search

mandiant / flare-ida

IDA Pro utilities from FLARE team
Apache License 2.0
2.24k stars 465 forks source link

shellcode_hash_search.py has some logic errors #94

Closed OevreFlataeker closed 3 years ago

OevreFlataeker commented 4 years ago

Manually executing shellcode_hash_search on IDA7.5 and Python3 shows some logic problems:

In promptForSearchTypes()

if using_ida7api:
            if idaapi.ASKBTN_YES == idaapi.ask_yn(idaapi.ASKBTN_YES, str('Search for DWORD array of hashes?')):
                self.params.searchDwordArray = True
            if idaapi.ASKBTN_YES == idaapi.ask_yn(idaapi.ASKBTN_YES, str('Search for DWORD array of hashes?')):
                self.params.searchDwordArray = True
        else:
            if idc.AskYN(1, str('Search for push argument hash value?')) == 1:
                self.params.searchPushArgs = True
            if idc.AskYN(1, str('Search for DWORD array of hashes?')) == 1:
                self.params.searchDwordArray = True

I presume the first call should ask for push arguments and set searchPushArgs accordingly.

def promptForHashTypes()

hashTypes = self.dbstore.getAllHashTypes() if len(self.params.hashTypes) == 0: raise RuntimeError('No hashes selected')

we used to prompt y/n for each one. too obnoxious, just force all hashes

    self.params.hashTypes = hashTypes

This code will always raise an exception as self.params.hashTypes is always 0 in this case

Will do a fork and fix the code and set a pull request if you'd like

mr-tz commented 3 years ago

closed via #95