我们从Python开源项目中,提取了以下22个代码示例,用于说明如何使用idc.CIC_ITEM。
def color_head(ea): flags = idc.GetFlags(ea) if not idc.isCode(flags): return mnem = idc.GetMnem(ea) if mnem == 'call': logger.debug('call: 0x%x', ea) idc.SetColor(ea, idc.CIC_ITEM, CALL_COLOR) elif mnem == 'xor': if idc.GetOpnd(ea, 0) != idc.GetOpnd(ea, 1): logger.debug('non-zero xor: 0x%x', ea) idc.SetColor(ea, idc.CIC_ITEM, ENCRYPT_COLOR) elif mnem in ('sdit', 'sgdt', 'sldt', 'smsw', 'str', 'in', 'cpuid'): logger.debug('anti-vm: 0x%x', ea) idc.SetColor(ea, idc.CIC_ITEM, ANTIANALYSIS_COLOR) elif mnem == 'in': if idc.GetOpnd(ea, 0) in ("3", "2D"): logger.debug('anti-debug: 0x%x', ea) idc.SetColor(ea, idc.CIC_ITEM, ANTIANALYSIS_COLOR) elif mnem in ('rdtsc', 'icebp'): logger.debug('anti-debug: 0x%x', ea) idc.SetColor(ea, idc.CIC_ITEM, ANTIANALYSIS_COLOR)
def heatmap_trace(self): try: index = self.traces_tab.currentIndex() trace = self.core.traces[self.id_map[index]] if self.heatmaped: self.heatmap_button.setText("Heatmap") color = lambda x: 0xffffff else: self.heatmap_button.setText("Heatmap undo") self.heatmap_button.setFlat(True) hit_map = trace.address_hit_count color_map = self.compute_step_map(set(hit_map.values())) print color_map color = lambda x: color_map[hit_map[x]] for inst in trace.instrs.values(): if idc.isCode(idc.GetFlags(inst.address)): c = color(inst.address) idc.SetColor(inst.address, idc.CIC_ITEM, c) if not self.heatmaped: self.heatmap_button.setFlat(False) self.heatmaped = True else: self.heatmaped = False except KeyError: print "No trace found"
def handleUnhookInst(self, screenEA = None): if screenEA is not None: address = screenEA else: address = ScreenEA() if self.hookedInstruction(address) == False: return entry = self.idbHookMap[address] outJSON = json.dumps({ "req_id": kFridaLink_DelHookRequest, "data": entry.genDelRequest() }) del self.idbHookMap[address] self.clientSocket.sendto(outJSON, self.clientAddress) SetColor(address, CIC_ITEM, kIDAViewColor_Reset) refresh_idaview_anyway() self.idbHooksView.setContent(self.idbHookMap)
def handleDebugContinue(self): if self.clientSocket is None: return if self.debugBreakId is None: return outJSON = json.dumps({ "req_id": kFridaLink_DebugContinue, }) self.clientSocket.sendto(outJSON, self.clientAddress) if self.debugBreakId in self.idbHookMap: SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_HookedInst) else: SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset) refresh_idaview_anyway() self.debugBreakId = None
def syncReplacedFuncs(self): if self.clientSocket is None: fl_log("FridaLink: Frida not connected\n"); return for key in self.funcReplaceMap: entry = self.funcReplaceMap[key] outJSON = json.dumps({ "req_id": kFridaLink_SetReplaceRequest, "data": entry.genSetRequest() }) if entry.moduleImport == False: SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_ReplacedFunc) self.clientSocket.sendto(outJSON, self.clientAddress) refresh_idaview_anyway()
def ColorCompare(self): DEBUG_PRINT( "in ColorCompare") if self.colorsnapshot=={}: return else: for ea in self.colorsnapshot.keys(): ea_currentcolor = idc.GetColor(ea,idc.CIC_ITEM) # print 'ea ' + hex(ea) + 'pre color'+ hex(self.colorsnapshot[ea]) + ' current color' + hex(ea_currentcolor) if self.colorsnapshot[ea] != ea_currentcolor: if ea == self.lastnode_ea: continue g_ColorSnapshot.data[ea] = ea_currentcolor # print 'different happen ' + hex (ea) g_ColorSnapshot.Save() # for ea in g_ColorSnapshot.data.keys(): # idc.Message( hex(ea) + ' ' ) self.colorsnapshot = {} # may not be useful return
def set_color(addr, color): idc.SetColor(addr, idc.CIC_ITEM, color)
def MySetColor(ea, rgb_color): """ Set RGB color of one instruction or data at ea. """ # SetColor does not return success or failure idc.SetColor(ea, idc.CIC_ITEM, rgb_to_bgr_color(rgb_color))
def highlight_dependency(self, enabled): if self.results.has_formula(): color = 0xffffff if enabled else 0x98FF98 for addr in self.formula.get_addresses(): idc.SetColor(addr, idc.CIC_ITEM, color) else: print "woot ?" self.actions[self.HIGHLIGHT_CODE] = (self.highlight_dependency, not enabled) self.result_widget.action_selector_changed(self.HIGHLIGHT_CODE)
def highlight_dead_code(self, enabled): curr_fun = idaapi.get_func(idc.here()).startEA cfg = self.functions_cfg[curr_fun] # for cfg in self.functions_cfg.values(): for bb in cfg.values(): color = {Status.DEAD: 0x5754ff, Status.ALIVE: 0x98FF98, Status.UNKNOWN: 0xaa0071}[bb.status] color = 0xFFFFFF if enabled else color for i in bb: idc.SetColor(i, idc.CIC_ITEM, color) self.actions[HIGHLIGHT_DEAD_CODE] = (self.highlight_dead_code, not enabled) self.result_widget.action_selector_changed(HIGHLIGHT_DEAD_CODE)
def highlight_spurious(self, enabled): print "Highlight spurious clicked !" curr_fun = idaapi.get_func(idc.here()).startEA cfg = self.functions_cfg[curr_fun] color = 0xFFFFFF if enabled else 0x507cff for bb in [x for x in cfg.values() if x.is_alive()]: # Iterate only alive basic blocks for i, st in bb.instrs_status.items(): if st == Status.DEAD: # Instructions dead in alive basic blocks are spurious idc.SetColor(i, idc.CIC_ITEM, color) self.actions[HIGHLIGHT_SPURIOUS_CALCULUS] = (self.highlight_spurious, not enabled) self.result_widget.action_selector_changed(HIGHLIGHT_SPURIOUS_CALCULUS)
def highlight_dead(self, enabled): opaque_map = {k: self.make_po_pair(k, v.alive_branch) for k, v in self.results.items() if v.status == po_analysis_results.OPAQUE} for addr, (good, dead) in opaque_map.items(): if not enabled: # Mark instructions print "propagate dead branch:%x" % addr self.propagate_dead_code(dead, opaque_map) else: for addr2 in self.marked_addresses.keys(): idc.SetColor(addr2, idc.CIC_ITEM, 0xffffff) self.marked_addresses.clear() self.actions[self.HIGHLIGHT_DEAD_BRANCHES] = (self.highlight_dead, not enabled) self.result_widget.action_selector_changed(self.HIGHLIGHT_DEAD_BRANCHES)
def propagate_dead_code(self, ea, op_map): prevs = [x for x in idautils.CodeRefsTo(ea, True) if x not in self.marked_addresses and not self.dead_br_of_op(ea, x, op_map)] if prevs: # IF there is no legit predecessors idc.SetColor(ea, idc.CIC_ITEM, 0x0000ff) self.marked_addresses[ea] = None succs = [x for x in idautils.CodeRefsFrom(ea, True)] for succ in succs: self.propagate_dead_code(succ, op_map) else: return
def resetHookedColors(self): for key in self.idbHookMap: entry = self.idbHookMap[key] if entry.hook.type == "inst": SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_Reset) elif entry.hook.type == "func": SetColor(entry.hook.id, CIC_FUNC, kIDAViewColor_Reset) refresh_idaview_anyway()
def syncIdbHooks(self): # install IDB hooks for key in self.idbHookMap: entry = self.idbHookMap[key] outJSON = json.dumps({ "req_id": kFridaLink_SetHookRequest, "data": entry.genSetRequest() }) if entry.hook.type == "inst": SetColor(entry.hook.id, CIC_ITEM, kIDAViewColor_HookedInst) elif entry.hook.type == "func": SetColor(entry.hook.id, CIC_FUNC, kIDAViewColor_HookedFunc) self.clientSocket.sendto(outJSON, self.clientAddress) refresh_idaview_anyway()
def handleQuickInstHook(self, address, once, breakpoint=False): # safety checks, can be start of the function if address in self.idbHookMap and self.idbHookMap[address].hook.type == "func": dlg = AskYN(0, "Address contains function hook!\nDo you want to remove it?") if dlg != 1: return # remove function hook self.handleUnhookFunc(address) offset, moduleName = self.getAddressDetails(address) hook = InstHook() hook.id = address hook.mnemonic = GetDisasm(address) hook.address = offset hook.module = moduleName hook.once = once hook.breakpoint = breakpoint entry = HookEntry(hook) outJSON = json.dumps({ "req_id": kFridaLink_SetHookRequest, "data": entry.genSetRequest() }) SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst) refresh_idaview_anyway() self.clientSocket.sendto(outJSON, self.clientAddress) self.idbHookMap[address] = entry self.idbHooksView.setContent(self.idbHookMap)
def resetBreakColors(self): if self.debugBreakId != None: SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset)
