首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[分享][分享]ida9.0 keypatch 插件报错修复
发表于: 2024-8-11 13:40 4592

[分享][分享]ida9.0 keypatch 插件报错修复

奋斗小菜鸟 活跃值
2024-8-11 13:40
4592

ida9.0 python api 删除了

打开ida后报错

原始代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
@staticmethod
def get_hardware_mode():
    (arch, mode) = (None, None)
 
    # heuristically detect hardware setup
    info = idaapi.get_inf_structure()
    try:
        cpuname = info.procname.lower()
    except:
        cpuname = info.procName.lower()
 
    try:
        # since IDA7 beta 3 (170724) renamed inf.mf -> is_be()/set_be()
        is_be = idaapi.cvar.inf.is_be()
    except:
        # older IDA versions
        is_be = idaapi.cvar.inf.mf
    # print("Keypatch BIG_ENDIAN = %s" %is_be)
 
    if cpuname == "metapc":
        arch = KS_ARCH_X86
        if info.is_64bit():
            mode = KS_MODE_64
        elif info.is_32bit():
            mode = KS_MODE_32
        else:
            mode = KS_MODE_16
    elif cpuname.startswith("arm"):
        # ARM or ARM64
        if info.is_64bit():
            arch = KS_ARCH_ARM64
            if is_be:
                mode = KS_MODE_BIG_ENDIAN
            else:
                mode = KS_MODE_LITTLE_ENDIAN
        else:
            arch = KS_ARCH_ARM
            # either big-endian or little-endian
            if is_be:
                mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN
            else:
                mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN
    elif cpuname.startswith("sparc"):
        arch = KS_ARCH_SPARC
        if info.is_64bit():
            mode = KS_MODE_SPARC64
        else:
            mode = KS_MODE_SPARC32
        if is_be:
            mode |= KS_MODE_BIG_ENDIAN
        else:
            mode |= KS_MODE_LITTLE_ENDIAN
    elif cpuname.startswith("ppc"):
        arch = KS_ARCH_PPC
        if info.is_64bit():
            mode = KS_MODE_PPC64
        else:
            mode = KS_MODE_PPC32
        if cpuname == "ppc":
            # do not support Little Endian mode for PPC
            mode += KS_MODE_BIG_ENDIAN
    elif cpuname.startswith("mips"):
        arch = KS_ARCH_MIPS
        if info.is_64bit():
            mode = KS_MODE_MIPS64
        else:
            mode = KS_MODE_MIPS32
        if is_be:
            mode |= KS_MODE_BIG_ENDIAN
        else:
            mode |= KS_MODE_LITTLE_ENDIAN
    elif cpuname.startswith("systemz") or cpuname.startswith("s390x"):
        arch = KS_ARCH_SYSTEMZ
        mode = KS_MODE_BIG_ENDIAN
 
    return (arch, mode)

修复后

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
@staticmethod
def get_hardware_mode():
    (arch, mode) = (None, None)
 
    cpuname = ida_ida.inf_get_procname().lower()
    is_be = ida_ida.inf_is_be()
    if cpuname == "metapc":
        arch = KS_ARCH_X86
        if ida_ida.inf_is_64bit():
            mode = KS_MODE_64
        elif ida_ida.inf_is_16bit():
            mode = KS_MODE_16
        else:
            mode = KS_MODE_32
    elif cpuname.startswith("arm"):
        # ARM or ARM64
        if ida_ida.inf_is_64bit():
            arch = KS_ARCH_ARM64
            if is_be:
                mode = KS_MODE_BIG_ENDIAN
            else:
                mode = KS_MODE_LITTLE_ENDIAN
        else:
            arch = KS_ARCH_ARM
            # either big-endian or little-endian
            if is_be:
                mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN
            else:
                mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN
    elif cpuname.startswith("sparc"):
        arch = KS_ARCH_SPARC
        if ida_ida.inf_is_64bit():
            mode = KS_MODE_SPARC64
        else:
            mode = KS_MODE_SPARC32
        if is_be:
            mode |= KS_MODE_BIG_ENDIAN
        else:
            mode |= KS_MODE_LITTLE_ENDIAN
    elif cpuname.startswith("ppc"):
        arch = KS_ARCH_PPC
        if ida_ida.inf_is_64bit():
            mode = KS_MODE_PPC64
        else:
            mode = KS_MODE_PPC32
        if cpuname == "ppc":
            # do not support Little Endian mode for PPC
            mode += KS_MODE_BIG_ENDIAN
    elif cpuname.startswith("mips"):
        arch = KS_ARCH_MIPS
        if ida_ida.inf_is_64bit():
            mode = KS_MODE_MIPS64
        else:
            mode = KS_MODE_MIPS32
        if is_be:
            mode |= KS_MODE_BIG_ENDIAN
        else:
            mode |= KS_MODE_LITTLE_ENDIAN
    elif cpuname.startswith("systemz") or cpuname.startswith("s390x"):
        arch = KS_ARCH_SYSTEMZ
        mode = KS_MODE_BIG_ENDIAN
 
    return (arch, mode)

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

最后于 2024-8-11 13:49 被奋斗小菜鸟编辑 ,原因:
收藏
免费 2
支持
分享
最新回复 (3)
mb_fefksfsl
雪    币: 1516
活跃值: (913)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
2
https://github.com/keystone-engine/keypatch/blob/e87f0f90e149aa0d16851c9d919dba214f239e7c/keypatch.py
2024-8-11 19:05
0
zer0daysec
雪    币: 741
活跃值: (1864)
能力值: ( LV3,RANK:35 )
在线值:
发帖
回帖
粉丝
私信
3

ida_ida not defined, should replace with idaapi

@classmethod
def update(self, ctx):
    try:
        if ctx.form_type == idaapi.BWN_DISASM:
            return idaapi.AST_ENABLE_FOR_FORM
    else:
        return idaapi.AST_DISABLE_FOR_FORM
except Exception as e:
    # Add exception for main menu on >= IDA 7.0
    return idaapi.AST_ENABLE_ALWAYS
@classmethod
def update(self, ctx):
    try:
        if ctx.widget_type == idaapi.BWN_DISASM:
            return idaapi.AST_ENABLE_FOR_FORM
    else:
        return idaapi.AST_DISABLE_FOR_FORM
except Exception as e:
    # Add exception for main menu on >= IDA 7.0
    return idaapi.AST_ENABLE_ALWAYS

ctx.form_type -> ctx.widget_type

2024-8-12 18:59
0
UnicornMaker
雪    币: 315
活跃值: (568)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4

修改好的。

上传的附件:
2024-8-12 21:21
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//