ida is so broken

middleware/qira_config.py

@@ -26,4 +26,3 @@ WITH_CAPSTONE = False
 
 WITH_IDA = False
 
-

middleware/qira_static.py

@@ -33,6 +33,19 @@ if qira_config.WITH_IDA:
 #   function stack frames
 #   decompilation
 
+
+# *** NEWER STATIC FUNCTIONS USE IDA AS STATIC BACKEND ***
+
+def get_static_bytes(addr, llen, numlist=False):
+  try:
+    ret = elf_dat[addr-load_addr:addr-load_addr+program.tags[addr]['len']]
+    if numlist:
+      return map(ord, list(ret))
+    else:
+      return ret
+  except:
+    return None
+
 # input is a list of addresses, output is a dictionary names if they exist
 @socketio.on('getnames', namespace='/qira')
 @socket_method
@@ -40,9 +53,10 @@ def getnames(addrs):
   ret = {}
   for i in addrs:
     i = fhex(i)
-    if qira_config.WITH_IDA:
+    # this is slow
+    if False and qira_config.WITH_IDA:
       name = ida.get_name(i)
-      print i, name
+      #print i, name
       if name != None:
         ret[ghex(i)] = name
     else:
@@ -53,7 +67,7 @@ def getnames(addrs):
 @socketio.on('gotoname', namespace='/qira')
 @socket_method
 def gotoname(name):
-  if qira_config.WITH_IDA:
+  if False and qira_config.WITH_IDA:
     ea = ida.get_name_ea(name)
     if ea != None:
       emit('setiaddr', ghex(ea))
@@ -80,6 +94,11 @@ def settags(tags):
       program.tags[naddr][i] = tags[addr][i]
       print hex(naddr), i, program.tags[naddr][i]
 
+@socketio.on('getstaticview', namespace='/qira')
+@socket_method
+def getstaticview(haddr, flat, flatrange):
+  addr = fhex(haddr)
+
 # *** OLDER, LESS SUPPORTED STATIC FUNCTIONS ***
 
 @app.route('/gettagsa', methods=["POST"])
@@ -126,24 +145,29 @@ def getstaticview(haddr, flat, flatrange):
         if 'len' in program.tags[i-j] and program.tags[i-j]['len'] == j:
           i -= j
           program.tags[i]['address'] = ghex(i)
+          program.tags[i]['bytes'] = get_static_bytes(i, j, True)
           ret.append(program.tags[i])
           did_append = True
           break
       if not did_append:
         i -= 1
         program.tags[i]['address'] = ghex(i)
+        program.tags[i]['bytes'] = get_static_bytes(i, 1, True)
         ret.append(program.tags[i])
     ret = ret[::-1]
+
     # find forward
     i = addr
     while len(ret) != abs(flatrange[0]) + flatrange[1]:
       program.tags[i]['address'] = ghex(i)
-      ret.append(program.tags[i])
       #print program.tags[i]
       if 'len' in program.tags[i]:
+        program.tags[i]['bytes'] = get_static_bytes(i, program.tags[i]['len'], True)
         i += program.tags[i]['len']
       else:
+        program.tags[i]['bytes'] = get_static_bytes(i, 1, True)
         i += 1
+      ret.append(program.tags[i])
     emit('tags', ret, False)
   else:
     # function
@@ -170,12 +194,22 @@ def init_static(lprogram):
   global program
   program = lprogram
   if qira_config.WITH_IDA:
-    ida.init_with_program(program)
+    ida.init_with_binary(program.program)
+
+    tags = ida.fetch_tags()
+    print "*** ida returned %d tags" % (len(tags))
+
+    # grr, copied from settags, merge into tags
+    for addr in tags:
+      for i in tags[addr]:
+        program.tags[addr][i] = tags[addr][i]
+
 
   # as a hack, we can assume it's loading at 0x8048000
   # forget sections for now
   # we really need to add a static memory repo
-  dat = open(program.program, "rb").read()
+  global elf_dat, load_addr
+  elf_dat = open(program.program, "rb").read()
   load_addr = 0x8048000
 
   # generate the static data for the instruction
@@ -183,7 +217,7 @@ def init_static(lprogram):
   for addr in program.tags:
     if 'flags' in program.tags[addr] and program.tags[addr]['flags']&0x600 == 0x600:
       # the question here is where do we get the instruction bytes?
-      raw = dat[addr-load_addr:addr-load_addr+program.tags[addr]['len']]
+      raw = get_static_bytes(addr, program.tags[addr]['len'])
       # capinstruction, bap
       program.tags[addr]['capinstruction'] = program.disasm(raw, addr)
       #print hex(addr), self.tags[addr]['len'], self.tags[addr]['capinstruction']

static/ida.py

@@ -134,26 +134,25 @@ def fetch_tags():
 
   for i in range(0, ida.get_nlist_size()):
     ea = ida.get_nlist_ea(i)
-    name = cast(ida.get_nlist_name(i), c_char_p).value.strip()
+    name = c_char_p(ida.get_nlist_name(i)).value.strip()
     #print hex(ea), name
-    tags[ghex(ea)]['name'] = name
+    tags[ea]['name'] = name
 
