From 9f4c7fd09cf9eab383907e18e68b3c03d83536d6 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 01/39] fixed inf no attribute "mf", because ida pro beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 024e984ebbec3fd10ad272ddb4934d66d86c8f49 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 02/39] fixed inf no attribute "mf", because ida pro beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 6efffeb1682bdc313b2e330af9792732e5356785 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 03/39] fixed inf no attribute "mf", because ida pro beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 1666ee71506d5caea91a5c817e45f95734ce2762 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 04/39] fixed inf no attribute "mf", because ida pro beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From a2efbecb3b7bba6908c545ded082cd390ba56205 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 05/39] fixed inf no attribute "mf", because ida pro7 beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 7ec908748bbaefc3121695c117a48f161f8b6824 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 06/39] fixed inf no attribute "mf", because ida pro7 beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From cf967f4b729d86abf2e6f44733e32bfaa1495461 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 07/39] fixed inf no attribute "mf", because ida pro7 beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 7f074a8bde1d584f17ba3a82c46454b31e117146 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Tue, 1 Aug 2017 21:45:58 +0800 Subject: [PATCH 08/39] fixed inf no attribute "mf", because ida pro7 beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() --- keypatch.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..62e03f4 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,7 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +177,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +194,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +213,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if idaapi.cvar.inf.is_be(): mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 5f4d38212774bb75b93d0a71002667ee6342b670 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 22:25:52 +0800 Subject: [PATCH 09/39] Add ida pro version check, about be(big endian) --- keypatch.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 62e03f4..059e0be 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,9 +162,12 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() + # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() - # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) + is_be = idaapi.cvar.inf.mf + # print("Keypatch BIG_ENDIAN = %s" %is_be) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +180,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +197,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +216,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 72f70f9f7f21221fd42d5563f47941dee024d8aa Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 22:25:52 +0800 Subject: [PATCH 10/39] Add ida pro version check, about be(big endian) --- keypatch.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 62e03f4..059e0be 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,9 +162,12 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() + # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() - # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) + is_be = idaapi.cvar.inf.mf + # print("Keypatch BIG_ENDIAN = %s" %is_be) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +180,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +197,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +216,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 08026080531f0b33d847c76f03604155bdd473cb Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Tue, 1 Aug 2017 22:25:52 +0800 Subject: [PATCH 11/39] Add ida pro version check, about be(big endian) --- keypatch.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 62e03f4..059e0be 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,9 +162,12 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() + # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() - # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) + is_be = idaapi.cvar.inf.mf + # print("Keypatch BIG_ENDIAN = %s" %is_be) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +180,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +197,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +216,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 055f7df4811ac63564b013595ef34c0e19f33bd7 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Tue, 1 Aug 2017 22:25:52 +0800 Subject: [PATCH 12/39] Add ida pro version check, about be(big endian) --- keypatch.