diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec
index 6ba8ce362..d6e2c42b8 100755
--- a/packages/common.vm/common.vm.nuspec
+++ b/packages/common.vm/common.vm.nuspec
@@ -2,7 +2,7 @@
common.vm
- 0.0.0.20240423
+ 0.0.0.20240424
Common libraries for VM-packages
Mandiant
diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1
index 4aa588c56..af91de97f 100755
--- a/packages/common.vm/tools/vm.common/vm.common.psm1
+++ b/packages/common.vm/tools/vm.common/vm.common.psm1
@@ -284,6 +284,54 @@ function VM-Install-Shortcut{
}
}
+function VM-Get-IDA-Plugins-Dir {
+ return New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force
+}
+
+# Downloads an IDA plugin file to the plugins directory
+function VM-Install-IDA-Plugin {
+ [CmdletBinding()]
+ [OutputType([System.Object[]])]
+ Param
+ (
+ [Parameter(Mandatory=$true)]
+ [string] $pluginName, # Example: capa_explorer.py
+ [Parameter(Mandatory=$true)]
+ [string] $pluginUrl,
+ [Parameter(Mandatory=$true)]
+ [string] $pluginSha256
+ )
+ try {
+ $pluginsDir = VM-Get-IDA-Plugins-Dir
+ $pluginPath = Join-Path $pluginsDir $pluginName
+ $packageArgs = @{
+ packageName = ${Env:ChocolateyPackageName}
+ url = $pluginUrl
+ checksum = $pluginSha256
+ checksumType = "sha256"
+ fileFullPath = $pluginPath
+ forceDownload = $true
+ }
+ Get-ChocolateyWebFile @packageArgs
+ VM-Assert-Path $pluginPath
+ } catch {
+ VM-Write-Log-Exception $_
+ }
+}
+
+# Removes an IDA plugin file from the plugins directory
+function VM-Uninstall-IDA-Plugin {
+ [CmdletBinding()]
+ [OutputType([System.Object[]])]
+ Param
+ (
+ [Parameter(Mandatory=$true)]
+ [string] $pluginName # Example: capa_explorer.py
+ )
+ $pluginPath = Join-Path VM-Get-IDA-Plugins-Dir $pluginName
+ Remove-Item $pluginPath
+}
+
# This functions returns $toolDir and $executablePath
function VM-Install-From-Zip {
[CmdletBinding()]
diff --git a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec
index 80f6ee562..60324f8f0 100755
--- a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec
+++ b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec
@@ -2,11 +2,11 @@
ida.plugin.capa.vm
- 7.0.1
+ 7.0.1.20240424
capa explorer is an IDAPython plugin that integrates capa with IDA Pro.
@mike-hunhoff, @williballenthin, @mr-tz
-
+
diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1
index 3b3e6c3e1..4e1d0eaec 100755
--- a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1
+++ b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1
@@ -3,22 +3,14 @@ Import-Module vm.common -Force -DisableNameChecking
try {
# Install plugin
+ $pluginName = "capa_explorer.py"
$pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v7.0.1/capa/ida/plugin/capa_explorer.py"
$pluginSha256 = "a9a60d9066c170c4e18366eb442f215009433bcfe277d3c6d0c4c9860824a7d3"
- $pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force
- $pluginPath = Join-Path $pluginsDir "capa_explorer.py"
- $packageArgs = @{
- packageName = ${Env:ChocolateyPackageName}
- url = $pluginUrl
- checksum = $pluginSha256
- checksumType = "sha256"
- fileFullPath = $pluginPath
- forceDownload = $true
- }
- Get-ChocolateyWebFile @packageArgs
- VM-Assert-Path $pluginPath
+ VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256
+
# Download capa rules
+ $pluginsDir = VM-Get-IDA-Plugins-Dir
$rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v7.0.1.zip"
$rulesSha256 = "f4ed60bcf342007935215ea76175dddfbcbfb3f97d95387543858e0c1ecf8bcd"
$packageArgs = @{
diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1
index 7e1619123..88ca6b57e 100755
--- a/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1
+++ b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1
@@ -1,7 +1,7 @@
$ErrorActionPreference = 'Continue'
Import-Module vm.common -Force -DisableNameChecking
-$pluginsDir = "$Env:APPDATA\Hex-Rays\IDA Pro\plugins"
+$pluginsDir = VM-Get-IDA-Plugins-Dir
# Uninstall plugin
$pluginPath = Join-Path $pluginsDir "capa_explorer.py"
diff --git a/packages/ida.plugin.sigmaker.vm/ida.plugin.sigmaker.vm.nuspec b/packages/ida.plugin.sigmaker.vm/ida.plugin.sigmaker.vm.nuspec
new file mode 100644
index 000000000..b8adaf10b
--- /dev/null
+++ b/packages/ida.plugin.sigmaker.vm/ida.plugin.sigmaker.vm.nuspec
@@ -0,0 +1,12 @@
+
+
+
+ ida.plugin.sigmaker.vm
+ 1.0.2
+ A200K
+ Signature Maker Plugin for IDA Pro 8.3.
