static const char *idaapi set_idp_options(const char *keyword,int value_type,const void *value)
{
if ( keyword == NULL )
{
if ( ptype != PIC16) {
static char form[] =
"HELP\n"
"PIC specific options Ü\n"
" ßßßßßßßßßßßßßßßßßßßßßß\n"
"\n"
" Use macro instructions\n"
"\n"
" If this option is on, IDA will try to combine several instructions\n"
" into a macro instruction\n"
" For example,\n"
"\n"
" comf x,1\n"
" incf x,w\n"
"\n"
" will be replaced by\n"
"\n"
" negf x,d\n"
"\n"
"ENDHELP\n"
"PIC specific options\n"
"\n"
" <Use ~m~acro instructions:C>>\n"
"\n"
" <~C~hoose device name:B:0::>\n"
"\n"
"\n";
AskUsingForm_c(form, &idpflags, choose_device);
}
else
{
static char form[] =
"PIC specific options\n"
"\n"
" <~C~hoose device name:B:0::>\n"
"\n"
"\n";
AskUsingForm_c(form, choose_device);
}
return IDPOPT_OK;
}
else
{
if ( value_type != IDPOPT_BIT ) return IDPOPT_BADTYPE;
if ( strcmp(keyword, "PIC_MACRO") == 0 )
{
setflag(idpflags,IDP_MACRO,*(int*)value);
return IDPOPT_OK;
}
return IDPOPT_BADKEY;
}
}
const char *set_idp_options(const char *keyword,int value_type,const void *value)
{
ushort trans;
if ( keyword == NULL )
{
trans = macro11.XlatAsciiOutput != NULL;
if ( !AskUsingForm_c(form, &trans) ) return IDPOPT_OK;
}
else
{
if ( strcmp(keyword, "XlatAsciiOutput") == 0 )
{
if ( value_type != IDPOPT_STR ) return IDPOPT_BADTYPE;
memcpy(trans_dec_pc1, value, 256);
return IDPOPT_OK;
}
if ( strcmp(keyword, "PDP_XLAT_ASCII") != 0 ) return IDPOPT_BADKEY;
if ( value_type != IDPOPT_BIT ) return IDPOPT_BADTYPE;
trans = *(ushort*)value;
}
ovrtrans.altset(n_asciiX, !trans); // it is strange but it is like this
ash.XlatAsciiOutput = macro11.XlatAsciiOutput = trans ? trans_dec_pc1 : NULL;
msg("Character Translation is %s\n", trans ? "enabled" : "disabled");
return IDPOPT_OK;
}
static bool show_options()
{
static const char opt_form[] =
"Call graph configuration\n"
"%/"
"<##Options##Skip ~l~ibrary functions:C1>\n"
"<##Unlimited recursion:C2>3>\n"
"\n"
"<##Max recursion level:D4:5:5::>\n"
;
ushort opt = fg_opts.flags;
sval_t limit = fg_opts.recurse_limit;
if (!AskUsingForm_c(opt_form,
options_cb,
&opt,
&limit))
{
return false;
}
if ( limit <= 0 )
{
limit = 0;
opt |= FWO_RECURSE_UNLIM;
}
fg_opts.flags = opt;
fg_opts.recurse_limit = limit;
// save options
netnode n;
n.create(NODE_NAME);
n.supset(1, &fg_opts, sizeof(fg_opts));
return true;
}
//------------------------------------------------------------------
// Display a dialog form with the information types
// Let the user to clear some checkboxes if he wants so
// Returns: true - the user clicked OK
bool display_infotype_dialog(int *respect_info, const char *cfgname)
{
ushort r = *respect_info;
if ( r == 0 ) return false;
static const char form[] =
"Loaded information type\n"
"\n"
"Please specify what information should be loaded from\n"
"the configuration file %s to the database.\n"
"\n"
"If the input file does not contain parts corresponding to\n"
"the segmentation defined in the config file, you might want\n"
"to clear the 'memory layout' checkbox or even cancel this\n"
"dialog box.\n";
char buf[MAXSTR];
char *ptr = buf + qsnprintf(buf, sizeof(buf), form, cfgname);
char *const end = buf + sizeof(buf);
int B = 1;
ushort b = 0;
if ( r & IORESP_PORT ) { b|=B; B<<=1; APPEND(ptr, end, "\n<#Rename port and I/O registers#I/O ports:C>"); }
if ( r & IORESP_AREA ) { b|=B; B<<=1; APPEND(ptr, end, "\n<#Adjust the program segmentation#Memory layout:C>"); }
if ( r & IORESP_INT ) { b|=B; APPEND(ptr, end, "\n<#Create interrupt vectors and/or entry points#Interrupts:C>"); }
APPEND(ptr, end, ">\n\n");
if ( !AskUsingForm_c(buf, &b) )
return false;
B = 1;
if ( r & IORESP_PORT ) { setflag(r, IORESP_PORT, B & b); B <<= 1; }
if ( r & IORESP_AREA ) { setflag(r, IORESP_AREA, B & b); B <<= 1; }
if ( r & IORESP_INT ) { setflag(r, IORESP_INT , B & b); }
*respect_info = r;
return true;
}
//--------------------------------------------------------------------------
static void idaapi add_mapping(TView *fields[], int)
{
static const char form[] =
"Add mapping\n"
"\n"
"<~F~rom:N:16:16::> (nonexisting address)\n"
"<~T~o :N:16:16::> (existing address)\n"
"<~S~ize:N:16:16::>\n"
"\n"
"\n";
static ea_t source;
static ea_t target;
asize_t size = default_mapping_size;
while ( AskUsingForm_c(form, &source, &target, &size) )
{
if ( apply_mapping(source, source + size, target) )
{
close_form(fields, true);
break;
}
else
{
warning("Can't add mapping!");
}
}
}
static bool idaapi pdiff_menu_callback(void *ud)
{
ushort option = 0, prev = 0;
options_t * opt = (options_t *)ud;
const char format[] =
"STARTITEM 0\n"
"PatchDiff2 options\n"
"<##Settings #>\n"
"<#Uses 'pipe' with the second IDA instance to speed up graph display#Keep second IDB open :C>\n"
"<#Saves PatchDiff2 results into the current IDB#Save results to IDB :C>>\n\n"
;
option |= opt->ipc ? 1 : 0;
option |= opt->save_db ? 2 : 0;
prev = opt->ipc;
if (AskUsingForm_c(format, &option))
{
opt->ipc = !!(option & 1);
opt->save_db = !!(option & 2);
if (prev && !option)
ipc_close();
}
return true;
}
//------------------------------------------------------------------
const char *set_idp_options(
const char *keyword,
int value_type,
const void *value)
{
if ( keyword != NULL )
{
if ( strcmp(keyword, "GP_EA") == 0 )
{
if ( value_type != IDPOPT_NUM )
return IDPOPT_BADTYPE;
g_gp_ea = *((uval_t *)value);
return IDPOPT_OK;
}
return IDPOPT_BADKEY;
}
static const char form[] =
"NEC V850x analyzer options\n"
"\n"
" <~G~lobal Pointer address:$:16:16::>\n"
"\n"
"\n"
"\n";
ea_t gp_ea = g_gp_ea;
bool ok = AskUsingForm_c(form, &gp_ea);
if ( ok )
{
g_gp_ea = gp_ea;
}
return IDPOPT_OK;
}
static void idaapi run(int arg)
{
unsigned short loadfile = 0;
unsigned int sport = 1234, eport = 1239;
char ip[16] = "0.0.0.0";
const char * filename;
char foo[] =
"STARTITEM 3\n" // shortcut to quickly load files, etc
"IdaRub!\n"
"Sucka Free!\n\n"
"<Listen IP :A:15:15::>\n"
"<Start Port :D:5:5::>\n"
"<End Port :D:5:5::>\n"
"<Start Server:R><Load File:R><Load Last File:R>>\n\n\n\n";
// make sure ruby has been loaded...
