search

danielplohmann / apiscout

This project aims at simplifying Windows API import recovery on arbitrary memory dumps
BSD 2-Clause "Simplified" License
241 stars 41 forks source link

IDA 7.0 - ValueError: Invalid chooser passed #8

Closed nazywam closed 6 years ago

nazywam commented 6 years ago

Hey, great job on apiscout!

I've noticed that recent(ish) changes to idaapi have broken some stuff in apiscout. This is what I get when I try to run the script on IDA Version 7.0.170914 Linux x86_64:

/home/michal/work/apiscout/ida_scout.py: Invalid chooser passed.
Traceback (most recent call last):
  File "/home/michal/ida-7.0/python/ida_idaapi.py", line 553, in IDAPython_ExecScript
    execfile(script, g)
  File "/home/michal/work/apiscout/ida_scout.py", line 63, in <module>
    main()
  File "/home/michal/work/apiscout/ida_scout.py", line 42, in main
    parameters = tools.formGetParameters()
  File "/home/michal/work/apiscout/apiscout/IdaTools.py", line 148, in formGetParameters
    form = IdaApiScoutOptionsForm(db_folder)
  File "/home/michal/work/apiscout/apiscout/IdaForm.py", line 84, in __init__
    'cApiDbChooser' : Form.EmbeddedChooserControl(self.apiDbChooser)
  File "/home/michal/ida-7.0/python/ida_kernwin.py", line 4219, in __init__
    raise ValueError("Invalid chooser passed.")
ValueError: Invalid chooser passed.

My guess is that they made some breaking changes in the Choose interface, as seen here (give it a moment to load, it's a pretty big diff): https://github.com/idapython/src/commit/d99a89369741ce272ba792d6f087d0739a2f8ac7#diff-35a3e7c5c3a9f77d6e7f50ec29de6401R680

Doing a rough sed s/Choose2/Choose/g on the IdaForm.py seems to fix the issue, however, probably some more examination should be done ;)

I'll take a look at the idaapi form implementation and apiscout implementation and will probably report back in a few days Cheers!

danielplohmann commented 6 years ago

Hi!

Finally had time to have a look. Replacing with "Choose" indeed fixes the issue. However, address calculations still seem to be off in the result window - will have a look at this (although names are replaced correctly). Will push the fix later today. Thanks a lot for the notice!

danielplohmann commented 6 years ago

You were absolutely right, modifying the chooser to be version-aware (<700) fixed the problem! Fix was pushed a few moments ago, thanks again for your contribution!

nazywam commented 6 years ago

Awesome, thanks!