-
-
Save camprevail/f900ac84a769c77836d8469cc8a7f012 to your computer and use it in GitHub Desktop.
x64 fork of a script to apply string types in ida. Press W at the base of a string, or select a range of strings. Only tested in ida 7.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Press W, creates string there, creates align/word, renames to a non-conflicting name | |
| import idaapi, idc, inspect | |
| from io import BytesIO | |
| def get_selected_bytes(): | |
| #BOOL multiple, start, end | |
| selected = idaapi.read_selection() | |
| curr_ea = idc.get_screen_ea() | |
| return [selected, curr_ea] | |
| def getstr(f): | |
| ret = b"";char = f.read(1) | |
| while char != b"\x00": | |
| ret += char | |
| char = f.read(1) | |
| ret += char | |
| return ret | |
| def do_clean(): | |
| selected, curr_ea = get_selected_bytes() | |
| if selected[0] == True: #selected range | |
| curr_ea = selected[1] | |
| while curr_ea < selected[2]: | |
| if curr_ea % 8: #align | |
| curr_ea += (8 - (curr_ea % 8)) | |
| #if a string is bigger than 512 bytes we're in trouble | |
| f = BytesIO(idc.get_bytes(curr_ea, 512)) | |
| string = getstr(f) | |
| idc.create_strlit(curr_ea, curr_ea + len(string)) | |
| #set_name(curr_ea, "str_%08X" % curr_ea) | |
| curr_ea += len(string) | |
| if curr_ea % 8: | |
| create_align(curr_ea, (8 - (curr_ea % 8)), 3) | |
| curr_ea += (8 - (curr_ea % 8)) | |
| else: | |
| continue | |
| #print(curr_ea, string) | |
| #create_qword(curr_ea) | |
| #curr_ea += 8 | |
| else: #just do it once | |
| if curr_ea % 8: #align | |
| curr_ea += (8 - (curr_ea % 8)) | |
| #if a string is bigger than 512 bytes we're in trouble | |
| f = BytesIO(idc.get_bytes(curr_ea, 512)) | |
| string = getstr(f) | |
| idc.create_strlit(curr_ea, curr_ea + len(string)) | |
| #set_name(curr_ea, "str_%08X" % curr_ea) | |
| curr_ea += len(string) | |
| if curr_ea % 8: | |
| create_align(curr_ea, (8 - (curr_ea % 8)), 3) | |
| curr_ea += (8 - (curr_ea % 8)) | |
| #else: | |
| #create_qword(curr_ea) | |
| #curr_ea += 8 | |
| def load_hotkeys(): | |
| # https://gist.github.com/bNull/6003874 | |
| ENABLED_HOTKEYS = [("W", do_clean)] | |
| for func in ENABLED_HOTKEYS: | |
| func_name = inspect.getmembers(func[1])[-1][1] | |
| if idaapi.add_hotkey(func[0], func[1]): | |
| print "[+] Bound %s to %s" % (func_name, func[0]) | |
| else: | |
| print "[-] Error: Unable to bind %s to %s" % (func_name, func[0]) | |
| load_hotkeys() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment