ida-pro-mcp-xjoker 1.0.1__py3-none-any.whl

ida_pro_mcp/ida_mcp/api_python.py

@@ -0,0 +1,179 @@
+from typing import Annotated
+import ast
+import io
+import sys
+import idaapi
+import idc
+import ida_bytes
+import ida_dbg
+import ida_entry
+import ida_frame
+import ida_funcs
+import ida_hexrays
+import ida_ida
+import ida_kernwin
+import ida_lines
+import ida_nalt
+import ida_name
+import ida_segment
+import ida_typeinf
+import ida_xref
+
+from .rpc import tool, unsafe
+from .sync import idasync
+from .utils import parse_address, get_function
+
+# ============================================================================
+# Python Evaluation
+# ============================================================================
+
+
+@tool
+@idasync
+@unsafe
+def py_eval(
+    code: Annotated[str, "Python code"],
+) -> dict:
+    """Execute Python code in IDA context.
+    Returns dict with result/stdout/stderr.
+    Has access to all IDA API modules.
+    Supports Jupyter-style evaluation."""
+    # Capture stdout/stderr
+    stdout_capture = io.StringIO()
+    stderr_capture = io.StringIO()
+    old_stdout = sys.stdout
+    old_stderr = sys.stderr
+
+    try:
+        sys.stdout = stdout_capture
+        sys.stderr = stderr_capture
+
+        # Create execution context with IDA modules (lazy import to avoid errors)
+        def lazy_import(module_name):
+            try:
+                return __import__(module_name)
+            except Exception:
+                return None
+
+        exec_globals = {
+            "__builtins__": __builtins__,
+            "idaapi": idaapi,
+            "idc": idc,
+            "idautils": lazy_import("idautils"),
+            "ida_allins": lazy_import("ida_allins"),
+            "ida_auto": lazy_import("ida_auto"),
+            "ida_bitrange": lazy_import("ida_bitrange"),
+            "ida_bytes": ida_bytes,
+            "ida_dbg": ida_dbg,
+            "ida_dirtree": lazy_import("ida_dirtree"),
+            "ida_diskio": lazy_import("ida_diskio"),
+            "ida_entry": ida_entry,
+            "ida_expr": lazy_import("ida_expr"),
+            "ida_fixup": lazy_import("ida_fixup"),
+            "ida_fpro": lazy_import("ida_fpro"),
+            "ida_frame": ida_frame,
+            "ida_funcs": ida_funcs,
+            "ida_gdl": lazy_import("ida_gdl"),
+            "ida_graph": lazy_import("ida_graph"),
+            "ida_hexrays": ida_hexrays,
+            "ida_ida": ida_ida,
+            "ida_idd": lazy_import("ida_idd"),
+            "ida_idp": lazy_import("ida_idp"),
+            "ida_ieee": lazy_import("ida_ieee"),
+            "ida_kernwin": ida_kernwin,
+            "ida_libfuncs": lazy_import("ida_libfuncs"),
+            "ida_lines": ida_lines,
+            "ida_loader": lazy_import("ida_loader"),
+            "ida_merge": lazy_import("ida_merge"),
+            "ida_mergemod": lazy_import("ida_mergemod"),
+            "ida_moves": lazy_import("ida_moves"),
+            "ida_nalt": ida_nalt,
+            "ida_name": ida_name,
+            "ida_netnode": lazy_import("ida_netnode"),
+            "ida_offset": lazy_import("ida_offset"),
+            "ida_pro": lazy_import("ida_pro"),
+            "ida_problems": lazy_import("ida_problems"),
+            "ida_range": lazy_import("ida_range"),
+            "ida_regfinder": lazy_import("ida_regfinder"),
+            "ida_registry": lazy_import("ida_registry"),
+            "ida_search": lazy_import("ida_search"),
+            "ida_segment": ida_segment,
+            "ida_segregs": lazy_import("ida_segregs"),
+            "ida_srclang": lazy_import("ida_srclang"),
+            "ida_strlist": lazy_import("ida_strlist"),
+            "ida_struct": lazy_import("ida_struct"),
+            "ida_tryblks": lazy_import("ida_tryblks"),
+            "ida_typeinf": ida_typeinf,
+            "ida_ua": lazy_import("ida_ua"),