init_ruby();
if(server_running()) {
if(!AskUsingForm_c("IdaRub!\nStop Server\n\n"))
return;
stop_server();
msg(LPREFIX "stopped the rub\n");
}
else {
if(!AskUsingForm_c(foo, &ip, &sport, &eport, &loadfile))
return;
switch(loadfile) {
case 2: // Load Last File
run_ruby_file(NULL);
break;
case 1: // Load File
filename = askfile_c(0, "*.rb", "Select Ruby script...");
if(filename)
run_ruby_file(filename);
break;
case 0: // Start Server
start_server(ip, sport, eport);
break;
}
}
}
/**
* Run
*/
static void idaapi run(int)
{
static const char form[] =
"Enter length of pattern\n"
"\n"
" <~L~ength:D1:100:10::>\n"
"\n"
"\n";
uval_t size = 0;
if( AskUsingForm_c(form, &size) > 0)
pattern_create(size);
}
//--------------------------------------------------------------------------
static int findfirst_node(callgraph_t *fg)
{
static const char form[] =
"Enter search substring\n"
"\n"
" <#Search is not case sensitive#Function name:A:1000:50::>\n\n";
static char last_text[MAXSTR] = "";
if ( !AskUsingForm_c(form, last_text) )
return -2;
return fg->find_first(last_text);
}
/*
* 模式说明
* 1、MODE_ARMOP_Code -> 使用ARM指令修改CODE
* 2、MODE_ARMOP_SysCall -> 注释系统调用
*/
int Arm_Moudle(int inFlag){
static int Mode_Bit = MODE_ARMOPC32_JMP;
static int ModeOption = 0;
ea_t _ThisEa = get_screen_ea();
if (inFlag != Flag_Again)
if (AskUsingForm_c(ASK_ARM_UI, &ModeOption) == 0)
return NULL;
if (MODE_ARMOP_Code == ModeOption){
if (inFlag != Flag_Again)
if (AskUsingForm_c(ASK_CODE_UI, &Mode_Bit) == 0)
return NULL;
if (MODE_ARMOPC16_JMP == Mode_Bit){
_ThisEa &= 0xFFFFFFFE;
patch_long(_ThisEa, 0xE7FE);
}
else if (MODE_ARMOPC16_NOP == Mode_Bit){
_ThisEa &= 0xFFFFFFFE;
patch_word(_ThisEa, 0xC046);
}
else if (MODE_ARMOPC32_JMP == Mode_Bit){
_ThisEa &= 0xFFFFFFFC;
patch_long(_ThisEa, 0xEAFFFFFE);
}
else if (MODE_ARMOPC32_NOP == Mode_Bit){
_ThisEa &= 0xFFFFFFFC;
patch_long(_ThisEa, 0xE1A00000);
}
}
else if(MODE_ARMOP_SysCall == ModeOption){
//自动获取,
ulong Sys_No = get_32bit(get_screen_ea()) & 0xFFF;
if (AskUsingForm_c(ASK_SYSCALL_UI, &Sys_No) == 0)return 0;
if (SysCall::getName(Sys_No) != NULL){
set_cmt(get_screen_ea(), SysCall::getName(Sys_No), 1);
}
}
return NULL;
}
void run(int)
{
netnode n("$ vmm functions");
ea_t ea = get_screen_ea(); // get current address
if ( !isCode(get_flags_novalue(ea)) ) return; // not an instruction
ea_t callee = n.altval(ea)-1; // get the callee address from the database
char buf[MAXSTR];
qsnprintf(buf, sizeof(buf), form, help);
if ( AskUsingForm_c(buf, &callee) )
{
n.altset(ea, callee+1); // save the new address
noUsed(ea); // reanalyze the current instruction
}
}
static const char *set_idp_options(const char *keyword,int value_type,const void *value)
{
if ( keyword == NULL )
{
static char form[] =
"HELP\n"
"F2MC specific options Ü\n"
" ßßßßßßßßßßßßßßßßßßßßßß\n"
"\n"
" Use macro instructions\n"
"\n"
" If this option is on, IDA will try to combine several instructions\n"
" into a macro instruction\n"
" For example,\n"
"\n"
" sbbs data:7, $1\n"
" bra $2\n"
" $1:\n"
" jmp LABEL\n"
" $2:\n"
"\n"
" will be replaced by\n"
"\n"
" sbbs16 data:7, LABEL\n"
"\n"
"ENDHELP\n"
"F2MC specific options\n"
"\n"
" <Use ~m~acro instructions:C>>\n"
"\n"
" <~C~hoose device name:B:0::>\n"
"\n"
"\n";
AskUsingForm_c(form, &idpflags, choose_device);
return IDPOPT_OK;
}
else
{
if ( value_type != IDPOPT_BIT ) return IDPOPT_BADTYPE;
if ( strcmp(keyword, "F2MC_MACRO") == 0 )
{
setflag(idpflags,F2MC_MACRO,*(int*)value);
return IDPOPT_OK;
}
return IDPOPT_BADKEY;
}
}
static const char *idaapi set_idp_options(const char *keyword,int value_type,const void *value)
{
if ( keyword == NULL )
{
static const char form[] =
"HELP\n"
"TMS320C55 specific options Ü\n"
" ßßßßßßßßßßßßßßßßßßßßßß\n"
"\n"
" Use I/O definitions \n"
"\n"
" If this option is on, IDA will use I/O definitions\n"
" from the configuration file into a macro instruction.\n"
"\n"
" Detect memory mapped registers \n"
"\n"
" If this option is on, IDA will replace addresses\n"
" by an equivalent memory mapped register.\n"
"\n"
"ENDHELP\n"
"TMS320C54 specific options\n"
"\n"
" <Use ~I~/O definitions:C>\n"
" <Detect memory mapped ~r~egisters:C>>\n"
"\n"
" <~C~hoose device name:B:0::>\n"
"\n"
"\n";
AskUsingForm_c(form, &idpflags, choose_device);
return IDPOPT_OK;
}
else
{
if ( value_type != IDPOPT_BIT ) return IDPOPT_BADTYPE;
if ( strcmp(keyword, "TMS320C55_IO") == 0 )
{
setflag(idpflags,TMS320C55_IO,*(int*)value);
return IDPOPT_OK;
}
else if ( strcmp(keyword, "TMS320C55_MMR") == 0 )
{
setflag(idpflags,TMS320C55_MMR,*(int*)value);
return IDPOPT_OK;
}
return IDPOPT_BADKEY;
}
}
static uint32 idaapi res_match(void *obj,uint32 n)
{
deng_t * eng = (deng_t *)obj;
psig_t * s1, * s2;
int option;
ea_t ea = BADADDR;
size_t i;
const char format[] =
"STARTITEM 0\n"
"Set Match\n"
"<Match address:$:32:32::>\n\n"
"Options :\n"
"<Propagate :C>>\n\n"
;
option = 1;
if (AskUsingForm_c(format, &ea, &option))
{
s1 = ui_access_sig(eng->ulist, n);
for (i=0; i<eng->ulist->num; i++)
{
s2 = eng->ulist->sigs[i];
if (s2->startEA != ea || (s2->nfile == s1->nfile))
continue;
sig_set_matched_sig(s1, s2, DIFF_MANUAL);
propagate_match(eng, s1, s2, option);
refresh_chooser(title_match);
refresh_chooser(title_identical);
return 1;
}
warning("Address '%a' is not valid.", ea);
return 0;
}
return 1;
}
const char *set_idp_options(
const char *keyword,
int /*value_type*/,
const void * /*value*/ )
{
if ( keyword != NULL )
return IDPOPT_BADKEY;
static ushort print_style = 3;
static const char form[] =
"HELP\n"
"ST9 Related options :\n"
"\n"
