor(inst.address, idc.CIC_ITEM, c)
if not self.heatmaped:
self.heatmap_button.setFlat(False)
self.heatmaped = True
else:
self.heatmaped = False
except KeyError:
print "No trace found"
def handleUnhookInst(self, screenEA = None):
if screenEA is not None:
address = screenEA
else:
address = ScreenEA()
if self.hookedInstruction(address) == False:
return
entry = self.idbHookMap[address]
outJSON = json.dumps({
"req_id": kFridaLink_DelHookRequest,
"data": entry.genDelRequest()
})
del self.idbHookMap[address]
self.clientSocket.sendto(outJSON, self.clientAddress)
SetColor(address, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
self.idbHooksView.setContent(self.idbHookMap)
def handleDebugContinue(self):
if self.clientSocket is None:
return
if self.debugBreakId is None:
return
outJSON = json.dumps({
"req_id": kFridaLink_DebugContinue,
})
self.clientSocket.sendto(outJSON, self.clientAddress)
if self.debugBreakId in self.idbHookMap:
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_HookedInst)
else:
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
self.debugBreakId = None
def syncReplacedFuncs(self):
if self.clientSocket is None:
fl_log("FridaLink: Frida not connected\n");
return
for key in self.funcReplaceMap:
entry = self.funcReplaceMap[key]
outJSON = json.dumps({
"req_id": kFridaLink_SetReplaceRequest,
"data": entry.genSetRequest()
})
if entry.moduleImport == False:
SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_ReplacedFunc)
self.clientSocket.sendto(outJSON, self.clientAddress)
refresh_idaview_anyway()
def ColorCompare(self):
DEBUG_PRINT( "in ColorCompare")
if self.colorsnapshot=={}:
return
else:
for ea in self.colorsnapshot.keys():
ea_currentcolor = idc.GetColor(ea,idc.CIC_ITEM)
# print 'ea ' + hex(ea) + 'pre color'+ hex(self.colorsnapshot[ea]) + ' current color' + hex(ea_currentcolor)
if self.colorsnapshot[ea] != ea_currentcolor:
if ea == self.lastnode_ea:
continue
g_ColorSnapshot.data[ea] = ea_currentcolor
# print 'different happen ' + hex (ea)
g_ColorSnapshot.Save()
# for ea in g_ColorSnapshot.data.keys():
# idc.Message( hex(ea) + ' ' )
self.colorsnapshot = {} # may not be useful
return
def set_color(addr, color):
idc.SetColor(addr, idc.CIC_ITEM, color)
def MySetColor(ea, rgb_color):
""" Set RGB color of one instruction or data at ea. """
# SetColor does not return success or failure
idc.SetColor(ea, idc.CIC_ITEM, rgb_to_bgr_color(rgb_color))
def highlight_dependency(self, enabled):
if self.results.has_formula():
color = 0xffffff if enabled else 0x98FF98
for addr in self.formula.get_addresses():
idc.SetColor(addr, idc.CIC_ITEM, color)
else:
print "woot ?"
self.actions[self.HIGHLIGHT_CODE] = (self.highlight_dependency, not enabled)
self.result_widget.action_selector_changed(self.HIGHLIGHT_CODE)
def highlight_dead_code(self, enabled):
curr_fun = idaapi.get_func(idc.here()).startEA
cfg = self.functions_cfg[curr_fun]
# for cfg in self.functions_cfg.values():
for bb in cfg.values():
color = {Status.DEAD: 0x5754ff, Status.ALIVE: 0x98FF98, Status.UNKNOWN: 0xaa0071}[bb.status]
color = 0xFFFFFF if enabled else color
for i in bb:
idc.SetColor(i, idc.CIC_ITEM, color)
self.actions[HIGHLIGHT_DEAD_CODE] = (self.highlight_dead_code, not enabled)
self.result_widget.action_selector_changed(HIGHLIGHT_DEAD_CODE)
def highlight_spurious(self, enabled):
print "Highlight spurious clicked !"