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 62e03f4..059e0be 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,9 +162,12 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() + # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() - # print("Keypatch BIG_ENDIAN = %s" %idaapi.cvar.inf.is_be()) + is_be = idaapi.cvar.inf.mf + # print("Keypatch BIG_ENDIAN = %s" %is_be) if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +180,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.is_be(): + if is_be: mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +197,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +216,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.is_be(): + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From 53e0ebae6c7540799cafcef70fe051a27d2e6960 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Wed, 2 Aug 2017 15:47:42 +0800 Subject: [PATCH 13/39] Since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be(), Compatible with ida pro 6, 7(beta); for everyone is happy --- keypatch.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/keypatch.py b/keypatch.py index 059e0be..61f9abc 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,12 +162,17 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() - # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() - is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() + + try: + # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() + except: + # older IDA versions is_be = idaapi.cvar.inf.mf # print("Keypatch BIG_ENDIAN = %s" %is_be) + if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): From bf837f79dfe01702bc9da574dc60f3e9013467ca Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Wed, 2 Aug 2017 15:47:42 +0800 Subject: [PATCH 14/39] Since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be(), Compatible with ida pro 6, 7(beta); for everyone is happy --- keypatch.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/keypatch.py b/keypatch.py index 059e0be..61f9abc 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,12 +162,17 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() - # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() - is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() + + try: + # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() + except: + # older IDA versions is_be = idaapi.cvar.inf.mf # print("Keypatch BIG_ENDIAN = %s" %is_be) + if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): From e9085b88989eed0f427bb761fd78571b084582e3 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Wed, 2 Aug 2017 15:47:42 +0800 Subject: [PATCH 15/39] Since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be(), Compatible with ida pro 6, 7(beta); for everyone is happy --- keypatch.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/keypatch.py b/keypatch.py index 059e0be..61f9abc 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,12 +162,17 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() - # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() - is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() + + try: + # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() + except: + # older IDA versions is_be = idaapi.cvar.inf.mf # print("Keypatch BIG_ENDIAN = %s" %is_be) + if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): From 81b7e0859a1a306a25f90e4896f14d3d4cf22bf3 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 2 Aug 2017 15:47:42 +0800 Subject: [PATCH 16/39] Since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be(), Compatible with ida pro 6, 7(beta); for everyone is happy --- keypatch.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/keypatch.py b/keypatch.py index 059e0be..61f9abc 100644 --- a/keypatch.py +++ b/keypatch.py @@ -162,12 +162,17 @@ def get_hardware_mode(): if idaapi.IDA_SDK_VERSION >= 700: # IDA >= 7.0 case change cpuname = info.procname.lower() - # since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() - is_be = idaapi.cvar.inf.is_be() else: cpuname = info.procName.lower() + + try: + # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() + except: + # older IDA versions is_be = idaapi.cvar.inf.mf # print("Keypatch BIG_ENDIAN = %s" %is_be) + if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): From b4c04f2fe7381178498ab8a48a41e01e7ee83c68 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 2 Aug 2017 15:53:17 +0800 Subject: [PATCH 17/39] Fixed inf has no attribute "mf" (#25) * fixed inf no attribute "mf", because ida pro beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() * fixed inf no attribute "mf", because ida pro7 beta 3 (170724) renamed inf.is_mf()/set_mf() -> is_be()/set_be() * Add ida pro version check, about be(big endian) * Since ida pro7 beta 3 (170724) renamed inf.mf -> is_be()/set_be(), Compatible with ida pro 6, 7(beta); for everyone is happy --- keypatch.