" General registers print style\n"
"\n"
" Select the format which will be used by IDA to\n"
" to print general registers.\n"
"\n"
" For example,\n"
"\n"
" R10 (decimal) \n"
" R0x0A (hexadecimal) \n"
" R00001010b (binary) \n"
"\n"
"ENDHELP\n"
"ST9 related options\n"
"<##General registers print style##~D~ecimal (default):R>\n"
"<~H~exadecimal:R>\n"
"<~B~inary:R>>\n";
if ( AskUsingForm_c(form, &print_style) ) {
idpflags = 0;
switch ( print_style ) {
case 0: idpflags |= CONF_GR_DEC; break;
case 1: idpflags |= CONF_GR_HEX; break;
case 2: idpflags |= CONF_GR_BIN; break;
}
if ( idpflags )
patch_general_registers();
}
return IDPOPT_OK;
}
void __stdcall IDAP_run(int arg)
{
//msg("IDAP_run arg: %d \ng_Index:%d \ng_Path :%s\n", arg, g_Index, g_szIniPath);
// 插件的实体
//在LOG中显示一个字符串
msg("============开始复制字符串==============\n");
uval_t nAddres = get_screen_ea();
int i = 0;
int j = 0;
UINT32 size = 0;
int nCover = 0;
USHORT checkmask = 0;
char *lpBuf = (char *)malloc(0x1000);
memset(lpBuf, 0, 0x1000);
if (GetAsyncKeyState(VK_SHIFT) & 0x8000)
{
if(AskUsingForm_c(dialog, &nAddres, &g_Index, &g_CheckClip) == 1)
{
WriteIniFile();
if(!isLoaded(nAddres))
{
msg("地址无效!读取数据失败!\n");
return;
}
else
{
size = ReadString(nAddres, lpBuf);
}
}
}
else
{
size = ReadString(get_screen_ea(), lpBuf);
}
if(g_CheckClip && size)
{
msg("已将结果发送至送剪切板!\n");
SnedClipData(lpBuf, size);
}
msg("使用%s编码打印字符串:\n%s\n", g_CodeTable[g_Index], lpBuf);
free(lpBuf);
return;
}
//--------------------------------------------------------------------------
static void idaapi run(int)
{
static const char form[] =
"@0:477[]\n"
"Manual operand\n"
"\n"
"%/Enter alternate string for the %9D operand\n"
"\n"
" <~O~perand:A5:100:40::>\n"
" <~X~:D4:100:10::>\n"
" <~Y~:D3:100:10::>\n"
" <~W~:D2:100:10::>\n"
" <~H~:D1:100:10::>\n"
"\n"
" <S~h~ow Button:C10>\n"
" <~E~nable color Button:C11>\n"
" <~E~nable C10:C13>\n"
" <~S~et operand bounds:C6>\n"
" <Enable operand:C14>\n"
" <Move label:C15>12>\n"
"\n"
" <~B~utton:B7:0:::> <~C~olor button:K8:::>\n"
"\n"
"\n";
uval_t ln = 1;
char buf[MAXSTR];
qstrncpy(buf, "original operand", sizeof(buf));
ushort check = 0x12;
bgcolor_t bgc = 0x556677;
uval_t x = -1;
uval_t y = -1;
uval_t w = -1;
uval_t h = -1;
if ( AskUsingForm_c(form, modcb, &ln, buf, &x, &y, &w, &h, &check, but, &bgc) > 0 )
{
msg("operand: %s\n", buf);
msg("check = %d\n", check);
msg("dim = %a %a %a %a\n", x, y, w, h);
msg("bgc = %x\n", bgc);
}
}
static int idaapi selectManufacturer ( int * pManufacturer )
{
char dialog_form[MAXSTR * 8];
char * dest = dialog_form;
// where number is a number of input field the cursor will stand on (0 based)
dest = qstpncpy ( dest, strStartItem, sizeof ( strStartItem ) );
// Help
dest = qstpncpy ( dest, strHelp, sizeof ( strHelp ) );
dest = qstpncpy ( dest, strManufacturerHelp,
sizeof ( strManufacturerHelp ) );
dest = qstpncpy ( dest, strEndHelp, sizeof ( strEndHelp ) );
// Title : Next there must be the title line and 2 empty lines
dest = qstpncpy ( dest, strManufacturerTitle,
sizeof ( strManufacturerTitle ) );
// All text in the dialog box text string is copied to the dialog
// without any modifications
// dest = qstpncpy ( dest, strSelectText, sizeof ( strSelectText ) );
// All input field types (except B and K) are valid format specifiers
// Input fields are represented by the following combination
//
// < # hint_message # label : type : width : swidth : @hlp[] >
//
for ( int i = 0; i < DEVICE_MANF_COUNT; i++ )
{
dest = qstpncpy ( dest, "<", 2 );
dest = qstpncpy ( dest, &manufacturers[i][0], sizeof ( manufacturers[i] ) );
dest = qstpncpy ( dest, ":R", 3 );
if ( i == DEVICE_MANF_COUNT - 1 )
dest = qstpncpy ( dest, ">", 2 );
dest = qstpncpy ( dest, ">\n", 3 );
}
return AskUsingForm_c ( dialog_form, pManufacturer );
}
//------------------------------------------------------------------
const char *idaapi set_idp_options(const char *keyword,int value_type,const void *value)
{
static char form[] =
"HELP\n"
"H8/500 specific analyzer options Ü\n"
" ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß\n"
"\n"
"Disassemble mixed size instructions\n"
"\n"
" According to the documentation, instructions like\n"
"\n"
" cmp:g.b #1:16, @0x222:16\n"
"\n"
" are not allowed. The correct instruction is:\n"
"\n"
" cmp:g.b #1:8, @0x222:16\n"
"\n"
" The size of the first operand should agree with the size\n"
" of the instruction. (exception mov:g)\n"
"\n"
"ENDHELP\n"
"H8/500 specific analyzer options\n"
"\n"
// m
" <Disassemble ~m~ixed size instructions:C>>\n"
"\n"
"\n";
if ( keyword == NULL )
{
AskUsingForm_c(form, &idpflags);
return IDPOPT_OK;
}
if ( strcmp(keyword,"H8500_MIXED_SIZE") == 0 )
{
if ( value_type != IDPOPT_BIT ) return IDPOPT_BADTYPE;
setflag(idpflags, AFIDP_MIXSIZE, *(int*)value);
return IDPOPT_OK;
}
return IDPOPT_BADKEY;
}
////////////////////////////////////////////////////////////////////////////////
/// global static ShowOptionsDlg
/// Show options dialog for getting user desired options
/// @return void
/// @author TQN
/// @date 09/11/2004
////////////////////////////////////////////////////////////////////////////////
static void ShowOptionsDlg(void)
{
// Build the format string constant used to create the dialog
const char format[] =
"STARTITEM 0\n" // TabStop
"LoadMap Options\n" // Title
"<Apply Map Symbols for Name:R>\n" // Radio Button 0
"<Apply Map Symbols for Comment:R>>\n" // Radio Button 1
"<Replace Existing Names/Comments:C>>\n" // Checkbox Button
"<Show verbose messages:C>>\n\n"; // Checkbox Button
// Create the option dialog.
