mirror of
synced 2025-02-20 03:42:45 +01:00
606 lines
19 KiB
606 lines
19 KiB
# -----------------------------------------------------------------------
import pywraps
pywraps_there = True
pywraps_there = False
import _idaapi
import random
import operator
import datetime
import struct
import traceback
import os
import sys
import bisect
import __builtin__
import imp
def require(modulename, package=None):
Load, or reload a module.
When under heavy development, a user's tool might consist of multiple
modules. If those are imported using the standard 'import' mechanism,
there is no guarantee that the Python implementation will re-read
and re-evaluate the module's Python code. In fact, it usually doesn't.
What should be done instead is 'reload()'-ing that module.
This is a simple helper function that will do just that: In case the
module doesn't exist, it 'import's it, and if it does exist,
'reload()'s it.
For more information, see: <http://www.hexblog.com/?p=749>.
if modulename in sys.modules.keys():
import importlib
import inspect
m = importlib.import_module(modulename, package)
frame_obj, filename, line_number, function_name, lines, index = inspect.stack()[1]
importer_module = inspect.getmodule(frame_obj)
if importer_module is None: # No importer module; called from command line
importer_module = sys.modules['__main__']
setattr(importer_module, modulename, m)
sys.modules[modulename] = m
# -----------------------------------------------------------------------
# Seek constants
SEEK_SET = 0 # from the file start
SEEK_CUR = 1 # from the current position
SEEK_END = 2 # from the file end
# Plugin constants
PLUGIN_MOD = 0x0001
PLUGIN_DRAW = 0x0002
PLUGIN_SEG = 0x0004
PLUGIN_UNL = 0x0008
PLUGIN_HIDE = 0x0010
PLUGIN_DBG = 0x0020
PLUGIN_PROC = 0x0040
PLUGIN_FIX = 0x0080
# PyIdc conversion object IDs
"""int64 object"""
"""byref object"""
"""opaque object"""
# Step trace options (used with set_step_trace_options())
"""step tracing will be disabled when IP is in a debugger segment"""
"""step tracing will be disabled when IP is in a library function"""
# -----------------------------------------------------------------------
class pyidc_opaque_object_t(object):
"""This is the base class for all Python<->IDC opaque objects"""
__idc_cvt_id__ = PY_ICID_OPAQUE
# -----------------------------------------------------------------------
class py_clinked_object_t(pyidc_opaque_object_t):
This is a utility and base class for C linked objects
def __init__(self, lnk = None):
# static link: if a link was provided
self.__static_clink__ = True if lnk else False
# Create link if it was not provided
self.__clink__ = lnk if lnk else self._create_clink()
def __del__(self):
"""Delete the link upon object destruction (only if not static)"""
def _free(self):
"""Explicitly delete the link (only if not static)"""
if not self.__static_clink__ and self.__clink__ is not None:
self.__clink__ = None
def copy(self):
"""Returns a new copy of this class"""
# Create an unlinked instance
inst = self.__class__()
# Assign self to the new instance
return inst
# Methods to be overwritten
def _create_clink(self):
Overwrite me.
Creates a new clink
@return: PyCObject representing the C link
def _del_clink(self, lnk):
Overwrite me.
This method deletes the link
def _get_clink_ptr(self):
Overwrite me.
Returns the C link pointer as a 64bit number
def assign(self, other):
Overwrite me.
This method allows you to assign an instance contents to anothers
@return: Boolean
clink = property(lambda self: self.__clink__)
"""Returns the C link as a PyObject"""
clink_ptr = property(lambda self: self._get_clink_ptr())
"""Returns the C link pointer as a number"""
# -----------------------------------------------------------------------
class object_t(object):
"""Helper class used to initialize empty objects"""
def __init__(self, **kwds):
self.__dict__ = kwds
def __getitem__(self, idx):
"""Allow access to object attributes by index (like dictionaries)"""
return getattr(self, idx)
# -----------------------------------------------------------------------
def _bounded_getitem_iterator(self):
"""Helper function, to be set as __iter__ method for qvector-, or array-based classes."""
for i in range(len(self)):
yield self[i]
# -----------------------------------------------------------------------
class plugin_t(pyidc_opaque_object_t):
"""Base class for all scripted plugins."""