+
+
+
+
+
diff --git a/packages/ida.plugin.sigmaker.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.sigmaker.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..2e5808cdd
--- /dev/null
+++ b/packages/ida.plugin.sigmaker.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,8 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$pluginName = 'SigMaker64.dll'
+$pluginUrl = 'https://github.com/A200K/IDA-Pro-SigMaker/releases/download/v1.0.2/SigMaker64.dll'
+$pluginSha256 = '0b44921a2fc35f13a2987fcf8830685d58f9d18bca760a9706ec4efe8b0d5d2f'
+
+VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256
diff --git a/packages/ida.plugin.sigmaker.vm/tools/chocolateyuninstall.ps1 b/packages/ida.plugin.sigmaker.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..836024964
--- /dev/null
+++ b/packages/ida.plugin.sigmaker.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,6 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$pluginName = 'SigMaker64.dll'
+VM-Uninstall-IDA-Plugin -pluginName $pluginName
+
diff --git a/scripts/test/lint.py b/scripts/test/lint.py
index 11a9c0a22..de5257e93 100644
--- a/scripts/test/lint.py
+++ b/scripts/test/lint.py
@@ -309,7 +309,7 @@ class UsesInvalidCategory(Lint):
"debloat.vm",
"dokan.vm",
"googlechrome.vm",
- "ida.plugin.capa.vm",
+ "ida.plugin",
"installer.vm",
"libraries.python2.vm",
"libraries.python3.vm",
diff --git a/scripts/utils/create_package_template.py b/scripts/utils/create_package_template.py
index 1c38da816..8d6b3f85f 100755
--- a/scripts/utils/create_package_template.py
+++ b/scripts/utils/create_package_template.py
@@ -44,7 +44,7 @@ def package_version(dependency_version):
{authors}
{description}
-
+
@@ -69,10 +69,6 @@ def package_version(dependency_version):
"""
-"""
-Needs the following format strings:
- tool_name="...", category="...", target_url="...", target_hash="...", console_app="..."
-"""
ZIP_EXE_TEMPLATE = r"""$ErrorActionPreference = 'Stop'
Import-Module vm.common -Force -DisableNameChecking
@@ -136,6 +132,20 @@ def package_version(dependency_version):
VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256
"""
+"""
+Needs the following format strings:
+ tool_name="...", target_url="...", target_hash="..."
+"""
+IDA_PLUGIN_TEMPLATE = r"""$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$pluginName = '{tool_name}'
+$pluginUrl = '{target_url}'
+$pluginSha256 = '{target_hash}'
+
+VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256
+"""
+
"""
Needs the following format strings:
tool_name="...", category="..."
@@ -162,6 +172,18 @@ def package_version(dependency_version):
VM-Remove-Tool-Shortcut $toolName $category
"""
+"""
+Needs the following format strings:
+ tool_name="..."
+"""
+IDA_PLUGIN_UNINSTALL_TEMPLATE = r"""$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$pluginName = '{tool_name}'
+VM-Uninstall-IDA-Plugin -pluginName $pluginName
+
+"""
+
def create_zip_exe_template(packages_path, **kwargs):
create_template(
@@ -228,6 +250,21 @@ def create_single_ps1_template(packages_path, **kwargs):
)
+def create_ida_plugin_template(packages_path, **kwargs):
+ create_template(
+ IDA_PLUGIN_TEMPLATE,
+ uninstall_template=IDA_PLUGIN_UNINSTALL_TEMPLATE,
+ packages_path=packages_path,
+ pkg_name=kwargs.get("pkg_name"),
+ version=kwargs.get("version"),
+ authors=kwargs.get("authors"),
+ description=kwargs.get("description"),
+ tool_name=kwargs.get("tool_name"),
+ target_url=kwargs.get("target_url"),
+ target_hash=kwargs.get("target_hash"),
+ )
+
+
def create_template(
template="",
nuspec_template=NUSPEC_TEMPLATE,
@@ -297,6 +334,20 @@ def get_script_directory():
# dict[str, dict[str, any]]
TYPES = {
+ "IDA_PLUGIN": {
+ "cb": create_ida_plugin_template,
+ "doc": "An .py or .dll file that is downloaded to the plugins directory to install it as an IDA plugin",
+ "example": "/plugin_file.dll",
+ "arguments": [
+ "pkg_name",
+ "version",
+ "authors",
+ "description",
+ "tool_name",
+ "target_url",
+ "target_hash",
+ ],
+ },
"ZIP_EXE": {
"cb": create_zip_exe_template,
"doc": "An executable tool distributed in a ZIP file",
@@ -419,7 +470,7 @@ def main(argv=None):
parser.add_argument("--pkg_name", type=str.lower, default="", help="Package name without suffix (i.e., no '.vm' needed)")
parser.add_argument("--version", type=str, default="", help="Tool's version number")
parser.add_argument("--authors", type=str, default="", help="Comma separated list of authors for tool")
- parser.add_argument("--tool_name", type=str, default="", help="Name of tool (usually the file name with the '.exe')")
+ parser.add_argument("--tool_name", type=str, default="", help="Name of tool (usually the file name with the '.exe') or plugin (the .py or .dll plugin file)")
parser.add_argument("--category", type=str, default="", choices=CATEGORIES, help="Category for tool")
parser.add_argument("--description", type=str, default="", help="Description for tool")
parser.add_argument("--dependency", type=str, default="", help="Metapackage dependency")