Python idaapi.BWN_DISASM Examples
The following are 20
code examples of idaapi.BWN_DISASM().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: win_driver_plugin.py From win_driver_plugin with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def finish_populating_tform_popup(self, form, popup):
tft = idaapi.get_tform_type(form)
if tft != idaapi.BWN_DISASM:
return
pos = idc.ScreenEA()
register_dynamic_action(form, popup, 'Decode All IOCTLs in Function', DecodeAllHandler())
register_dynamic_action(form, popup, 'Decode IOCTLs using Angr', DecodeAngrHandler())
# If the second argument to the current selected instruction is an immediately
# then give the option to decode it.
if idc.GetOpType(pos, 1) == 5:
register_dynamic_action(form, popup, 'Decode IOCTL', DecodeHandler())
if pos in ioctl_tracker.ioctl_locs:
register_dynamic_action(form, popup, 'Invalid IOCTL', InvalidHandler())
if len(ioctl_tracker.ioctl_locs) > 0:
register_dynamic_action(form, popup, 'Show All IOCTLs', ShowAllHandler())
Example #2
| Source File: function_flow.py From Sark with MIT License | 5 votes |
|
def finish_populating_widget_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
if idaapi.get_widget_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, MarkReachableNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkUnReachableNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkReachingNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkNotReachingNodesHandler.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkExits.get_name(), "Mark/")
idaapi.attach_action_to_popup(form, popup, MarkClearHandler.get_name(), "Mark/")
Example #3
| Source File: apply_callee_type_plugin.py From flare-ida with Apache License 2.0 | 5 votes |
|
def installMenuIda7():
class ApplyCalleeHandler(idaapi.action_handler_t):
def activate(self, ctx):
doApplyCallee()
return 1
def update(self, ctx):
return idaapi.AST_ENABLE_FOR_WIDGET if ctx.widget_type == idaapi.BWN_DISASM else idaapi.AST_DISABLE_FOR_WIDGET
ret = idaapi.register_action(idaapi.action_desc_t(
ACTION_NAME, # Name. Acts as an ID. Must be unique.
PLUGIN_NAME, # Label. That's what users see.
ApplyCalleeHandler(), # Handler. Called when activated, and for updating
PREFERRED_SHORTCUT, # Shortcut (optional)
PLUGIN_COMMENT # Tooltip (optional)
))
if not ret:
print('Failed to register action. Bailing out')
return
# Insert the action in the menu
if idaapi.attach_action_to_menu(MENU_PATH, ACTION_NAME, idaapi.SETMENU_APP):
print("Attached to menu.")
else:
print("Failed attaching to menu.")
setattr(sys.modules['idaapi'], '_apply_callee_type_plugin_installFlag', True)
Example #4
| Source File: installer.py From IDABuddy with MIT License | 5 votes |
|
def _create_hooks(self, install_idabuddy):
class InstallerUiHooks(idaapi.UI_Hooks):
def updating_actions(self, ctx):
if ctx.form_type == idaapi.BWN_DISASM:
ida_widget = form_to_widget(ctx.form)
idaview = ida_widget.children()[0]
install_idabuddy(idaview)
return super(InstallerUiHooks, self).updating_actions(ctx)
return InstallerUiHooks()
Example #5
| Source File: findcrypt3.py From findcrypt-yara with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def update(self, ctx):
if ctx.form_type == idaapi.BWN_DISASM:
return idaapi.AST_ENABLE_FOR_WIDGET
return idaapi.AST_DISABLE_FOR_WIDGET
Example #6
| Source File: vxhunter_ida.py From vxhunter with BSD 2-Clause "Simplified" License | 5 votes |