# -----------------------------------------------------------------------
class pyidc_cvt_helper__(object):
This is a special helper object that helps detect which kind
of object is this python object wrapping and how to convert it
back and from IDC.
This object is characterized by its special attribute and its value
def __init__(self, cvt_id, value):
self.__idc_cvt_id__ = cvt_id
self.value = value
def __set_value(self, v):
self.__idc_cvt_value__ = v
def __get_value(self):
return self.__idc_cvt_value__
value = property(__get_value, __set_value)
# -----------------------------------------------------------------------
class PyIdc_cvt_int64__(pyidc_cvt_helper__):
"""Helper class for explicitly representing VT_INT64 values"""
def __init__(self, v):
# id = 0 = int64 object
super(self.__class__, self).__init__(PY_ICID_INT64, v)
# operation table
__op_table = \
0: lambda a, b: a + b,
1: lambda a, b: a - b,
2: lambda a, b: a * b,
3: lambda a, b: a / b
# carries the operation given its number
def __op(self, op_n, other, rev=False):
a = self.value
# other operand of same type? then take its value field
if type(other) == type(self):
b = other.value
b = other
if rev:
t = a
a = b
b = t
# construct a new object and return as the result
return self.__class__(self.__op_table[op_n](a, b))
# overloaded operators
def __add__(self, other): return self.__op(0, other)
def __sub__(self, other): return self.__op(1, other)
def __mul__(self, other): return self.__op(2, other)
def __div__(self, other): return self.__op(3, other)
def __radd__(self, other): return self.__op(0, other, True)
def __rsub__(self, other): return self.__op(1, other, True)
def __rmul__(self, other): return self.__op(2, other, True)
def __rdiv__(self, other): return self.__op(3, other, True)
# -----------------------------------------------------------------------
# qstrvec_t clinked object
class _qstrvec_t(py_clinked_object_t):
WARNING: It is very unlikely an IDAPython user should ever, ever
have to use this type. It should only be used for IDAPython internals.
For example, in py_askusingform.py, we ctypes-expose to the IDA
kernel & UI a qstrvec instance, in case a DropdownListControl is
That's because that's what AskUsingForm expects, and we have no
choice but to make a DropdownListControl hold a qstrvec_t.
This is, afaict, the only situation where a Python
_qstrvec_t is required.
def __init__(self, items=None):
# Populate the list if needed
if items:
def _create_clink(self):
return _idaapi.qstrvec_t_create()
def _del_clink(self, lnk):
return _idaapi.qstrvec_t_destroy(lnk)
def _get_clink_ptr(self):
return _idaapi.qstrvec_t_get_clink_ptr(self)
def assign(self, other):
"""Copies the contents of 'other' to 'self'"""
return _idaapi.qstrvec_t_assign(self, other)
def __setitem__(self, idx, s):
"""Sets string at the given index"""
return _idaapi.qstrvec_t_set(self, idx, s)
def __getitem__(self, idx):
"""Gets the string at the given index"""
return _idaapi.qstrvec_t_get(self, idx)
def __get_size(self):
return _idaapi.qstrvec_t_size(self)
size = property(__get_size)
"""Returns the count of elements"""
def addressof(self, idx):
"""Returns the address (as number) of the qstring at the given index"""
return _idaapi.qstrvec_t_addressof(self, idx)
def add(self, s):
"""Add a string to the vector"""
return _idaapi.qstrvec_t_add(self, s)
def from_list(self, lst):
"""Populates the vector from a Python string list"""
return _idaapi.qstrvec_t_from_list(self, lst)
def clear(self, qclear=False):
Clears all strings from the vector.
