I modified some in Fentanyl to support Assemble Patch with Keystone Assembler This can patch any instruction if it is valid IDA instruction or keystone instruction (Context Menu : Patch > Assemble) Example: In x64, IDA instruction Code (Text): 48 8D 0D 71 D1 00 00 lea rcx, off_14000E370 This is not a valid instruction, it reminder only, instead Code (Text): 48 8D 0D 71 D1 00 00 lea rcx, qword ptr [rip + 0xD171] is valid with keystone, so could use the keystone to assemble it and patch it to IDA
Code (Text): C:\Program Files\IDA 7.0\plugins\fentanyl.py: 'module' object has no attribute 'GetIdaDirectory' Traceback (most recent call last): File "C:\Program Files\IDA 7.0\python\ida_idaapi.py", line 553, in IDAPython_ExecScript execfile(script, g) File "C:/Program Files/IDA 7.0/plugins/fentanyl.py", line 180, in <module> icons_path = os.path.join(idc.GetIdaDirectory(), 'plugins', 'FentanylCore', 'icons') AttributeError: 'module' object has no attribute 'GetIdaDirectory' Var Sistem, I have this defined... IDADIR = C:\Program Files\IDA 7.0 No reference "GetIdaDirectory" in: IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API any ideas?
idc.GetIdaDirectory could be replace by idaapi.idadir(None) https://transfer.sh/T7plt/fentanyl_ida7_plugins.7z You could try my minor fixup
Computerline, as always, you did an excellent job Something strange happens, I had this error In: FentanylCore/AssembleForm.py """ Initialize form elements """ line: 246 It says Code (Text): self.ui_cntls = { 'inp':idaapi.Form.MultiLineTextControl('', idaapi.textctrl_info_t.TXTF_FIXEDFONT), #'inp': idaapi.Form.StringInput(tp=None, width=1024, swidth=40, hlp=None, value='', size=None), 'opt_chk':idaapi.Form.ChkGroupControl(('fixup', 'nopout')), 'form_cb':idaapi.Form.FormChangeCb(self._form_cb), } self.ui_form = idaapi.Form("""STARTITEM {id:inp} I had to make the next change Code (Text): self.ui_cntls = { 'inp':ida_kernwin.Form.MultiLineTextControl('', ida_kernwin.textctrl_info_t.TXTF_FIXEDFONT), #'inp': idaapi.Form.StringInput(tp=None, width=1024, swidth=40, hlp=None, value='', size=None), 'opt_chk':ida_kernwin.Form.ChkGroupControl(('fixup', 'nopout')), 'form_cb':ida_kernwin.Form.FormChangeCb(self._form_cb), } self.ui_form = ida_kernwin.Form("""STARTITEM {id:inp} This is a Temporary Solution... Strangely IDA 7.0 does not address well the API "idaapi" and I had to point directly to "ida_kernwin" Any idea why this happens?
Yes, because the license changed by wwcd so I don't upload source with the binary, the code only craft, so it buggy, help it will be usefull. wwcd2: https://drive.google.com/uc?id=1clTteyumMJAh9cH40y0FQglEuMhG7iyk&export=download zydecode : https://drive.google.com/uc?id=14U8WY13UpBJ9Ru2kZEKGgEvZMEza75Rw&export=download I'm try to update zydecode to the lastest zydis version, but their change allot, I couldn't build the binary, so I used the stable version. wwcd2 use capstone, today their release v4.0, so that better to update. And I don't known though I rename the action in source, but wwcd2 and zydecode can't work to gether