commit daa40bb0dae3f48a7c8d978c38b3ebdbc24b0175 Author: Google Code Exporter Date: Sat Mar 14 16:01:41 2015 -0400 Migrating wiki contents from Google Code diff --git a/Building.md b/Building.md new file mode 100644 index 0000000..65f0b95 --- /dev/null +++ b/Building.md @@ -0,0 +1,3 @@ +# Building IDAPython From Sources # + +Please see the BUILDING.txt file from the source package. \ No newline at end of file diff --git a/DocumentationPage.md b/DocumentationPage.md new file mode 100644 index 0000000..a83c19a --- /dev/null +++ b/DocumentationPage.md @@ -0,0 +1,6 @@ +# IDAPython Documentation # + + * [Building](Building.md) + * InstallationInstructions + * UsageInstructions + * KnownUses \ No newline at end of file diff --git a/Downloads.md b/Downloads.md new file mode 100644 index 0000000..4b4a221 --- /dev/null +++ b/Downloads.md @@ -0,0 +1,5 @@ +# Introduction # + +Please download latest build from this Google Drive location: + +http://bit.ly/1hVrznO \ No newline at end of file diff --git a/ExampleScripts.md b/ExampleScripts.md new file mode 100644 index 0000000..1354e6f --- /dev/null +++ b/ExampleScripts.md @@ -0,0 +1,103 @@ +# Script Examples # + +This little script enumerates all functions in the current segment (section) and lists all places that reference them. +The following are three different implementations of the same functionality. First using IDC, then idapython with low-level +IDA API calls and last using IDAPython's **idautils** helper module. + + +## IDC version ## +``` +// +// Reference Lister +// +// List all functions and all references to them in the current section. +// +// Implemented in IDC +// +#include + +static main() +{ + auto ea, func, ref; + + // Get current ea + ea = ScreenEA(); + + // Loop from start to end in the current segment + for (func=SegStart(ea); + func != BADADDR && func < SegEnd(ea); + func=NextFunction(func)) + { + // If the current address is function process it + if (GetFunctionFlags(func) != -1) + { + Message("Function %s at 0x%x\n", GetFunctionName(func), func); + + // Find all code references to func + for (ref=RfirstB(func); ref != BADADDR; ref=RnextB(func, ref)) + { + Message(" called from %s(0x%x)\n", GetFunctionName(ref), ref); + } + + } + } +} +``` + +## Python with low-level API calls ## + +``` +# +# Reference Lister +# +# List all functions and all references to them in the current section. +# +# Implemented using direct IDA Plugin API calls +# +from idaapi import * + +# Get current ea +ea = get_screen_ea() + +# Get segment class +seg = getseg(ea) + +# Loop from segment start to end +func = get_func(seg.startEA) + +while func is not None and func.startEA < seg.endEA: + funcea = func.startEA + print "Function %s at 0x%x" % (GetFunctionName(funcea), funcea) + + ref = get_first_cref_to(funcea) + + while ref != BADADDR: + print " called from %s(0x%x)" % (get_func_name(ref), ref) + ref = get_next_cref_to(funcea, ref) + + func = get_next_func(funcea) +``` + +## Python with the idautils module ## + +``` +# +# Reference Lister +# +# List all functions and all references to them in the current section. +# +# Implemented with the idautils module +# +from idautils import * + +# Get current ea +ea = ScreenEA() + +# Loop from start to end in the current segment +for funcea in Functions(SegStart(ea), SegEnd(ea)): + print "Function %s at 0x%x" % (GetFunctionName(funcea), funcea) + + # Find all code references to funcea + for ref in CodeRefsTo(funcea, 1): + print " called from %s(0x%x)" % (GetFunctionName(ref), ref) +``` \ No newline at end of file diff --git a/InstallationInstructions.md b/InstallationInstructions.md new file mode 100644 index 0000000..044fbab --- /dev/null +++ b/InstallationInstructions.md @@ -0,0 +1,18 @@ +# Installation Instructions # + + * Check your Python version 2.4 or 2.5 installation + * It comes with most Linux distros by default + * For Windows you can get it from http://www.python.org/ + * Copy the ''python'' directory with its contents to the IDA Pro install directory (%IDADIR%) + * Copy the plugin executable to ''%IDADIR%\plugins\'' + +The next time a file is loaded the following text should appear in the message window. + +``` +--------------------------------------------------- +IDAPython version 0.9.0 final (serial 0) initialized +Python interpreter version 2.4.4 final (serial 0) +--------------------------------------------------- +``` + +The plugin is now ready for use as described in the UsageInstructions. \ No newline at end of file diff --git a/KnownUses.md b/KnownUses.md new file mode 100644 index 0000000..62a2911 --- /dev/null +++ b/KnownUses.md @@ -0,0 +1,26 @@ +# Known uses of IDAPython # + + +[PaiMei](http://pedram.openrce.org/PaiMei/docs/) by Pedram Amini + +> "PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more." + +[ida2sql](http://www.dkbza.org/ida2sql.html) by Ero Carrera + +> "ida2sql is the Python