Skip to content

Commit

Permalink
Merge pull request #1013 from Ana06/IDA_puglins
Browse files Browse the repository at this point in the history
Add IDA plugins helper functions & templates to script
  • Loading branch information
Ana06 authored Apr 25, 2024
2 parents c4a89dd + 2f5360b commit 1412a5a
Show file tree
Hide file tree
Showing 10 changed files with 140 additions and 23 deletions.
2 changes: 1 addition & 1 deletion packages/common.vm/common.vm.nuspec
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
<metadata>
<id>common.vm</id>
<version>0.0.0.20240423</version>
<version>0.0.0.20240424</version>
<description>Common libraries for VM-packages</description>
<authors>Mandiant</authors>
</metadata>
Expand Down
48 changes: 48 additions & 0 deletions packages/common.vm/tools/vm.common/vm.common.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -284,6 +284,54 @@ function VM-Install-Shortcut{
}
}

function VM-Get-IDA-Plugins-Dir {
return New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force
}

# Downloads an IDA plugin file to the plugins directory
function VM-Install-IDA-Plugin {
[CmdletBinding()]
[OutputType([System.Object[]])]
Param
(
[Parameter(Mandatory=$true)]
[string] $pluginName, # Example: capa_explorer.py
[Parameter(Mandatory=$true)]
[string] $pluginUrl,
[Parameter(Mandatory=$true)]
[string] $pluginSha256
)
try {
$pluginsDir = VM-Get-IDA-Plugins-Dir
$pluginPath = Join-Path $pluginsDir $pluginName
$packageArgs = @{
packageName = ${Env:ChocolateyPackageName}
url = $pluginUrl
checksum = $pluginSha256
checksumType = "sha256"
fileFullPath = $pluginPath
forceDownload = $true
}
Get-ChocolateyWebFile @packageArgs
VM-Assert-Path $pluginPath
} catch {
VM-Write-Log-Exception $_
}
}

# Removes an IDA plugin file from the plugins directory
function VM-Uninstall-IDA-Plugin {
[CmdletBinding()]
[OutputType([System.Object[]])]
Param
(
[Parameter(Mandatory=$true)]
[string] $pluginName # Example: capa_explorer.py
)
$pluginPath = Join-Path VM-Get-IDA-Plugins-Dir $pluginName
Remove-Item $pluginPath
}

# This functions returns $toolDir and $executablePath
function VM-Install-From-Zip {
[CmdletBinding()]
Expand Down
4 changes: 2 additions & 2 deletions packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
<metadata>
<id>ida.plugin.capa.vm</id>
<version>7.0.1</version>
<version>7.0.1.20240424</version>
<description>capa explorer is an IDAPython plugin that integrates capa with IDA Pro.</description>
<authors>@mike-hunhoff, @williballenthin, @mr-tz</authors>
<dependencies>
<dependency id="common.vm" />
<dependency id="common.vm" version="0.0.0.20240424" />
<dependency id="libraries.python3.vm" version="0.0.0.20230927" />
</dependencies>
</metadata>
Expand Down
16 changes: 4 additions & 12 deletions packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,14 @@ Import-Module vm.common -Force -DisableNameChecking

try {
# Install plugin
$pluginName = "capa_explorer.py"
$pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v7.0.1/capa/ida/plugin/capa_explorer.py"
$pluginSha256 = "a9a60d9066c170c4e18366eb442f215009433bcfe277d3c6d0c4c9860824a7d3"
$pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force
$pluginPath = Join-Path $pluginsDir "capa_explorer.py"
$packageArgs = @{
packageName = ${Env:ChocolateyPackageName}
url = $pluginUrl
checksum = $pluginSha256
checksumType = "sha256"
fileFullPath = $pluginPath
forceDownload = $true
}
Get-ChocolateyWebFile @packageArgs
VM-Assert-Path $pluginPath
VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256


# Download capa rules
$pluginsDir = VM-Get-IDA-Plugins-Dir
$rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v7.0.1.zip"
$rulesSha256 = "f4ed60bcf342007935215ea76175dddfbcbfb3f97d95387543858e0c1ecf8bcd"
$packageArgs = @{
Expand Down
2 changes: 1 addition & 1 deletion packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
$ErrorActionPreference = 'Continue'
Import-Module vm.common -Force -DisableNameChecking

$pluginsDir = "$Env:APPDATA\Hex-Rays\IDA Pro\plugins"
$pluginsDir = VM-Get-IDA-Plugins-Dir

# Uninstall plugin
$pluginPath = Join-Path $pluginsDir "capa_explorer.py"
Expand Down
12 changes: 12 additions & 0 deletions packages/ida.plugin.sigmaker.vm/ida.plugin.sigmaker.vm.nuspec
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
<metadata>
<id>ida.plugin.sigmaker.vm</id>
<version>1.0.2</version>
<authors>A200K</authors>
<description>Signature Maker Plugin for IDA Pro 8.3.</description>
<dependencies>
<dependency id="common.vm" version="0.0.0.20240424" />
</dependencies>
</metadata>
</package>
8 changes: 8 additions & 0 deletions packages/ida.plugin.sigmaker.vm/tools/chocolateyinstall.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
$ErrorActionPreference = 'Stop'
Import-Module vm.common -Force -DisableNameChecking

