Python idaapi.decompile() Examples
The following are 14
code examples of idaapi.decompile().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: shellcode_hash_search.py From flare-ida with Apache License 2.0 | 7 votes |
|
def addDecompilerComment(self, loc, comment):
cfunc = idaapi.decompile(loc)
eamap = cfunc.get_eamap()
decompObjAddr = eamap[loc][0].ea
tl = idaapi.treeloc_t()
tl.ea = decompObjAddr
commentSet = False
for itp in range (idaapi.ITP_SEMI, idaapi.ITP_COLON):
tl.itp = itp
cfunc.set_user_cmt(tl, comment)
cfunc.save_user_cmts()
unused = cfunc.__str__()
if not cfunc.has_orphan_cmts():
commentSet = True
cfunc.save_user_cmts()
break
cfunc.del_orphan_cmts()
if not commentSet:
print ("pseudo comment error at %08x" % loc)
Example #2
| Source File: ida_batch_decompile.py From ida-batch_decompile with GNU General Public License v3.0 | 6 votes |
|
def run(self):
files_decompiled = []
self._init_target()
if self.chk_decompile_imports:
self.init_tempdir()
if self.chk_decompile_imports_recursive:
pass
for image_type, image_name, image_path in self.enumerate_import_images():
try:
self.exec_ida_batch_decompile(target = image_path, output = self.output_path,
annotate_stackvar_size = self.chk_annotate_stackvar_size,
annotate_xrefs = self.chk_annotate_xrefs,
imports = self.chk_decompile_imports,
recursive = self.chk_decompile_imports_recursive,
experimental_decomile_cgraph = self.chk_decompile_alternative)
files_decompiled.append(image_path)
except subprocess.CalledProcessError, cpe:
logger.warning("[!] failed to decompile %r - %r" % (image_path, cpe))
self.remove_tempdir()
Example #3
| Source File: ida_batch_decompile.py From ida-batch_decompile with GNU General Public License v3.0 | 6 votes |
|
def exec_ida_batch_decompile(self, target, output, annotate_stackvar_size, annotate_xrefs, imports, recursive,
experimental_decomile_cgraph):
logger.debug("[+] batch decompile %r" % target)
# todo: pass commandlines,
# todo parse commandline
script_args = ['--output=%s' % output]
if annotate_stackvar_size:
script_args.append("--annotate-stackvar-size")
if annotate_xrefs:
script_args.append("--annotate-xrefs")
if imports:
script_args.append("--imports")
if recursive:
script_args.append("--recursive")
if experimental_decomile_cgraph:
script_args.append("--experimental-decompile-cgraph")
script_args = ['\\"%s\\"' % a for a in script_args]
command = "%s %s" % (self.my_path, ' '.join(script_args))
self._exec_ida_batch(target, command)
Example #4
| Source File: function.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def decompile(cls, ea):
'''(UNSTABLE) Returns the decompiled code of the basic block at the address `ea`.'''
source = idaapi.decompile(ea)
res = itertools.imap(functools.partial(operator.__getitem__, source.eamap), cls.iterate(ea))
res = itertools.chain(*res)
formatted = reduce(lambda t, c: t if t[-1].ea == c.ea else t+[c], res, [next(res)])
res = []
# FIXME: This has been pretty damn unstable in my tests.
try:
for fmt in formatted:
res.append( fmt.print1(source.__deref__()) )
except TypeError: pass
res = itertools.imap(idaapi.tag_remove, res)
return '\n'.join(map(utils.string.of, res))
Example #5
| Source File: fn_fuzzy.py From ida_haru with Apache License 2.0 | 5 votes |
|
def set_decomplier_cmt(ea, cmt):
cfunc = idaapi.decompile(ea)
tl = idaapi.treeloc_t()
tl.ea = ea
tl.itp = idaapi.ITP_SEMI
if cfunc:
cfunc.set_user_cmt(tl, cmt)
cfunc.save_user_cmts()
else:
error("Decompile failed: {:#x}".formart(ea))
Example #6
| Source File: ida_batch_decompile.py From ida-batch_decompile with GNU General Public License v3.0 | 5 votes |
|
def decompile(self):
""" decompile function
"""
try:
return idaapi.decompile(self.at)
except idaapi.DecompilationFailure, e:
return repr(str(e))
Example #7
| Source File: ida_batch_decompile.py From ida-batch_decompile with GNU General Public License v3.0 | 5 votes |
|
def decompile_all(self, outfile=None):
outfile = self._get_suggested_output_filename(outfile or self.target_path)
logger.warning(outfile)
logger.debug("[+] trying to decompile %r as %r" % (self.target_file,
os.path.split(outfile)[1]))
IdaHelper.decompile_full(outfile)
logger.debug("[+] finished decompiling %r as %r" % (self.target_file,
os.path.split(outfile)[1]))
Example #8
| Source File: ida_batch_decompile.py From ida-batch_decompile with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, idbctrl, enumerate_imports=True, enumerate_other=False):
self.idbctrl = idbctrl
self.EChooser = TestEmbeddedChooserClass("Batch Decompile", flags=Choose2.CH_MULTI)
self.propagateItems(enumerate_imports=enumerate_imports, enumerate_other=enumerate_other)
Form.__init__(self,
r"""Ida Batch Decompile ...
