CommentView Plugin for IDAPro7.0

自从ida升级7.0 之后,hexrays做了很多的改动,以前的插件基本都废掉了。于是想要找个插件就变得很困难,最近分析一个文件需要获取所有的注释,但是那个针对低版本开发的commentview已经无力回天了。虽然晚上有开源的代码,但是实际修改起来比较蛋疼,不知道是不是ida的问题,编译的插件获取的地址基本都是错误的。还是按照以前的使用区段枚举,和inf信息获取的方法获取到的地址都错了,着tm就很尴尬了,测试代码如下:

for (int i = 0; i < get_segm_qty(); i++) {
        segment_t *seg = getnseg(i);
        qstring segname;
        get_segm_name( &segname,seg, 1024);
        msg("segname: %s, start_ea= %08x, end_ea= %08x , size=%08x \n", segname.c_str(), seg->start_ea, seg->end_ea, seg->size());
    }
msg("Database Info: start_ea= %08x, min_ea= %08x, max_ea= %08x, omin_ea= %08x, omax_ea= %08x \n", inf.start_ea, inf.min_ea, inf.max_ea, inf.omin_ea, inf.omax_ea);
    msg("lowoff= %08x, highoff= %08x, main= %08x \n", inf.lowoff, inf.highoff, inf.main);

实际获取到的数据如下,测试环境为OSX + IDA 7.0,如果谁看到了这篇文章还获取到了正确的地址麻烦通知我一声(感谢匿名用户的评论反馈:那个基址问题应该是IDA的BUG,在新的IDA 7.0.171130 (SP1)里已经修正了的,如果是正版的话就升级一下吧。)。

segname: .text, start_ea= 10001000, end_ea= 00000001 , size=effff001 
segname: .idata, start_ea= 10005000, end_ea= 00000006 , size=efffb006 
segname: .rdata, start_ea= 1000513c, end_ea= 00000003 , size=efffaec7 
segname: .data, start_ea= 10006000, end_ea= 00000005 , size=efffa005 
Database Info: start_ea= 10007000, min_ea= ff000000, max_ea= 00000000, omin_ea= 0006000f, omax_ea= 06400007 
lowoff= 00500046, highoff= 00000301, main= 10007000

获取到的end_ea都是错的。

于是只好改变思路,使用idapython来做,由于以前没怎么用python写过插件,所以到处找代码折腾了这么个东西。好歹是满足了需求了,如果有更多的需求自己修改代码吧。如果做了修改麻烦提交下改动,谢谢。

代码如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
'''
 '----------------------------------------------------------------------------------------------------------'
 'IDA Comments Viewer for IDA pro 7.0'
 'Version:1.0 alpha'
 'plugin by obaby'
 'http://www.h4ck.org.cn http://findu.co'
 '----------------------------------------------------------------------------------------------------------'
'''
 
 
import idaapi
from ida_ida import *
import idautils
import idc
from idaapi import Choose2
import ida_kernwin
 
 
class chooser_handler_t(idaapi.action_handler_t):
    def __init__(self, thing):
        idaapi.action_handler_t.__init__(self)
        self.thing = thing
 
    def activate(self, ctx):
        #sel = []
        #for i in xrange(len(ctx.chooser_selection)):
        #    sel.append(str(ctx.chooser_selection.at(i)))
        #print "command %s selected @ %s" % (self.thing, ", ".join(sel))
        pass
 
    def update(self, ctx):
        return idaapi.AST_ENABLE_FOR_FORM if idaapi.is_chooser_tform(ctx.form_type) else idaapi.AST_DISABLE_FOR_FORM
 
 
class MyChoose2(Choose2):
 
    def __init__(self, title, nb = 5, flags=0, width=None, height=None, embedded=False, modal=False):
        Choose2.__init__(
            self,
            title,
            [ ["Address", 16], ["T", 2], ["Instruction/Data", 60], ["Comment", 100]],
            flags = flags,
            width = width,
            height = height,
            embedded = embedded)
        self.n = 0
        self.items = self.get_all_comments() #[ self.make_item() for x in xrange(0, nb+1) ]
        self.icon = 5
        self.selcount = 0
        self.modal = modal
        self.popup_names = [] #["Inzert", "Del leet", "Ehdeet", "Ree frech"]
 
        #print("created %s" % str(self))
 
    def OnClose(self):
        print "closed", str(self)
 
    def OnEditLine(self, n):
        self.items[n][1] = self.items[n][1] + "*"
        #print("editing %d" % n)
 
    def OnInsertLine(self):
        self.items.append(self.make_item())
        #print("insert line")
 
    def OnSelectLine(self, n):
        self.selcount += 1
 
        ea = int(self.items[n][0], 16)
        idc.jumpto(ea)
        #Warning("[%02d] selectline '%s'" % (self.selcount, n))
 
    def OnGetLine(self, n):
        #print("getline %d" % n)
        return self.items[n]
 
    def OnGetSize(self):
        n = len(self.items)
        #print("getsize -> %d" % n)
        return n
 
    def OnDeleteLine(self, n):
        #print("del %d " % n)
        del self.items[n]
        return n
 
    def OnRefresh(self, n):
        #print("refresh %d" % n)
        return n
 
    def OnGetIcon(self, n):
        r = self.items[n]
        t = self.icon + r[1].count("*")
        #print "geticon", n, t
        return t
 
    def show(self):
        return self.Show(self.modal) >= 0
 
    def make_item(self):
        r = [str(self.n), "func_%04d" % self.n]
        self.n += 1
        return r
 
    def check_isin_filter(self, cmt):
        cmt_str = str(cmt)
        if cmt_str.startswith('void') or cmt_str.startswith('char') \
                or cmt_str.startswith('int') or cmt_str.startswith('switch') \
                or cmt_str.startswith('jump') or cmt_str.startswith('size_t') \
                or cmt_str.startswith('dw') or cmt_str.startswith('nSize') \
                or cmt_str.startswith('hFile') or cmt_str.startswith('lp'):
            return True
        else:
            return False
 
    def get_all_comments(self):
        cmts = []
        for seg in idautils.Segments():
            print 'Anylising:', idc.SegName(seg), hex(idc.SegStart(seg)), hex(idc.SegEnd(seg)) + '\n'
            ea = idc.SegStart(seg)
            start = idc.SegStart(seg)
            end = idc.SegEnd(seg)
            while ea < end:
 
                if ea != idc.BADADDR:
                    cmt = idc.GetCommentEx(ea, True)
                    if cmt:
                        if self.check_isin_filter(cmt):
                            print " Address: ",format(ea, '#16X'),'In fliter,IGN:', cmt
                        else:
                            current_cmt = [format(ea, '#16X'), 'R', idc.GetDisasm(ea), cmt]
                            cmts.append(current_cmt)
                            self.n += 1
                            print " Address: ", format(ea, '#16X'), 'R', 'Comment:', cmt
 
                    cmt2 = idc.GetCommentEx(ea, False)
                    if cmt2:
                        if self.check_isin_filter(cmt2):
                            print " Address: ",format(ea, '#16X'),'In fliter,IGN:', cmt2
                        else:
                            current_cmt = [format(ea, '#16X'), 'N', idc.GetDisasm(ea), cmt2]
                            cmts.append(current_cmt)
                            self.n += 1
                            print " Address: ",format(ea, '#16X'), 'N', 'Comment:', cmt2
                ea = idc.next_head(ea, end)
        return cmts
 
 
    def OnGetLineAttr(self, n):
        pass
        #print("getlineattr %d" % n)
        #if n == 1:
        #    return [0xFF0000, 0]
 
 
 # -----------------------------------------------------------------------
def test_choose2(modal=False):
    global c
    c = MyChoose2("Comments List", nb=10, modal=modal)
    r = c.show()
    #c.get_all_comments() # get all comments
    form = idaapi.get_current_tform()
    for thing in ["A", "B"]:
        idaapi.attach_action_to_popup(form, None, "choose2:act%s" % thing)
 
 
# -----------------------------------------------------------------------
def test_choose2_embedded():
    global c
    c = MyChoose2("Comments List", nb=12, embedded=True, width=123, height=222)
    r = c.Embedded()
    if r == 1:
        try:
            if test_embedded:
                o, sel = _idaapi.choose2_get_embedded(c)
                print("o=%s, type(o)=%s" % (str(o), type(o)))
                test_embedded(o)
        finally:
            c.Close()
 
 
class show_cmts_plugin_t(idaapi.plugin_t):
    flags = idaapi.PLUGIN_UNL
    comment = "IDA Comments Viewer: generate all comments of the idb"
    help = "Bugs and report: http://www.h4ck.org.cn"
    wanted_name = "Comments Viewer by obaby"
    wanted_hotkey = "Ctr-Alt-F8"
 
    def init(self):
        print '----------------------------------------------------------------------------------------------------------'
        print 'IDA Comments Viewer for IDA pro 7.0'
        print 'Version:1.0 alpha'
        print 'plugin by obaby'
        print 'http://www.h4ck.org.cn http://findu.co'
        print '----------------------------------------------------------------------------------------------------------'
        return idaapi.PLUGIN_OK
 
    def run(self, arg):
        print "Start to analyzing all comments in idb..."
        ida_kernwin.show_wait_box('Analyzing comments in progress, this will take a while.')
        test_choose2(False)
        ida_kernwin.hide_wait_box('Analyzing comments in progress, this will take a while.')
        print "Finished,have a good time"
 
 
 
    def term(self):
        ida_kernwin.hide_wait_box('Analyzing comments in progress, this will take a while.')
 
 
 
 
 
def PLUGIN_ENTRY():
    return show_cmts_plugin_t()

Github:https://github.com/obaby/CommentView-4-IDAPRO-7.0

原创文章,转载请注明: 转载自 obaby@mars

本文标题: 《CommentView Plugin for IDAPro7.0》

本文链接地址: http://h4ck.org.cn/2018/01/commentview-plugin-for-idapro7-0/

You may also like

6条评论

  1. 那个基址问题应该是IDA的BUG,在新的IDA 7.0.171130 (SP1)里已经修正了的,如果是正版的话就升级一下吧。

  2. 你好,请问
    错误sad‘invalid syntax’, (”, 98, 42, ‘ return self.Show(self.modal) >= 0\n’))
    是怎么回事?

发表评论

电子邮件地址不会被公开。 必填项已用*标注