Python idc.GetInputFile() Examples

The following are 12 code examples for showing how to use idc.GetInputFile(). These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example.

You may check out the related API usage on the sidebar.

You may also want to check out all available functions/classes of the module idc , or try the search function .

Example 1
Project: IDAmetrics   Author: mxmssh   File: lib_parser.py    License: BSD 2-Clause "Simplified" License 6 votes vote down vote up
def save_instrumented(list_of_addr, is_silent):
    dll_name = idc.GetInputFile()
    dll_name = dll_name[:dll_name.find(".")]
    dll_name = dll_name + "!"
    print dll_name
    if is_silent == SILENT:
        current_time = strftime("%Y-%m-%d_%H-%M-%S")
        analyzed_file = idc.GetInputFile()
        analyzed_file = analyzed_file.replace(".","_")
        file_name = analyzed_file + "_" + current_time + ".txt"
    else:
        file_name = AskFile(1, "dllcode.in", "Please specify a file to save results.")
        if file_name == -1:
            return 0
    
    file = open(file_name, 'w')
    for sublist in list_of_addr:
        for addr in sublist:
            #print addr
            file.write(dll_name + addr + "\n")
    file.close() 
Example 2
Project: IDAmetrics   Author: mxmssh   File: IDAMetrics_static.py    License: BSD 2-Clause "Simplified" License 6 votes vote down vote up
def main():
    print "Start metrics calculation" 
    idc.Wait() #wait while ida finish analysis
    if os.getenv('IDAPYTHON') != 'auto':
        ui_setup = UI(init_analysis)
        print "done"
        return 0
    else: #hidden mode
        metrics_mask = dict()
        # calculate all metrics
        for i in metrics_list:
            metrics_mask[i] = 1

        metrics_total = Metrics()
        metrics_total.start_analysis(metrics_mask)
        current_time = strftime("%Y-%m-%d_%H-%M-%S")
        analyzed_file = idc.GetInputFile()
        analyzed_file = analyzed_file.replace(".","_")
        name = os.getcwd()
        name = name + "/" + analyzed_file + "_" + current_time + ".txt"
        save_results(metrics_total, name)
    
    if os.getenv('IDAPYTHON') == 'auto':
        Exit(0)
    return 1 
Example 3
Project: hrdev   Author: ax330d   File: __init__.py    License: MIT License 6 votes vote down vote up
def __init__(self):
        super(Plugin, self).__init__()

        self.tools = hrdev_plugin.include.helper.Tools(self)
        self.config_main = ConfigParser.ConfigParser()
        self.config_theme = ConfigParser.ConfigParser()

        self._bin_md5 = idc.GetInputMD5()
        self._bin_name = re.sub(r'\.[^.]*$', '', idc.GetInputFile())

        self.imports = self._get_imported_names()
        self.tmp_items = []
        real_dir = os.path.realpath(__file__).split('\\')
        real_dir.pop()
        real_dir = os.path.sep.join(real_dir)

        self._read_config(real_dir)
        self.banned_functions = \
            self.config_main.get('etc', 'banned_functions').split(',')
        self.gui = None
        self.parser = None 
Example 4
Project: win_driver_plugin   Author: FSecureLABS   File: create_tab_table.py    License: BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
def activate(self, ctx):
        if ctypes.windll.shell32.IsUserAnAdmin() == 0:
            print "Admin privileges required"
            return
        name = idc.GetInputFile().split('.')[0]
        driver = driverlib.Driver(idc.GetInputFilePath(),name)
        driver.stop()
        driver.unload() 
Example 5
Project: win_driver_plugin   Author: FSecureLABS   File: create_tab_table.py    License: BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
def activate(self, ctx):
        if ctypes.windll.shell32.IsUserAnAdmin() == 0:
            print "Admin privileges required"
            return
        name = idc.GetInputFile().split('.')[0]
        driver = driverlib.Driver(idc.GetInputFilePath(),name)
        driver.load()
        driver.start() 
Example 6
Project: win_driver_plugin   Author: FSecureLABS   File: create_tab_table.py    License: BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
def activate(self, ctx):
        ind = ctx.chooser_selection.at(0)
        ioctl = self.items[ind - 1]
        name = idc.GetInputFile().split('.')[0]
        driver = driverlib.Driver(idc.GetInputFilePath(),name)
        DisplayIOCTLSForm(ioctl, driver) 
Example 7
Project: win_driver_plugin   Author: FSecureLABS   File: device_finder.py    License: BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
def get_unicode_device_names():
    """Returns all Unicode strings within the binary currently being analysed in IDA which might be device names"""

    path = idc.GetInputFile()
    min_length = 4
    possible_names = set()
    with open(path, "rb") as f:
        b = mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ)

        for s in extract_unicode_strings(b, n=min_length):
            s_str = str(s.s)
            if s_str.startswith('\\Device\\') or s_str.startswith('\\DosDevices\\'):
                possible_names.add(str(s.s))
    return possible_names 
Example 8
Project: rematch   Author: nirizr   File: project.py    License: GNU General Public License v3.0 5 votes vote down vote up
def __init__(self, **kwargs):
    super(AddFileDialog, self).__init__(title="Add File", **kwargs)