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/keypatch.py b/keypatch.py index 90dc068..61f9abc 100644 --- a/keypatch.py +++ b/keypatch.py @@ -164,7 +164,15 @@ def get_hardware_mode(): cpuname = info.procname.lower() else: cpuname = info.procName.lower() - #print("Keypatch MF = %s" %idaapi.cvar.inf.mf) + + try: + # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() + is_be = idaapi.cvar.inf.is_be() + except: + # older IDA versions + is_be = idaapi.cvar.inf.mf + # print("Keypatch BIG_ENDIAN = %s" %is_be) + if cpuname == "metapc": arch = KS_ARCH_X86 if info.is_64bit(): @@ -177,14 +185,14 @@ def get_hardware_mode(): # ARM or ARM64 if info.is_64bit(): arch = KS_ARCH_ARM64 - if idaapi.cvar.inf.mf: + if is_be: mode = KS_MODE_BIG_ENDIAN else: mode = KS_MODE_LITTLE_ENDIAN else: arch = KS_ARCH_ARM # either big-endian or little-endian - if idaapi.cvar.inf.mf: + if is_be: mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN else: mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN @@ -194,7 +202,7 @@ def get_hardware_mode(): mode = KS_MODE_SPARC64 else: mode = KS_MODE_SPARC32 - if idaapi.cvar.inf.mf: + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN @@ -213,7 +221,7 @@ def get_hardware_mode(): mode = KS_MODE_MIPS64 else: mode = KS_MODE_MIPS32 - if idaapi.cvar.inf.mf: + if is_be: mode |= KS_MODE_BIG_ENDIAN else: mode |= KS_MODE_LITTLE_ENDIAN From d4a14f09709817646815d3b0728d8a0285ff2706 Mon Sep 17 00:00:00 2001 From: Michael Mohr Date: Tue, 29 Aug 2017 03:11:56 -0700 Subject: [PATCH 18/39] Minor bug fixes and code cleanup (#26) --- keypatch.py | 137 ++++++++++++++++++++++++---------------------------- 1 file changed, 64 insertions(+), 73 deletions(-) diff --git a/keypatch.py b/keypatch.py index 61f9abc..ea5c4e1 100644 --- a/keypatch.py +++ b/keypatch.py @@ -16,12 +16,16 @@ # To revert (undo) the last patching, choose menu "Edit | Keypatch | Undo last patching". # To check for update version, choose menu "Edit | Keypatch | Check for update". -import idc -import idaapi +import os import re import json from keystone import * - +import idc +import idaapi +try: + from idc import GetOpType, GetOpnd, ItemEnd +except ImportError: + from idc_bc695 import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -47,6 +51,7 @@ def to_hexstr(buf, sep=' '): return sep.join("{0:02x}".format(ord(c)) for c in buf).upper() + # return a normalized code, or None if input is invalid def convert_hexstr(code): # normalize code @@ -78,6 +83,7 @@ def convert_hexstr(code): # invalid hex return None + # download a file from @url, then return (result, file-content) # return (0, content) on success, or ({1|2}, None) on download failure def url_download(url): @@ -391,7 +397,7 @@ def ida_get_disasm(self, address, fixup=False): def GetMnem(asm): sp = asm.find(' ') - if (sp == -1): + if sp == -1: return asm return asm[:sp] @@ -420,7 +426,7 @@ def GetMnem(asm): t = GetOpType(address, i) o = GetOpnd(address, i) - if t in (idc.o_mem, o_displ): + if t in (idc.o_mem, idc.o_displ): parts = list(o.partition(':')) if parts[2] == '': parts[2] = parts[0] @@ -691,7 +697,7 @@ def patch_code(self, address, assembly, syntax, padding, save_origcode, orig_asm return -3 orig_comment = idc.Comment(address) - if orig_comment == None: + if orig_comment is None: orig_comment = '' nop_comment = "" @@ -737,13 +743,13 @@ def patch_code(self, address, assembly, syntax, padding, save_origcode, orig_asm patch_len = len(patch_data) (plen, p_orig_data) = self.patch(address, patch_data, patch_len) - if plen == None: + if plen is None: # failed to patch return -1 if not undo: # we are patching new_patch_comment = None - if save_origcode == True: + if save_origcode is True: # append original instruction to comments if orig_comment == '': new_patch_comment = "Keypatch modified this from:\n {0}{1}".format('\n '.join(orig_asm), nop_comment) @@ -783,7 +789,7 @@ def fill_code(self, addr_begin, addr_end, assembly, syntax, padding, save_origco # input might be a hexcode string. try to convert it to raw bytes encoding = convert_hexstr(assembly) - if encoding == None: + if encoding is None: # invalid input: this is neither assembly nor hexcode string return 0 @@ -793,7 +799,7 @@ def fill_code(self, addr_begin, addr_end, assembly, syntax, padding, save_origco # save original comment at addr_begin # TODO: save comments in this range, but how to interleave them? orig_comment = idc.Comment(addr_begin) - if orig_comment == None: + if orig_comment is None: orig_comment = '' patch_data = "" @@ -815,13 +821,13 @@ def fill_code(self, addr_begin, addr_end, assembly, syntax, padding, save_origco patch_data = patch_data.ljust(size, X86_NOP) (plen, p_orig_data) = self.patch(addr_begin, patch_data, len(patch_data)) - if plen == None: + if plen is None: # failed to patch return -1 new_patch_comment = '' # append original instruction to comments - if save_origcode == True: + if save_origcode is True: if orig_comment == '': new_patch_comment = "Keypatch filled range [0x{0:X}:0x{1:X}] ({2} bytes), replaced:\n {3}".format(addr_begin, addr_end - 1, addr_end - addr_begin, '\n '.join(orig_asm)) else: @@ -912,7 +918,7 @@ def setup(self, kp_asm, address, assembly=None): # get original instruction and bytes self.orig_asm = kp_asm.ida_get_disasm(address) (self.orig_encoding, self.orig_len) = kp_asm.ida_get_item(address, hex_output=True) - if self.orig_encoding == None: + if self.orig_encoding is None: self.orig_encoding = '' if assembly is None: @@ -920,9 +926,6 @@ def setup(self, kp_asm, address, assembly=None): else: self.asm = assembly - def __init__(self, kp_asm, address, assembly=None, patch_mode=False, opts=0): - pass - # update Encoding control # return True on success, False on failure def _update_encoding(self, arch, mode): @@ -1040,7 +1043,7 @@ def __init__(self, kp_asm, addr_begin, addr_end, assembly=None, opts=None): self.addr_end = addr_end # create FillRange form - Form.__init__(self, + super(Keypatch_FillRange, self).__init__( r"""STARTITEM {id:c_assembly} BUTTON YES* Patch KEYPATCH:: Fill Range @@ -1058,23 +1061,23 @@ def __init__(self, kp_asm, addr_begin, addr_end, assembly=None, opts=None): <~N~OPs padding until next instruction boundary:{c_opt_padding}> {c_opt_chk}> """, { - 'c_endian': Form.DropdownListControl( + 'c_endian': self.DropdownListControl( items = self.kp_asm.endian_lists.keys(), readonly = True, selval = self.endian_id), - 'c_addr': Form.NumericInput(value=addr_begin, swidth=MAX_ADDRESS_LEN, tp=Form.FT_ADDR), - 'c_addr_end': Form.NumericInput(value=addr_end - 1, swidth=MAX_ADDRESS_LEN, tp=Form.FT_ADDR), - 'c_assembly': Form.StringInput(value=self.asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), - 'c_size': Form.NumericInput(value=addr_end - addr_begin, swidth=8, tp=Form.FT_DEC), - 'c_raw_assembly': Form.StringInput(value='', width=MAX_INSTRUCTION_STRLEN), - 'c_encoding': Form.StringInput(value='', width=MAX_ENCODING_LEN), - 'c_encoding_len': Form.NumericInput(value=0, swidth=8, tp=Form.FT_DEC), - 'c_syntax': Form.DropdownListControl( + 'c_addr': self.NumericInput(value=addr_begin, swidth=MAX_ADDRESS_LEN, tp=self.FT_ADDR), + 'c_addr_end': self.NumericInput(value=addr_end - 1, swidth=MAX_ADDRESS_LEN, tp=self.FT_ADDR), + 'c_assembly': self.StringInput(value=self.asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), + 'c_size': self.NumericInput(value=addr_end - addr_begin, swidth=8, tp=self.FT_DEC), + 'c_raw_assembly': self.StringInput(value='', width=MAX_INSTRUCTION_STRLEN), + 'c_encoding': self.StringInput(value='', width=MAX_ENCODING_LEN), + 'c_encoding_len': self.NumericInput(value=0, swidth=8, tp=self.FT_DEC), + 'c_syntax': self.DropdownListControl( items = self.syntax_keys, readonly = True, selval = self.syntax_id), 'c_opt_chk':idaapi.Form.ChkGroupControl(('c_opt_padding', 'c_opt_comment', ''), value=opts['c_opt_chk']), - 'FormChangeCb': Form.FormChangeCb(self.OnFormChange), + 'FormChangeCb': self.FormChangeCb(self.OnFormChange), }) self.Compile() @@ -1094,7 +1097,7 @@ def __init__(self, kp_asm, address, assembly=None, opts=None): self.setup(kp_asm, address, assembly) # create Patcher form - Form.__init__(self, + super(Keypatch_Patcher, self).__init__( r"""STARTITEM {id:c_assembly} BUTTON YES* Patch KEYPATCH:: Patcher @@ -1113,24 +1116,24 @@ def __init__(self, kp_asm, address, assembly=None, opts=None): <~N~OPs padding until next instruction boundary:{c_opt_padding}> {c_opt_chk}> """, { - 'c_endian': Form.DropdownListControl( + 'c_endian': self.DropdownListControl( items = self.kp_asm.endian_lists.keys(), readonly = True, selval = self.endian_id), - 'c_addr': Form.NumericInput(value=address, swidth=MAX_ADDRESS_LEN, tp=Form.FT_ADDR), - 'c_assembly': Form.StringInput(value=self.asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), - 'c_orig_assembly': Form.StringInput(value=self.orig_asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), - 'c_orig_encoding': Form.StringInput(value=self.orig_encoding[:MAX_ENCODING_LEN], width=MAX_ENCODING_LEN), - 'c_orig_len': Form.NumericInput(value=self.orig_len, swidth=8, tp=Form.FT_DEC), - 'c_raw_assembly': Form.StringInput(value='', width=MAX_INSTRUCTION_STRLEN), - 'c_encoding': Form.StringInput(value='', width=MAX_ENCODING_LEN), - 'c_encoding_len': Form.NumericInput(value=0, swidth=8, tp=Form.FT_DEC), - 'c_syntax': Form.DropdownListControl( + 'c_addr': self.NumericInput(value=address, swidth=MAX_ADDRESS_LEN, tp=self.FT_ADDR), + 'c_assembly': self.StringInput(value=self.asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), + 'c_orig_assembly': self.StringInput(value=self.orig_asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), + 'c_orig_encoding': self.StringInput(value=self.orig_encoding[:MAX_ENCODING_LEN], width=MAX_ENCODING_LEN), + 'c_orig_len': self.NumericInput(value=self.orig_len, swidth=8, tp=self.FT_DEC), + 'c_raw_assembly': self.StringInput(value='', width=MAX_INSTRUCTION_STRLEN), + 'c_encoding': self.StringInput(value='', width=MAX_ENCODING_LEN), + 'c_encoding_len': self.NumericInput(value=0, swidth=8, tp=self.FT_DEC), + 'c_syntax': self.DropdownListControl( items = self.syntax_keys, readonly = True, selval = self.syntax_id), - 'c_opt_chk':idaapi.Form.ChkGroupControl(('c_opt_padding', 'c_opt_comment', ''), value=opts['c_opt_chk']), - 'FormChangeCb': Form.FormChangeCb(self.OnFormChange), + 'c_opt_chk':self.ChkGroupControl(('c_opt_padding', 'c_opt_comment', ''), value=opts['c_opt_chk']), + 'FormChangeCb': self.FormChangeCb(self.OnFormChange), }) self.Compile() @@ -1147,9 +1150,8 @@ def OnFormChange(self, fid): # Search position chooser class SearchResultChooser(idaapi.Choose2): - def __init__(self, title, items, flags=0, width=None, height=None, embedded=False, modal=False): - Choose2.