Python idaapi.IDA_SDK_VERSION Examples
The following are 23
code examples of idaapi.IDA_SDK_VERSION().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: first.py From FIRST-plugin-ida with GNU General Public License v2.0 | 6 votes |
|
def is_32bit():
'''Returns if the sample is 32bit or not.
Returns:
bool: True is 32bit or False.
'''
if (idaapi.IDA_SDK_VERSION < 730):
info = IDAW.get_inf_structure()
if info.is_64bit():
return False
elif info.is_32bit():
return True
return False
else:
return IDAW.inf_is_32bit()
Example #2
| Source File: casc_plugin.py From CASC with GNU General Public License v2.0 | 5 votes |
|
def __getattribute__(self, name):
default = '[1st] default'
if (idaapi.IDA_SDK_VERSION >= 700) and (name in IDAWrapper.mapping):
name = IDAWrapper.mapping[name]
val = getattr(idaapi, name, default)
if val == default:
val = getattr(idautils, name, default)
if val == default:
val = getattr(idc, name, default)
if val == default:
msg = 'Unable to find {}'.format(name)
idaapi.execute_ui_requests((FIRSTUI.Requests.Print(msg),))
return
if hasattr(val, '__call__'):
def call(*args, **kwargs):
holder = [None] # need a holder, because 'global' sucks
def trampoline():
holder[0] = val(*args, **kwargs)
return 1
idaapi.execute_sync(trampoline, idaapi.MFF_FAST)
return holder[0]
return call
else:
return val
Example #3
| Source File: IdaInterface.py From smda with BSD 2-Clause "Simplified" License | 5 votes |
|
def __init__(self):
if not IdaInterface.instance:
if idaapi.IDA_SDK_VERSION >= 740:
IdaInterface.instance = Ida74Interface()
else:
IdaInterface.instance = Ida73Interface()
Example #4
| Source File: export.py From smda with BSD 2-Clause "Simplified" License | 5 votes |
|
def detectBackend():
backend = ""
version = ""
try:
import idaapi
import idautils
backend = "IDA"
version = idaapi.IDA_SDK_VERSION
except:
pass
return (backend, version)
Example #5
| Source File: installer.py From IDABuddy with MIT License | 5 votes |
|
def __init__(self):
self._installed_views = set()
if idaapi.IDA_SDK_VERSION >= 670:
self._hooks = self._create_hooks(self._install_idabuddy)
self._install_timer = None
else:
self._install_timer = QtCore.QTimer()
connect_method_to_signal(self._install_timer, 'timeout()', self._on_install_timer)
self._hooks = None
Example #6
| Source File: IdaProxy.py From apiscout with BSD 2-Clause "Simplified" License | 5 votes |
|
def MakeName(self, ea, name):
if idaapi.IDA_SDK_VERSION < 700:
return idc.MakeNameEx(ea, name, 256)
else:
return idc.set_name(ea, name, 256)
Example #7
| Source File: IdaProxy.py From apiscout with BSD 2-Clause "Simplified" License | 5 votes |
|
def MakeQWord(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.MakeQword(ea)
else:
return ida_bytes.create_data(ea, FF_QWORD, 8, idaapi.BADADDR)
Example #8
| Source File: IdaProxy.py From apiscout with BSD 2-Clause "Simplified" License | 5 votes |
|
def MakeDWord(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.MakeDword(ea)
else:
return ida_bytes.create_data(ea, FF_DWORD, 4, idaapi.BADADDR)
Example #9
| Source File: IdaProxy.py From apiscout with BSD 2-Clause "Simplified" License | 5 votes |
|
def getSegEnd(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.SegEnd(ea)
else:
return idc.get_segm_end(ea)
Example #10
| Source File: IdaProxy.py From apiscout with BSD 2-Clause "Simplified" License | 5 votes |
|
def getByte(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.Byte(ea)
else:
return idc.get_wide_byte(ea)
Example #11
| Source File: vxhunter_ida.py From vxhunter with BSD 2-Clause "Simplified" License | 5 votes |
|
def fix_ascii(self, address):
string_table_start_address = self.get_string_table_start_address(address)
string_address = string_table_start_address
while True:
if string_address:
print("Start Make string at address: %s" % hex(string_address))
