From d22ae25852774a7980e8bc1ba81617c7139b72ee Mon Sep 17 00:00:00 2001
From: ecx86 <ecx86@users.noreply.github.com>
Date: Tue, 31 Jul 2018 23:56:55 -0400
Subject: [PATCH] Initial commit

---
 .gitignore          | 104 +++++++++++++++++++++++++++++++++++++++++
 LICENSE             |  21 +++++++++
 README.md           |   4 ++
 force_lvar_width.py | 111 ++++++++++++++++++++++++++++++++++++++++++++
 idbdumpowner.py     |   3 ++
 idbupdateowner.py   |   5 ++
 6 files changed, 248 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 force_lvar_width.py
 create mode 100644 idbdumpowner.py
 create mode 100644 idbupdateowner.py

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..894a44c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,104 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..166590a
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 ecx86
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f342054
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+# ida-scripts
+Collection of IDA Pro/Hex-Rays scripts
+
+Tested on IDA7.0 since I am too broke to afford IDA7.1
diff --git a/force_lvar_width.py b/force_lvar_width.py
new file mode 100644
index 0000000..abde677
--- /dev/null
+++ b/force_lvar_width.py
@@ -0,0 +1,111 @@
+""" Forcibly change the width of an lvar.
+Useful for making an lvar smaller (which Hex-Rays does not let you do apparently)
+Tags (for search engines):
+IDA Pro Hex-Rays make stack variable smaller force variable size decrease width delete variable split up break up variable into smaller
+"""
+
+import idautils
+import idaapi
+import idc
+import ida_hexrays
+
+import traceback
+
+force_width_actname = "forcelvarwidth:forcewidth"
+
+class force_width_action_handler_t(idaapi.action_handler_t):
+    def __init__(self, callback_info):
+        idaapi.action_handler_t.__init__(self)
+        self.callback_info = callback_info
+
+    def activate(self, ctx):
+        vdui = idaapi.get_widget_vdui(ctx.widget)
+        self.callback_info.gui_action_callback(vdui)
+        return 1
+
+    def update(self, ctx):
+        return idaapi.AST_ENABLE_FOR_WIDGET if \
+            ctx.widget_type == idaapi.BWN_PSEUDOCODE else \
+            idaapi.AST_DISABLE_FOR_WIDGET
+
+
+class hexrays_callback_info(object):
+
+    def __init__(self):
+        self.vu = None
+        return
+
+    def load(self):
+        return
+
+    def save(self):
+        return
+
+    def do_force_width(self, cfunc, insn):
+
+        if insn.opname != 'if':
+            return False
+
+        cif = insn.details
+
+        if not cif.ithen or not cif.ielse:
+            return False
+
+        idaapi.qswap(cif.ithen, cif.ielse)
+        cond = idaapi.cexpr_t(cif.expr)
+        notcond = idaapi.lnot(cond)
+
+        cif.expr.swap(notcond)
+
+        return True
+
+    def gui_action_callback(self, vu):
+
+        cfunc = vu.cfunc.__deref__()
+        
+        if not vu.get_current_item(idaapi.USE_KEYBOARD):
+            print "Force lvar width: you don't have anything selected"
+            return False
+            
+        badlv = vu.item.get_lvar()
+        if not badlv:
+            print "Force lvar width: you don't have an lvar selected"
+            return False
+
+        new_width = idc.AskLong(badlv.width, "Enter the new width for " + badlv.name)
+        if new_width == None: # cancelled
+            print "Force lvar width: operation cancelled"
+            return False
+
+        if new_width <= 0:
+            print "Force lvar width: not allowed. Non-positive width will crash IDA"
+            return False
+
+        badlv.set_width(new_width)
+        print 'Set the type in IDA (Y) for it to apply'
+        idaapi.process_ui_action('hx:SetType')
+
+        # vu.refresh_ctext()
+        print 'Force lvar width: OK.'
+        return True
+
+    def event_callback(self, event, *args):
+
+        if event == idaapi.hxe_populating_popup:
+            widget, phandle, vu = args
+            res = idaapi.attach_action_to_popup(vu.ct, None, force_width_actname)
+
+        return 0
+
+if idaapi.init_hexrays_plugin():
+    i = hexrays_callback_info()
+    idaapi.register_action(
+        idaapi.action_desc_t(
+            force_width_actname,
+            "Force lvar width",
+            force_width_action_handler_t(i),
+            "Shift-W"))
+    idaapi.install_hexrays_callback(i.event_callback)
+else:
+    print 'Force lvar width: hexrays is not available.'
+
diff --git a/idbdumpowner.py b/idbdumpowner.py
new file mode 100644
index 0000000..f44c3d1
--- /dev/null
+++ b/idbdumpowner.py
@@ -0,0 +1,3 @@
+import idaapi
+import binascii
+print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))
diff --git a/idbupdateowner.py b/idbupdateowner.py
new file mode 100644
index 0000000..61b6e8f
--- /dev/null
+++ b/idbupdateowner.py
@@ -0,0 +1,5 @@
+import idaapi
+import binascii
+dumped_netnode_value ='ca75b28848ea06bcae409699fa2510a03bbaf43bd167eecb17d52918187133a793ebf8d3270230c7164d7a79b53c2c3edd611ede975690784cf2c254abe8b587140d19a3f46b2be109bde1da1b7ed4d7c9f7b58135f2c296db4e86ad29b6f0b999b5599d40c3bae8b29d2cc06ecef63cba0e1b9a9505c1efe9019a7020127e100000000000000000000000000000000000000000000000000000000000000000'
+idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info
+idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))