-
Notifications
You must be signed in to change notification settings - Fork 14
/
obfDetect.py
91 lines (75 loc) · 2.7 KB
/
obfDetect.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
from idc import *
import idaapi
from idaapi import *
import idautils
import ida_kernwin
from obfDetect import gui
PLUGIN_VERSION = "1.7"
IDAVERSIONS = "IDA PRO 7.4+"
AUTHORS = "mcdulltii"
DATE = "2022"
def banner():
banner_options = (PLUGIN_VERSION, AUTHORS, DATE, IDAVERSIONS)
banner_titles = "Obfuscation Detection v%s - (c) %s - %s - %s" % banner_options
# print plugin banner
print("\n---[" + banner_titles + "]---\n")
# Obfuscation Detection Handler
class ObfDetectHandler(action_handler_t):
def __init__(self):
action_handler_t.__init__(self)
# Run script when invoked.
def activate(self, ctx):
gui.show_gui()
def update(self, ctx):
return AST_ENABLE_ALWAYS
class obfDetect_plugin_t(plugin_t):
flags = PLUGIN_HIDE
comment = "Calculates binary obfuscation heuristics"
help = "Obfuscation Detection"
wanted_name = "Obfuscation Detection"
wanted_hotkey = ""
def editor_menuaction(self):
action_desc = action_desc_t(
'my:detectoraction', # The action name. This acts like an ID and must be unique
'Obfuscation Detection', # The action text.
ObfDetectHandler(), # The action handler.
'Ctrl+Shift+H', # Optional: the action shortcut
'', # Optional: the action tooltip (available in menus/toolbar)
122 # icon number
)
# Register the action
register_action(action_desc)
attach_action_to_menu(
'File/Editor...', # The relative path of where to add the action
'my:detectoraction', # The action ID (see above)
SETMENU_APP) # We want to append the action after the 'Manual instruction...
form = ida_kernwin.get_current_widget()
attach_action_to_popup(form, None, "my:detectoraction", None)
def init(self):
"""
This is called by IDA when it is loading the plugin.
"""
# attempt plugin initialization
try:
self._install_plugin()
# failed to initialize or integrate the plugin, log and skip loading
except Exception as e:
form = ida_kernwin.get_current_widget()
pass
return PLUGIN_KEEP
def _install_plugin(self):
"""
Initialize & integrate the plugin into IDA.
"""
self.editor_menuaction()
self._init()
def run(self, arg = 0):
# We need the calls again if we wanna load it via File/Plugins/editor
msg("Obfuscation Detection loaded.\nUse Alt+E hot key to quick load.\n")
handler = ObfDetectHandler()
handler.activate(self)
def term(self):
pass
def PLUGIN_ENTRY():
banner()
return obfDetect_plugin_t()