@param qclear: Just reset the size but do not actually free the memory
return _idaapi.qstrvec_t_clear(self, qclear)
def insert(self, idx, s):
"""Insert a string into the vector"""
return _idaapi.qstrvec_t_insert(self, idx, s)
def remove(self, idx):
"""Removes a string from the vector"""
return _idaapi.qstrvec_t_remove(self, idx)
# -----------------------------------------------------------------------
class PyIdc_cvt_refclass__(pyidc_cvt_helper__):
"""Helper class for representing references to immutable objects"""
def __init__(self, v):
# id = one = byref object
super(self.__class__, self).__init__(PY_ICID_BYREF, v)
def cstr(self):
"""Returns the string as a C string (up to the zero termination)"""
return as_cstr(self.value)
# -----------------------------------------------------------------------
def as_cstr(val):
Returns a C str from the passed value. The passed value can be of type refclass (returned by a call to buffer() or byref())
It scans for the first \x00 and returns the string value up to that point.
if isinstance(val, PyIdc_cvt_refclass__):
val = val.value
n = val.find('\x00')
return val if n == -1 else val[:n]
# -----------------------------------------------------------------------
def as_unicode(s):
"""Convenience function to convert a string into appropriate unicode format"""
# use UTF16 big/little endian, depending on the environment?
return unicode(s).encode("UTF-16" + ("BE" if _idaapi.cvar.inf.mf else "LE"))
# -----------------------------------------------------------------------
def as_uint32(v):
"""Returns a number as an unsigned int32 number"""
return v & 0xffffffff
# -----------------------------------------------------------------------
def as_int32(v):
"""Returns a number as a signed int32 number"""
return -((~v & 0xffffffff)+1)
# -----------------------------------------------------------------------
def as_signed(v, nbits = 32):
Returns a number as signed. The number of bits are specified by the user.
The MSB holds the sign.
return -(( ~v & ((1 << nbits)-1) ) + 1) if v & (1 << nbits-1) else v
# ----------------------------------------------------------------------
def copy_bits(v, s, e=-1):
Copy bits from a value
@param v: the value
@param s: starting bit (0-based)
@param e: ending bit
# end-bit not specified? use start bit (thus extract one bit)
if e == -1:
e = s
# swap start and end if start > end
if s > e:
e, s = s, e
mask = ~(((1 << (e-s+1))-1) << s)
return (v & mask) >> s
# ----------------------------------------------------------------------
__struct_unpack_table = {
1: ('b', 'B'),
2: ('h', 'H'),
4: ('l', 'L'),
8: ('q', 'Q')
# ----------------------------------------------------------------------
def struct_unpack(buffer, signed = False, offs = 0):
Unpack a buffer given its length and offset using struct.unpack_from().
This function will know how to unpack the given buffer by using the lookup table '__struct_unpack_table'
If the buffer is of unknown length then None is returned. Otherwise the unpacked value is returned.
# Supported length?
n = len(buffer)
if n not in __struct_unpack_table:
return None
# Conver to number
signed = 1 if signed else 0
# Unpack
return struct.unpack_from(__struct_unpack_table[n][signed], buffer, offs)[0]
# ------------------------------------------------------------
def IDAPython_ExecSystem(cmd):
Executes a command with popen().
f = os.popen(cmd, "r")
s = ''.join(f.readlines())
return s
except Exception as e:
return "%s\n%s" % (str(e), traceback.format_exc())
# ------------------------------------------------------------
def IDAPython_FormatExc(etype, value, tb, limit=None):
This function is used to format an exception given the
values returned by a PyErr_Fetch()
return ''.join(traceback.format_exception(etype, value, tb, limit))
return str(value)
# ------------------------------------------------------------
def IDAPython_ExecScript(script, g):
Run the specified script.