__init__( - self, + def __init__(self, title, items, flags=0, width=None, height=None, embedded=False, modal=False): + super(SearchResultChooser, self).__init__( title, [["Address", idaapi.Choose2.CHCOL_HEX|40]], flags = flags, @@ -1170,7 +1172,7 @@ def OnSelectLine(self, n): def OnGetLine(self, n): res = self.items[n] - res = [atoa(res[0])] + res = [idc.atoa(res[0])] return res def OnGetSize(self): @@ -1187,7 +1189,7 @@ def __init__(self, kp_asm, address, assembly=None): self.setup(kp_asm, address, assembly) # create Search form - Form.__init__(self, + super(Keypatch_Search, self).__init__( r"""STARTITEM {id:c_assembly} BUTTON YES* Search KEYPATCH:: Search @@ -1202,25 +1204,25 @@ def __init__(self, kp_asm, address, assembly=None): <- Encode:{c_encoding}> <- Size :{c_encoding_len}> """, { - 'c_addr': Form.NumericInput(value=address, swidth=MAX_ADDRESS_LEN, tp=Form.FT_ADDR), - 'c_assembly': Form.StringInput(value=self.asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), - 'c_raw_assembly': Form.StringInput(value='', width=MAX_INSTRUCTION_STRLEN), - 'c_encoding': Form.StringInput(value='', width=MAX_ENCODING_LEN), - 'c_encoding_len': Form.NumericInput(value=0, swidth=8, tp=Form.FT_DEC), - 'c_arch': Form.DropdownListControl( + 'c_addr': self.NumericInput(value=address, swidth=MAX_ADDRESS_LEN, tp=self.FT_ADDR), + 'c_assembly': self.StringInput(value=self.asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN), + 'c_raw_assembly': self.StringInput(value='', width=MAX_INSTRUCTION_STRLEN), + 'c_encoding': self.StringInput(value='', width=MAX_ENCODING_LEN), + 'c_encoding_len': self.NumericInput(value=0, swidth=8, tp=self.FT_DEC), + 'c_arch': self.DropdownListControl( items = self.arch_keys, readonly = True, selval = self.arch_id, width = 32), - 'c_endian': Form.DropdownListControl( + 'c_endian': self.DropdownListControl( items = self.kp_asm.endian_lists.keys(), readonly = True, selval = self.endian_id), - 'c_syntax': Form.DropdownListControl( + 'c_syntax': self.DropdownListControl( items = self.syntax_keys, readonly = True, selval = self.syntax_id), - 'FormChangeCb': Form.FormChangeCb(self.OnFormChange), + 'FormChangeCb': self.FormChangeCb(self.OnFormChange), }) self.Compile() @@ -1232,13 +1234,13 @@ def OnFormChange(self, fid): address = 0 addresses = [] while address != idc.BADADDR: - address = idc.FindBinary(address, SEARCH_DOWN, self.GetControlValue(self.c_encoding)) + address = idc.FindBinary(address, idc.SEARCH_DOWN, self.GetControlValue(self.c_encoding)) if address == idc.BADADDR: break addresses.append([address]) address = address + 1 c = SearchResultChooser("Searching for [{0}]".format(self.GetControlValue(self.c_raw_assembly)), addresses) - r = c.show() + c.show() return 1 # only Search mode allows to select arch+mode @@ -1291,7 +1293,7 @@ def OnFormChange(self, fid): class About_Form(idaapi.Form): def __init__(self, version): # create About form - Form.__init__(self, + super(About_Form, self).__init__( r"""STARTITEM 0 BUTTON YES* Open Keypatch Website KEYPATCH:: About @@ -1303,7 +1305,7 @@ def __init__(self, version): Keypatch is released under the GPL v2. Find more info at http://www.keystone-engine.org/keypatch """ %(version, keystone.__version__), { - 'FormChangeCb': Form.FormChangeCb(self.OnFormChange), + 'FormChangeCb': self.FormChangeCb(self.OnFormChange), }) self.Compile() @@ -1322,7 +1324,7 @@ def OnFormChange(self, fid): class Update_Form(idaapi.Form): def __init__(self, version, message): # create Update form - Form.__init__(self, + super(Update_Form, self).__init__( r"""STARTITEM 0 BUTTON YES* Open Keypatch Website KEYPATCH:: Check for update @@ -1331,9 +1333,8 @@ def __init__(self, version, message): Your Keypatch is v%s %s """ %(version, message), { - 'FormChangeCb': Form.FormChangeCb(self.OnFormChange), + 'FormChangeCb': self.FormChangeCb(self.OnFormChange), }) - self.Compile() # callback to be executed when any form control changed @@ -1349,8 +1350,6 @@ def OnFormChange(self, fid): try: # adapted from pull request #7 by @quangnh89 class Kp_Menu_Context(idaapi.action_handler_t): - def __init__(self): - idaapi.action_handler_t.