working on #15

Ponce/src/actions.cpp

@@ -168,11 +168,49 @@ static const action_desc_t action_IDA_solver = ACTION_DESC_LITERAL(
 	"Solve a selected constraint", //Optional: the action tooltip (available in menus/toolbar)
 	201); //Optional: the action icon (shows when in menus/toolbars)
 
+
+struct formchooser_ah_t : public action_handler_t
+{
+	virtual int idaapi activate(action_activation_ctx_t *ctx)
+	{
+		msg("Menu item clicked. Current selection:");
+		for (int i = 0, n = ctx->chooser_selection.size(); i < n; ++i)
+			msg(" %d", ctx->chooser_selection[i]);
+		msg("\n");
+		return 1;
+	}
+
+	virtual action_state_t idaapi update(action_update_ctx_t *ctx)
+	{
+		bool ok = ctx->form_type == BWN_CHOOSER;
+		if (ok)
+		{
+			char name[MAXSTR];
+			ok = get_tform_title(ctx->form, name, sizeof(name))
+				&& strneq(name, "Form with choosers", qstrlen("Form with choosers"));
+		}
+		return ok ? AST_ENABLE_FOR_FORM : AST_DISABLE_FOR_FORM;
+	}
+};
+static formchooser_ah_t formchooser_ah;
+
+static const action_desc_t action_IDA_choser = ACTION_DESC_LITERAL(
+	"Choser",
+	"User Choser", 
+	&formchooser_ah, 
+	"Ctrl-K", 
+	NULL, 
+	12);
+
+
+
+
 /*This list defined all the actions for the plugin*/
 struct action action_list[] =
 {
 	{ "TRegister", "Taint Register", &action_IDA_taint_register, { BWN_DISASM, BWN_CPUREGS, NULL } },
 	{ "TMemory", "Taint Memory", &action_IDA_taint_memory, { BWN_DISASM, BWN_DUMP, NULL } },
 	{ "Solver", "Solve formula", &action_IDA_solver, { BWN_DISASM, NULL } },
+	//{ "Choser", "User Choser", &action_IDA_choser, { BWN_DISASM, NULL } },
 	{ NULL, NULL, NULL }
 };

