优化ida插件showcomments

admin
admin
admin
102803
文章
87
评论
2023年10月12日14:22:21评论14 views字数 6895阅读22分59秒阅读模式
优化ida插件showcomments

起因是使用ida在分析算法的时候写了很多注释,但是我在找对应的代码的时候,在那么多注释中很难找到我之前写过的注释,翻遍了所有ida的快捷键也没有找到。

优化ida插件showcomments




优化ida插件showcomments

⊙一.ida官网寻找

⊙二.代码优化功能改进

三.完整代码




一.ida官网寻找


在ida的官网插件库里面,看到有关于对于评论处理的插件,于是把它下载下来放到了ida的插件库中,看看符合使用预期不。


优化ida插件showcomments

在ida中进行使用的时候,具体有两个功能,

优化ida插件showcomments

使用过程中发现确实有一个很大的弊端,在我写了200多个注释的情况下,无法迅速的找到对应的地址。

优化ida插件showcomments

作者在2022年回复过这个问题,但是现在还没加上,那怎么办呢,自己动手丰衣足食。


二.代码优化功能改进


首先我要用qt实现一个搜索框,然后输入上含有注释的内容的时候,table表将会过滤。


首先给代码增加输入框和按钮

    self.filter_input = QtWidgets.QLineEdit(self.parent)    self.filter_button = QtWidgets.QPushButton("Filter", self.parent)    self.filter_button.clicked.connect(self.filter_comments)    layout.addWidget(self.filter_input)    layout.addWidget(self.filter_button)lter_button)tton)


  然后我们增加过滤函数的处理逻辑

  def filter_comments(self):        keyword = self.filter_input.text()        if not keyword:            # No keyword to filter on, repopulate the whole table            self.reset_and_populate()            return
        # Clear the current table        self.table.setRowCount(0)                item_index = 0        current_function_name = None
        for ea in idautils.Heads():            function_name = idaapi.get_func_name(ea)            function_cmt = idc.get_func_cmt(ea, True)            if function_name != current_function_name and function_cmt:                if keyword.lower() in function_cmt.lower():                    item_index = self.add_row(item_index, ea, function_cmt, "Function", function_name)                current_function_name = function_name
            # Check for regular and repeatable comments            cmt = idaapi.get_cmt(ea, False)            repeat_cmt = idaapi.get_cmt(ea, True)
            if cmt and keyword.lower() in cmt.lower():                item_index = self.add_row(item_index, ea, cmt, "Regular", function_name)            elif repeat_cmt and keyword.lower() in repeat_cmt.lower():                item_index = self.add_row(item_index, ea, repeat_cmt, "Repeatable", function_name)

因为过滤后如果输入为空,需要重新从ida中获取注释


    def reset_and_populate(self):        self.table.setRowCount(0)  # 清空表格内容        item_index = 0        current_function_name = None        for ea in idautils.Heads():            function_name = idaapi.get_func_name(ea)            if function_name != current_function_name:                function_cmt = idc.get_func_cmt(ea, True)                if function_cmt:                    item_index = self.add_row(item_index, ea, function_cmt, "Function", function_name)                current_function_name = function_name
            cmt = idaapi.get_cmt(ea, False)            if cmt:                item_index = self.add_row(item_index, ea, cmt, "Regular", function_name)                        cmt = idaapi.get_cmt(ea, True)            if cmt:                item_index = self.add_row(item_index, ea, cmt, "Repeatable", function_name)                            self.table.resizeColumnsToContents()


这个时候就符合我们的需要了

优化ida插件showcomments


但是每次搜索需要点击filter,非常不优雅,然后改变为输入框每次进行变化的时候都会进行过滤,瞬间变得优雅起来。


        self.filter_input = QtWidgets.QLineEdit(self.parent)
        self.filter_input.textChanged.connect(self.filter_comments)
       # self.filter_button = QtWidgets.QPushButton("Filter", self.parent)        #self.filter_button.clicked.connect(self.filter_comments)        layout.addWidget(self.filter_input)        #layout.addWidget(self.filter_button)

三.完整代码



from idaapi import PluginFormfrom PyQt5 import QtCore, QtGui, QtWidgetsimport idautilsimport idaapiimport idc

class ShowComments(PluginForm):
    def OnCreate(self, form):        # Get parent widget        self.parent = self.FormToPyQtWidget(form)        self.PopulateForm()

    def PopulateForm(self):