$pluginName = 'SigMaker64.dll'
$pluginUrl = 'https://github.com/A200K/IDA-Pro-SigMaker/releases/download/v1.0.2/SigMaker64.dll'
$pluginSha256 = '0b44921a2fc35f13a2987fcf8830685d58f9d18bca760a9706ec4efe8b0d5d2f'

VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256
6 changes: 6 additions & 0 deletions packages/ida.plugin.sigmaker.vm/tools/chocolateyuninstall.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
$ErrorActionPreference = 'Continue'
Import-Module vm.common -Force -DisableNameChecking

$pluginName = 'SigMaker64.dll'
VM-Uninstall-IDA-Plugin -pluginName $pluginName

2 changes: 1 addition & 1 deletion scripts/test/lint.py
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,7 @@ class UsesInvalidCategory(Lint):
"debloat.vm",
"dokan.vm",
"googlechrome.vm",
"ida.plugin.capa.vm",
"ida.plugin",
"installer.vm",
"libraries.python2.vm",
"libraries.python3.vm",
Expand Down
63 changes: 57 additions & 6 deletions scripts/utils/create_package_template.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def package_version(dependency_version):
<authors>{authors}</authors>
<description>{description}</description>
<dependencies>
<dependency id="common.vm" />
<dependency id="common.vm" version="0.0.0.20240424" />
</dependencies>
</metadata>
</package>
Expand All @@ -69,10 +69,6 @@ def package_version(dependency_version):
</package>
"""

"""
Needs the following format strings:
tool_name="...", category="...", target_url="...", target_hash="...", console_app="..."
"""
ZIP_EXE_TEMPLATE = r"""$ErrorActionPreference = 'Stop'
Import-Module vm.common -Force -DisableNameChecking
Expand Down Expand Up @@ -136,6 +132,20 @@ def package_version(dependency_version):
VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256
"""

"""
Needs the following format strings:
tool_name="...", target_url="...", target_hash="..."
"""
IDA_PLUGIN_TEMPLATE = r"""$ErrorActionPreference = 'Stop'
Import-Module vm.common -Force -DisableNameChecking
$pluginName = '{tool_name}'
$pluginUrl = '{target_url}'
$pluginSha256 = '{target_hash}'
VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256
"""

"""
Needs the following format strings:
tool_name="...", category="..."
Expand All @@ -162,6 +172,18 @@ def package_version(dependency_version):
VM-Remove-Tool-Shortcut $toolName $category
"""

"""
Needs the following format strings:
tool_name="..."
"""
IDA_PLUGIN_UNINSTALL_TEMPLATE = r"""$ErrorActionPreference = 'Continue'
Import-Module vm.common -Force -DisableNameChecking
$pluginName = '{tool_name}'
VM-Uninstall-IDA-Plugin -pluginName $pluginName
"""


def create_zip_exe_template(packages_path, **kwargs):
create_template(
Expand Down Expand Up @@ -228,6 +250,21 @@ def create_single_ps1_template(packages_path, **kwargs):
)


def create_ida_plugin_template(packages_path, **kwargs):
create_template(
IDA_PLUGIN_TEMPLATE,
uninstall_template=IDA_PLUGIN_UNINSTALL_TEMPLATE,
packages_path=packages_path,
pkg_name=kwargs.get("pkg_name"),
version=kwargs.get("version"),
authors=kwargs.get("authors"),
description=kwargs.get("description"),
tool_name=kwargs.get("tool_name"),
target_url=kwargs.get("target_url"),
target_hash=kwargs.get("target_hash"),
)


def create_template(
template="",
nuspec_template=NUSPEC_TEMPLATE,
Expand Down Expand Up @@ -297,6 +334,20 @@ def get_script_directory():

# dict[str, dict[str, any]]
TYPES = {
"IDA_PLUGIN": {
"cb": create_ida_plugin_template,
"doc": "An .py or .dll file that is downloaded to the plugins directory to install it as an IDA plugin",
"example": "<url>/plugin_file.dll",
"arguments": [
"pkg_name",
"version",
"authors",
"description",
"tool_name",
"target_url",
"target_hash",
],
},
"ZIP_EXE": {
"cb": create_zip_exe_template,
"doc": "An executable tool distributed in a ZIP file",
Expand Down Expand Up @@ -419,7 +470,7 @@ def main(argv=None):
parser.add_argument("--pkg_name", type=str.lower, default="", help="Package name without suffix (i.e., no '.vm' needed)")
parser.add_argument("--version", type=str, default="", help="Tool's version number")
parser.add_argument("--authors", type=str, default="", help="Comma separated list of authors for tool")
parser.add_argument("--tool_name", type=str, default="", help="Name of tool (usually the file name with the '.exe')")
parser.add_argument("--tool_name", type=str, default="", help="Name of tool (usually the file name with the '.exe') or plugin (the .py or .dll plugin file)")
parser.add_argument("--category", type=str, default="", choices=CATEGORIES, help="Category for tool")
parser.add_argument("--description", type=str, default="", help="Description for tool")
parser.add_argument("--dependency", type=str, default="", help="Metapackage dependency")
Expand Down

0 comments on commit 1412a5a

Please sign in to comment.