//--------------------------------------------------------------------------
// Initialize debugger plugin
static int idaapi init(void)
{
if (init_plugin())
{
dbg = &debugger;
plugin_inited = true;
dbg_started = false;
hook_to_notification_point(HT_UI, hook_ui, NULL);
hook_to_notification_point(HT_DBG, hook_dbg, NULL);
print_version();
return PLUGIN_KEEP;
}
return PLUGIN_SKIP;
}
void object_explorer_form_init()
{
if (!vtbl_list.empty() && !vtbl_t_list.empty())
{
HWND hwnd = NULL;
TForm *form = create_tform("Object Explorer", &hwnd);
if (hwnd == NULL)
{
warning("Object Explorer window already open. Switching to it.");
form = find_tform("Object Explorer");
if (form != NULL)
switchto_tform(form, true);
return;
}
object_explorer_info_t *si = new object_explorer_info_t(form);
qvector <qstring>::iterator vtbl_iter;
for (vtbl_iter = vtbl_list.begin(); vtbl_iter != vtbl_list.end(); vtbl_iter++)
si->sv.push_back(simpleline_t(*vtbl_iter));
simpleline_place_t s1;
simpleline_place_t s2(si->sv.size() - 1);
si->cv = create_custom_viewer("", NULL, &s1, &s2, &s1, 0, &si->sv);
si->codeview = create_code_viewer(form, si->cv, CDVF_STATUSBAR);
set_custom_viewer_handlers(si->cv, ct_object_explorer_keyboard, ct_object_explorer_popup, ct_object_explorer_click, NULL, NULL, si);
hook_to_notification_point(HT_UI, ui_object_explorer_callback, si);
open_tform(form, FORM_TAB | FORM_MENU | FORM_RESTORE);
}
else
warning("ObjectExplorer not found any virtual tables here ...");
}
void Core::initPlugin()
{
// If first start with plugin, ask for theme.
Settings settings;
QVariant firstStartVar = settings.value(Settings::kFirstStart, true);
bool firstStart = true;
if (firstStartVar.canConvert<bool>())
firstStart = firstStartVar.toBool();
else
settings.remove(Settings::kFirstStart);
if (firstStart)
{
auto pressedButton = QMessageBox::information(qApp->activeWindow(),
PLUGIN_NAME ": First start",
PLUGIN_NAME " detected that this is you first IDA startup with this plugin "
"installed. Do you wish to select a theme now?",
QMessageBox::Yes | QMessageBox::No);
if (pressedButton == QMessageBox::Yes)
openThemeSelectionDialog();
settings.setValue(Settings::kFirstStart, false);
}
applyStylesheetFromSettings();
hook_to_notification_point(HT_UI, &uiHook, this);
}
//--------------------------------------------------------------------------
void idaapi run(int)
{
if ( !hook_to_notification_point(HT_DBG, callback, NULL) )
{
warning("Could not hook to notification point\n");
return;
}
if ( dbg == NULL )
load_debugger("win32", false);
// Let's start the debugger
if ( !run_to(inf.beginEA) )
{
unhook_from_notification_point(HT_DBG, callback, NULL);
}
}
//---------------------------------------------------------------------------
static bool idaapi show_window(void *)
{
thid_t tid = get_current_thread();
// Find and refresh existing window
char title[MAXSTR];
qsnprintf(title, sizeof(title), "[%04X] - Structured exception handlers list", tid);
TForm *form = find_tform(title); //lint !e64
if ( form != NULL )
{
switchto_tform(form, true); //lint !e64
return true;
}
x86seh_ctx_t *ch = new x86seh_ctx_t(tid, title);
if ( !ch->get_sehlist() )
{
delete ch;
return false;
}
int code = choose2(CH_NOBTNS,
-1, -1, -1, -1,
ch,
qnumber(x86seh_chooser_cols),
widths,
ch_sizer,
ch_getl,
title,
144, // icon
1,
NULL,
NULL,
ch_update,
NULL,
ch_enter,
ch_destroy,
NULL,
NULL);
if ( code != -1 )
hook_to_notification_point(HT_DBG, dbg_callback, ch);
//lint -esym(429,ch) custodial pointer has not been freed or returned
return true;
}
/*********************************************************************
* Function: init
*
* init is a plugin_t function. It is executed when the plugin is
* initially loaded by IDA.
* Three return codes are possible:
* PLUGIN_SKIP - Plugin is unloaded and not made available
* PLUGIN_KEEP - Plugin is kept in memory
* PLUGIN_OK - Plugin will be loaded upon 1st use
*
* Check are added here to ensure the plug-in is compatible with
* the current disassembly.