        # Create layout        layout = QtWidgets.QVBoxLayout()


        # Create input for keyword and a filter button        self.filter_input = QtWidgets.QLineEdit(self.parent)
        self.filter_input.textChanged.connect(self.filter_comments)
       # self.filter_button = QtWidgets.QPushButton("Filter", self.parent)        #self.filter_button.clicked.connect(self.filter_comments)        layout.addWidget(self.filter_input)        #layout.addWidget(self.filter_button)
        # table         self.table = QtWidgets.QTableWidget()        self.table.setColumnCount(4)        self.table.setEditTriggers(QtWidgets.QTableWidget.NoEditTriggers)        self.table.setHorizontalHeaderLabels(["Address", "Type", "Comment", "Function Name"])        self.table.setSortingEnabled(True)
        item_index = 0        current_function_name = None
        for ea in idautils.Heads():            # Check if the first address of a function contains a function (repeatable) comment            # IDAPython cheatsheet (https://gist.github.com/icecr4ck/7a7af3277787c794c66965517199fc9c)            function_name = idaapi.get_func_name(ea)            if function_name != current_function_name:                function_cmt = idc.get_func_cmt(ea, True)                if function_cmt:                    item_index = self.add_row(item_index, ea, function_cmt, "Function", function_name)                current_function_name = function_name
                # Check if the address contains a regular (non-repeatable) comment            cmt = idaapi.get_cmt(ea, False)            if cmt:                item_index = self.add_row(item_index, ea, cmt, "Regular", function_name)            # Now check if it contains a repeatable comment            cmt = idaapi.get_cmt(ea, True)            if cmt:                item_index = self.add_row(item_index, ea, cmt, "Repeatable", function_name)                        self.table.resizeColumnsToContents()        self.table.doubleClicked.connect(self.fn_get_cell_Value)        layout.addWidget(self.table)
        # make our created layout the dialogs layout        self.parent.setLayout(layout)    def filter_comments(self):        keyword = self.filter_input.text()        if not keyword:            # No keyword to filter on, repopulate the whole table            self.reset_and_populate()            return
        # Clear the current table        self.table.setRowCount(0)                item_index = 0        current_function_name = None
        for ea in idautils.Heads():            function_name = idaapi.get_func_name(ea)            function_cmt = idc.get_func_cmt(ea, True)            if function_name != current_function_name and function_cmt:                if keyword.lower() in function_cmt.lower():                    item_index = self.add_row(item_index, ea, function_cmt, "Function", function_name)                current_function_name = function_name
            # Check for regular and repeatable comments            cmt = idaapi.get_cmt(ea, False)            repeat_cmt = idaapi.get_cmt(ea, True)
            if cmt and keyword.lower() in cmt.lower():                item_index = self.add_row(item_index, ea, cmt, "Regular", function_name)            elif repeat_cmt and keyword.lower() in repeat_cmt.lower():                item_index = self.add_row(item_index, ea, repeat_cmt, "Repeatable", function_name)
    def reset_and_populate(self):        self.table.setRowCount(0)  # 清空表格内容        item_index = 0        current_function_name = None        for ea in idautils.Heads():            function_name = idaapi.get_func_name(ea)            if function_name != current_function_name:                function_cmt = idc.get_func_cmt(ea, True)                if function_cmt:                    item_index = self.add_row(item_index, ea, function_cmt, "Function", function_name)                current_function_name = function_name
            cmt = idaapi.get_cmt(ea, False)            if cmt:                item_index = self.add_row(item_index, ea, cmt, "Regular", function_name)                        cmt = idaapi.get_cmt(ea, True)            if cmt:                item_index = self.add_row(item_index, ea, cmt, "Repeatable", function_name)                            self.table.resizeColumnsToContents()
    def add_row(self, item_index, ea, cmt, cmt_type, function_name):        self.table.insertRow(self.table.rowCount());        self.table.setItem(item_index, 0, QtWidgets.QTableWidgetItem(hex(ea)))        self.table.setItem(item_index, 1, QtWidgets.QTableWidgetItem(cmt_type))        self.table.setItem(item_index, 2, QtWidgets.QTableWidgetItem(cmt))        self.table.setItem(item_index, 3, QtWidgets.QTableWidgetItem(function_name))        item_index += 1        return item_index
    def fn_get_cell_Value(self, index):        # If the user clicked an address, follow it in IDA View        if index.column() == 0:            value =  index.data()            idaapi.jumpto(int(value, base=16), 0, 0)     def OnClose(self, form):        pass

class showcomments_plugin_t(idaapi.plugin_t):    comment = "ShowComments"    version = "v0.3"    website = "https://github.com/merces/showcomments"    help = ""    wanted_name = "ShowComments"    wanted_hotkey = "Ctrl-Alt-C"    flags = idaapi.PLUGIN_OK
    def init(self):        return idaapi.PLUGIN_OK
    def run(self, arg):        plg = ShowComments()        plg.Show(self.comment + " " + self.version)        pass
    def term(self):        return

def PLUGIN_ENTRY():    return showcomments_plugin_t()

学习更多其他逆向知识可以关注我朋友:



我是BestToYou,分享工作或日常学习中关于Android、iOS逆向及安全防护的一些思路和一些自己闲暇时刻调试的一些程序,文中若有错误或者不足的地方,恳请大家联系我批评指正。


优化ida插件showcomments

扫码加我为好友



原文始发于微信公众号(二进制科学):优化ida插件showcomments

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年10月12日14:22:21
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   优化ida插件showcommentshttp://cn-sec.com/archives/2105827.html

发表评论

匿名网友 填写信息