olari/ida-scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
ecx86
2018-07-31 23:56:55 -04:00
commit d22ae25852
6 changed files with 248 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
.gitignore vendored Normal file
View File

@@ -0,0 +1,104 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
.pytest_cache/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# pyenv
.python-version
# celery beat schedule file
celerybeat-schedule
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2018 ecx86
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

4
README.md Normal file
View File

@@ -0,0 +1,4 @@
# ida-scripts
Collection of IDA Pro/Hex-Rays scripts
Tested on IDA7.0 since I am too broke to afford IDA7.1

111
force_lvar_width.py Normal file
View File

@@ -0,0 +1,111 @@
""" Forcibly change the width of an lvar.
Useful for making an lvar smaller (which Hex-Rays does not let you do apparently)
Tags (for search engines):
IDA Pro Hex-Rays make stack variable smaller force variable size decrease width delete variable split up break up variable into smaller
"""
import idautils
import idaapi
import idc
import ida_hexrays
import traceback
force_width_actname = "forcelvarwidth:forcewidth"
class force_width_action_handler_t(idaapi.action_handler_t):
def __init__(self, callback_info):
idaapi.action_handler_t.__init__(self)
self.callback_info = callback_info
def activate(self, ctx):
vdui = idaapi.get_widget_vdui(ctx.widget)
self.callback_info.gui_action_callback(vdui)
return 1
def update(self, ctx):
return idaapi.AST_ENABLE_FOR_WIDGET if \
ctx.widget_type == idaapi.BWN_PSEUDOCODE else \
idaapi.AST_DISABLE_FOR_WIDGET
class hexrays_callback_info(object):
def __init__(self):
self.vu = None
return
def load(self):
return
def save(self):
return
def do_force_width(self, cfunc, insn):
if insn.opname != 'if':
return False
cif = insn.details
if not cif.ithen or not cif.ielse:
return False
idaapi.qswap(cif.ithen, cif.ielse)
cond = idaapi.cexpr_t(cif.expr)
notcond = idaapi.lnot(cond)
cif.expr.swap(notcond)
return True
def gui_action_callback(self, vu):
cfunc = vu.cfunc.__deref__()
if not vu.get_current_item(idaapi.USE_KEYBOARD):
print "Force lvar width: you don't have anything selected"
return False
badlv = vu.item.get_lvar()
if not badlv:
print "Force lvar width: you don't have an lvar selected"
return False
new_width = idc.AskLong(badlv.width, "Enter the new width for " + badlv.name)
if new_width == None: # cancelled
print "Force lvar width: operation cancelled"
return False
if new_width <= 0:
print "Force lvar width: not allowed. Non-positive width will crash IDA"
return False
badlv.set_width(new_width)
print 'Set the type in IDA (Y) for it to apply'
idaapi.process_ui_action('hx:SetType')
# vu.refresh_ctext()
print 'Force lvar width: OK.'
return True
def event_callback(self, event, *args):
if event == idaapi.hxe_populating_popup:
widget, phandle, vu = args
res = idaapi.attach_action_to_popup(vu.ct, None, force_width_actname)
return 0
if idaapi.init_hexrays_plugin():
i = hexrays_callback_info()
idaapi.register_action(
idaapi.action_desc_t(
force_width_actname,
"Force lvar width",
force_width_action_handler_t(i),
"Shift-W"))
idaapi.install_hexrays_callback(i.event_callback)
else:
print 'Force lvar width: hexrays is not available.'

3
idbdumpowner.py Normal file
View File

@@ -0,0 +1,3 @@
import idaapi
import binascii
print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))

5
idbupdateowner.py Normal file
View File

@@ -0,0 +1,5 @@
import idaapi
import binascii
dumped_netnode_value ='ca75b28848ea06bcae409699fa2510a03bbaf43bd167eecb17d52918187133a793ebf8d3270230c7164d7a79b53c2c3edd611ede975690784cf2c254abe8b587140d19a3f46b2be109bde1da1b7ed4d7c9f7b58135f2c296db4e86ad29b6f0b999b5599d40c3bae8b29d2cc06ecef63cba0e1b9a9505c1efe9019a7020127e100000000000000000000000000000000000000000000000000000000000000000'
idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info
idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))