diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 6ba8ce362..d6e2c42b8 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20240423 + 0.0.0.20240424 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 4aa588c56..af91de97f 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -284,6 +284,54 @@ function VM-Install-Shortcut{ } } +function VM-Get-IDA-Plugins-Dir { + return New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force +} + +# Downloads an IDA plugin file to the plugins directory +function VM-Install-IDA-Plugin { + [CmdletBinding()] + [OutputType([System.Object[]])] + Param + ( + [Parameter(Mandatory=$true)] + [string] $pluginName, # Example: capa_explorer.py + [Parameter(Mandatory=$true)] + [string] $pluginUrl, + [Parameter(Mandatory=$true)] + [string] $pluginSha256 + ) + try { + $pluginsDir = VM-Get-IDA-Plugins-Dir + $pluginPath = Join-Path $pluginsDir $pluginName + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $pluginUrl + checksum = $pluginSha256 + checksumType = "sha256" + fileFullPath = $pluginPath + forceDownload = $true + } + Get-ChocolateyWebFile @packageArgs + VM-Assert-Path $pluginPath + } catch { + VM-Write-Log-Exception $_ + } +} + +# Removes an IDA plugin file from the plugins directory +function VM-Uninstall-IDA-Plugin { + [CmdletBinding()] + [OutputType([System.Object[]])] + Param + ( + [Parameter(Mandatory=$true)] + [string] $pluginName # Example: capa_explorer.py + ) + $pluginPath = Join-Path VM-Get-IDA-Plugins-Dir $pluginName + Remove-Item $pluginPath +} + # This functions returns $toolDir and $executablePath function VM-Install-From-Zip { [CmdletBinding()] diff --git a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec index 80f6ee562..60324f8f0 100755 --- a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec +++ b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec @@ -2,11 +2,11 @@ ida.plugin.capa.vm - 7.0.1 + 7.0.1.20240424 capa explorer is an IDAPython plugin that integrates capa with IDA Pro. @mike-hunhoff, @williballenthin, @mr-tz - + diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 index 3b3e6c3e1..4e1d0eaec 100755 --- a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 +++ b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 @@ -3,22 +3,14 @@ Import-Module vm.common -Force -DisableNameChecking try { # Install plugin + $pluginName = "capa_explorer.py" $pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v7.0.1/capa/ida/plugin/capa_explorer.py" $pluginSha256 = "a9a60d9066c170c4e18366eb442f215009433bcfe277d3c6d0c4c9860824a7d3" - $pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force - $pluginPath = Join-Path $pluginsDir "capa_explorer.py" - $packageArgs = @{ - packageName = ${Env:ChocolateyPackageName} - url = $pluginUrl - checksum = $pluginSha256 - checksumType = "sha256" - fileFullPath = $pluginPath - forceDownload = $true - } - Get-ChocolateyWebFile @packageArgs - VM-Assert-Path $pluginPath + VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256 + # Download capa rules + $pluginsDir = VM-Get-IDA-Plugins-Dir $rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v7.0.1.zip" $rulesSha256 = "f4ed60bcf342007935215ea76175dddfbcbfb3f97d95387543858e0c1ecf8bcd" $packageArgs = @{ diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 index 7e1619123..88ca6b57e 100755 --- a/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 +++ b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 @@ -1,7 +1,7 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking -$pluginsDir = "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" +$pluginsDir = VM-Get-IDA-Plugins-Dir # Uninstall plugin $pluginPath = Join-Path $pluginsDir "capa_explorer.py" diff --git a/packages/ida.plugin.sigmaker.vm/ida.plugin.sigmaker.vm.nuspec b/packages/ida.plugin.sigmaker.vm/ida.plugin.sigmaker.vm.nuspec new file mode 100644 index 000000000..b8adaf10b --- /dev/null +++ b/packages/ida.plugin.sigmaker.vm/ida.plugin.sigmaker.vm.nuspec @@ -0,0 +1,12 @@ + + + + ida.plugin.sigmaker.vm + 1.0.2 + A200K + Signature Maker Plugin for IDA Pro 8.3. + + + + + diff --git a/packages/ida.plugin.sigmaker.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.sigmaker.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2e5808cdd --- /dev/null +++ b/packages/ida.plugin.sigmaker.