Ponce/src/formChoser.cpp

@@ -0,0 +1,133 @@
+/*
+*  This plugin demonstrates how to use choosers inside forms.
+*
+*/
+
+#include <pro.h>
+#include <idp.hpp>
+#include <loader.hpp>
+#include <kernwin.hpp>
+
+//Ponce
+#include "formChoser.hpp"
+#include "globals.hpp"
+
+void idaapi btn_cb(TView *[], int)
+{
+	warning("button pressed");
+}
+
+//--------------------------------------------------------------------------
+int idaapi modcb(int fid, form_actions_t &fa)
+{
+	ushort isActivated;
+	fa.get_checkbox_value(fid, &isActivated);
+
+	msg("fid is %d and it is: %d\n", fid, isActivated);
+	switch (fid)
+	{
+	case -1:
+		msg("initializing\n");
+		break;
+	case -2:
+		msg("terminating\n");
+		break;
+	case 10:     // show debug info
+		cmdOptions.showDebugInfo = isActivated ? 1 : 0;
+		break;
+	case 11:     // manage symbolic indexing
+		cmdOptions.manageSymbolicIndexing = isActivated ? 1 : 0;
+		break;
+	case 12:     // enable tracing first time something is tainted
+		cmdOptions.enableTracingAsTainted = isActivated ? 1 : 0;
+		break;
+	case 13:     // Limit the number of instructions in tracing mode
+		/*if (isActivated)
+			fa.enable_field(4, true);*/
+		cmdOptions.limitInstructionsTracingMode = isActivated ? 1 : 0;
+		break;
+	case 14:     // Limit of instructions to execute before ask to the user
+		cmdOptions.limitInstructionsBeforeAskingUser = isActivated ? 1 : 0;
+		break;
+	case 15:     // Time limit before ask user
+		cmdOptions.limitTime = isActivated ? 1 : 0;
+		break;
+	case 16:     // Only use tainting mode
+		cmdOptions.onlyTainting = isActivated ? 1 : 0;
+		break;
+	case 17:     // Automatically rename the functions with tainted instructions/conditions
+		cmdOptions.RenameFunctionNames = isActivated ? 1 : 0;
+		break;
+	case 18:     // Configure automated tainting
+		cmdOptions.automatedTainting = isActivated ? 1 : 0;
+		break;
+	case 19:     // Taint argv[0]
+		cmdOptions.taintArgv0 = isActivated ? 1 : 0;
+		break;
+	case 20:     // Taint argc
+		cmdOptions.taintArgc = isActivated ? 1 : 0;
+		break;
+	default:
+		msg("unknown id %d\n", fid);
+		break;
+	}
+	return 1;
+	//bool is_gui = callui(ui_get_hwnd).vptr != NULL || is_idaq();
+
+	//char buf0[MAXSTR];
+	//if (!fa.get_ascii_value(5, buf0, sizeof(buf0)))
+	//	INTERR(30145);
+
+	//if (streq(buf0, "on"))
+	//	fa.enable_field(12, true);
+
+	//if (streq(buf0, "off"))
+	//	fa.enable_field(12, false);
+
+	//ushort buf1;
+	//if (!fa.get_cbgroup_value(12, &buf1))
+	//	INTERR(30146);
+
+	//fa.show_field(7, (buf1 & 1) != 0);
+	//fa.enable_field(8, (buf1 & 2) != 0);
+
+
+	//ushort c13;
+	//if (!fa.get_checkbox_value(13, &c13))
+	//	INTERR(30147);
+	//fa.enable_field(10, c13 != 0);
+
+	//ushort c14;
+	//if (!fa.get_checkbox_value(14, &c14))
+	//	INTERR(30148);
+	//fa.enable_field(5, c14 != 0);
+
+	//ushort c15;
+	//if (!fa.get_checkbox_value(15, &c15))
+	//	INTERR(30149);
+
+	//if ((buf1 & 8) != 0)
+	//{
+	//	sval_t x, y, w, h;
+	//	fa.get_signed_value(4, &x);
+	//	fa.get_signed_value(3, &y);
+	//	fa.get_signed_value(2, &w);
+	//	fa.get_signed_value(1, &h);
+	//	fa.move_field(5, x, y, w, h);
+	//	if (x != -1 && c15)
+	//		fa.move_field(-5, x - 7, y, w, h);
+	//}
+
+	//// get_field_value() for buttons must return false always
+	//if (fa._get_field_value(7, NULL))
+	//	INTERR(30150);
+
+	//bgcolor_t bgc = -1;
+	//if (is_gui && !fa.get_color_value(8, &bgc))
+	//	INTERR(30151);
+	//msg("  op=%s change=%x color=%x\n", buf0, buf1, bgc);
+
+	//fa.set_label_value(9, buf0);
+	//return 1;
+}
+

Ponce/src/formChoser.hpp

@@ -0,0 +1,38 @@
+
+#pragma once
+//IDA
+#include <ida.hpp>
+
+int idaapi modcb(int fid, form_actions_t &fa);
+void idaapi btn_cb(TView *[], int);
+
+static const char form[] =
+"@0:477[]\n"
+"Ponce Configuration\n"
+"\n"
+"%/Enter alternate string for the %9D operand\n"
+"\n"
+"  <~O~perand:A5:100:40::>\n"
+"  <~X~:D4:100:10::>\n"
+"  <~Y~:D3:100:10::>\n"
+"  <~W~:D2:100:10::>\n"
+"  <~H~:D1:100:10::>\n"
+"\n"
+"<#comment#Show debug info in the output windows:C10>\n"
+"<#comment#Manage symbolic indexing:C11>\n"
+"<#comment#Enable tracing the first time something is tainted:C12>\n"
+"<#comment#Limit the number of instructions in tracing mode:C13><#number of instructions#N:D21::>\n"
+//"<~L~ength:D1:100:10::>\n"
+//"<Number:D4:100:10::>\n"
+"<#comment#Limit of instructions to execute before ask to the user:C14><#number of instructions#N:D22::>\n"
+"<#comment#Time limit before ask user:C15><#time in seconds#Time:D23::>\n"
+"<#comment#Only use tainting mode:C16>\n"
+"<#comment#Automatically rename the functions with tainted instructions/conditions :C17>\n"
+"<#comment#Configure automated tainting:C18>\n"
+"<#comment#Taint argv[0]:C19>\n"
+"<#comment#Taint argc:C20>>\n"
+"\n"
+
+
+;
+