    name = idc.GetInputFile()
    md5hash = idc.GetInputMD5()

    layout = QtWidgets.QGridLayout()

    layout.addWidget(QtWidgets.QLabel("Project:"), 0, 0)
    layout.addWidget(QtWidgets.QLabel("File name:"), 1, 0)
    layout.addWidget(QtWidgets.QLabel("Description:"), 2, 0)
    layout.addWidget(QtWidgets.QLabel("MD5 hash:"), 3, 0)

    self.project_cbb = widgets.QItemSelect('projects', 'name', 'id',
                                           'description')
    layout.addWidget(self.project_cbb, 0, 1)

    self.name_txt = QtWidgets.QLineEdit()
    self.name_txt.setText(name)
    layout.addWidget(self.name_txt, 1, 1)

    self.description_txt = QtWidgets.QTextEdit()
    layout.addWidget(self.description_txt, 2, 1)

    layout.addWidget(QtWidgets.QLabel(md5hash), 3, 1)
    self.base_layout.addLayout(layout)

    self.shareidbCkb = QtWidgets.QCheckBox("Share IDB (let others without "
                                           "the idb to participate)")
    self.base_layout.addWidget(self.shareidbCkb)

    self.bottom_layout(ok_text="&Add") 
Example 9
Project: IDAmetrics   Author: mxmssh   File: IDAMetrics_static.py    License: BSD 2-Clause "Simplified" License 5 votes vote down vote up
def init_analysis (metrics_used):
    metrics_total = Metrics()
    metrics_total.start_analysis(metrics_used)
    
    current_time = strftime("%Y-%m-%d_%H-%M-%S")
    analyzed_file = idc.GetInputFile()
    analyzed_file = analyzed_file.replace(".","_")
    mask = analyzed_file + "_" + current_time + ".txt"
    name = AskFile(1, mask, "Where to save metrics ?")
    
    save_results(metrics_total, name)       
    return 0 
Example 10
Project: ida-scripts   Author: sam-b   File: find_device_name.py    License: The Unlicense 5 votes vote down vote up
def get_unicode_device_names():
    path = idc.GetInputFile()
    min_length = 4
    possible_names = set()
    with open(path, "rb") as f:
        b = mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ)

        for s in extract_unicode_strings(b, n=min_length):
            if str(s.s).startswith('\\Device\\'):
                possible_names.add(str(s.s))
    return possible_names 
Example 11
Project: flare-ida   Author: fireeye   File: __init__.py    License: Apache License 2.0 5 votes vote down vote up
def backup_database():
    """ Backup the database to a file similar to IDA's snapshot function. """
    time_string = strftime('%Y%m%d%H%M%S')
    file = idc.GetInputFile()
    if not file:
        raise NoInputFileException('No input file provided')
    input_file = rsplit(file, '.', 1)[0]
    backup_file = '%s_%s.idb' % (input_file, time_string)
    g_logger.info('Backing up database to file ' + backup_file)
    idc.SaveBase(backup_file, idaapi.DBFL_BAK) 
Example 12
Project: win_driver_plugin   Author: FSecureLABS   File: device_finder.py    License: BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up
def search():
    """
    Attempts to find potential device names in the currently opened binary, it starts by searching for Unicode device names,
    if this fails then it utilises FLOSS to search for stack based and obfuscated strings.
    """

    if not find_unicode_device_name():
        print "Unicode device name not found, attempting to find obfuscated and stack based strings."
        try:
            import floss
            import floss.identification_manager
            import floss.main
            import floss.stackstrings
            import viv_utils
        except ImportError:
            print "Please install FLOSS to continue, see: https://github.com/fireeye/flare-floss/"
            return
        logging.basicConfig() #To avoid logger handler not found errors, from https://github.com/fireeye/flare-floss/blob/66f67a49a38ae028a5e86f1de743c384d5271901/scripts/idaplugin.py#L154
        logging.getLogger('vtrace.platforms.win32').setLevel(logging.ERROR)
        sample_file_path = idc.GetInputFile()

        try:
            vw = viv_utils.getWorkspace(sample_file_path, should_save=False)
        except Exception, e:
            print("Vivisect failed to load the input file: {0}".format(e.message))
            return

        functions = set(vw.getFunctions())
        plugins = floss.main.get_all_plugins()
        device_names = set()

        stack_strings = floss.stackstrings.extract_stackstrings(vw, functions, 4, no_filter=True)
        for i in stack_strings:
            device_names.add(i)
        dec_func_candidates = floss.identification_manager.identify_decoding_functions(vw, plugins, functions)
        decoded_strings = floss.main.decode_strings(vw, dec_func_candidates, 4, no_filter=True)
        if len(decoded_strings) > 0:
            for i in decoded_strings:
                device_names.add(str(i.s))
            print "Potential device names from obfuscated or stack strings:"
            for i in device_names:
                print i
        else:
            print "No obfuscated or stack strings found :("