curr_fun = idaapi.get_func(idc.here()).startEA
cfg = self.functions_cfg[curr_fun]
color = 0xFFFFFF if enabled else 0x507cff
for bb in [x for x in cfg.values() if x.is_alive()]: # Iterate only alive basic blocks
for i, st in bb.instrs_status.items():
if st == Status.DEAD: # Instructions dead in alive basic blocks are spurious
idc.SetColor(i, idc.CIC_ITEM, color)
self.actions[HIGHLIGHT_SPURIOUS_CALCULUS] = (self.highlight_spurious, not enabled)
self.result_widget.action_selector_changed(HIGHLIGHT_SPURIOUS_CALCULUS)
def highlight_dead(self, enabled):
opaque_map = {k: self.make_po_pair(k, v.alive_branch) for k, v in self.results.items()
if v.status == po_analysis_results.OPAQUE}
for addr, (good, dead) in opaque_map.items():
if not enabled: # Mark instructions
print "propagate dead branch:%x" % addr
self.propagate_dead_code(dead, opaque_map)
else:
for addr2 in self.marked_addresses.keys():
idc.SetColor(addr2, idc.CIC_ITEM, 0xffffff)
self.marked_addresses.clear()
self.actions[self.HIGHLIGHT_DEAD_BRANCHES] = (self.highlight_dead, not enabled)
self.result_widget.action_selector_changed(self.HIGHLIGHT_DEAD_BRANCHES)
def propagate_dead_code(self, ea, op_map):
prevs = [x for x in idautils.CodeRefsTo(ea, True) if x not in self.marked_addresses and
not self.dead_br_of_op(ea, x, op_map)]
if prevs: # IF there is no legit predecessors
idc.SetColor(ea, idc.CIC_ITEM, 0x0000ff)
self.marked_addresses[ea] = None
succs = [x for x in idautils.CodeRefsFrom(ea, True)]
for succ in succs:
self.propagate_dead_code(succ, op_map)
else:
return
def resetHookedColors(self):
for key in self.idbHookMap:
entry = self.idbHookMap[key]
if entry.hook.type == "inst":
SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_Reset)
elif entry.hook.type == "func":
SetColor(entry.hook.id, CIC_FUNC, kIDAViewColor_Reset)
refresh_idaview_anyway()
def syncIdbHooks(self):
# install IDB hooks
for key in self.idbHookMap:
entry = self.idbHookMap[key]
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
if entry.hook.type == "inst":
SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_HookedInst)
elif entry.hook.type == "func":
SetColor(entry.hook.id, CIC_FUNC, kIDAViewColor_HookedFunc)
self.clientSocket.sendto(outJSON, self.clientAddress)
refresh_idaview_anyway()
def handleQuickInstHook(self, address, once, breakpoint=False):
# safety checks, can be start of the function
if address in self.idbHookMap and self.idbHookMap[address].hook.type == "func":
dlg = AskYN(0, "Address contains function hook!\nDo you want to remove it?")
if dlg != 1:
return
# remove function hook
self.handleUnhookFunc(address)
offset, moduleName = self.getAddressDetails(address)
hook = InstHook()
hook.id = address
hook.mnemonic = GetDisasm(address)
hook.address = offset
hook.module = moduleName
hook.once = once
hook.breakpoint = breakpoint
entry = HookEntry(hook)
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst)
refresh_idaview_anyway()
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[address] = entry
self.idbHooksView.setContent(self.idbHookMap)
def resetBreakColors(self):
if self.debugBreakId != None:
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset)
def resetReplacedColors(self):
for key in self.funcReplaceMap:
entry = self.funcReplaceMap[key]
SetColor(entry.id, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
def _declareMemberVars(self):
self._dbDict = {}
self.insCount = 0
self._tables = []
self._tablelist = [] # the functions have comments [addr,name,show]
self.BACKWORD = 1 # Default show forward
self._choose_id = -1
self._choose_idx = -1
self._choose_ea = 0
self.tbls = []
self._global = 1
self.lastnode_ea = 0
self.lastnode_color = 0x0
self.colorsnapshot = {}
self.colorsnapshot_startEA = 0
self.CIC_ID = idc.CIC_ITEM #default
self.max_ea = 0
self.max_idx = 0
self.min_ea = 0
self.min_idx = 0
self.IDA_LF_COLOR_ORIGIN = idapython.GetTrueBackgroundColorHexRGB()
if (idapython.IsBackgroundDark()): #You an change the color you like here.