Ponce/src/globals.hpp

@@ -72,4 +72,21 @@ extern bool is_something_tainted;
 extern unsigned int tainted_functions_index;
 extern Trigger runtimeTrigger;
 extern triton::arch::Instruction* last_triton_instruction;
-extern bool automatically_continue_after_step;
+extern bool automatically_continue_after_step;
+
+
+//User options
+struct cmdOptionStruct{
+	bool showDebugInfo = false;
+	bool manageSymbolicIndexing = false;
+	bool enableTracingAsTainted = false;
+	bool limitInstructionsTracingMode = false;
+	bool limitInstructionsBeforeAskingUser = false;
+	bool limitTime = false;
+	bool onlyTainting = false;
+	bool RenameFunctionNames = false;
+	bool automatedTainting = false;
+	bool taintArgv0 = false;
+	bool taintArgc = false;	
+};
+extern struct cmdOptionStruct cmdOptions;

Ponce/src/main.cpp

@@ -12,9 +12,13 @@
 #include "context.hpp"
 #include "utils.hpp"
 
+#include "formChoser.hpp"
+
 //Triton
 #include <api.hpp>
 
+struct cmdOptionStruct cmdOptions;
+
 //#include <x86Specifications.hpp>
 //
 //using namespace triton;
@@ -30,8 +34,7 @@ void triton_init()
 	else if (inf.is_64bit())
 		triton::api.setArchitecture(triton::arch::ARCH_X86_64);
 	else{
-		warning("The architecture does not seem to be 32 or 64 bits. Exiting...");
-		return; // TODO: We should close the plugin loading but not IDA itself
+		error("The architecture does not seem to be 32 or 64 bits. Exiting...");
 	}
 	// Memory access callback
 	triton::api.addCallback(needConcreteMemoryValue);
@@ -42,6 +45,31 @@ void triton_init()
 //--------------------------------------------------------------------------
 void idaapi run(int)
 {
+	uval_t ln = 1;
+	char buf[MAXSTR] = "hola";
+
+	ushort check = 0x12;
+	bgcolor_t bgc = 0x556677;
+	uval_t x_op1 = -1;
+	uval_t y_op1 = -1;
+	uval_t w_op1 = -1;
+	uval_t h_op1 = -1;
+	if (AskUsingForm_c(form, modcb, &ln, buf, &x_op1, &y_op1, &w_op1, &h_op1, &check, btn_cb, &bgc) > 0)
+	//if (AskUsingForm_c(form, modcb, &cmdOptions) > 0)
+	{
+		/*msg("operand: %s\n", buf);
+		msg("check = %d\n", check);
+		msg("dim = %a %a %a %a\n", x_op1, y_op1, w_op1, h_op1);
+		msg("bgc = %x\n", bgc);*/
+	}
+
+
+
+
+
+
+
+
 	if (!hooked){
 		//First we ask the user to take a snapshot, -1 is to cancel so we don't run the plugin
 		if (ask_for_a_snapshot() != -1)

builds/PonceBuild/Ponce/Ponce.vcxproj

@@ -25,6 +25,7 @@
     <ClInclude Include="..\..\..\Ponce\src\actions.hpp" />
     <ClInclude Include="..\..\..\Ponce\src\callbacks.hpp" />
     <ClInclude Include="..\..\..\Ponce\src\context.hpp" />
+    <ClInclude Include="..\..\..\Ponce\src\formChoser.hpp" />
     <ClInclude Include="..\..\..\Ponce\src\globals.hpp" />
     <ClInclude Include="..\..\..\Ponce\src\tainting.hpp" />
     <ClInclude Include="..\..\..\Ponce\src\trigger.hpp" />
@@ -34,6 +35,7 @@
     <ClCompile Include="..\..\..\Ponce\src\actions.cpp" />
     <ClCompile Include="..\..\..\Ponce\src\callbacks.cpp" />
     <ClCompile Include="..\..\..\Ponce\src\context.cpp" />
+    <ClCompile Include="..\..\..\Ponce\src\formChoser.cpp" />
     <ClCompile Include="..\..\..\Ponce\src\globals.cpp" />
     <ClCompile Include="..\..\..\Ponce\src\main.cpp" />
     <ClCompile Include="..\..\..\Ponce\src\tainting.cpp" />

builds/PonceBuild/Ponce/Ponce.vcxproj.filters

@@ -39,6 +39,9 @@
     <ClInclude Include="..\..\..\Ponce\src\utils.hpp">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\Ponce\src\formChoser.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\..\..\Ponce\src\actions.cpp">
@@ -65,5 +68,8 @@
     <ClCompile Include="..\..\..\Ponce\src\utils.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\Ponce\src\formChoser.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>