short name = (g_options.bNameApply ? 0 : 1);
short replace = (g_options.bReplace ? 1 : 0);
short verbose = (g_options.bVerbose ? 1 : 0);
if (AskUsingForm_c(format, &name, &replace, &verbose))
{
g_options.bNameApply = (0 == name);
g_options.bReplace = (1 == replace);
g_options.bVerbose = (1 == verbose);
}
}
void idaapi run(int)
{
static const char * nname;
if ( ph.id == PLFM_MIPS )
nname = "$ mips";
else if ( ph.id == PLFM_ARM )
nname = " $arm";
else
nname = "$ vmm functions";
netnode n(nname);
ea_t ea = get_screen_ea(); // get current address
if ( !isCode(get_flags_novalue(ea)) ) return; // not an instruction
ea_t callee = n.altval(ea)-1; // get the callee address from the database
// remove thumb bit for arm
if ( ph.id == PLFM_ARM )
callee &= ~1;
char buf[MAXSTR];
qsnprintf(buf, sizeof(buf), form, help);
if ( AskUsingForm_c(buf, &callee) )
{
if ( callee == BADADDR )
{
n.altdel(ea);
}
else
{
if ( ph.id == PLFM_ARM && (callee & 1) == 0 )
{
// if we're calling a thumb function, set bit 0
sel_t tbit = getSR(callee, T);
if ( tbit != 0 && tbit != BADSEL )
callee |= 1;
}
n.altset(ea, callee+1); // save the new address
}
noUsed(ea); // reanalyze the current instruction
}
}
//----------------------------------------------------------------------
static const char *idaapi set_wince_options(
const char *keyword,
int pri,
int value_type,
const void *value)
{
if ( keyword == NULL ) // interactive call
{
static const char form[] =
"Windows CE debugger specific options\n"
"\n"
" <Enable hardware breakpoints:C>>\n"
"\n";
if ( !AskUsingForm_c(form, &hwbpts) )
return IDPOPT_OK;
wince_save_options();
}
else
{
if ( *keyword == '\0' )
{
// we are done with the .cfg file, time to load parameters stored in
// the database
wince_load_options();
return IDPOPT_OK;
}
if ( strcmp(keyword, "HWBPTS_ENABLED") != 0 )
return IDPOPT_BADKEY;
if ( value_type != IDPOPT_BIT )
return IDPOPT_BADTYPE;
hwbpts = *(int*)value;
if ( pri == IDPOPT_PRI_HIGH )
wince_save_options();
}
enable_hwbpts(hwbpts != 0);
return IDPOPT_OK;
}
//--------------------------------------------------------------------------
// 0 - run uunp interactively
// 1 - run without questions
// 2 - run manual reconstruction
void idaapi run(int arg)
{
if ( arg == 2 )
{
area_t impdir = area_t(0, 0);
ea_t oep;
netnode n;
// Settings never stored before?
if ( n.create("$ uunp") )
{
// Populate default values
oep = get_screen_ea();
segment_t *s = getseg(oep);
if ( s != NULL )
{
oep_area.startEA = s->startEA;
oep_area.endEA = s->endEA;
}
}
else
{
// Restore previous settings
oep = n.altval(0);
oep_area.startEA = n.altval(1);
oep_area.endEA = n.altval(2);
impdir.startEA = n.altval(3);
impdir.endEA = n.altval(4);
}
if ( !AskUsingForm_c(
"Reconstruction parameters\n"
"\n"
" <~O~riginal entrypoint:N:128:32::>\n"
" <Code ~s~tart address:N:128:32::>\n"
" <Code ~e~nd address :N:128:32::>\n"
"\n"
" <IAT s~t~art address:N:128:32::>\n"
" <IAT e~n~d address:N:128:32::>\n"
"\n",
&oep,
&oep_area.startEA, &oep_area.endEA,
&impdir.startEA, &impdir.endEA) )
{
// Cancelled?
return;
}
// Invalid settings?