module in charge of exporting the disassembly information from IDA into the SQL Schema we developed in Sabre-Security for our BinNavi product." + +[idb2reml](http://dkbza.org/idb2reml.html) by Ero Carrera + +> "idb2reml allows information from IDA to be exported into an XML format (REML) which can be futher processed with custom scripts. A useful script to use in conjuction with idb2reml is [pyreml](http://dkbza.org/pyreml.html)" + +[IDAAPIHelp](http://www.reconstructer.org/code.html) by Frank Boldewin + +> "IDAAPIHelp is a small IDAPython script, that saves time when searching for API Information while e.g. analyzing a malware with IDA Pro. It looks at cursor position for a valid api call and if found it tries to show you the eligible API Info from the provided helpfile." + +[MFC42Ord2FuncNames](http://www.reconstructer.org/code.html) by Frank Boldewin + +> "MFC42Ord2FuncNames is a small IDAPython script which converts MFC42 functions into its realnames. Normally IDA Pro should do this automatically, but in some cases the IDA auto-analysis fails." + +[vbpython](http://reversingitout.blogspot.com/2008/01/again-on-visual-basic.html) by Paolo Palumbo + +> "For IDAPython users, I have created a complete python script that handles Visual Basic written programs." \ No newline at end of file diff --git a/ProjectHome.md b/ProjectHome.md new file mode 100644 index 0000000..c041318 --- /dev/null +++ b/ProjectHome.md @@ -0,0 +1,100 @@ +# IDAPython in a Nutshell # + +IDAPython is an IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro. These programs have access to IDA Plugin API, IDC and all modules available for Python. The power of IDA Pro and Python provides a platform for easy prototyping of reverse engineering and other research tools. + +# News # + +**2015-02-07**: Version 1.7.1 +``` +* IDA Pro 6.7 support - Thanks to the Hex-Rays team for contributing this new release! + +* Added support for the new set of functions for dealing with user-provided actions +* add idaapi.get_kernel_version() +* added ability to build IDAPython with Hex-Rays bindings by specifying a path to a directory where to find the 'hexrays.hpp' file +* added APIs for accessing the registry +* added APIs for working with breakpoint groups +* added umsg() for printing UTF-8 text into the Output Window +* construct_macro() is now available to IDAPython processor modules +* export get_custom_viewer_place(), and allow place_t clone() & related functions +* expose QueueDel(qtype_t, ea_t), to complete APIs for manipulating entries from the "known list of problems" +* get_tform_type()/get_tform_title(), & current_tform_changed callback +* give users the ability to access the underlying TForm/TCutsomControl objects that back higher-level Pythony wrappers, so that the rest of the SDK API can be used as well +* improve stability and error reporting for Python processor modules +* Scripts can use OnViewMouseMoved() callback to be notified of mouse movement on views (both user-created, as well as core IDA views) +* User graphs: double-clicking on a graph edge, will (by default) jump to the node on the other side of that edge +* Various bug fixes + +``` + +**2014-07-01**: Version 1.7.0 +``` +* IDA Pro 6.6 support - Thanks to the Hex-Rays team for contributing this new release! + +* added the decompiler bindings +* Expose simpleline_t type to IDAPython. That lets the user to set the bgcolor & +text for each line in the decompilation. +* Wrapped new functions from the IDA SDK +* Various bug fixes +``` + +**2013-12-30**: Version 1.6.0 +``` +* IDA Pro 6.5 support - Thanks to Arnaud Diederen and the Hex-Rays team for contributing this new release! +* Proper multi-threaded support +* Better PyObject reference counting with ref_t and newref_t helper classes +* Introduced the idaapi.require() - blog post http://www.hexblog.com/?p=749 +* Various additions and bugfixes - see https://code.google.com/p/idapython/source/detail?r=382 +* Hex-Rays decompiler wrappings provided by EiNSTeiN - see https://github.com/EiNSTeiN-/hexrays-python +``` + +**2013-03-06**: Version 1.5.6 +``` +* IDA Pro 6.4 support +* Bug fixes +* Wrapped more debugger functions +``` + + +**2012-06-24**: Version 1.5.5 +``` +* IDA Pro 6.3 support +* The Functions() generator function now accepts function tail start parameter +* Added into idc.py: DbgRead/DbgWrite/SetTargetAssembler and stack pointer +related functions +* Wrapped more type info related functions +``` + +**2011-10-15**: Version 1.5.3 - IDA Pro 6.2 support, hotkey functions, multiline/combo form controls and [other changes](http://code.google.com/p/idapython/source/detail?r=365). + +**2011-07-27**: Version 1.5.2.3 - Vuln fix to prevent arbitrary code execution via swig\_runtime\_data4.py? when placed in the current directory ( +[details](http://code.google.com/p/idapython/source/detail?r=361)). + +**2011-06-10**: Version 