if idaapi.IDA_SDK_VERSION >= 700:
idc.create_strlit(string_address, idc.BADADDR)
else:
idc.MakeStr(string_address, idc.BADADDR)
string_address = self.get_next_ascii_string_address(string_address)
else:
break
Example #12
| Source File: vxhunter_ida.py From vxhunter with BSD 2-Clause "Simplified" License | 5 votes |
|
def init(self):
# register popup menu handlers
try:
# Register Auto Fix IDB handler
VxHunterMCFixIDB.register(self, "Auto Fix IDB With symbol table")
# Register Fix Code handler
VxHunterMCFixCode.register(self, "Fix Code from start address to end address")
# Register Fix Ascii handler
VxHunterMCFixAscii.register(self, "Fix Ascii string table with giving address")
# Register Load symbol file handler
VxHunterMCLoadSymbolFile.register(self, "Load VxWorks symbol file")
except Exception as err:
print("Got Error!!!: %s" % err)
# setup popup menu
if idaapi.IDA_SDK_VERSION >= 700:
# Add menu IDA >= 7.0
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCFixIDB.get_name(), idaapi.SETMENU_APP)
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCFixCode.get_name(), idaapi.SETMENU_APP)
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCFixAscii.get_name(), idaapi.SETMENU_APP)
idaapi.attach_action_to_menu("Edit/VxHunter/", VxHunterMCLoadSymbolFile.get_name(), idaapi.SETMENU_APP)
else:
# add Vxhunter menu
menu = idaapi.add_menu_item("Edit/VxHunter/", "Auto Fix IDB1", "", 1, self.handler_auto_fix_idb, None)
if menu is not None:
pass
print("=" * 80)
return idaapi.PLUGIN_KEEP
Example #13
| Source File: create_tab_table.py From win_driver_plugin with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def OnSelectLine(self, n): item = self.items[n] jump_ea = int(item[0], 16) # Only jump for valid addresses if idaapi.IDA_SDK_VERSION < 700: valid_addr = idc.isEnabled(jump_ea) else: valid_addr = idc.is_mapped(jump_ea) if valid_addr: idc.Jump(jump_ea)
Example #14
| Source File: ida_gef.py From GdbPlugins with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, server, *args, **kwargs):
self.server = server
self._version = ("IDA Pro", str(idaapi.IDA_SDK_VERSION))
return
Example #15
| Source File: ida_batch_decompile.py From ida-batch_decompile with GNU General Public License v3.0 | 5 votes |
|
def term(self):
logger.debug("[+] %s.term()" % self.__class__.__name__)
if idaapi.IDA_SDK_VERSION < 700:
for menu in self.menuitems:
idaapi.del_menu_item(menu)
Example #16
| Source File: ida_batch_decompile.py From ida-batch_decompile with GNU General Public License v3.0 | 5 votes |
|
def init(self):
NO_HOTKEY = ""
SETMENU_INS = 0
NO_ARGS = tuple()
logger.debug("[+] %s.init()" % self.__class__.__name__)
self.menuitems = []
logger.debug("[+] setting up menus for ida version %s" % idaapi.IDA_SDK_VERSION)
if idaapi.IDA_SDK_VERSION >= 700:
# >= 700
action_desc = idaapi.action_desc_t("tintinweb:batchdecompile:load", self.wanted_name, IdaDecompileUiActionHandler(self))
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(''.join(self.wanted_menu), "tintinweb:batchdecompile:load", idaapi.SETMENU_APP)
else:
menu = idaapi.add_menu_item(self.wanted_menu[0],
self.wanted_menu[1],
NO_HOTKEY,
SETMENU_INS,
self.menu_config,
NO_ARGS)
self.menuitems.append(menu)
return idaapi.PLUGIN_KEEP
Example #17
| Source File: ida_painter.py From lighthouse with MIT License | 5 votes |
|
def _cancel_action(self, job_id):
if idaapi.IDA_SDK_VERSION < 710:
return
idaapi.cancel_exec_request(job_id)
#------------------------------------------------------------------------------
# Painting - HexRays (Decompilation / Source)
#------------------------------------------------------------------------------
Example #18
| Source File: first.py From FIRST-plugin-ida with GNU General Public License v2.0 | 5 votes |
|
def get_architecture():
'''Returns the architecture the sample is built for.