if ( impdir.startEA == 0 || impdir.endEA == 0 )
{
msg("Invalid import address table boundaries");
return;
}
// Store settings
n.altset(0, oep);
n.altset(1, oep_area.startEA);
n.altset(2, oep_area.endEA);
n.altset(3, impdir.startEA);
n.altset(4, impdir.endEA);
if ( !create_impdir(impdir) )
return;
// reanalyze the unpacked code
do_unknown_range(oep_area.startEA, oep_area.size(), DOUNK_EXPAND);
auto_make_code(oep);
noUsed(oep_area.startEA, oep_area.endEA);
auto_mark_range(oep_area.startEA, oep_area.endEA, AU_FINAL);
// mark the program's entry point
move_entry(oep);
take_memory_snapshot(true);
return;
}
// Determine the original entry point area
for ( segment_t *s = get_first_seg(); s != NULL; s=get_next_seg(s->startEA) )
{
if ( s->type != SEG_GRP )
{
oep_area = *s;
break;
}
}
if ( arg == 0
&& askyn_c(0,
"HIDECANCEL\n"
"AUTOHIDE REGISTRY\n"
"Universal PE unpacker\n"
"\n"
"IMPORTANT INFORMATION, PLEASE READ CAREFULLY!\n"
"\n"
"This plugin will start the program execution and try to suspend it\n"
"as soon as the packer finishes its work. Since there might be many\n"
"variations in packers and packing methods, the execution might go out\n"
"of control. There are many ways how things can go wrong, but since you\n"
"have the source code of this plugin, you can modify it as you wish.\n"
"\n"
"Do you really want to launch the program?\n") <= 0 )
{
return;
}
success = false;
set_file_ext(resfile, sizeof(resfile), database_idb, "res");
if ( arg == 0
&& !AskUsingForm_c(
"Uunp parameters\n"
"IDA will suspend the program when the execution reaches\n"
"the original entry point area. The default values are in\n"
"this dialog box. Please verify them and correct if you wish.\n"
"\n"
"ORIGINAL ENTRY POINT AREA\n"
" <~S~tart address:N:128:32::>\n"
" <~E~nd address :N:128:32::>\n"
"\n"
"OUTPUT RESOURCE FILE NAME\n"
" <~R~esource file:A:256:32::>\n"
"\n",
&oep_area.startEA,
&oep_area.endEA,
resfile) )
{
return;
}
if ( !hook_to_notification_point(HT_DBG, callback, NULL) )
{
warning("Could not hook to notification point\n");
return;
}
if ( dbg == NULL )
load_debugger("win32", false);
// Let's start the debugger
if ( !run_to(inf.beginEA) )
{
warning("Sorry, could not start the process");
unhook_from_notification_point(HT_DBG, callback, NULL);
}
}
//---------------------------------------------------------------------------
// The main function - called when the user selects the menu item
static bool idaapi callback(void *)
{
// Calculate the default values to display in the form
ea_t screen_ea = get_screen_ea();
segment_t *s = getseg(screen_ea);
if ( s == NULL || !isCode(get_flags_novalue(screen_ea)) )
{
warning("AUTOHIDE NONE\nThe cursor must be on the table jump instruction");
return false;
}
ea_t startea = screen_ea;
while ( true )
{
ea_t prev = prev_not_tail(startea);
if ( !is_switch_insn(prev) )
break;
startea = prev;
}
ea_t jumps = get_first_dref_from(screen_ea);
uval_t jelsize = s->abytes();
uval_t jtsize = 0;
if ( jumps != BADADDR )
{
decode_insn(screen_ea);
jtsize = guess_table_size(jumps);
}
uval_t shift = 0;
uval_t elbase = 0;
char input[MAXSTR];
input[0] = '\0';
ea_t defea = BADADDR;
uval_t lowcase = 0;
ushort jflags = 0;
ushort vflags = 0;
ea_t vtable = BADADDR;
ea_t vtsize = 0;
ea_t velsize = s->abytes();
reg_info_t ri;
ri.size = 0;
// If switch information is present in the database, use it for defaults
switch_info_ex_t si;
if ( get_switch_info_ex(screen_ea, &si, sizeof(si)) > 0 )
{
jumps = si.jumps;
jtsize = si.ncases;
startea = si.startea;
elbase = si.elbase;
jelsize = si.get_jtable_element_size();
shift = si.get_shift();
defea = (si.flags & SWI_DEFAULT) ? si.defjump : BADADDR;
if ( si.regnum != -1 )
get_reg_name(si.regnum, get_dtyp_size(si.regdtyp), input, sizeof(input));
if ( si.flags & SWI_SIGNED )
jflags |= 2;
if ( si.flags2 & SWI2_SUBTRACT )
jflags |= 4;
if ( si.flags & SWI_SPARSE )
{
jflags |= 1;
vtable = si.values;
vtsize = jtsize;
velsize = si.get_vtable_element_size();
if ( si.flags2 & SWI2_INDIRECT )
{
vflags |= 1;
jtsize = si.jcases;
}
if ( si.flags & SWI_JMP_INV )
vflags |= 2;
}
else
{
lowcase = si.lowcase;
}
}
// Now display the form and let the user edit the attributes
while ( AskUsingForm_c(main_form, &jumps, &jtsize, &jelsize, &shift, &elbase,
&startea, input, &lowcase, &defea, &jflags) )
{
if ( !check_table(jumps, jelsize, jtsize) )
continue;
if ( shift > 3 )
{
warning("AUTOHIDE NONE\nInvalid shift value (allowed values are 0..3)");
continue;
}
if ( !isCode(get_flags_novalue(startea)) )
{
warning("AUTOHIDE NONE\nInvalid switch idiom start %a (must be an instruction", startea);
continue;
}
ri.reg = -1;
if ( input[0] != '\0' && !parse_reg_name(input, &ri) )
{
warning("AUTOHIDE NONE\nUnknown input register: %s", input);
continue;
}
if ( defea != BADADDR && !isCode(get_flags_novalue(defea)) )
{
warning("AUTOHIDE NONE\nInvalid default jump %a (must be an instruction", defea);
continue;
}
if ( jflags & 1 ) // value table is present
{
bool vok = false;
while ( AskUsingForm_c(value_form, &vflags, &vtable, &vtsize, &velsize) )
{
if ( (vflags & 1) == 0 )
vtsize = jtsize;
if ( check_table(vtable, velsize, vtsize) )
{
vok = true;
break;
}
}
if ( !vok )
break;
}
// ok, got and validated all params -- fill the structure
si.flags = SWI_EXTENDED;
si.flags2 = 0;
if ( jflags & 2 )
si.flags |= SWI_SIGNED;
if ( jflags & 4 )
si.flags2 |= SWI2_SUBTRACT;
si.jumps = jumps;
si.ncases = ushort(jtsize);
si.startea = startea;
si.elbase = elbase;
if ( elbase != 0 )
si.flags |= SWI_ELBASE;
si.set_jtable_element_size((int)jelsize);
si.set_shift((int)shift);
if ( defea != BADADDR )
{
si.flags |= SWI_DEFAULT;
si.defjump = defea;
}
if ( ri.reg != -1 )
si.set_expr(ri.reg, get_dtyp_by_size(ri.size));
if ( jflags & 1 ) // value table is present
{
si.flags |= SWI_SPARSE;
si.values = vtable;
si.set_vtable_element_size((int)velsize);
if ( (vflags & 1) != 0 )
{
si.flags2 |= SWI2_INDIRECT;
si.jcases = (int)jtsize;
si.ncases = (ushort)vtsize;
}
if ( (vflags & 2) != 0 )
si.flags |= SWI_JMP_INV;
}
else
{
si.lowcase = lowcase;
}
// ready, store it
set_switch_info_ex(screen_ea, &si);
create_switch_table(screen_ea, &si);
setFlbits(screen_ea, FF_JUMP);
create_insn(screen_ea);
info("AUTOHIDE REGISTRY\nSwitch information has been stored");
break;
}
return true;
}
//----------------------------------------------------------------------
uchar loadDialog(bool manual)
{
static const char fmt[] =
"HELP\n"
"Java-VM class file loading options Ü\n"
" ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß\n"
"\n"
"Do not create 'import' segment with external-references\n"
"\n"
" Prohibits the creation of a segment with external names, classes, and\n"
" methods.\n"
"\n"
"\n"
"Create 'import' segment with with references from commands\n"
"\n"
" Only regular references to the import segment will be collected.\n"
" If this option is off, then all references (including simple text\n"
" references) will be collected.\n"
"\n"
"\n"
"Field/variable declarations are included in references\n"
"\n"
" Cross references from field declarations are collected in the import\n"
" segment. For example, a field declaration\n"
"\n"
" Field borland.ui.AboutDialog about\n"
"\n"
" creates a reference to class borland.ui.AboutDialog\n"
"\n"
"\n"
"Method return types are included in references\n"
"\n"
" Cross references from the return type and arguments of method\n"
" declarations are collected in the import segment.\n"
" NOTE: The import segment does not contain classes that appear only in\n"
" the arguments of the method declarations.\n"
"\n"
"Store unknown attributes to external files\n"
"\n"
" This option allows to extract non-standard attributes (if present)\n"
" and store them to a set of files in the current directory.\n"
" Filenames will have <classname>.<tagname>.<attributename> form\n"
"\n"
"\n"
"Rename local (slot) variables (if information is available)\n"
"\n"
" This option allows to use names from variable declarations to\n"
" rename local variables if the input file has this information.\n"
"\n"
"\n"
"Create visible representation of stripped names\n"
"\n"
" Some java classes have their local\n"
" names stripped. This option allows IDA to recreate such local names.\n"
" NOTE: If this option is selected then all one-character names with\n"
" the character code >= 0x80 will be ignored.\n"
"\n"
"\n"
"Continue loading after errors in additional attributes\n"
"\n"
" Normally all errors in the classfile structure are fatal.\n"
" If this option is on, errors in the additional attributes\n"
" produce only warnings and the loading process continues.\n"
"\n"
"ENDHELP\n"
"Java loading options\n"
"\n"
" Class File version %D.%D (JDK1.%D%A)\n"
"\n"
"\n"
"<~D~o not create 'import' segment with external-references :R>\n"
"<~C~reate 'import' segment with references from commands :R>\n"
"<~F~ield/variable declarations are included in references :R>\n"
"<~M~ethod return types are included in references :R>>\n"
"\n"
"<~S~tore unknown attributes to external files :C>\n"
"<~R~ename local (slot) variables (if info is available) :C>\n"
"<Create ~v~isible representation of stripped names :C>\n"
"<Continue ~l~oading after errors in additional attributes :C>>\n"
"\n"
"\n";
#if ((MLD__DEFAULT & MLD_METHREF) && !(MLD__DEFAULT & MLD_VARREF)) || \
((MLD__DEFAULT & MLD_VARREF) && !(MLD__DEFAULT & MLD_EXTREF))
#error
#endif
if(!manual) return(MLD__DEFAULT);
short rtyp =
#if (MLD__DEFAULT & MLD_METHREF)
3,
#elif (MLD__DEFAULT & MLD_VARREF)
2,
#elif (MLD__DEFAULT & MLD_EXTREF)
1,
#else
0,
#endif
mod = (MLD__DEFAULT & (MLD_EXTATR | MLD_LOCVAR | MLD_STRIP |
MLD_FORCE)) >> 3;
#if (MLD_EXTATR >> 3) != 1 || (MLD_LOCVAR >> 3) != 2 || \
(MLD_STRIP >> 3) != 4 || (MLD_FORCE >> 3) != 8
#error
#endif
{
uval_t maxv = curClass.MajVers,
minv = curClass.MinVers,
jdk = curClass.JDKsubver;
if(!AskUsingForm_c(fmt, &maxv, &minv, &jdk,
jdk == 3 ? "/CLDC" : "",
&rtyp, &mod)) qexit(1);
}
idpflags &= ~IDM_REQUNK; // do not use 'request mode' when 'manual options'
uchar ans = 0;
#if MLD_EXTATR != (1<<3) || MLD_LOCVAR != (2<<3) || MLD_STRIP != (4<<3) || \
MLD_FORCE != (8<<3)
#error
#endif
ans |= ((uchar)mod) << 3;
#if MLD_EXTREF != 1 || MLD_VARREF != 2 || MLD_METHREF != 4
#error
#endif
ans |= (uchar)((1 << rtyp) - 1);
return(ans);
}
//----------------------------------------------------------------------
int32 gen_map_file(FILE *fp)
{
static const char frm[] =
"Map format\n\n"
"<~W~idth:D:3:::> [72-%D], 0 - unlimited \n"
" Printing\n"
"<~A~ll:R> Included constant types\n"
"<~U~nused :R>> <Utf~8~:C>\n"
" Sorting by<~C~lass:C>\n"
"<~T~ype:R><~R~eferences:C>\n"
"<U~n~sorted:R>><Na~m~eAndType :C>\n"
" Number in pool<Num~b~ers:C>\n"
"<~D~ecimal :R><~S~tring:C>>\n"
"<~H~ex:R>>\n\n"
"<~O~ut Utf8 string without encoding :C>\n"
"<~I~nclude loader problem messages :C>>\n\n";
static const struct {
ushort mask;
ushort skip;
char name[8];
int (*proc)(ushort index, const ConstOpis *);
ushort arg;
}defr[MAX_CONSTANT_TYPE] = {
{0x01, 0, "Utf8 ", utfstr, 0},
{0x00, 0, "", NULL, 0}, // unicode
{0x10, 4, "Integer", outnum, 3 + dt_dword},
{0x10, 4, "Float ", outnum, 3 + dt_float},
{0x10, 8, "Long ", outnum, 3 + dt_qword},
{0x10, 8, "Double ", outnum, 3 + dt_double},
{0x02, 2, "Class ", outref, 1},
{0x20, 2, "String ", outref, 1},
{0x04, 4, "Fld_ref", outref, 3},
{0x04, 4, "Met_ref", outref, 3},
{0x04, 4, "Int_ref", outref, 3},
{0x08, 4, "nam&typ", outref, 2}
};
#define STR_MIN_RESERVED 32
char str[MAXSTR];
uchar tflag;
int32 width, pos, numstr = 0;
uint32 save_flags = idpflags;
ushort curbit = 1;
short unus = 1, unsort = 1, hexnum = 0, typemask = 0x3F, encinc = 2;
ConstOpis opis;
register ushort i, j;
static char lft_fmt[] = "%08lX %5u%c %s ";
if(!(idpflags & IDF_ENCODING)) ++encinc; // |= 1
uFlag = decflag(); // Decimal OutValue
width = 80;
bufsize = pos = sizeof(str)-32;
if(!AskUsingForm_c(frm, &width, &pos, &unus, &unsort,
&typemask, &hexnum, &encinc)) return(0);
if(encinc & 2) unus = 0; // from error - all
idpflags &= ~IDF_ENCODING;
if(!(encinc & 1)) idpflags |= IDF_ENCODING;
#if (MAXSTR-STR_MIN_RESERVED) <= 72
#error
#endif
no_prompt = 0;
if(width < 72) {
if(width) width = 72;
else {
no_prompt = 0;
set_max:
width = sizeof(str)-STR_MIN_RESERVED;
}
} else if(width > (MAXSTR-STR_MIN_RESERVED)) goto set_max;
if(!typemask) typemask = 0x3F;
if(hexnum) {
lft_fmt[7] = ind_fmt[5] = rfmt[17] = '4';
lft_fmt[8] = ind_fmt[6] = rfmt[18] = 'X';
curpos = 8 + 1 + 4 + 1 + 1 + 0 + 1;
} else {
lft_fmt[7] = ind_fmt[5] = rfmt[17] = '5';
lft_fmt[8] = ind_fmt[6] = rfmt[18] = 'u';
curpos = 8 + 1 + 5 + 1 + 1 + 0 + 1;
}
if(unsort) {
curpos += 7;
curbit = typemask;
}
maxpos = width;
bufbeg = str;
myFile = fp;
do {
while(!(typemask & curbit)) curbit <<= 1;
for(tflag = (uchar)unsort, pos = 10, i = 1; i <= curClass.maxCPindex; i++) {
if(!LoadOpis(i, 0, &opis) || opis.type == CONSTANT_Unicode)
DESTROYED("map::CP");
j = opis.type - 1;
DEB_ASSERT((j >= MAX_CONSTANT_TYPE), "map:type");
if((!unus || !(opis.flag & _REF)) && (curbit & defr[j].mask)) {
if(!numstr) {
static const char fmh[]= "This file generated by IDA";
for(int k = (maxpos - sizeof(fmh)) / 2; k; k--) qfputc(' ', fp);
char dname[MAXSTR];
if(ConstantNode.supstr(CNS_SOURCE, dname, sizeof(dname)) < 0)
DESTROYED("map:srcname");
qfprintf(fp, "%s\n\n"
" Constant Pool for \"%s\"\n\n"
" offset #(%s)\n",
fmh, dname, hexnum ? "hex" : "dec");
numstr = 5;
}
if(!tflag) {
qfprintf(fp, "\n-----CONSTANT-%s-----\n",
(defr[j].arg < 3) ? defr[j].name :
((defr[j].arg == 3) ?
