-
Notifications
You must be signed in to change notification settings - Fork 64
/
finger_plugin.py
153 lines (121 loc) · 5.4 KB
/
finger_plugin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
import idc
import idaapi
import idautils
import traceback
from finger_sdk import client, ida_func
class FingerManager:
def __init__(self):
self.url = "https://sec-lab.aliyun.com/finger/recognize/"
self.headers = {'content-type': 'application/json'}
self.timeout = 5
self.client = None
def recognize_function(self, start_ea):
func_symbol = None
try:
self.client = client.Client(self.url, self.headers, self.timeout)
func_feat = ida_func.get_func_feature(start_ea)
if func_feat:
func_id, res = self.client.recognize_function(func_feat)
if res and res[func_id]:
func_symbol = res[func_id]
except Exception as e:
print(traceback.format_exc())
if func_symbol:
func_symbol = str(func_symbol) # python2 unicode to str
return func_symbol
def recognize_selected_function(self, funcs):
for pfn in funcs:
func_name = idc.get_func_name(pfn.start_ea)
func_symbol = self.recognize_function(pfn.start_ea)
if func_symbol:
idc.set_color(pfn.start_ea, idc.CIC_FUNC, 0x98FF98)
idaapi.set_name(pfn.start_ea, func_symbol, idaapi.SN_FORCE)
idaapi.update_func(pfn)
print("[+]Recognize %s: %s" %(func_name, func_symbol))
else:
print("[-]%s recognize failed" %(func_name))
def recognize_function_callback(self, menupath):
ea = idaapi.get_screen_ea()
pfn = idaapi.get_func(ea)
if pfn:
func_name = idc.get_func_name(pfn.start_ea)
func_symbol = self.recognize_function(pfn.start_ea)
if func_symbol:
idc.set_color(pfn.start_ea, idc.CIC_FUNC, 0x98FF98)
idaapi.set_name(pfn.start_ea, func_symbol, idaapi.SN_FORCE)
idaapi.update_func(pfn)
print("[+]Recognize %s: %s" %(func_name, func_symbol))
else:
print("[-]%s recognize failed" %(func_name))
else:
print("[-]0x%x is not a function" %ea)
def recognize_functions_callback(self, menupath):
funcs = []
for ea in idautils.Functions():
funcs.append(idaapi.get_func(ea))
self.recognize_selected_function(funcs)
class FingerUIManager:
class UIHooks(idaapi.UI_Hooks):
def finish_populating_widget_popup(self, widget, popup):
if idaapi.get_widget_type(widget) == idaapi.BWN_FUNCS:
idaapi.attach_action_to_popup(widget, popup, "Finger:RecognizeSelected", "Finger/")
if idaapi.get_widget_type(widget) == idaapi.BWN_DISASM:
idaapi.attach_action_to_popup(widget, popup, "Finger:RecognizeFunction", "Finger/")
class ActionHandler(idaapi.action_handler_t):
def __init__(self, name, label, shortcut=None, tooltip=None, icon=-1, flags=0):
idaapi.action_handler_t.__init__(self)
self.name = name
self.action_desc = idaapi.action_desc_t(name, label, self, shortcut, tooltip, icon, flags)
def register_action(self, callback, menupath=None):
self.callback = callback
if not idaapi.register_action(self.action_desc):
return False
if menupath and not idaapi.attach_action_to_menu(menupath, self.name, idaapi.SETMENU_APP):
return False
return True
def activate(self, ctx):
self.callback(ctx)
def update(self, ctx):
return idaapi.AST_ENABLE_ALWAYS
def __init__(self, name):
self.name = name
self.mgr = FingerManager()
self.hooks = FingerUIManager.UIHooks()
def register_actions(self):
menupath = self.name
idaapi.create_menu(menupath, self.name, "Help")
action = FingerUIManager.ActionHandler("Finger:RecognizeFunctions", "Recognize all functions", "")
action.register_action(self.mgr.recognize_functions_callback, menupath)
action = FingerUIManager.ActionHandler("Finger:RecognizeFunction", "Recognize function", "")
action.register_action(self.mgr.recognize_function_callback, menupath)
recognize_action = FingerUIManager.ActionHandler("Finger:RecognizeSelected", "Recognize function")
if recognize_action.register_action(self.selected_function_callback):
self.hooks.hook()
return True
return False
def selected_function_callback(self, ctx):
funcs = map(idaapi.getn_func, ctx.chooser_selection)
if ctx.action == "Finger:RecognizeSelected":
self.mgr.recognize_selected_function(funcs)
def check_ida_version():
if idaapi.IDA_SDK_VERSION < 700:
print("[-]Finger support 7.x IDA, please update your IDA version.")
return False
return True
class FingerPlugin(idaapi.plugin_t):
wanted_name = "Finger"
comment, help, wanted_hotkey = "", "", ""
flags = idaapi.PLUGIN_FIX | idaapi.PLUGIN_HIDE | idaapi.PLUGIN_MOD
def init(self):
if check_ida_version():
idaapi.msg("[+]Finger plugin starts\n")
manager = FingerUIManager(FingerPlugin.wanted_name)
if manager.register_actions():
return idaapi.PLUGIN_OK
return idaapi.PLUGIN_SKIP
def run(self, ctx):
return
def term(self):
return
def PLUGIN_ENTRY():
return FingerPlugin()