1

xpko · Feb 26, 2025 · 2aff213 · 2aff213
1 parent ebcc6a8
commit 2aff213
Show file tree

Hide file tree

Showing 4 changed files with 432 additions and 1 deletion.
diff --git a/IDA/ida9.0/plugins/collect_function_pseudocode.py b/IDA/ida9.0/plugins/collect_function_pseudocode.py
@@ -0,0 +1,133 @@
+
+from PyQt5.QtWidgets import QApplication
+
+import idaapi
+import idautils
+import idc
+
+
+# from: https://github.com/igogo-x86/HexRaysPyTools
+class ActionManager(object):
+    def __init__(self):
+        self.__actions = []
+
+    def register(self, action):
+        self.__actions.append(action)
+        idaapi.register_action(
+            idaapi.action_desc_t(action.name, action.description, action, action.hotkey)
+        )
+
+    def initialize(self):
+        pass
+
+    def finalize(self):
+        for action in self.__actions:
+            idaapi.unregister_action(action.name)
+
+
+action_manager = ActionManager()
+
+
+visited = set()
+
+def collect_function_pseudocode(func_ea, visited):
+    if func_ea in visited:
+        return ""
+    visited.add(func_ea)
+
+    cfunc = idaapi.decompile(func_ea)
+    if not cfunc:
+        return "Cannot decompile function at 0x{:X}\n".format(func_ea)
+
+    code_str = ""
+    code_str += "=================================================\n"
+    code_str += "Function at 0x{:X}:\n".format(func_ea)
+    code_str += str(cfunc)  
+    code_str += "\n=================================================\n\n"
+
+    func_obj = idaapi.get_func(func_ea)
+    if not func_obj:
+        return code_str
+
+    flowchart = idaapi.FlowChart(func_obj)
+    for block in flowchart:
+        for head in idautils.Heads(block.start_ea, block.end_ea):
+            # 使用 IDA 提供的API判断是否是函数调用指令（多架构通用）
+            if idaapi.is_call_insn(head):
+                call_target = idc.get_operand_value(head, 0)
+                # 如果IDA能够识别call目标并确定它在函数列表里
+                if call_target and idaapi.get_func(call_target):
+                    code_str += collect_function_pseudocode(call_target, visited)
+
+    return code_str
+
+class Action(idaapi.action_handler_t):
+    """
+    Convenience wrapper with name property allowing to be registered in IDA using ActionManager
+    """
+    description = None
+    hotkey = None
+
+    def __init__(self):
+        super(Action, self).__init__()
+
+    @property
+    def name(self):
+        return "collect_function_pseudocode:" + type(self).__name__
+
+    def activate(self, ctx):
+        # type: (idaapi.action_activation_ctx_t) -> None
+        raise NotImplementedError
+
+    def update(self, ctx):
+        # type: (idaapi.action_activation_ctx_t) -> None
+        raise NotImplementedError
+
+
+
+class CFPMenuAction(Action):
+    TopDescription = "collect_function_pseudocode"
+
+    def __init__(self):
+        super(CFPMenuAction, self).__init__()
+
+    def activate(self, ctx) -> None:
+        raise NotImplemented
+
+    def update(self, ctx) -> None:
+        if ctx.form_type == idaapi.BWN_FUNCS or ctx.form_type == idaapi.BWN_PSEUDOCODE or ctx.form_type == idaapi.BWN_DISASM:
+            idaapi.attach_action_to_popup(ctx.widget, None, self.name, self.TopDescription + "/")
+            return idaapi.AST_ENABLE_FOR_WIDGET
+        return idaapi.AST_DISABLE_FOR_WIDGET
+
+
+class GenerateFridaHookScript(CFPMenuAction):
+    description = "Generate Func Code on current func"
+
+    def __init__(self):
+        super(GenerateFridaHookScript, self).__init__()
+
+    def activate(self, ctx):
+        main()
+
+
+def main():
+    start_ea = idc.here()
+    func = idaapi.get_func(start_ea)
+    if not func:
+        print("No function found at 0x{:X}".format(start_ea))
+        return
+    full_code = collect_function_pseudocode(func.start_ea, visited)
+    print(full_code)
+    try:
+        QApplication.clipboard().setText(full_code)
+        print("The generated func code has been copied to the clipboard!")
+    except Exception as e:
+        print(e)
+
+if __name__ == '__main__':
+    main()
+
+action_manager.register(GenerateFridaHookScript())
+
+
diff --git a/iOS/lldb/利用Frida实现在LLDB Spawn方式调试iOS进程时可以获取进程模块列表.md b/iOS/lldb/利用Frida实现在LLDB Spawn方式调试iOS进程时可以获取进程模块列表.md
@@ -0,0 +1,18 @@
+# 利用Frida实现在LLDB Spawn方式调试iOS进程时可以获取进程模块列表
+
+```shell
+frida -Uf <package_name> --pause
+```
+
+```
+debugserver 127.0.0.1:1234 --attach=575 
+```
+
+```
+%resume
+```
+
+```
+lldb
+```
+
diff --git a/iOS/越狱/palera1n/readme.md b/iOS/越狱/palera1n/readme.md
@@ -31,7 +31,7 @@
 
 * Type-C转Lightning和PD快充线支持吗？
 
-  不支持
+  不支持? 我实际测试支持的啊，难道是第一次不行，后续第二次以后可以
 # 参考
 - [Installing palera1n](https://ios.cfw.guide/installing-palera1n/#running-palera1n-1)
 - [Palera1n越狱简体中文，iOS15.0~16.7越狱支持Mac/Linux/U盘多平台](https://dkxuanye.cn/?p=6813)