|
def update(self, ctx):
try:
if ctx.form_type == idaapi.BWN_DISASM:
return idaapi.AST_ENABLE_FOR_FORM
else:
return idaapi.AST_DISABLE_FOR_FORM
except:
# Add exception for main menu on >= IDA 7.0
return idaapi.AST_ENABLE_ALWAYS
# context menu for Fix idb
Example #7
| Source File: util.py From WatchDBG-IDA with MIT License | 5 votes |
|
def finish_populating_tform_popup(self, form, popup):
#formtype = idaapi.get_tform_type(form)
#if formtype == idaapi.BWN_DISASM or idaapi.BWN_DUMP:
for action, position, condition in self.popups:
if condition(form):
idaapi.attach_action_to_popup(form, popup, action, position)
Example #8
| Source File: LazyIDA.py From LazyIDA with MIT License | 5 votes |
|
def finish_populating_widget_popup(self, form, popup):
form_type = idaapi.get_widget_type(form)
if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t(), idaapi.get_current_viewer()
if idaapi.read_selection(view, t0, t1) or idc.get_item_size(idc.get_screen_ea()) > 1:
idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None)
idaapi.attach_action_to_popup(form, popup, ACTION_FILLNOP, None)
for action in ACTION_CONVERT:
idaapi.attach_action_to_popup(form, popup, action, "Convert/")
if form_type == idaapi.BWN_DISASM and (ARCH, BITS) in [(idaapi.PLFM_386, 32),
(idaapi.PLFM_386, 64),
(idaapi.PLFM_ARM, 32),]:
idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None)
Example #9
| Source File: LazyIDA.py From LazyIDA with MIT License | 5 votes |
|
def update(self, ctx):
if ctx.form_type in (idaapi.BWN_DISASM, idaapi.BWN_DUMP):
return idaapi.AST_ENABLE_FOR_WIDGET
else:
return idaapi.AST_DISABLE_FOR_WIDGET
Example #10
| Source File: autoenum.py From Sark with MIT License | 5 votes |
|
def update(self, ctx):
if ctx.form_type == idaapi.BWN_DISASM:
return idaapi.AST_ENABLE_FOR_WIDGET
return idaapi.AST_DISABLE_FOR_WIDGET
Example #11
| Source File: plugin_loader.py From vt-ida-plugin with Apache License 2.0 | 5 votes |
|
def update(cls, ctx):
if ctx.form_type == idaapi.BWN_DISASM:
return ida_kernwin.AST_ENABLE_FOR_WIDGET
else:
return ida_kernwin.AST_DISABLE_FOR_WIDGET
Example #12
| Source File: highlight_calls.py From Sark with MIT License | 5 votes |
|
def updating_actions(self, ctx):
if ctx.form_type == idaapi.BWN_DISASM:
with suppress(sark.exceptions.SarkNoFunction):
self.lines.update(highlight_calls_in_function(ctx.cur_ea))
return super(UiHooks, self).updating_actions(ctx)
Example #13
| Source File: xrefsgraph.py From Sark with MIT License | 5 votes |
|
def finish_populating_widget_popup(self, form, popup):
# Or here, after the popup is done being populated by its owner.
if idaapi.get_widget_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphFrom.get_name(), '')
idaapi.attach_action_to_popup(form, popup, ShowXrefsGraphTo.get_name(), '')
Example #14
| Source File: lca.py From Sark with MIT License | 5 votes |
|
def idaview_hooks(idaview_handler):
class Hooks(idaapi.UI_Hooks):
def finish_populating_widget_popup(self, form, popup):
if idaapi.get_widget_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(form, popup, idaview_handler.get_name(), "")
return Hooks
Example #15
| Source File: hint_calls.py From idawilli with Apache License 2.0 | 5 votes |
|
def get_custom_viewer_hint(self, view, place):
try:
tform = idaapi.get_current_tform()
if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM:
return None
curline = idaapi.get_custom_viewer_curline(view, True)
# sometimes get_custom_viewer_place() returns [x, y] and sometimes [place_t, x, y].
# we want the place_t.
viewer_place = idaapi.get_custom_viewer_place(view, True)
if len(viewer_place) != 3:
return None
_, x, y = viewer_place
ea = place.toea()
# "color" is a bit of misnomer: its the type of the symbol currently hinted
color = get_color_at_char(curline, x)
if color != idaapi.COLOR_ADDR:
return None
# grab the FAR references to code (not necessarilty a branch/call/jump by itself)
far_code_references = [xref.to for xref in idautils.XrefsFrom(ea, ida_xref.XREF_FAR)
if idc.isCode(idc.GetFlags(xref.to))]
if len(far_code_references) != 1:
return None
fva = far_code_references[0]
# ensure its actually a function
if not idaapi.get_func(fva):
return None
# this magic constant is the number of "important lines" to display by default.
# the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines.
return render_function_hint(fva), DEFAULT_IMPORTANT_LINES_NUM
except Exception as e:
logger.warning('unexpected exception: %s. Get in touch with @williballenthin.', e, exc_info=True)
return None
Example #16
| Source File: plugin_loader.py From vt-ida-plugin with Apache License 2.0 | 5 votes |
|
def finish_populating_widget_popup(form, popup):
if idaapi.get_widget_type(form) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(
form,
popup,
VTGrepBytes.get_name(),
'VirusTotal/'
)
idaapi.attach_action_to_popup(
form,
popup,
VTGrepWildcards.get_name(),
'VirusTotal/',
)
idaapi.attach_action_to_popup(
form,
popup,
VTGrepWildCardsStrict.get_name(),
'VirusTotal/',
)
idaapi.attach_action_to_popup(
form,
popup,
VTGrepWildCardsFunction.get_name(),
'VirusTotal/',
)
elif idaapi.get_widget_type(form) == idaapi.BWN_STRINGS:
idaapi.attach_action_to_popup(
form,
popup,
VTGrepStrings.get_name(),
'VirusTotal/')
Example #17
| Source File: plugin_loader.py From vt-ida-plugin with Apache License 2.0 | 5 votes |
|
def update(cls, ctx):
if ctx.form_type == idaapi.BWN_DISASM:
return ida_kernwin.AST_ENABLE_FOR_WIDGET
else:
return ida_kernwin.AST_DISABLE_FOR_WIDGET
Example #18
| Source File: ida_prefix.py From prefix with MIT License | 4 votes |
|
def get_cursor_func_ref():
"""
Get the function reference under the user cursor.
Returns BADADDR or a valid function address.
"""
current_widget = idaapi.get_current_widget()
form_type = idaapi.get_widget_type(current_widget)
vu = idaapi.get_widget_vdui(current_widget)
#
# hexrays view is active
#
if vu:
cursor_addr = vu.item.get_ea()
#
# disassembly view is active
#
elif form_type == idaapi.BWN_DISASM:
cursor_addr = idaapi.get_screen_ea()
opnum = idaapi.get_opnum()
if opnum != -1:
#
# if the cursor is over an operand value that has a function ref,
# use that as a valid rename target
#
op_addr = idc.get_operand_value(cursor_addr, opnum)
op_func = idaapi.get_func(op_addr)
if op_func and op_func.start_ea == op_addr:
return op_addr
# unsupported/unknown view is active
else:
return idaapi.BADADDR
#
# if the cursor is over a function definition or other reference, use that
# as a valid rename target
#
cursor_func = idaapi.get_func(cursor_addr)
if cursor_func and cursor_func.start_ea == cursor_addr:
return cursor_addr
# fail
return idaapi.BADADDR
Example #19
| Source File: PatternGenerationWidget.py From grap with MIT License | 4 votes |
|
def finish_populating_widget_popup(self, form, popup):
try:
b = idaapi.get_widget_type(form) == idaapi.BWN_DISASM
except:
b = idaapi.get_tform_type(form) == idaapi.BWN_DISASM
if b:
# Add separator
idaapi.attach_action_to_popup(form, popup, None, None)
# Add actions
try:
currentAddress = idc.get_screen_ea()
except:
currentAddress = idc.ScreenEA()
#if currentAddress in [node.node_id for node in self.cc.PatternGenerator.targetNodes]:
if currentAddress in self.cc.PatternGenerator.coloredNodes:
idaapi.attach_action_to_popup(form, popup, "grap:pg:match_default", None)
idaapi.attach_action_to_popup(form, popup, "grap:pg:match_full", None)
idaapi.update_action_label("grap:pg:match_full", self.cc.PatternGenerator.preview_match(currentAddress, "[grap] Full match", "match_full"))
idaapi.attach_action_to_popup(form, popup, "grap:pg:match_opcode_arg1", None)
idaapi.update_action_label("grap:pg:match_opcode_arg1", self.cc.PatternGenerator.preview_match(currentAddress, "[grap] Opcode+arg1", "match_opcode_arg1"))
idaapi.attach_action_to_popup(form, popup, "grap:pg:match_opcode_arg2", None)
idaapi.update_action_label("grap:pg:match_opcode_arg2", self.cc.PatternGenerator.preview_match(currentAddress, "[grap] Opcode+arg2", "match_opcode_arg2"))
idaapi.attach_action_to_popup(form, popup, "grap:pg:match_opcode_arg3", None)
idaapi.update_action_label("grap:pg:match_opcode_arg3", self.cc.PatternGenerator.preview_match(currentAddress, "[grap] Opcode+arg3", "match_opcode_arg3"))
idaapi.attach_action_to_popup(form, popup, "grap:pg:match_opcode", None)
idaapi.update_action_label("grap:pg:match_opcode", self.cc.PatternGenerator.preview_match(currentAddress, "[grap] Opcode", "match_opcode"))
idaapi.attach_action_to_popup(form, popup, "grap:pg:match_wildcard", None)
idaapi.attach_action_to_popup(form, popup, "grap:pg:remove_target", None)
for type in ["match_default", "match_full", "match_opcode_arg1", "match_opcode_arg2", "match_opcode_arg3", "match_opcode", "match_wildcard"]:
idaapi.update_action_icon("grap:pg:"+type, -1)
if currentAddress not in self.cc.PatternGenerator.targetNodeType:
type = "match_default"
else:
type = self.cc.PatternGenerator.targetNodeType[currentAddress]
idaapi.update_action_icon("grap:pg:"+type, self.selected_icon_number)
elif self.cc.PatternGenerator.rootNode is None or currentAddress != self.cc.PatternGenerator.rootNode.node_id:
idaapi.attach_action_to_popup(form, popup, "grap:pg:set_root", None)
idaapi.attach_action_to_popup(form, popup, "grap:pg:add_target", None)
Example #20
| Source File: ghida.py From GhIDA with Apache License 2.0 | 4 votes |
|
def view_loc_changed(self, widget, curloc, prevloc):
"""
view_loc_changed is called each time the user clicks
somwhere. This is used to synchronize the IDA DISASM
view with the IDA DECOM view. The synchronization is
active only when the decompile view has been created
and the synch option has been selected in the pop-up
menu.
"""
# Check if the selected address has changed
# if curloc.plce.toea() != prevloc.plce.toea():
# return
# Hooking the IDA DISASM view only
if idaapi.get_widget_type(widget) != idaapi.BWN_DISASM:
return
# If the DECOMP view has already been created.
if DECOMP_VIEW:
# Get the new address
ca = curloc.plce.toea()
ea = gl.convert_address(ca)
# This is a valid function address
if ea:
# The synch is active
if GHIDA_CONF.disasm_tracker:
# The address in DECOMP view is different
if ea != DECOMP_VIEW.ea:
# Update DECOMP view
DECOMP_VIEW.switch_to_address(ea)
# Update the selection
return gl.highlight_symbol_in_DECOMP()
# This is not a valid function address
if not ea:
# If the synch is active
if GHIDA_CONF.disasm_tracker:
DECOMP_VIEW.clear(msg="[!] Function not found.",
do_show=False)
return
# ------------------------------------------------------------
# GOTO utils
# ------------------------------------------------------------