It also addresses http://code.google.com/p/idapython/issues/detail?id=42
This function is used by the low-level plugin code.
scriptpath = os.path.dirname(script)
if len(scriptpath) and scriptpath not in sys.path:
argv = sys.argv
sys.argv = [ script ]
# Adjust the __file__ path in the globals we pass to the script
old__file__ = g['__file__'] if '__file__' in g else ''
g['__file__'] = script
execfile(script, g)
except Exception as e:
PY_COMPILE_ERR = "%s\n%s" % (str(e), traceback.format_exc())
# Restore state
g['__file__'] = old__file__
sys.argv = argv
# ------------------------------------------------------------
def IDAPython_LoadProcMod(script, g):
Load processor module.
pname = g['__name__'] if g and g.has_key("__name__") else '__main__'
parent = sys.modules[pname]
scriptpath, scriptname = os.path.split(script)
if len(scriptpath) and scriptpath not in sys.path:
procmod_name = os.path.splitext(scriptname)[0]
procobj = None
fp = None
fp, pathname, description = imp.find_module(procmod_name)
procmod = imp.load_module(procmod_name, fp, pathname, description)
if parent:
setattr(parent, procmod_name, procmod)
# export attrs from parent to processor module
parent_attrs = getattr(parent, '__all__',
(attr for attr in dir(parent) if not attr.startswith('_')))
for pa in parent_attrs:
setattr(procmod, pa, getattr(parent, pa))
# instantiate processor object
if getattr(procmod, 'PROCESSOR_ENTRY', None):
procobj = procmod.PROCESSOR_ENTRY()
except Exception as e:
PY_COMPILE_ERR = "%s\n%s" % (str(e), traceback.format_exc())
if fp: fp.close()
return (PY_COMPILE_ERR, procobj)
# ------------------------------------------------------------
def IDAPython_UnLoadProcMod(script, g):
Unload processor module.
pname = g['__name__'] if g and g.has_key("__name__") else '__main__'
parent = sys.modules[pname]
scriptname = os.path.split(script)[1]
procmod_name = os.path.splitext(scriptname)[0]
if getattr(parent, procmod_name, None):
delattr(parent, procmod_name)
del sys.modules[procmod_name]
# ----------------------------------------------------------------------
class __IDAPython_Completion_Util(object):
"""Internal utility class for auto-completion support"""
def __init__(self):
self.n = 0
self.completion = None
self.lastmodule = None
def parse_identifier(line, prefix, prefix_start):
Parse a line and extracts identifier
id_start = prefix_start
while id_start > 0:
ch = line[id_start]
if not ch.isalpha() and ch != '.' and ch != '_':
id_start += 1
id_start -= 1
return line[id_start:prefix_start + len(prefix)]
def dir_of(m, prefix):
return [x for x in dir(m) if x.startswith(prefix)]
def get_completion(cls, id, prefix):
m = sys.modules['__main__']
parts = id.split('.')
c = len(parts)
for i in xrange(0, c-1):
m = getattr(m, parts[i])
except Exception as e:
return (None, None)
# search in the module
completion = cls.dir_of(m, prefix)
# no completion found? looking from the global scope? then try the builtins
if not completion and c == 1:
completion = cls.dir_of(__builtin__, prefix)
return (m, completion) if completion else (None, None)
def __call__(self, prefix, n, line, prefix_start):
if n == 0:
self.n = n
id = self.parse_identifier(line, prefix, prefix_start)
self.lastmodule, self.completion = self.get_completion(id, prefix)
if self.completion is None or n >= len(self.completion):
return None
s = self.completion[n]
attr = getattr(self.lastmodule, s)
# Is it callable?
if callable(attr):
return s + ("" if line.startswith("?") else "(")
# Is it iterable?
elif isinstance(attr, basestring) or getattr(attr, '__iter__', False):
return s + "["
return s
# Instantiate an IDAPython command completion object (for use with IDA's CLI bar)
IDAPython_Completion = __IDAPython_Completion_Util()
def _listify_types(*classes):
for cls in classes:
cls.__getitem__ = cls.at
cls.__len__ = cls.size
cls.__iter__ = _bounded_getitem_iterator