__init__(self) @classmethod def get_name(self): @@ -1487,7 +1486,6 @@ class Keypatch_Plugin_t(idaapi.plugin_t): wanted_hotkey = "Ctrl-Alt-K" flags = idaapi.PLUGIN_KEEP - def load_configuration(self): # default self.opts = {} @@ -1663,12 +1661,6 @@ def patcher(self): p1 = idaapi.twinpos_t() view = idaapi.get_current_viewer() selection = idaapi.read_selection(view, p0, p1) - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() else: selection, addr_begin, addr_end = idaapi.read_selection() @@ -1736,15 +1728,14 @@ def fill_range(self): view = idaapi.get_current_viewer() selection = idaapi.read_selection(view, p0, p1) - place0 = p0.place(view) - place1 = p1.place(view) - if selection: place0 = p0.place(view) place1 = p1.place(view) addr_begin = place0.toea() addr_end = place1.toea() + else: + raise RuntimeError('Unable to read selection') else: selection, addr_begin, addr_end = idaapi.read_selection() From 7cb38a9f2f1c8d976b34a508f805c0e24c2fdbcd Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 19/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From 2eaf521ecf2ec5c510bdc9e858108c2f86f35806 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 20/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From 04019c01620b925e8b5bd71436802ccc91d92342 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 21/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From 66beeacd4a3163719d78c3a75b4fb1c338d248dc Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 22/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From 8cbd7bb6691f9d7a12c686700f705194428d428e Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 23/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From 5c6f1d7200461a1bd82cf39ec622107c2cc0e981 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 24/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From ced9873e5a38accf41bcaacc30c10869987b0a3e Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 25/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From d3ac29b10693269cbe9b4229d74030ba4953445f Mon Sep 17 00:00:00 2001 From: fjh658 Date: Mon, 4 Sep 2017 16:03:15 +0800 Subject: [PATCH 26/39] 1. fixed ida pro 7 beta6 x86 crash. idainfo object has no attribute 'procname' 2. refactor: removed "from idc_bc695" According to hexray log document, idc has been done on the adapter idc_bc695, do not need to expose idc_bc695. 3. refactor: removed the adapter idaapi.read_selection. idaapi.read_selection has been adapted internally --- keypatch.py | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/keypatch.py b/keypatch.py index ea5c4e1..8d90cee 100644 --- a/keypatch.py +++ b/keypatch.py @@ -22,10 +22,7 @@ from keystone import * import idc import idaapi -try: - from idc import GetOpType, GetOpnd, ItemEnd -except ImportError: - from idc_bc695 import GetOpType, GetOpnd, ItemEnd +from idc import GetOpType, GetOpnd, ItemEnd # bleeding-edge version # on a new release, this should be sync with VERSION_STABLE file @@ -165,12 +162,12 @@ def get_hardware_mode(): # heuristically detect hardware setup info = idaapi.get_inf_structure() - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 case change + + try: cpuname = info.procname.lower() - else: + except: cpuname = info.procName.lower() - + try: # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be() is_be = idaapi.cvar.inf.is_be() @@ -1655,15 +1652,7 @@ def patcher(self): idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + selection, addr_begin, addr_end = idaapi.read_selection() if selection: # call Fill Range function on this selected code return self.fill_range() @@ -1720,25 +1709,8 @@ def fill_range(self): if self.kp_asm.arch is None: idc.Warning("ERROR: Keypatch cannot handle this architecture (unsupported by Keystone), quit!") return - - if idaapi.IDA_SDK_VERSION >= 700: - # IDA >= 7.0 read selection change - p0 = idaapi.twinpos_t() - p1 = idaapi.twinpos_t() - view = idaapi.get_current_viewer() - selection = idaapi.read_selection(view, p0, p1) - - if selection: - place0 = p0.place(view) - place1 = p1.place(view) - - addr_begin = place0.toea() - addr_end = place1.toea() - else: - raise RuntimeError('Unable to read selection') - else: - selection, addr_begin, addr_end = idaapi.read_selection() - + + selection, addr_begin, addr_end = idaapi.read_selection() if not selection: idc.Warning("ERROR: Keypatch requires a range to be selected for fill in, try again") return From 85e8e3853a778d9f7e6308ab7912e15569c4bfa6 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:15:21 +0800 Subject: [PATCH 27/39] Merge branch 'master' of https://github.com/fjh658/keypatch From 7742a463bfa5d8dc498c6ca3d2cf3bf40a596328 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:15:21 +0800 Subject: [PATCH 28/39] Merge branch 'master' of https://github.com/fjh658/keypatch From e79cc2a290dc823e3220a343ea016c633793cb0a Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:15:21 +0800 Subject: [PATCH 29/39] Merge branch 'master' of https://github.com/fjh658/keypatch From 75c0dd1d8306b0d7077fafb2a32fe7e0e723a697 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:15:21 +0800 Subject: [PATCH 30/39] Merge branch 'master' of https://github.com/fjh658/keypatch From d755b1131a11fd715d7b8d3379d4798656519f1e Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:15:21 +0800 Subject: [PATCH 31/39] Merge branch 'master' of https://github.com/fjh658/keypatch From ae6bec38c03b995aa137261efdf9f16e8da59c32 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:15:21 +0800 Subject: [PATCH 32/39] Merge branch 'master' of https://github.com/fjh658/keypatch From 7f955ebf411c83ad7f864653f707359766ed6c9e Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:27:14 +0800 Subject: [PATCH 33/39] Merge branch 'master' of https://github.com/fjh658/keypatch