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$pluginName = 'SigMaker64.dll' +$pluginUrl = 'https://github.com/A200K/IDA-Pro-SigMaker/releases/download/v1.0.2/SigMaker64.dll' +$pluginSha256 = '0b44921a2fc35f13a2987fcf8830685d58f9d18bca760a9706ec4efe8b0d5d2f' + +VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256 diff --git a/packages/ida.plugin.sigmaker.vm/tools/chocolateyuninstall.ps1 b/packages/ida.plugin.sigmaker.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..836024964 --- /dev/null +++ b/packages/ida.plugin.sigmaker.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,6 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$pluginName = 'SigMaker64.dll' +VM-Uninstall-IDA-Plugin -pluginName $pluginName + diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 11a9c0a22..de5257e93 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -309,7 +309,7 @@ class UsesInvalidCategory(Lint): "debloat.vm", "dokan.vm", "googlechrome.vm", - "ida.plugin.capa.vm", + "ida.plugin", "installer.vm", "libraries.python2.vm", "libraries.python3.vm", diff --git a/scripts/utils/create_package_template.py b/scripts/utils/create_package_template.py index 1c38da816..8d6b3f85f 100755 --- a/scripts/utils/create_package_template.py +++ b/scripts/utils/create_package_template.py @@ -44,7 +44,7 @@ def package_version(dependency_version): {authors} {description} - + @@ -69,10 +69,6 @@ def package_version(dependency_version): """ -""" -Needs the following format strings: - tool_name="...", category="...", target_url="...", target_hash="...", console_app="..." -""" ZIP_EXE_TEMPLATE = r"""$ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking @@ -136,6 +132,20 @@ def package_version(dependency_version): VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 """ +""" +Needs the following format strings: + tool_name="...", target_url="...", target_hash="..." +""" +IDA_PLUGIN_TEMPLATE = r"""$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$pluginName = '{tool_name}' +$pluginUrl = '{target_url}' +$pluginSha256 = '{target_hash}' + +VM-Install-IDA-Plugin -pluginName $pluginName -pluginUrl $pluginUrl -pluginSha256 $pluginSha256 +""" + """ Needs the following format strings: tool_name="...", category="..." @@ -162,6 +172,18 @@ def package_version(dependency_version): VM-Remove-Tool-Shortcut $toolName $category """ +""" +Needs the following format strings: + tool_name="..." +""" +IDA_PLUGIN_UNINSTALL_TEMPLATE = r"""$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$pluginName = '{tool_name}' +VM-Uninstall-IDA-Plugin -pluginName $pluginName + +""" + def create_zip_exe_template(packages_path, **kwargs): create_template( @@ -228,6 +250,21 @@ def create_single_ps1_template(packages_path, **kwargs): ) +def create_ida_plugin_template(packages_path, **kwargs): + create_template( + IDA_PLUGIN_TEMPLATE, + uninstall_template=IDA_PLUGIN_UNINSTALL_TEMPLATE, + packages_path=packages_path, + pkg_name=kwargs.get("pkg_name"), + version=kwargs.get("version"), + authors=kwargs.get("authors"), + description=kwargs.get("description"), + tool_name=kwargs.get("tool_name"), + target_url=kwargs.get("target_url"), + target_hash=kwargs.get("target_hash"), + ) + + def create_template( template="", nuspec_template=NUSPEC_TEMPLATE, @@ -297,6 +334,20 @@ def get_script_directory(): # dict[str, dict[str, any]] TYPES = { + "IDA_PLUGIN": { + "cb": create_ida_plugin_template, + "doc": "An .py or .dll file that is downloaded to the plugins directory to install it as an IDA plugin", + "example": "/plugin_file.dll", + "arguments": [ + "pkg_name", + "version", + "authors", + "description", + "tool_name", + "target_url", + "target_hash", + ], + }, "ZIP_EXE": { "cb": create_zip_exe_template, "doc": "An executable tool distributed in a ZIP file", @@ -419,7 +470,7 @@ def main(argv=None): parser.add_argument("--pkg_name", type=str.lower, default="", help="Package name without suffix (i.e., no '.vm' needed)") parser.add_argument("--version", type=str, default="", help="Tool's version number") parser.add_argument("--authors", type=str, default="", help="Comma separated list of authors for tool") - parser.add_argument("--tool_name", type=str, default="", help="Name of tool (usually the file name with the '.exe')") + parser.add_argument("--tool_name", type=str, default="", help="Name of tool (usually the file name with the '.exe') or plugin (the .py or .dll plugin file)") parser.add_argument("--category", type=str, default="", choices=CATEGORIES, help="Category for tool") parser.add_argument("--description", type=str, default="", help="Description for tool") parser.add_argument("--dependency", type=str, default="", help="Metapackage dependency")