Tamir Bahar tmr232
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| from pathlib import Path | |
| import typer | |
| import maya | |
| import psutil | |
| from loguru import logger | |
| app = typer.Typer() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <functional> | |
| #include <cstdio> | |
| template <class T> | |
| class Property { | |
| public: | |
| using Setter = std::function<void(T)>; | |
| using Getter = std::function<T()>; | |
| Property(Setter setter, Getter getter) :_setter{setter}, _getter{getter} |
tmr232
/ delete_multychunk.py
Created
December 2, 2016 11:17
Delete functions with multiple chunks in IDA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idautils | |
| def iter_all_funcs(): | |
| for func_ea in idautils.Functions(idaapi.cvar.inf.minEA, idaapi.cvar.inf.maxEA): | |
| yield idaapi.get_func(func_ea) | |
| def iter_multichunk_funcs(): | |
| for func_t in iter_all_funcs(): | |
| if func_t.tailqty > 0: |
tmr232
/ thunk-rename.py
Created
March 28, 2016 14:24
Sometimes (ARM SOs) IDA does not name THUNKs on its own, and it needs our help.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def rename_thunks(prefix='jmp_'): | |
| for f in sark.functions(): | |
| if f.name: | |
| continue | |
| jmp = None | |
| for xref in f.xrefs_from: | |
| if xref.type.is_jump: | |
| if jmp: | |
| break |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sark | |
| for line in sark.lines(): | |
| if not line.is_code: | |
| continue | |
| for operand in line.insn.operands: | |
| if operand.type.is_mem: | |
| print line |
tmr232
/ rename_by_strings.py
Last active
February 17, 2016 16:39
Rename functions based on referenced strings. Useful for debug prints.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sark | |
| import idautils | |
| # Rename all functions with a `.*::.*` print in them. | |
| for si in idautils.Strings(): | |
| if '::' in str(si): | |
| for xref in sark.Line(si.ea).xrefs_to: | |
| sark.Function(xref.frm).set_name(str(si), anyway=True) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import idaapi | |
| import idautils | |
| import clipboard | |
| def copy_windbg_bp(): | |
| bp = 'bu @!"{}"+0x{:X}'.format( | |
| os.path.splitext(idaapi.get_root_filename())[0], | |
| idaapi.get_screen_ea() - idautils.peutils_t().imagebase | |
| ) |
tmr232
/ simple_names.py
Created
February 7, 2016 11:58
Simplify names in IDA for long template-infested C++ symbols
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import idaapi | |
| import sark | |
| import abc | |
| class IDATracker(idaapi.UI_Hooks): | |
| __metaclass__ = abc.ABCMeta | |
| def __init__(self): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import uuid | |
| def read_guid(ea=None): | |
| if ea is None: | |
| ea = idaapi.get_screen_ea() | |
| # Pay attention to the endian! | |
| return '{{{}}}'.format(uuid.UUID(bytes_le=idaapi.get_many_bytes(ea, 16))) | |
| Octotree is enabled on this page. Click this button or press cmd shift s (or ctrl shift s) to show it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // `using` directives | |
| using System.Runtime.CompilerServices; | |
| // Actual code | |
| public static string GetLocation( | |
| [CallerFilePath] string filePath = null, | |
| [CallerLineNumber] int lineNumber = 0, |