"(program references)" :
"(numeric values)"));
++tflag;
numstr += 2;
}
qfprintf(fp, lft_fmt, pos, i, (opis.flag & _REF) ? ' ' : '*',
(unsort || defr[j].arg >= 3) ? defr[j].name : "");
{
register int n = defr[j].proc(defr[j].arg ? defr[j].arg : i, &opis);
if(n <= 0) goto do_eof;
numstr += n;
}
if(unus && unsort && opis.type >= CONSTANT_Class) {
numstr += refput(opis._name);
if(opis.type > CONSTANT_String) {
if(opis.type == CONSTANT_NameAndType)
numstr += refput(opis._class);
else {
numstr += refput(opis._subnam);
numstr += refput(opis._dscr);
}
}
}
if(feof(fp) || ferror(fp)) goto do_eof;
}
++pos;
switch(j = defr[j].skip) {
case 0: // Utf8 / Unicode
pos += opis._Ssize + 2;
break;
case 8: // Long / Double
DEB_ASSERT((i == curClass.maxCPindex), "map:CPend");
++i;
default:
pos += j;
break;
}
}
}while((typemask ^= curbit) != 0);
if(numstr) { // if error print before - header problems!
qfprintf(fp, "\nEnd of map\n");
numstr += 2;
if((encinc & 2) && curClass.msgNode) {
qfprintf(fp, "\nLoader problem messages\n\n");
int32 slen = print_loader_messages(str, NULL);
if(slen == -1) goto do_eof;
numstr += slen + 5;
qfprintf(fp, "\nEnd of messages\n");
}
if(feof(fp) || ferror(fp)) {
do_eof:
numstr = EOF;
}
}
myFile = NULL;
idpflags = save_flags;
return(numstr);
}
// This function (called when opening the module related configuration in
// the general options) will create a dialog box asking the end-user if he
// wants to use synthetic instructions and register aliases.
const char *idaapi set_idp_options(
const char *keyword,
int /*value_type*/,
const void * /*value*/ )
{
short opt_subs = 0;
if ( keyword != NULL )
return IDPOPT_BADKEY;
if ( use_synthetic_insn() ) opt_subs |= 1;
if ( use_reg_aliases() ) opt_subs |= 2;
static const char form[] =
"HELP\n"
"Mitsubishi 32-Bit (m32r) related options :\n"
"\n"
" Use synthetic instructions\n"
"\n"
" If this option is on, IDA will simplify instructions and replace\n"
" them by synthetic pseudo-instructions.\n"
"\n"
" For example,\n"
"\n"
" bc label1 ; 8 bits offset \n"
" bc label2 ; 24 bits offset \n"
" ldi r1, #0xF \n"
" ldi r2, #0x123456 \n"
" st r3, @-sp \n"
" ld r4, @sp+ \n"
"\n"
" will be replaced by\n"
"\n"
" bc.s label1 \n"
" bc.l label2 \n"
" ldi8 r1, #0xF \n"
" ldi24 r2, #0x123456 \n"
" push r3 \n"
" pop r4 \n"
"\n"
" Use registers aliases\n"
"\n"
" If checked, IDA will use aliases names for the following registers :\n"
"\n"
" r13 -> fp \n"
" r14 -> lr \n"
" r15 -> sp \n"
" cr0 -> psw \n"
" cr1 -> cbr \n"
" cr2 -> spi \n"
" cr3 -> spu \n"
" cr6 -> bpc \n"
"\n"
"ENDHELP\n"
"m32r related options\n"
"<##Substitutions"
"#For example, use bc.s instead of 8-Bit bc instructions#Use ~s~ynthetic instructions:C>"
"<#For example, use fp instead or r14#Use registers ~a~liases:C>>\n\n\n\n"
"<~C~hoose device name:B:0::>"
"\n\n\n";
AskUsingForm_c(form, &opt_subs, choose_device);
idpflags = 0; // reset the configuration
if ( opt_subs & 1 ) idpflags |= NETNODE_USE_INSN_SYNTHETIC;
if ( opt_subs & 2 ) idpflags |= NETNODE_USE_REG_ALIASES;
patch_regnames();
return IDPOPT_OK;
}
// 插件可以从plugins.cfg文件中,被传进一个整型参数。
// 当按下不同的热键或者菜单时,您需要一个插件做不同
// 的事情时,这非常有用。
void __stdcall IDAP_run(int arg)
{
// 插件的实体
//在LOG中显示一个字符串
char *lpInBuf = NULL;
char *lpTmpBuf = NULL;
char *lpFilePath = NULL;
char szValue[MAXSTR + 1] = "";
char szInValue[MAXSTR + 1] = "";
// char szTmp[100] = {0};
int nPatchLogFlags = 1;
uval_t nAddres = get_screen_ea();
asize_t nCount = 1;
USHORT nWriteRadio = 0; //单选按钮
USHORT nSerializeRadio = -1; //单选按钮
USHORT checkmask = 0;
asize_t j = 0;
asize_t i = 0;
// qstrncpy(szInValue,"",sizeof(szInValue));
if(AskUsingForm_c(dialog, szInValue, &nAddres, &nCount, &nWriteRadio, &nSerializeRadio, &checkmask) == 1)
{
if(checkmask & 1)
{
nAddres = get_screen_ea();
}
size_t len = strlen(szInValue);
for(i = 0; i < len; i++)
{
if(szInValue[i] != ' ')
{
szValue[j++] = szInValue[i];
}
}
len = strlen(szValue);
size_t nHexLen = len / 2;
if(!len)
{
if( lpFilePath = askfile_cv(0, "*.*", "OpenPath", 0))
{
FILE* handle = fopen(lpFilePath, "rb");
if(handle == NULL)
{
warning("打开文件失败 Error!\n");
return;
}
fseek(handle, 0, SEEK_END);
nHexLen = ftell(handle);
fseek(handle, 0, SEEK_SET);
lpTmpBuf = (char *)malloc(nHexLen + 1);
memset(lpTmpBuf, 0, nHexLen + 1);
fread(lpTmpBuf, 1, nHexLen, handle);
fclose(handle);
strcpy(szValue, lpFilePath);
}
else
{
warning("请输入数据");
return;
}
}
else if(len % 2)
{
warning("数据长度不是2的倍数");
return;
}
else
{
for(i = 0;i < len;i++)
{
if(!isxdigit(szValue[i]))
{
warning("数据中含有非16进制值");
return;
}
}
lpTmpBuf = (char *) malloc(nHexLen * 2 + 1);
memset(lpTmpBuf, 0, nHexLen * 2 + 1);
for(i = 0; i < nHexLen; i++)
{
sscanf(&szValue[i * 2],"%02x",lpTmpBuf + i);
}
}
if(nSerializeRadio >= 0)
{
asize_t nSerializeSize = (nSerializeRadio + 1) * 4;
asize_t nSerializeCount = nHexLen * nCount / nSerializeSize;
for(i = 0; i < nSerializeCount; i++)
{
reversedbuf((unsigned char*)lpTmpBuf + nSerializeSize *i, nSerializeSize);
}
}
lpInBuf = (char*)malloc(nHexLen * nCount * 2 + 1);
memset(lpInBuf, 0, nHexLen * nCount * 2 + 1);
for(i = 0; i < nCount; i++)
{
memcpy(lpInBuf + i * nHexLen, lpTmpBuf, nHexLen);
}
free(lpTmpBuf);
msg("==============修补数据库数据==============\n");
msg("String Value = %s\n",szValue);
#ifdef __EA64__
msg("Addres:0x%llX ValueSize = 0x%llX Index:%d check = %d\n",nAddres, nHexLen, nCount,checkmask);
#else
msg("Addres:0x%08X ValueSize = 0x%08X Index:%d check = %d\n",nAddres, nHexLen, nCount,checkmask);
#endif
if(!nWriteRadio)
{
msg("WriteData \n",nWriteRadio);
}
else
{
msg("XorWrite Data \n",nWriteRadio);
}
if( nHexLen * nCount > 0x100)
{
nPatchLogFlags = askyn_c(0, "%s", "是否打印日志!(默认不打印)\n因为数据量过大会影响IDA会假死!\nNo或Cancel表示不打印日志!\n");
}
////////////////////
uint32 nSum = 0;
uchar *mem = NULL;
if(isLoaded(nAddres) && isLoaded(nAddres + nCount * nHexLen - 1))
{
mem = (uchar *)malloc(nCount * nHexLen + 1);
if(mem == NULL)
{
warning("malloc 函数执行失败!");
return;
}
get_many_bytes(nAddres,mem, nCount * nHexLen);
if(nPatchLogFlags > 0)
{
msg("原始数据:\n");
for(i = 0; i < nCount * nHexLen; i++)
{
msg("%02X", mem[i]);
}
msg("\n");
}
}
else
{
if(!isLoaded(nAddres))
{
warning("数据地址错误: 0x%p",nAddres);
}
else
{
warning("写入数据长度过大");
}
return;
}
///////////////////////////
// long nValue = 0;
for(j = 0;j < nCount;j++)
{
for(i = 0;i < nHexLen; i++)
{
// memcpy(szTmp,&szInValue[j * len + i * 2],2);
//sscanf(&szValue[i * 2],"%02x",&nValue);
if(nWriteRadio == 1)
{
lpInBuf[nSum] ^= mem[nSum];
}
mem[nSum++] = lpInBuf[nSum];
}
}
put_many_bytes(nAddres, mem, nSum);
if(nPatchLogFlags > 0)
{
msg("补丁数据:\n");
for(i = 0; i < nSum; i++)
{
msg("%02X", mem[i]);
}
msg("\n");
}
refresh_idaview_anyway(); //刷新反汇编窗口
free(mem);
free(lpInBuf);
}
return;
}
void idaapi run(int arg)
{
char buf[MAXSTR];
char cmt[MAXSTR];
char *valid_cmt = NULL;
char ext[0x20];
FILE *f = NULL;
short checkboxes = OPTION_NAMES | OPTION_COMMENTS;
sval_t bank = 1; // default
bool first = true;
bool hasName = false;
flags_t flags;
ea_t ea = 0x0;
if( AskUsingForm_c( madnes_options, &checkboxes, &bank ) != 1 || checkboxes == 0 )
return;
// prepare filename for namelist (.nl) file
get_input_file_path( buf, sizeof( buf ) );
qsnprintf( ext, sizeof( ext ),".%X.nl",--bank );
qstrncat( buf, ext, sizeof( buf )-strlen( buf ) );
// (always) create file
f = qfopen( buf, "w" );
if( f == NULL )
{
warning( "%s could not be created!", buf );
return;
}
msg( "Writing to file %s..", buf );
while( ea <= 0xFFFF )
{
hasName = false;
// get flags
if( isCode( getFlags( ea ) ) )
flags = getFlags( ea );
else
flags = getFlags( get_item_head( ea ) );
// if user either chose to export names or anynames
if( ( ( checkboxes & OPTION_NAMES ) && has_name( flags ) ) || ( ( checkboxes & OPTION_ANYNAME ) && has_any_name( flags ) ) )
{
// if current item is code or if current item is head of item
if( isCode( flags ) || ea==get_item_head( ea ) )
{
// get name
get_name( ea, ea, buf, sizeof( buf ) );
// write to file
qfprintf( f, "$%04X#%s#", ea, buf );
}
else // if not code or not head of item (must be an array)
{
// get name of item start
get_name( get_item_head( ea ), get_item_head( ea ), buf, sizeof( buf ) );
// calc displacement, write to file (example: "password+$04")
qfprintf( f, "$%04X#%s+$%X#", ea, buf, ea-get_item_head( ea ) );
}
hasName = true;
}
// if user chose to export cross references
if( checkboxes & OPTION_XREFS )
{
xrefblk_t xb;
first = true;
// cycle through all xrefs except ordinary flow xrefs
for ( bool ok=xb.first_to( ea, XREF_FAR/*XREF_ALL*/); ok; ok=xb.next_to() )
{
if( first ) // if first xref
{
if( !hasName ) // if this location hasn't a name yet, add symbol stub
{
qfprintf( f, "$%04X##", ea );
hasName = true;
}
qfprintf( f, "XREFS:\n\\"); // append XREFS
first = false;
}
qfprintf( f, " $%04X\n\\", xb.from );
}
}
// if user chose to export comments
if( checkboxes & OPTION_COMMENTS )
{
if( has_cmt( flags ) ) // if current item has comment
{
// get comment
// workaround for get_any_indeted_cmt()
// -> unresolved external symbol "char * __stdcall get_any_indented_cmt(unsigned long,unsigned char *)" (?get_any_indented_cmt@@YGPADKPAE@Z)
if( get_cmt( ea, false, cmt, sizeof( cmt ) ) == -1 )
get_cmt( ea, true, cmt, sizeof( cmt ) );
// validate comment (replace invalid chars, add room for additional chars)
valid_cmt = validate_comment( cmt );
if( valid_cmt != NULL )
{
if( !hasName )
{
qfprintf( f, "$%04X##", ea ); // add symbol stub if no name yet
hasName = true;
}
qfprintf( f, "%s", valid_cmt ); // write comment to file
qfree( valid_cmt );
}
}
}
if( hasName) qfprintf( f, "\n" );
ea++; // get name of each byte
}
qfclose( f );
msg( "done.\n" );
}