The values are normalized for the FIRST server. It altered then
FIRST will not match on other functions with the same architecture.
Returns:
str. String representation of the architecture associated with
the sample. Examples: intel32, intel64, arm32, mips, etc.
'''
info = IDAW.get_inf_structure()
proc = info.procName.lower()
proc = FIRST.Info.processor_map.get(proc, proc)
if proc in FIRST.Info.include_bits:
bits = 16
if (idaapi.IDA_SDK_VERSION < 730):
if info.is_64bit():
bits = 64
elif info.is_32bit():
bits = 32
else:
if IDAW.inf_is_64bit():
bits = 64
elif IDAW.inf_is_32bit():
bits = 32
return '{}{}'.format(proc, bits)
return proc
Example #19
| Source File: first.py From FIRST-plugin-ida with GNU General Public License v2.0 | 5 votes |
|
def __getattribute__(self, name):
default = '[1st] default'
if (idaapi.IDA_SDK_VERSION >= 700) and (name in IDAWrapper.mapping):
name = IDAWrapper.mapping[name]
val = getattr(idaapi, name, default)
if val == default:
val = getattr(idautils, name, default)
if val == default:
val = getattr(idc, name, default)
if val == default:
msg = 'Unable to find {}'.format(name)
idaapi.execute_ui_requests((FIRSTUI.Requests.Print(msg),))
return
if hasattr(val, '__call__'):
def call(*args, **kwargs):
holder = [None] # need a holder, because 'global' sucks
def trampoline():
holder[0] = val(*args, **kwargs)
return 1
# Execute the request using MFF_WRITE, which should be safe for
# any possible request at the expense of speed. In my testing,
# though, it wasn't noticably slower than MFF_FAST. If this
# is observed to impact performance, consider creating a list
# that maps API calls to the most appropriate flag.
idaapi.execute_sync(trampoline, idaapi.MFF_WRITE)
return holder[0]
return call
else:
return val
Example #20
| Source File: vxhunter_ida.py From vxhunter with BSD 2-Clause "Simplified" License | 4 votes |
|
def fix_vxworks_idb(load_address, vx_version, symbol_table_start, symbol_table_end):
current_image_base = idaapi.get_imagebase()
symbol_interval = 16
if vx_version == 6:
symbol_interval = 20
symbol_table_start += load_address
symbol_table_end += load_address
ea = symbol_table_start
shift_address = load_address - current_image_base
while shift_address >= 0x70000000:
idaapi.rebase_program(0x70000000, 0x0008)
shift_address -= 0x70000000
idaapi.rebase_program(shift_address, 0x0008)
while ea < symbol_table_end:
# for VxWorks 6 unknown symbol format
if idc.Byte(ea + symbol_table_end - 2) == 3:
ea += symbol_interval
continue
offset = 4
if idaapi.IDA_SDK_VERSION >= 700:
idc.create_strlit(idc.Dword(ea + offset), idc.BADADDR)
else:
idc.MakeStr(idc.Dword(ea + offset), idc.BADADDR)
sName = idc.GetString(idc.Dword(ea + offset), -1, idc.ASCSTR_C)
print("Found %s in symbol table" % sName)
if sName:
sName_dst = idc.Dword(ea + offset + 4)
if vx_version == 6:
sName_type = idc.Dword(ea + offset + 12)
else:
sName_type = idc.Dword(ea + offset + 8)
idc.MakeName(sName_dst, sName)
if sName_type in need_create_function:
# flags = idc.GetFlags(ea)
print("Start fix Function %s at %s" % (sName, hex(sName_dst)))
idc.MakeCode(sName_dst) # might not need
idc.MakeFunction(sName_dst, idc.BADADDR)
ea += symbol_interval
print("Fix function by symbol table finish.")
print("Start IDA auto analysis, depending on the size of the firmware this might take a few minutes.")
idaapi.autoWait()
Example #21
| Source File: __init__.py From ida_kernelcache with MIT License | 4 votes |
|
def kernelcache_process(untag_pointers=True):
"""Process the kernelcache in IDA for the first time.
This function performs all the standard processing available in this module:
* Convert iOS 12's new static tagged pointers into normal kernel pointers.
* Parse the kernel's `__PRELINK_INFO.__info` section into a dictionary.
* Renames segments in IDA according to the names from the __PRELINK_INFO dictionary (split
kext format kernelcaches only).