From f5a8b7c1a7105e3695279556c3539908cb1762fd Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:27:14 +0800 Subject: [PATCH 34/39] Merge branch 'master' of https://github.com/fjh658/keypatch From 52e384eb4891e30a1a10baeb71c09f601ea1ba25 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Wed, 6 Sep 2017 13:27:14 +0800 Subject: [PATCH 35/39] Merge branch 'master' of https://github.com/fjh658/keypatch From bb5d3fc65c80bf149877787ca352fdebe1be2331 Mon Sep 17 00:00:00 2001 From: "jianhua.fengjh" Date: Wed, 6 Sep 2017 13:36:53 +0800 Subject: [PATCH 36/39] Merge branch 'master' of https://github.com/fjh658/keypatch From 8c2a8990c643ef345db9d8d0fc026f8d7839fdb5 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Tue, 3 Oct 2017 23:52:18 +0800 Subject: [PATCH 37/39] Update the installation documentation for the macOS ida --- README.md | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 150 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7d005ad..d15b63a 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,6 @@ See [this quick tutorial](TUTORIAL.md) for how to use Keypatch, and [this slides Keypatch is confirmed to work on IDA Pro version 6.4, 6.5, 6.6, 6.8, 6.9, 6.95, 7.0 but should work flawlessly on older versions. If you find any issues, please [report](http://keystone-engine.org/contact). - -------------------- ### 1. Why Keypatch? @@ -34,7 +33,6 @@ Keypatch was developed to solve this problem. Thanks to the power of [Keystone]( Keypatch can be the missing piece in your toolset of reverse engineering. - -------------- ### 2. Install @@ -103,7 +101,6 @@ Email keystone.engine@gmail.com for any questions. For future update of Keypatch, follow our Twitter [@keystone_engine](https://twitter.com/keystone_engine) for announcement. - ---- ### Appendix. Install Keystone for IDA Pro @@ -117,19 +114,166 @@ It is easiest to just download & install Python 2.7 module for Windows from [htt If you prefer to compile from source, just use MSVC 32-bit & follow the instructions in [Windows documentation](https://github.com/keystone-engine/keystone/blob/master/docs/COMPILE-WINDOWS.md) to build `keystone.dll`. After that, install Python module as in [Python documentation](https://github.com/keystone-engine/keystone/blob/master/bindings/python/README.md). Then copy `keystone.dll` to the directory of Keystone Python module. #### A2. MacOS +Compiling dynamic library depends on cmake and compiler(llvm clang, gcc). -Install the core & Python module of Keystone with the following command: +Quick start steps: -``` +- install brew + + ```shell + /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" + ``` + +- install cmake + + ```shell + brew install cmake + ``` + +- install keystone-engine + + ```shell + sudo pip install keystone-engine + ``` + + - Check Method ( Whether the installation is successful? ): + + - You enter this in the console of ida + + Normal result: + + ```python + Python>print keystone + + + Python>print keystone.arm_const + + ``` + - enter this in the python standard console + + Normal result: + + ```python + Python 2.7.13 (default, Jul 18 2017, 09:17:00) + [GCC 4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.42)] on darwin + Type "help", "copyright", "credits" or "license" for more information. + >>> import keystone + >>> print keystone + + >>> print keystone.arm_const + + >>> + ``` + + +If there are cmake and compiler, then install only the core & Python module of Keystone with the following command: + +```shell $ sudo pip install keystone-engine ``` +FAQ: + +1. "ImportError: No module named keystone + In case IDA still complains "ImportError: No module named keystone" when Keypatch is loading, then do the following step to copy Keystone Python binding to IDA directory. (replace `6.8` with your actual IDA version) -``` +```shell $ sudo cp -r /Library/Python/2.7/site-packages/keystone /Applications/IDA\ Pro\ 6.8/idaq.app/Contents/MacOS/python ``` +In addition, executable file rename "idaq" to "ida" in ida pro 7, so it is "ida.app/ida64.app". + +```shell +cp -r /Library/Python/2.7/site-packages/keystone /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/python +``` + +2. "ImportError: ERROR: fail to load the dynamic library" + +![image](https://user-images.githubusercontent.com/5550316/30997551-3bde6be0-a48e-11e7-9813-3b196548f9a7.png) + + + - If the result "sudo pip install keystone-engine" of no error, but did not generate dynamic library, then try to manually do. + + - Download keystone-engine, and extract this + + ```shell + https://pypi.python.org/packages/9a/fc/ed0d3f46921bfaa612d9e8ce8313f99f4149ecf6635659510220c994cb72/keystone-engine-0.9.1-3.tar.gz + ``` + + - The site, Note please use latest version + + ``` + https://pypi.python.org/pypi/keystone-engine + ``` + + - Manual compile and install keystone-engine, see this log completely + + ```shell + cd keystone-engine-0.9.1-3 + sudo python setup.py install + ``` + + - cmake is only a build tool, and depends on your compiler + + - Normal log: + + ```shell + > sudo python