Initial commit

idapython · Oct 15, 2019 · dd3588b · dd3588b
1 parent a1b2075
commit dd3588b
Show file tree

Hide file tree

Showing 10 changed files with 2,461 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+makefile
diff --git a/README.md b/README.md
@@ -1,2 +1,10 @@
 # pyhexraysdeob
-A port of Rolf Rolles' https://github.com/RolfRolles/HexRaysDeob to Python
+
+This is a port of Rolf Rolles'
+[HexRaysDeob](https://github.com/RolfRolles/HexRaysDeob) to
+[IDAPython](https://github.com/idapython/src).
+
+This port matches the C++ source code as much as possible on
+purpose, and is by no means 'pythonic' Python code. Still, it is a
+great way to demonstrate how the 'microcode' API can be used from
+IDAPython.
diff --git a/pyhexraysdeob.py b/pyhexraysdeob.py
@@ -0,0 +1,76 @@
+
+import os
+
+import ida_idaapi
+import ida_loader
+import ida_kernwin
+import ida_hexrays
+
+my_dirname, _ = os.path.split(__file__)
+
+setattr(ida_hexrays, "MMAT_DEOB_MAP", getattr(ida_hexrays, "MMAT_LOCOPT"))
+
+class pyhexraysdeob_t(ida_idaapi.plugin_t):
+    flags = 0
+    comment = "Show microcode"
+    help = ""
+    wanted_name = "Python Microcode explorer (pyhexraysdeob)"
+    wanted_hotkey = ""
+
+    def __init__(self):
+        self.black_list = []
+        self.white_list = []
+        self.activated = False
+
+    def toggle_activated(self):
+        if not self.activated:
+            # Install our block and instruction optimization classes.
+            import pattern_deobfuscate
+            self.oco = pattern_deobfuscate.obf_compiler_optimizer_t()
+            self.oco.install()
+            import unflattener
+            self.cfu = unflattener.cf_unflattener_t(self)
+            self.cfu.install()
+        else:
+            # Uninstall our block and instruction optimization classes.
+            self.oco.remove()
+            self.oco = None
+            self.cfu.remove()
+            self.cfu = None
+        self.activated = not self.activated
+        print("%s is now %sactivated" % (self.wanted_name, "" if self.activated else "de-"))
+
+    def init(self):
+        if not ida_hexrays.init_hexrays_plugin():
+            print("pyhexraysdeob: no decompiler, skipping")
+            return ida_idaapi.PLUGIN_SKIP
+        print("Hex-rays version %s has been detected, %s ready to use" % (
+            ida_hexrays.get_hexrays_version(),
+            self.wanted_name))
+
+        import sys
+        modules_path = os.path.join(my_dirname, "pyhexraysdeob_modules")
+        if not modules_path in sys.path:
+            sys.path.append(modules_path)
+
+        return ida_idaapi.PLUGIN_OK
+
+    def run(self, arg):
+        if arg == 0:
+            self.toggle_activated()
+        elif arg == 0xbeef:
+            self.flags |= ida_loader.PLUGIN_UNL
+        elif arg == 2:
+            fix_calls_to_alloca_probe() # unimp
+        elif arg == 3:
+            show_microcode_explorer() # unimp
+        return True
+
+    def term(self):
+        if self.activated:
+            self.toggle_activated()
+
+def PLUGIN_ENTRY():
+    return pyhexraysdeob_t()
+
+