*********************************************************************/
int __stdcall init()
{
if (inf.filetype != f_PE || !inf.is_32bit()) return PLUGIN_SKIP;
if (!hook_to_notification_point(HT_DBG, callback, NULL))
{
msg("IDAStealth: Could not hook to notification point\n");
return PLUGIN_SKIP;
}
try
{
localStealth();
}
catch (const std::exception& e)
{
msg("IDAStealth: Error while trying to apply local stealth: %s\n", e.what());
return PLUGIN_SKIP;
}
return PLUGIN_KEEP;
}
void install_hooks(bool install)
{
if ( install )
{
if ( (flags & CH_ATTRS) != 0 )
{
if ( !hook_to_notification_point(HT_UI, ui_cb, this) )
flags &= ~CH_ATTRS;
else
ui_cb_hooked = true;
}
}
else
{
if ( (flags & CH_ATTRS) != 0 )
{
unhook_from_notification_point(HT_UI, ui_cb, this);
ui_cb_hooked = false;
}
}
}
int idaapi init(void)
{
hook_to_notification_point(HT_IDP, notification_callback, NULL);
PLUGIN.flags &= ~PLUGIN_UNL;
if (m_tray.Init() != CTrayIconHandler::errOk)
{
msg("Failed to initialize tray icon!");
return PLUGIN_UNL;
}
msg("IDA-Thingy v0.2 " __DATE__ " " __TIME__ " - loaded\n");
add_menu_item("Windows/", "-", "", SETMENU_INS, 0, 0);
add_menu_item("Windows/", "Minimize to ~t~ray", "", SETMENU_INS, do_minimize_to_tray, 0);
add_menu_item("Windows/", "Bac~k~ground to tray", "", SETMENU_INS, do_minimize_to_tray, (void *)1);
add_menu_item("File/Save", "~B~ackup database", "", SETMENU_APP, do_backup_database, 0);
return (PLUGIN.flags & PLUGIN_UNL) ? PLUGIN_OK : PLUGIN_KEEP;
}
//--------------------------------------------------------------------------
// 0 - run uunp interactively
// 1 - run without questions
// 2 - run manual reconstruction
void idaapi run(int arg)
{
if ( arg == 2 )
{
area_t impdir = area_t(0, 0);
ea_t oep;
netnode n;
// Settings never stored before?
if ( n.create("$ uunp") )
{
// Populate default values
oep = get_screen_ea();
segment_t *s = getseg(oep);
if ( s != NULL )
{
oep_area.startEA = s->startEA;
oep_area.endEA = s->endEA;
}
}
else
{
// Restore previous settings
oep = n.altval(0);
oep_area.startEA = n.altval(1);
oep_area.endEA = n.altval(2);
impdir.startEA = n.altval(3);
impdir.endEA = n.altval(4);
}
if ( !AskUsingForm_c(
"Reconstruction parameters\n"
"\n"
" <~O~riginal entrypoint:N:128:32::>\n"
" <Code ~s~tart address:N:128:32::>\n"
" <Code ~e~nd address :N:128:32::>\n"
"\n"
" <IAT s~t~art address:N:128:32::>\n"
" <IAT e~n~d address:N:128:32::>\n"
"\n",
&oep,
&oep_area.startEA, &oep_area.endEA,
&impdir.startEA, &impdir.endEA) )
{
// Cancelled?
return;
}
// Invalid settings?
if ( impdir.startEA == 0 || impdir.endEA == 0 )
{
msg("Invalid import address table boundaries");
return;
}
// Store settings
n.altset(0, oep);
n.altset(1, oep_area.startEA);
n.altset(2, oep_area.endEA);
n.altset(3, impdir.startEA);
n.altset(4, impdir.endEA);
if ( !create_impdir(impdir) )
return;
// reanalyze the unpacked code
do_unknown_range(oep_area.startEA, oep_area.size(), DOUNK_EXPAND);
auto_make_code(oep);
noUsed(oep_area.startEA, oep_area.endEA);
auto_mark_range(oep_area.startEA, oep_area.endEA, AU_FINAL);
// mark the program's entry point
move_entry(oep);
take_memory_snapshot(true);
return;
}
// Determine the original entry point area
for ( segment_t *s = get_first_seg(); s != NULL; s=get_next_seg(s->startEA) )
{
if ( s->type != SEG_GRP )
{
oep_area = *s;
break;
}
}
if ( arg == 0
&& askyn_c(0,
"HIDECANCEL\n"
"AUTOHIDE REGISTRY\n"
"Universal PE unpacker\n"
"\n"
"IMPORTANT INFORMATION, PLEASE READ CAREFULLY!\n"
"\n"
"This plugin will start the program execution and try to suspend it\n"
"as soon as the packer finishes its work. Since there might be many\n"
"variations in packers and packing methods, the execution might go out\n"
"of control. There are many ways how things can go wrong, but since you\n"
"have the source code of this plugin, you can modify it as you wish.\n"
"\n"
"Do you really want to launch the program?\n") <= 0 )
{
return;
}
success = false;
set_file_ext(resfile, sizeof(resfile), database_idb, "res");
if ( arg == 0
&& !AskUsingForm_c(
"Uunp parameters\n"
"IDA will suspend the program when the execution reaches\n"
"the original entry point area. The default values are in\n"
"this dialog box. Please verify them and correct if you wish.\n"
"\n"
"ORIGINAL ENTRY POINT AREA\n"
" <~S~tart address:N:128:32::>\n"
" <~E~nd address :N:128:32::>\n"
"\n"
"OUTPUT RESOURCE FILE NAME\n"
" <~R~esource file:A:256:32::>\n"
"\n",
&oep_area.startEA,
&oep_area.endEA,
resfile) )
{
return;
}
if ( !hook_to_notification_point(HT_DBG, callback, NULL) )
{
warning("Could not hook to notification point\n");
return;
}
if ( dbg == NULL )
load_debugger("win32", false);
// Let's start the debugger
if ( !run_to(inf.beginEA) )
{
warning("Sorry, could not start the process");
unhook_from_notification_point(HT_DBG, callback, NULL);
}
}
bool hook()
{
return hook_to_notification_point(HT_UI, UI_Callback, this);
}
bool hook() { return hook_to_notification_point(HT_DBG, DBG_Callback, this); }
//--------------------------------------------------------------------------
void processor_specific_init(void)
{
hook_to_notification_point(HT_DBG, dbg_callback, NULL);
}
bool hook()
{
return hook_to_notification_point(HT_IDB, IDB_Callback, this);
}
int idaapi IDAP_init(void) {
hook_to_notification_point(HT_VIEW, hook, NULL);
start_websocket_thread();
return PLUGIN_KEEP;
}