def resetReplacedColors(self): for key in self.funcReplaceMap: entry = self.funcReplaceMap[key] SetColor(entry.id, CIC_ITEM, kIDAViewColor_Reset) refresh_idaview_anyway()
def _declareMemberVars(self): self._dbDict = {} self.insCount = 0 self._tables = [] self._tablelist = [] # the functions have comments [addr,name,show] self.BACKWORD = 1 # Default show forward self._choose_id = -1 self._choose_idx = -1 self._choose_ea = 0 self.tbls = [] self._global = 1 self.lastnode_ea = 0 self.lastnode_color = 0x0 self.colorsnapshot = {} self.colorsnapshot_startEA = 0 self.CIC_ID = idc.CIC_ITEM #default self.max_ea = 0 self.max_idx = 0 self.min_ea = 0 self.min_idx = 0 self.IDA_LF_COLOR_ORIGIN = idapython.GetTrueBackgroundColorHexRGB() if (idapython.IsBackgroundDark()): #You an change the color you like here. self.IDA_LF_COLOR_TAG = 0x1E5374 self.IDA_LF_COLOR_LOOP1 = 0x66FF66 self.IDA_LF_COLOR_LOOP2 = 0xFFCC66 self.IDA_LF_COLOR_LOOP3 = 0xCCCCFF else: self.IDA_LF_COLOR_TAG = 0x80ECFF self.IDA_LF_COLOR_LOOP1 = 0x66FF66 self.IDA_LF_COLOR_LOOP2 = 0xFFCC66 self.IDA_LF_COLOR_LOOP3 = 0xCCCCFF
def _showComms(self, startAddr, endAddr, id): self.ColorCompare() self._delComms(startAddr, endAddr) # keep or remove? print '_showComms start 0x%x, end 0x%x'%(startAddr,endAddr) self.colorsnapshot_startEA = startAddr self.colorsnapshot = {} for ea in range(startAddr, endAddr+1): if ea in self._dbDict.keys(): self._ApdComm(ea, id) self.colorsnapshot[ea] = idc.GetColor(ea,self.CIC_ID) if ea not in g_ColorSnapshot.data.keys() and self.IDA_LF_COLOR_ORIGIN != idc.GetColor(ea,idc.CIC_ITEM): # print 'line color ' + hex(idc.GetColor(ea,idc.CIC_ITEM)) g_ColorSnapshot.data[ea] = idapython.GetLineColor(ea) g_ColorSnapshot.Save() return
def handleHookInstCust(self, screenEA = None): if screenEA is not None: address = screenEA else: address = ScreenEA() # safety checks, can be start of the function if address in self.idbHookMap and self.idbHookMap[address].hook.type == "func": dlg = AskYN(0, "Address contains function hook!\nDo you want to remove it?") if dlg != 1: return # remove function hook self.handleUnhookFunc(address) offset, moduleName = self.getAddressDetails(address) hookDlg = InstructionHookDialog(moduleName, "%X" % address, GetDisasm(address), None) hookDlg.Compile() hookDlg.script.value = "" ok = hookDlg.Execute() if ok != 1: return hook = InstHook() hook.id = address hook.mnemonic = GetDisasm(address) hook.address = offset hook.module = moduleName hook.once = True if hookDlg.trigger.value == 0 else False hook.recentScriptFile = hookDlg.recentScriptFile hook.script = hookDlg.script.value entry = HookEntry(hook) outJSON = json.dumps({ "req_id": kFridaLink_SetHookRequest, "data": entry.genSetRequest() }) SetColor(address, CIC_ITEM, kIDAViewColor_HookedInst) refresh_idaview_anyway() self.clientSocket.sendto(outJSON, self.clientAddress) self.idbHookMap[address] = entry self.idbHooksView.setContent(self.idbHookMap)
def handleDebugStepOver(self): if self.clientSocket is None: return if self.debugBreakId is None: return cur_ea = self.debugBreakId decode_insn(cur_ea) next_ea = cur_ea + idaapi.cmd.size if isCode(getFlags(next_ea)) == False: return entry = None # remove current if self.debugBreakId in self.idbHookMap: entry = self.idbHookMap[self.debugBreakId] outJSON = json.dumps({ "req_id": kFridaLink_DelHookRequest, "data": entry.genDelRequest() }) del self.idbHookMap[self.debugBreakId] self.clientSocket.sendto(outJSON, self.clientAddress) SetColor(self.debugBreakId, CIC_ITEM, kIDAViewColor_Reset) refresh_idaview_anyway() offset, moduleName = self.getAddressDetails(next_ea) # install next if entry == None: hook = InstHook() hook.id = next_ea hook.once = once hook.breakpoint = True entry = HookEntry(hook) entry.hook.id = next_ea entry.hook.mnemonic = GetDisasm(next_ea) entry.hook.address = offset entry.hook.module = moduleName outJSON = json.dumps({ "req_id": kFridaLink_SetHookRequest, "data": entry.genSetRequest() }) self.clientSocket.sendto(outJSON, self.clientAddress) self.idbHookMap[next_ea] = entry self.idbHooksView.setContent(self.idbHookMap) self.handleDebugContinue()
