编写IDApython的PY插件

IDA

插件框架

字段名 功能
flags 插件的状态
comment 描述信息
help 帮助信息
wanted_name 菜单中显示的名字
wanted_hotkey 希望注册的快捷键 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
class UnknowClass(idaapi.plugin_t):
    '''
        给插件接口,实例的类定义
    '''
    flags = idaapi.PLUGIN_KEEP  # 插件的状态, 当前状态保持在Plugin菜单中
    comment = "XXX"             # 描述信息

    help = ""                   # 帮助信息
    wanted_name = "XXX"         # 菜单中显示的名字
    #wanted_hotkey = "Ctrl+Alt+Shift+F12"   # 希望注册的快捷键
    wanted_hotkey = ""

    #_PREFIX_NAME = 'carveSelectedBytes'
    #_MIN_MAX_MATH_OPS_TO_ALLOW_RENAME = 11
    
    def __init__(self):
        '''
	        初始化工作
            构造基类,一般没什么实质操作, 
            记得给Super第一个参数更正为 当前类的名称
        '''
        super(UnknowClass, self).__init__()
        self._data = None

    def term(self):
        '''
            Destory函数, 同析构函数, 留待释放资源
        '''
        pass
        
    def init(self):
        '''
            进行初始化操作,可在此输出一些描述信息
        '''
        self.view = None
        # self._cfg = None
        # print("=" * 80)
        # print("carveSelectedBytes")
        # print(u"保存所选的 HexData 到文件")
        # print("=" * 80)
        

        return idaapi.PLUGIN_OK
        
    def run(self, arg):
        '''
            每次运行插件时, 执行的具体操作
            功能代码在此编写
        '''
        pass

def PLUGIN_ENTRY():
    '''
        插件入口,用于实例对象
        返回的就是插件的功能等
    '''
    return carveSelectedBytes()

增加菜单

1
2
3
4
5
#IDA7 定义 菜单的Handle, 其他版本直接传入函数均可
class Kp_MC_Patcher(Kp_Menu_Context):       //继承
        def activate(self, ctx):
            self.plugin.patcher()
            return 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
class Kp_Menu_Context(ida_kernwin.action_handler_t)
 |  Method resolution order:
 |      Kp_Menu_Context
 |      ida_kernwin.action_handler_t
 |      __builtin__.object
 |  
 |  Class methods defined here:
 |  
 |  activate(self, ctx) from __builtin__.type # 当菜单激活时 Handle处理函数
 |  
 |  get_label(self) from __builtin__.type
 |  
 |  get_name(self) from __builtin__.type    # 获取Handle对象
 |  
 |  register(self, plugin, label) from __builtin__.type # 注册菜单
 |  
 |  unregister(self) from __builtin__.type
 |      Unregister the action.
 |      After unregistering the class cannot be used.
 |  
 |  update(self, ctx) from __builtin__.type
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# 一般在插件主类的 Init 中 注册菜单
if idaapi.IDA_SDK_VERSION >= 700:
    # Add menu IDA >= 7.0
    # attach_action_to_menu(menupath, name, flags) -> bool
    # 参数1: 要增加在哪个菜单路径下
    # 参数2: 继承重写的类对象
    # 参数3: 显示出来 为 什么属性 (SETMENU_APP等枚举变量)
    idaapi.attach_action_to_menu("Edit/Keypatch/Patcher", Kp_MC_Patcher.get_name(), idaapi.SETMENU_APP)
else:
    # add Keypatch menu
    # IDA 7 以下
    menu = idaapi.add_menu_item("Edit/Keypatch/", "Patcher     (Ctrl-Alt-K)", "", 1, self.patcher, None)
    if menu is not None:
        #add_menu_item(menupath, name, hotkey, flags, pyfunc, args) -> PyObject *
        # 菜单路径, 显示名称, 热键, 排序, 处理的Handle, 传入参数
        idaapi.add_menu_item("Edit/Keypatch/", "About", "", 1, self.about, None)
    elif idaapi.IDA_SDK_VERSION < 680:
        # older IDAPython (such as in IDAPro 6.6) does add new submenu.
        # in this case, put Keypatch menu in menu Edit \ Patch program
        # not sure about v6.7, so to be safe we just check against v6.8
        # 68以下 暂不关心
        idaapi.add_menu_item("Edit/Patch program/", "-", "", 0, self.menu_null, None)

弹出菜单

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# 在插件Init函数中 注册弹出菜单
# register popup menu handlers
try:
    # register(self, plugin, label) method of __builtin__.type instance
    Kp_MC_Patcher.register(self, "Patcher    (Ctrl-Alt-K)")
except:
    pass

# setup popup menu
self.hooks = Hooks()
self.hooks.hook()

# hooks for popup menu
class Hooks(idaapi.UI_Hooks):   # 名为HOOK 
    def finish_populating_tform_popup(self, form, popup): #重写虚函数, popup 自传入
        # We'll add our action to all "IDA View-*"s.
        # If we wanted to add it only to "IDA View-A", we could
        # also discriminate on the widget's title:
        #
        #  if idaapi.get_tform_title(form) == "IDA View-A":
        #      ...
        #
        if idaapi.get_tform_type(form) == idaapi.BWN_DISASM:
            try:
                # attach_action_to_popup(widget, popup_handle, name, popuppath=None, flags=0) -> bool
                # 目标窗口, 弹出处理Handle, 名称, 弹出菜单的位置

                idaapi.attach_action_to_popup(form, popup, Kp_MC_Patcher.get_name(), 'Keypatch/')
            except:
                pass

IDA 界面库

IDA7 支持了PyQt5
而IDA6 却只支持PySide
则需兼容代码

1
2
3
4
5

if idaapi.IDA_SDK_VERSION >= 700:
    from PyQt5.Qt import QApplication
else:
    from PySide.QtGui import QApplication

本文标题:编写IDApython的PY插件

文章作者:Yzlong

发布时间:2017-11-24, 10:32:30

最后更新:2019-07-17, 02:05:26

原始链接:http://cryzlasm.github.io/2017/11/24/编写IDApython的PY插件/

许可协议: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。

文章目录
  1. 1. 插件框架
  2. 2. 增加菜单
  3. 3. 弹出菜单
  4. 4. IDA 界面库
|