Computer/Programming
IDAPro plugin 자동 실행
holycall
2008. 4. 22. 16:15
IDAPro의 분석 및 실행을 동시에 하고 싶을 때
을 해 주면 되고
myscript.idc에는
Wait()는 autoanalysis가 끝날 때까지 기다리게 한다.
RunPlugin으로 plugin을 실행해 준다.
IDA2SQL이 플러그인 이름.
argument로 1을 쓴 것은 plugin 쓸 때 0을 쓰면 수동으로 이름 정하고 싶어서이다.
그리고 python 스크립트를 써서 여러 개를 돌릴 수 있게 한다. 이것은 openrce에 topo@coresecurity.com가 올린 것을 수정한 것이다.
auto_ida2sql.py
이 python 스크립트는 위에서 만든 idc 스크립트를 통해 plugin을 실행해 준다.
예를 들면
로 실행을 시킬 때 input-exe 디렉토리 밑에 있는 모든 exe 파일을 읽어서 autoanalysis를 하고 IDA2SQL 플러그인을 실행시켜주는 것이다.
idag -A -Smyscript.idc input_file
을 해 주면 되고
myscript.idc에는
#include <idc.idc>
static main()
{
Message("Waiting for the end of the auto analysis...\n");
Wait();
Message("\n\n------ Running Plug-in --------\n");
RunPlugin("IDA2SQL",1);
Message("All done, exiting...\n");
Exit(0); // exit to OS, error code 0 - success
}
static main()
{
Message("Waiting for the end of the auto analysis...\n");
Wait();
Message("\n\n------ Running Plug-in --------\n");
RunPlugin("IDA2SQL",1);
Message("All done, exiting...\n");
Exit(0); // exit to OS, error code 0 - success
}
Wait()는 autoanalysis가 끝날 때까지 기다리게 한다.
RunPlugin으로 plugin을 실행해 준다.
IDA2SQL이 플러그인 이름.
argument로 1을 쓴 것은 plugin 쓸 때 0을 쓰면 수동으로 이름 정하고 싶어서이다.
그리고 python 스크립트를 써서 여러 개를 돌릴 수 있게 한다. 이것은 openrce에 topo@coresecurity.com가 올린 것을 수정한 것이다.
auto_ida2sql.py
from os import listdir, path, system
from sys import argv, exit
from threading import Thread, Lock
from shutil import copy
import Queue
IDA_PATH = 'c:\\program files\\ida\\idag.exe'
IDA_PARAMS = '-A -Smyscript.idc'
WORKER_THREADS = 2 # set this number to the number of processors
g_files_queue = Queue.Queue() # global queue of files to process
#
# Name: IDAExecutor
#
class IDAExecutor(Thread):
def __init__(self):
Thread.__init__(self)
def run(self):
file = ''
while 1:
try:
file = g_files_queue.get(False)
except Queue.Empty:
return
else:
cmd = 'cmd /c \"\"%s\" %s \"%s\"\"' % (IDA_PATH, IDA_PARAMS, file)
print cmd
system(cmd)
#
# Name: get_files_list
#
def getFilesList(params, verbose):
# Get file g_files_queue accross multiple directories
for currpath in params:
if verbose: print '[=] Searching files in directory: %s' % currpath
# Normalize path
currpath = path.abspath(currpath) + '\\'
upperdir = path.abspath(currpath + '..\\')
currdir = path.basename(currpath[:-1])
# Get file g_files_queue and prepend it's path before saving them
# templist = listdir(currpath)
templist = filter(lambda x:x.endswith('.exe'), listdir(currpath))
for file in templist:
if not path.isdir(currpath + file):
# queue the file full path to process
# g_files_queue.put(newdir + '\\' + file)
g_files_queue.put(currpath + file)
print currpath + file
# Print the g_files_queue of files
if verbose:
print '[+] Added file: %s' % file
#
# Name: process_files
#
def processFiles():
print '\n[+] Starting files processing. This will take some minutes...\n'
# Start the worker threads that initiate the IDA analisis
IDA_threads = []
for i in range(WORKER_THREADS):
IDA_threads.append(IDAExecutor())
IDA_threads[-1].start()
# Wait for the worker threads to finish their jobs and exit
for thread in IDA_threads:
thread.join()
if __name__ == "__main__":
if len(argv) == 1:
print ' Invalid parameter\n'\
' usage: python %s <first path to modules> <second> ...' % argv[0]
exit(-1)
getFilesList(argv[1:], 1)
processFiles()
from sys import argv, exit
from threading import Thread, Lock
from shutil import copy
import Queue
IDA_PATH = 'c:\\program files\\ida\\idag.exe'
IDA_PARAMS = '-A -Smyscript.idc'
WORKER_THREADS = 2 # set this number to the number of processors
g_files_queue = Queue.Queue() # global queue of files to process
#
# Name: IDAExecutor
#
class IDAExecutor(Thread):
def __init__(self):
Thread.__init__(self)
def run(self):
file = ''
while 1:
try:
file = g_files_queue.get(False)
except Queue.Empty:
return
else:
cmd = 'cmd /c \"\"%s\" %s \"%s\"\"' % (IDA_PATH, IDA_PARAMS, file)
print cmd
system(cmd)
#
# Name: get_files_list
#
def getFilesList(params, verbose):
# Get file g_files_queue accross multiple directories
for currpath in params:
if verbose: print '[=] Searching files in directory: %s' % currpath
# Normalize path
currpath = path.abspath(currpath) + '\\'
upperdir = path.abspath(currpath + '..\\')
currdir = path.basename(currpath[:-1])
# Get file g_files_queue and prepend it's path before saving them
# templist = listdir(currpath)
templist = filter(lambda x:x.endswith('.exe'), listdir(currpath))
for file in templist:
if not path.isdir(currpath + file):
# queue the file full path to process
# g_files_queue.put(newdir + '\\' + file)
g_files_queue.put(currpath + file)
print currpath + file
# Print the g_files_queue of files
if verbose:
print '[+] Added file: %s' % file
#
# Name: process_files
#
def processFiles():
print '\n[+] Starting files processing. This will take some minutes...\n'
# Start the worker threads that initiate the IDA analisis
IDA_threads = []
for i in range(WORKER_THREADS):
IDA_threads.append(IDAExecutor())
IDA_threads[-1].start()
# Wait for the worker threads to finish their jobs and exit
for thread in IDA_threads:
thread.join()
if __name__ == "__main__":
if len(argv) == 1:
print ' Invalid parameter\n'\
' usage: python %s <first path to modules> <second> ...' % argv[0]
exit(-1)
getFilesList(argv[1:], 1)
processFiles()
이 python 스크립트는 위에서 만든 idc 스크립트를 통해 plugin을 실행해 준다.
예를 들면
auto_ida2sql.py input-exe
로 실행을 시킬 때 input-exe 디렉토리 밑에 있는 모든 exe 파일을 읽어서 autoanalysis를 하고 IDA2SQL 플러그인을 실행시켜주는 것이다.