   def parse_addr(i):
     flags = ida.get_flags_ex(i, 0)
     # is code
     if (flags&0x600) == 0x600:
-      #print ghex(i)
-      tags[ghex(i)]['flags'] = flags
-      tags[ghex(i)]['flow'] = []
-      tags[ghex(i)]['semantics'] = []
+      print ghex(i)
+      tags[i]['flags'] = flags
+      tags[i]['flow'] = []
+      tags[i]['semantics'] = []
+      tags[i]['len'] = ida.decode_insn(i)
       if ida.is_call_insn(i):
-        tags[ghex(i)]['semantics'].append("call")
+        tags[i]['semantics'].append("call")
       if ida.is_ret_insn(i, 1):
-        tags[ghex(i)]['semantics'].append("ret")
-      tags[ghex(i)]['len'] = ida.decode_insn(i)
-      #print ghex(i), ida.is_basic_block_end(0)
+        tags[i]['semantics'].append("ret")
       if ida.is_basic_block_end(0):
-        tags[ghex(i)]['semantics'].append("endbb")
+        tags[i]['semantics'].append("endbb")
       #print ghex(i), tags[ghex(i)]['len']
     return flags
 
@@ -169,7 +168,7 @@ def fetch_tags():
     #print i
     fxn = cast(ida.getn_func(i), POINTER(c_long))
     fxn = [fxn[0], fxn[1]]
-    tags[ghex(fxn[0])]['funclength'] = fxn[1]-fxn[0]
+    tags[fxn[0]]['funclength'] = fxn[1]-fxn[0]
     #print hex(fxn[0]), hex(fxn[1])
 
     # get the flags for each address in the function
@@ -178,11 +177,11 @@ def fetch_tags():
       #flags = parse_addr(i)
       flags = ida.get_flags_ex(i, 0)
       if (flags&0x600) == 0x600:
-        tags[ghex(i)]['scope'] = ghex(fxn[0])
+        tags[i]['scope'] = ghex(fxn[0])
         cref = ida.get_first_fcref_from(i)
         while cref != -1:
           if cref >= fxn[0] and cref < fxn[1]:
-            tags[ghex(i)]['flow'].append(ghex(cref))
+            tags[i]['flow'].append(ghex(cref))
           #print "   ",ghex(cref)
           cref = ida.get_next_fcref_from(i, cref)
 
@@ -190,34 +189,34 @@ def fetch_tags():
 
 
 def set_name(ea, name):
-  ida.set_name(ea, name, 0)
+  ida.set_name(ea, create_string_buffer(name), 0)
 
 def set_comment(ea, text):
   # all repeatable
-  ida.set_cmt(ea, text, 1)
+  ida.set_cmt(ea, create_string_buffer(text), 1)
 
 def get_name(ea):
+  # TODO(ryan): why do i have to malloc here?
   tmp = libc.malloc(80)
   #tmp = create_string_buffer(80)
+  ida.get_name.restype=c_char_p
   ret = ida.get_name(BADADDR, ea, tmp, 80)
-  if ret != 0:
-    # TODO(ryan): wtf what's breaking here
-    return "named"
-    #return cast(tmp, c_char_p).value
+  if ret != None:
+    return ret
   return None
 
 def get_name_ea(name):
-  ea = ida.get_name_ea(BADADDR, name)
+  ea = ida.get_name_ea(BADADDR, create_string_buffer(name))
   if ea == BADADDR:
     return None
   return ea
 
-def init_with_program(program):
+def init_with_binary(filename):
   global ida, libc, FILE
 
   FILE = "/tmp/qida/ida_binary"
   os.system("rm -rf /tmp/qida; mkdir -p /tmp/qida")
-  os.system("cp "+program.program+" "+FILE)
+  os.system("cp "+filename+" "+FILE)
 
   if sys.platform == 'darwin':
     ida = cdll.LoadLibrary(IDAPATH+"/libida.dylib")
@@ -240,15 +239,3 @@ def init_with_program(program):
   print "*** ida.init_database", ida.init_database(argc, argv, pointer(newfile))
   run_ida()
 
-  # *** REMOVE UNDER THIS LINE ***
-
-  tags = fetch_tags()
-  print "*** ida returned %d tags" % (len(tags))
-
-  # grr, copied from settags
-  for addr in tags:
-    naddr = fhex(addr)
-    for i in tags[addr]:
-      program.tags[naddr][i] = tags[addr][i]
-      #print hex(naddr), self.tags[naddr][i]
-

web/client/controls.js

@@ -103,17 +103,17 @@ $(document).ready(function() {
     }*/
   });
   $('body').on('mousewheel', '.flat', function(e) {
-    /*var cdr = $(".flat").children();
+    var cdr = $(".flat").children();
     if (e.originalEvent.wheelDelta < 0) {
-      Session.set('iaddr', get_address_from_class(cdr[16].childNodes[0]));
+      Session.set('iview', get_address_from_class(cdr[16].childNodes[0]));
     } else if (e.originalEvent.wheelDelta > 0) {
-      Session.set('iaddr', get_address_from_class(cdr[14].childNodes[0]));
-    }*/
-    if (e.originalEvent.wheelDelta < 0) {
+      Session.set('iview', get_address_from_class(cdr[14].childNodes[0]));
+    }
+    /*if (e.originalEvent.wheelDelta < 0) {
       Session.set('iview', bn_add(Session.get('iview'), -1));
     } else if (e.originalEvent.wheelDelta > 0) {
       Session.set('iview', bn_add(Session.get('iview'), 1));
-    }
+    }*/
   });
   $("#idump")[0].addEventListener("mousewheel", function(e) {
     //p("idump mousewheel");