* Converts pointers in data segments into offsets.
* Locates virtual method tables, converts them to offsets, and adds vtable symbols.
* Locates OSMetaClass instances for top-level classes and adds OSMetaClass symbols.
* Symbolicates offsets in `__got` sections and stub functions in `__stubs` sections.
* Symbolicates methods in vtables based on the method names in superclasses.
* Creates IDA structs representing the C++ classes in the kernel.
"""
import idaapi
import idc
def autoanalyze():
idc.Wait()
autoanalyze()
if (kernel.kernelcache_format == kernel.KC_12_MERGED
and untag_pointers
and idaapi.IDA_SDK_VERSION < 720):
print 'Processing tagged kernelcache pointers'
tagged_pointers.untag_pointers()
autoanalyze()
segment.initialize_segments()
print 'Initializing data offsets'
offset.initialize_data_offsets()
autoanalyze()
print 'Initializing vtables'
vtable.initialize_vtables()
autoanalyze()
vtable.initialize_vtable_symbols()
autoanalyze()
metaclass.initialize_metaclass_symbols()
if kernel.kernelcache_format == kernel.KC_11_NORMAL:
print 'Creating offset and stub symbols'
offset.initialize_offset_symbols()
autoanalyze()
stub.initialize_stub_symbols()
autoanalyze()
print 'Propagating vtable method symbols'
vtable.initialize_vtable_method_symbols()
print 'Initializing class structs'
class_struct.initialize_vtable_structs()
class_struct.initialize_class_structs()
autoanalyze()
print 'Done'
Example #22
| Source File: ida_painter.py From lighthouse with MIT License | 4 votes |
|
def execute_paint(function):
"""
A function decorator to safely paint the IDA database from any thread.
"""
@functools.wraps(function)
def wrapper(*args, **kwargs):
#
# the first argument passed to this decorator will be the
# IDAPainter class instance
#
ida_painter = args[0]
#
# we wrap up the remaining args (and paint function) into a single
# packaged up callable object (a functools.partial)
#
ff = functools.partial(function, *args, **kwargs)
#
# if we are using a 'bugged' downlevel version of IDA, package another
# callable to 'synchronize' a database write. This callable will get
# passed to the main thread and executed through the Qt event loop.
#
# the execute_sync should technically happy in-line, avoiding the
# possibility of deadlocks or aborts as described above.
#
if idaapi.IDA_SDK_VERSION < 710:
fff = functools.partial(idaapi.execute_sync, ff, idaapi.MFF_WRITE)
ida_painter._signal.mainthread.emit(fff)
return idaapi.BADADDR
#
# in IDA 7.1, the MFF_NOWAIT bug is definitely fixed, so we can just
# use it to schedule our paint action ... as designed.
#
return idaapi.execute_sync(ff, idaapi.MFF_NOWAIT | idaapi.MFF_WRITE)
return wrapper
#------------------------------------------------------------------------------
# IDA Painter
#------------------------------------------------------------------------------
Example #23
| Source File: x64dbgida.py From x64dbgida with MIT License | 4 votes |
|
def init(self):
global initialized
if initialized is False:
initialized = True
if idaapi.IDA_SDK_VERSION >= 700:
# populating action menus
action_desc = idaapi.action_desc_t(
'my:aboutaction', # The action name. This acts like an ID and must be unique
'About!', # The action text.
AboutHandler(), # The action handler.
'', # Optional: the action shortcut
'About X64dbg ida', # Optional: the action tooltip (available in menus/toolbar)
) # Optional: the action icon (shows when in menus/toolbars) use numbers 1-255
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/x64dbgida/',
'my:aboutaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:eksportaction',
'Export x64dbg database',
EksportHandler(),
'',
'Export x64dbg database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/x64dbgida/',
'my:eksportaction',
idaapi.SETMENU_APP)
action_desc = idaapi.action_desc_t(
'my:importaction',
'Import (uncompressed) database',
ImportHandler(),
'',
'Import (uncompressed) database',
)
# Register the action
idaapi.register_action(action_desc)
idaapi.attach_action_to_menu(
'Edit/x64dbgida/',
'my:importaction',
idaapi.SETMENU_APP)
else:
print("Use version 1.0")
return idaapi.PLUGIN_KEEP