setup.py install + + running install + running build + running build_py + creating build + creating build/lib + creating build/lib/keystone + copying keystone/__init__.py -> build/lib/keystone + ... + copying keystone/x86_const.py -> build/lib/keystone + running build_clib + running custom_build_clib + building 'keystone' library + -- The C compiler identification is AppleClang 9.0.0.9000037 + -- The CXX compiler identification is AppleClang 9.0.0.9000037 + + -- Check for working C compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cc + -- Check for working C compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cc -- works + + -- Constructing LLVMBuild project information + -- Targeting AArch64 + -- Targeting ARM + ... + -- Targeting X86 + -- Found PkgConfig: /usr/local/bin/pkg-config (found version "0.29.2") + -- Configuring done + CMake Warning (dev): + Policy CMP0068 is not set: RPATH settings on macOS do not affect + install_name. Run "cmake --help-policy CMP0068" for policy details. Use + the cmake_policy command to set the policy and suppress this warning. + + For compatibility with older versions of CMake, the install_name fields for + the following targets are still affected by RPATH settings: + + keystone + + This warning is for project developers. Use -Wno-dev to suppress it. + + -- Generating done + -- Build files have been written to: ~/Downloads/keystone-engine-0.9.1-3/src/build + Scanning dependencies of target keystone + [ 0%] Building CXX object llvm/keystone/CMakeFiles/keystone.dir/__/lib/MC/ConstantPools.cpp.o + ... + [100%] Built target keystone + running install_lib + running install_data + copying src/build/llvm/lib/libkeystone.dylib -> /usr/local/lib/python2.7/site-packages/keystone + running install_egg_info + Removing /usr/local/lib/python2.7/site-packages/keystone_engine-0.9.1_3-py2.7.egg-info + Writing /usr/local/lib/python2.7/site-packages/keystone_engine-0.9.1_3-py2.7.egg-info + ``` + + ​ + #### A3. Linux First of all, be sure that your machine already have Cmake installed. On Ubuntu, you can install Cmake with: From 1930b52a9413738582971a4465de048b0e8491b8 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Fri, 6 Oct 2017 01:00:23 +0800 Subject: [PATCH 38/39] Improve the accuracy of the documentation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d22910f..ae67658 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ For future update of Keypatch, follow our Twitter [@keystone_engine](https://twi ### Appendix. Install Keystone for IDA Pro -We all know that <= IDA 7.0 (eg: 6.8, 6.9, 6.95, 7.0_x86), IDA Pro's Python is 32-bit itself, so it can only loads 32-bit libraries. For this reason, we have to build & install Keystone 32-bit. However, IDA 7.0 is now a native 64-bit application, which means we also need to install a correct version of Keystone. This section details the steps towards that goal. +We all know that before IDA 7.0, IDA Pro's Python is 32-bit itself, so it can only loads 32-bit libraries. For this reason, we have to build & install Keystone 32-bit. However, since IDA 7.0 supports both 32-bit & 64-bit, which means we also need to install a correct version of Keystone. This section details the steps towards that goal. #### A1. Windows From 4321f9820db006c4d91ec5876f58a2b0de4d16a2 Mon Sep 17 00:00:00 2001 From: fjh658 Date: Mon, 22 Oct 2018 02:54:49 +0800 Subject: [PATCH 39/39] Fixed the form cannot be shown for ida pro 7.2 beta Version 7.2.181019. "form: error at %/" --- keypatch.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/keypatch.py b/keypatch.py index e355e23..18ed72d 100644 --- a/keypatch.py +++ b/keypatch.py @@ -1055,9 +1055,9 @@ def __init__(self, kp_asm, addr_begin, addr_end, assembly=None, opts=None): <~A~ssembly :{c_assembly}> - <- Fixup :{c_raw_assembly}> - <- Encode:{c_encoding}> - <- Size :{c_encoding_len}> + <##- Fixup :{c_raw_assembly}> + <##- Encode:{c_encoding}> + <##- Size :{c_encoding_len}> <~N~OPs padding until next instruction boundary:{c_opt_padding}> {c_opt_chk}> """, { @@ -1107,12 +1107,12 @@ def __init__(self, kp_asm, address, assembly=None, opts=None): <~S~yntax :{c_syntax}>
- <- Encode:{c_orig_encoding}> - <- Size :{c_orig_len}> + <##- Encode:{c_orig_encoding}> + <##- Size :{c_orig_len}> <~A~ssembly :{c_assembly}> - <- Fixup :{c_raw_assembly}> - <- Encode:{c_encoding}> - <- Size :{c_encoding_len}> + <##- Fixup :{c_raw_assembly}> + <##- Encode:{c_encoding}> + <##- Size :{c_encoding_len}> <~N~OPs padding until next instruction boundary:{c_opt_padding}> {c_opt_chk}> """, { @@ -1200,9 +1200,9 @@ def __init__(self, kp_asm, address, assembly=None): <~S~yntax :{c_syntax}> <~A~ssembly :{c_assembly}> - <- Fixup :{c_raw_assembly}> - <- Encode:{c_encoding}> - <- Size :{c_encoding_len}> + <##- Fixup :{c_raw_assembly}> + <##- Encode:{c_encoding}> + <##- Size :{c_encoding_len}> """, { 'c_addr': self.NumericInput(value=address, swidth=MAX_ADDRESS_LEN, tp=self.FT_ADDR), 'c_assembly': self.StringInput(value=self.asm[:MAX_INSTRUCTION_STRLEN], width=MAX_INSTRUCTION_STRLEN),