self.IDA_LF_COLOR_TAG = 0x1E5374
self.IDA_LF_COLOR_LOOP1 = 0x66FF66
self.IDA_LF_COLOR_LOOP2 = 0xFFCC66
self.IDA_LF_COLOR_LOOP3 = 0xCCCCFF
else:
self.IDA_LF_COLOR_TAG = 0x80ECFF
self.IDA_LF_COLOR_LOOP1 = 0x66FF66
self.IDA_LF_COLOR_LOOP2 = 0xFFCC66
self.IDA_LF_COLOR_LOOP3 = 0xCCCCFF
def _showComms(self, startAddr, endAddr, id):
self.ColorCompare()
self._delComms(startAddr, endAddr) # keep or remove?
print '_showComms start 0x%x, end 0x%x'%(startAddr,endAddr)
self.colorsnapshot_startEA = startAddr
self.colorsnapshot = {}
for ea in range(startAddr, endAddr+1):
if ea in self._dbDict.keys():
self._ApdComm(ea, id)
self.colorsnapshot[ea] = idc.GetColor(ea,self.CIC_ID)
if ea not in g_ColorSnapshot.data.keys() and self.IDA_LF_COLOR_ORIGIN != idc.GetColor(ea,idc.CIC_ITEM):
# print 'line color ' + hex(idc.GetColor(ea,idc.CIC_ITEM))
g_ColorSnapshot.data[ea] = idapython.GetLineColor(ea)
g_ColorSnapshot.Save()
return
def handleHookInstCust(self, screenEA = None):
if screenEA is not None:
address = screenEA
else:
address = ScreenEA()
# safety checks, can be start of the function
if address in self.idbHookMap and self.idbHookMap[address].hook.type == "func":
dlg = AskYN(0, "Address contains function hook!\nDo you want to remove it?")
if dlg != 1:
return
# remove function hook
self.handleUnhookFunc(address)
offset, moduleName = self.getAddressDetails(address)
hookDlg = InstructionHookDialog(moduleName, "%X" % address, GetDisasm(address), None)
hookDlg.Compile()
hookDlg.script.value = ""
ok = hookDlg.Execute()
if ok != 1:
return
hook = InstHook()
hook.id = address
hook.mnemonic = GetDisasm(address)
hook.address = offset
hook.module = moduleName
hook.once = True if hookDlg.trigger.value == 0 else False
hook.recentScriptFile = hookDlg.recentScriptFile
hook.script = hookDlg.script.value
entry = HookEntry(hook)
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst)
refresh_idaview_anyway()
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[address] = entry
self.idbHooksView.setContent(self.idbHookMap)
def handleDebugStepOver(self):
if self.clientSocket is None:
return
if self.debugBreakId is None:
return
cur_ea = self.debugBreakId
decode_insn(cur_ea)
next_ea = cur_ea + idaapi.cmd.size
if isCode(getFlags(next_ea)) == False:
return
entry = None
# remove current
if self.debugBreakId in self.idbHookMap:
entry = self.idbHookMap[self.debugBreakId]
outJSON = json.dumps({
"req_id": kFridaLink_DelHookRequest,
"data": entry.genDelRequest()
})
del self.idbHookMap[self.debugBreakId]
self.clientSocket.sendto(outJSON, self.clientAddress)
SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset)
refresh_idaview_anyway()
offset, moduleName = self.getAddressDetails(next_ea)
# install next
if entry == None:
hook = InstHook()
hook.id = next_ea
hook.once = once
hook.breakpoint = True
entry = HookEntry(hook)
entry.hook.id = next_ea
entry.hook.mnemonic = GetDisasm(next_ea)
entry.hook.address = offset
entry.hook.module = moduleName
outJSON = json.dumps({
"req_id": kFridaLink_SetHookRequest,
"data": entry.genSetRequest()
})
self.clientSocket.sendto(outJSON, self.clientAddress)
self.idbHookMap[next_ea] = entry
self.idbHooksView.setContent(self.idbHookMap)
self.handleDebugContinue()
