Fentanyl + WWCD for better IDA View & Patcher

computerline

New member
Ida Pro Expert
I modified some in Fentanyl to support Assemble Patch with Keystone Assembler :)
This can patch any instruction if it is valid IDA instruction or keystone instruction (Context Menu : Patch > Assemble)

Example:
In x64, IDA instruction
Code:
48 8D 0D 71 D1 00 00					lea	 rcx, off_14000E370
This is not a valid instruction, it reminder only, instead
Code:
48 8D 0D 71 D1 00 00					lea	 rcx, qword ptr [rip + 0xD171]
is valid with keystone, so could use the keystone to assemble it and patch it to IDA
:)
 

Attachments

  • fentanyl+wwcd2.7z
    450.6 KB · Views: 41
Last edited:

steve007iii

New member
Code:
C:\Program Files\IDA 7.0\plugins\fentanyl.py: 'module' object has no attribute 'GetIdaDirectory'
Traceback (most recent call last):
  File "C:\Program Files\IDA 7.0\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
	execfile(script, g)
  File "C:/Program Files/IDA 7.0/plugins/fentanyl.py", line 180, in <module>
	icons_path = os.path.join(idc.GetIdaDirectory(), 'plugins', 'FentanylCore', 'icons')
AttributeError: 'module' object has no attribute 'GetIdaDirectory'

Var Sistem, I have this defined...
IDADIR = C:\Program Files\IDA 7.0
No reference "GetIdaDirectory" in: IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API

any ideas?
 

computerline

New member
Ida Pro Expert
Code:
C:\Program Files\IDA 7.0\plugins\fentanyl.py: 'module' object has no attribute 'GetIdaDirectory'
Traceback (most recent call last):
  File "C:\Program Files\IDA 7.0\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
	execfile(script, g)
  File "C:/Program Files/IDA 7.0/plugins/fentanyl.py", line 180, in <module>
	icons_path = os.path.join(idc.GetIdaDirectory(), 'plugins', 'FentanylCore', 'icons')
AttributeError: 'module' object has no attribute 'GetIdaDirectory'

Var Sistem, I have this defined...
IDADIR = C:\Program Files\IDA 7.0
No reference "GetIdaDirectory" in: IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API

any ideas?
idc.GetIdaDirectory could be replace by idaapi.idadir(None)

https://transfer.sh/T7plt/fentanyl_ida7_plugins.7z

You could try my minor fixup
 

steve007iii

New member
Computerline, as always, you did an excellent job

Something strange happens, I had this error

wwrM5jH.png


In: FentanylCore/AssembleForm.py """ Initialize form elements """ line: 246 It says

Code:
		self.ui_cntls = {
			'inp':idaapi.Form.MultiLineTextControl('', idaapi.textctrl_info_t.TXTF_FIXEDFONT),
			#'inp': idaapi.Form.StringInput(tp=None, width=1024, swidth=40, hlp=None, value='', size=None),
			'opt_chk':idaapi.Form.ChkGroupControl(('fixup', 'nopout')),
			'form_cb':idaapi.Form.FormChangeCb(self._form_cb),
		}
		self.ui_form = idaapi.Form("""STARTITEM {id:inp}

I had to make the next change

Code:
		self.ui_cntls = {
			'inp':ida_kernwin.Form.MultiLineTextControl('', ida_kernwin.textctrl_info_t.TXTF_FIXEDFONT),
			#'inp': idaapi.Form.StringInput(tp=None, width=1024, swidth=40, hlp=None, value='', size=None),
			'opt_chk':ida_kernwin.Form.ChkGroupControl(('fixup', 'nopout')),
			'form_cb':ida_kernwin.Form.FormChangeCb(self._form_cb),
		}
		self.ui_form = ida_kernwin.Form("""STARTITEM {id:inp}
This is a Temporary Solution...

Strangely IDA 7.0 does not address well the API "idaapi" and I had to point directly to "ida_kernwin"

Any idea why this happens?
 

computerline

New member
Ida Pro Expert
Do you mind sharing the source for your plugins so I can builld them on OS X ? :)
Yes, because the license changed by wwcd so I don't upload source with the binary, the code only craft, so it buggy, help it will be usefull.

wwcd2: https://drive.google.com/uc?id=1clTteyumMJAh9cH40y0FQglEuMhG7iyk&export=download
zydecode : https://drive.google.com/uc?id=14U8WY13UpBJ9Ru2kZEKGgEvZMEza75Rw&export=download

I'm try to update zydecode to the lastest zydis version, but their change allot, I couldn't build the binary, so I used the stable version.
wwcd2 use capstone, today their release v4.0, so that better to update.

And I don't known though I rename the action in source, but wwcd2 and zydecode can't work to gether :(
 
Top