1.5.2 - Few features and mostly bug fixes. + +**2011-04-21**: Version 1.5.1 - Added the '?' and '!' pseudo commands and fixed some bugs [other changes](http://code.google.com/p/idapython/source/detail?r=348). + +**2011-04-18**: Version 1.5.0 - IDA Pro 6.1 support, AskUsingForm support, added UI notification hooks and [other changes](http://code.google.com/p/idapython/source/detail?r=344). + +**2010-11-10**: Version 1.4.3 - IDA Pro 6.0 support, PluginForms class to work with PySide or PyQt4 and [other changes](http://code.google.com/p/idapython/source/detail?r=335). + +**2010-08-10**: Version 1.4.2 - Fixed some bugs and made sure it works fine with Python 2.7 + +**2010-07-19**: Version 1.4.1 - Added basic command completion feature. + +**2010-06-30**: Version 1.4.0 with IDA Pro 5.7 support is now out. See the SVN repository for the [detailed changelog](http://code.google.com/p/idapython/source/list). + +**2009-07-12**: Version 1.2.0 with 64-bit support is now out. See the SVN repository for the [detailed changelog](http://code.google.com/p/idapython/source/list). + +# Documentation # + + * [Building](Building.md) + * InstallationInstructions + * UsageInstructions + * KnownUses + +# Getting Involved # + +All contributions are welcome. The preferred way of submitting bug reports and patches is through the +Issue Tracker. The project also has a [discussion group](http://groups.google.com/group/idapython). + +For anything else, just drop an email to the [project owner](http://code.google.com/u/elias.bachaalany/). \ No newline at end of file diff --git a/TestBuildChanges.md b/TestBuildChanges.md new file mode 100644 index 0000000..a8e8ed5 --- /dev/null +++ b/TestBuildChanges.md @@ -0,0 +1,34 @@ +# Changes between IDAPython test builds # + +## Changes between IDAPython version 0.9.56 and 0.9.57 ## + * idc.py: Added missing idaapi. to GetMemberStrId() + * dbg.i: First implementation of debug event callback + * Added small test script for debug event notification hooks + +## Changes between IDAPython version 0.9.55 and 0.9.56 ## + + * idc.py: Implemented Compile() + * idautils.py: Do not import all symbols from idaapi to keep the namespace clean + * init.py: Import the required symbols from idaapi + * expr.i: Fixed Compile functions to return proper error messages + * python.cpp: Added RunPythonStatement() function to IDC + * expr.i: Added CompileEx() Compile() and CompileLine() + * idaapi.i: Added sval\_pointer() type + * idc.py: Fixed documentation for GetMarkedPos(), returns BADADDR on error + * idc.py: Removed UNIMPLEMENTED marker from atoa() + * Removed extra parameter from Get{First|Next}Member(). Thanks Rodrigo Bogossian Wang for the report. + + +## Changes between IDAPython version 0.9.54 and 0.9.55 ## + + * BUILDING.txt: Updated the building instructions for Mac + * build.py: Suppressed warning messages about const char pointers + * idp.i: Removed static keyword from IDB\_Callback + * idp.i: Ignore all function pointer in structures + * idc.py: Implmented {First|Next}FuncFChunk() + * build.py: Version bumped to 0.9.55 + * idp.i: Fixed IDP\_Callback() prototype + * idc.py: SetType() implemented. Thanks to plusvic. + * idc.py: Structure offset member can also be 16-bit. Thanks plusvic + * bytes.i: Added is\_debugger\_on() + * bytes.i: Added {put|get} \ No newline at end of file diff --git a/UsageInstructions.md b/UsageInstructions.md new file mode 100644 index 0000000..d91f716 --- /dev/null +++ b/UsageInstructions.md @@ -0,0 +1,28 @@ +# Usage Instructions # + +## Runtime Hotkeys ## +When IDA Pro is running the IDAPython plugin responds to the following hotkeys: + +| **Key** | Function | +|:-----------|:----------| +| Alt-F7 | Run script | +| Ctrl-F3 | Execute Python statement(s) | +| Alt-F9 | Run previously executed script again | + +## Batch mode execution ## + +Running scripts in batch mode for automated processing is done by starting IDA Pro with the following command line options: + +``` + -A -OIDAPython:yourscript.py file_to_work_on.bin +``` +or +``` +-Syourscript.py +``` +or +``` +-S"yourscript.py arg1 arg2 arg3" +``` + +Also check http://www.hexblog.com/?p=128 \ No newline at end of file diff --git a/Using_RunPythonStatement.md b/Using_RunPythonStatement.md new file mode 100644 index 0000000..637d990 --- /dev/null +++ b/Using_RunPythonStatement.md @@ -0,0 +1,29 @@ +# Introduction # + +This is a small example on how to run Python statement from IDC and catch the errors + + +# Code # + +``` +def function(): + print "Hello...." + print z # !!! Cause runtime errors.... !!! + +err = idaapi.CompileLine(r""" +static key_ALTN() +{ + auto s = RunPythonStatement("function()"); + if (IsString(s)) + { + Message("Error in the python statement: %s\n", s); + return; + } +} +""") + +if err: + print "Error compiling IDC code: %s" % err +else: + AddHotkey("ALT-N", 'key_ALTN') +``` \ No newline at end of file