{FormChangeCb}
<##Target :{target}>
<##OutputPath:{outputPath}>
<##Annotate StackVar Size:{chkAnnotateStackVars}>
<##Annotate Func XRefs :{chkAnnotateXrefs}>
<##Process Imports :{chkDecompileImports}>
<##Cgraph (experimental) :{chkDecompileAlternative}>{cGroup1}>
<##Scan Target Directory:{btnLoad}> <##Recursive:{chkDecompileImportsRecursive}>{cGroup2}>
<##Decompile!:{btnProcessFiles}>
<Please select items to decompile:{cEChooser}>
""", {
'target': Form.FileInput(swidth=50, open=True, value=idbctrl.target_path),
'outputPath': Form.DirInput(swidth=50, value=idbctrl.output_path),
'cGroup1': Form.ChkGroupControl(("chkAnnotateStackVars", "chkAnnotateXrefs",
"chkDecompileImports",
"chkDecompileAlternative")),
'cGroup2': Form.ChkGroupControl(("chkDecompileImportsRecursive", )),
'FormChangeCb': Form.FormChangeCb(self.OnFormChange),
'btnLoad': Form.ButtonInput(self.OnButtonLoad),
'btnProcessFiles': Form.ButtonInput(self.OnButtonProcess),
'cEChooser': Form.EmbeddedChooserControl(self.EChooser),
})
self.Compile()
Example #9
| Source File: hexrays.py From bap-ida-python with MIT License | 5 votes |
|
def find_cfunc(ea):
"""Get cfuncptr_t from EA."""
func = idaapi.get_func(ea)
if func:
return idaapi.decompile(func)
Example #10
| Source File: OL_OSX_decryptor.py From malware-research with BSD 2-Clause "Simplified" License | 5 votes |
|
def activate(self, ctx):
for pfn_idx in ctx.chooser_selection:
pfn = ida_funcs.getn_func(pfn_idx)
if pfn:
xrefs = [x for x in idautils.CodeRefsTo(pfn.start_ea, 0)]
for xref in list(set(xrefs)):
cfunc = idaapi.decompile(xref)
if cfunc:
xref_args = get_args(cfunc, xref, self.var_prop)
self.callback(xref, cfunc, xref_args)
return 1
Example #11
| Source File: function.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def decompile(cls):
'''(UNSTABLE) Returns the decompiled code of the basic block at the current address.'''
return cls.decompile(ui.current.address())
Example #12
| Source File: LazyIDA.py From LazyIDA with MIT License | 4 votes |
|
def remove_rettype(self, vu):
if vu.item.citype == idaapi.VDI_FUNC:
# current function
ea = vu.cfunc.entry_ea
old_func_type = idaapi.tinfo_t()
if not vu.cfunc.get_func_type(old_func_type):
return False
elif vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr() and vu.item.e.type.is_funcptr():
# call xxx
ea = vu.item.get_ea()
old_func_type = idaapi.tinfo_t()
func = idaapi.get_func(ea)
if func:
try:
cfunc = idaapi.decompile(func)
except idaapi.DecompilationFailure:
return False
if not cfunc.get_func_type(old_func_type):
return False
else:
return False
else:
return False
fi = idaapi.func_type_data_t()
if ea != idaapi.BADADDR and old_func_type.get_func_details(fi):
# Return type is already void
if fi.rettype.is_decl_void():
# Restore ret type
if ea not in self.ret_type:
return True
ret = self.ret_type[ea]
else:
# Save ret type and change it to void
self.ret_type[ea] = fi.rettype
ret = idaapi.BT_VOID
# Create new function info with new rettype
fi.rettype = idaapi.tinfo_t(ret)
# Create new function type with function info
new_func_type = idaapi.tinfo_t()
new_func_type.create_func(fi)
# Apply new function type
if idaapi.apply_tinfo(ea, new_func_type, idaapi.TINFO_DEFINITE):
return vu.refresh_view(True)
return False
Example #13
| Source File: utils.py From UEFI_RETool with MIT License | 4 votes |
|
def set_hexrays_comment(address, text):
"""set comment in decompiled code"""
cfunc = idaapi.decompile(address)
tl = idaapi.treeloc_t()
tl.ea = address
tl.itp = idaapi.ITP_SEMI
cfunc.set_user_cmt(tl, text)
cfunc.save_user_cmts()
Example #14
| Source File: __init__.py From hrdev with MIT License | 4 votes |
|
def run(self):
'''Start the plugin.'''
if not idaapi.init_hexrays_plugin():
print "HRDEV Error: Failed to initialise Hex-Rays plugin."
return
function_name = idaapi.get_func_name(idaapi.get_screen_ea())
demangled_name = self.tools.demangle_name(function_name)
src = idaapi.decompile(idaapi.get_screen_ea())
file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name))
cache_path = os.path.sep.join([tempfile.gettempdir(),
'hrdev_cache',
self._bin_name])
# Create required directories if they dont exist
tmp_dir_path = os.path.sep.join([tempfile.gettempdir(), 'hrdev_cache'])
if not os.path.isdir(tmp_dir_path):
os.mkdir(tmp_dir_path)
if not os.path.isdir(cache_path):
os.mkdir(cache_path)
complete_path = os.path.sep.join([cache_path, file_name])
idaapi.msg("HRDEV cache path: {}\n".format(complete_path))
# Check if file is already in cache
if not os.path.isfile(complete_path) or \
self.config_main.getboolean('etc', 'disable_cache'):
self.tools.save_file(complete_path, str(src))
self.tools.set_file_path(complete_path)
lvars = {}
for v in src.lvars:
_type = idaapi.print_tinfo('', 0, 0, idaapi.PRTYPE_1LINE, v.tif, '', '')
lvars[str(v.name)] = "{} {} {}".\
format(_type, str(v.name), str(v.cmt))
max_title = self.config_main.getint('etc', 'max_title')
self.gui = hrdev_plugin.include.gui.Canvas(self.config_main,
self.config_theme,
self.tools,
lvars,
demangled_name[:max_title])
self.gui.Show('HRDEV')
self.parser = hrdev_plugin.include.syntax.Parser(self, lvars)
self.parser.run(complete_path)
return