+            "ida_undo": lazy_import("ida_undo"),
+            "ida_xref": ida_xref,
+            "ida_enum": lazy_import("ida_enum"),
+            "parse_address": parse_address,
+            "get_function": get_function,
+        }
+
+        result_value = None
+        exec_locals = {}
+
+        # Parse code with AST to properly handle execution
+        try:
+            tree = ast.parse(code)
+        except SyntaxError:
+            # If parsing fails, fall back to direct exec
+            exec(code, exec_globals, exec_locals)
+            exec_globals.update(exec_locals)
+            if "result" in exec_locals:
+                result_value = str(exec_locals["result"])
+            elif exec_locals:
+                last_key = list(exec_locals.keys())[-1]
+                result_value = str(exec_locals[last_key])
+        else:
+            if not tree.body:
+                # Empty code
+                pass
+            elif len(tree.body) == 1 and isinstance(tree.body[0], ast.Expr):
+                # Single expression - use eval
+                result_value = str(eval(code, exec_globals))
+            elif isinstance(tree.body[-1], ast.Expr):
+                # Multiple statements, last one is an expression (Jupyter-style)
+                # Execute all statements except the last
+                if len(tree.body) > 1:
+                    exec_tree = ast.Module(body=tree.body[:-1], type_ignores=[])
+                    exec(compile(exec_tree, "<string>", "exec"), exec_globals, exec_locals)
+                    exec_globals.update(exec_locals)
+                # Eval only the last expression
+                eval_tree = ast.Expression(body=tree.body[-1].value)
+                result_value = str(eval(compile(eval_tree, "<string>", "eval"), exec_globals))
+            else:
+                # All statements (no trailing expression)
+                exec(code, exec_globals, exec_locals)
+                exec_globals.update(exec_locals)
+                # Return 'result' variable if explicitly set
+                if "result" in exec_locals:
+                    result_value = str(exec_locals["result"])
+                # Return last assigned variable
+                elif exec_locals:
+                    last_key = list(exec_locals.keys())[-1]
+                    result_value = str(exec_locals[last_key])
+
+        # Collect output
+        stdout_text = stdout_capture.getvalue()
+        stderr_text = stderr_capture.getvalue()
+
+        return {
+            "result": result_value or "",
+            "stdout": stdout_text,
+            "stderr": stderr_text,
+        }
+
+    except Exception:
+        import traceback
+
+        return {
+            "result": "",
+            "stdout": "",
+            "stderr": traceback.format_exc(),
+        }
+    finally:
+        sys.stdout = old_stdout
+        sys.stderr = old_stderr

ida_pro_mcp/ida_mcp/api_resources.py

@@ -0,0 +1,295 @@
+"""MCP Resources - browsable IDB state
+
+Resources represent browsable state (read-only data) following MCP's philosophy.
+Use tools for actions that modify state or perform expensive computations.
+"""
+
+from typing import Annotated
+
+import ida_funcs
+import ida_nalt
+import ida_segment
+import ida_typeinf
+import idaapi
+import idautils
+import idc
+
+from .rpc import resource
+from .sync import idasync
+from .utils import (
+    Metadata,
+    Segment,
+    StructureDefinition,
+    StructureMember,
+    get_image_size,
+    parse_address,
+)
+
+
+# ============================================================================
+# Core IDB State
+# ============================================================================
+
+
+@resource("ida://idb/metadata")
+@idasync
+def idb_metadata_resource() -> Metadata:
+    """Get IDB file metadata (path, arch, base address, size, hashes)"""
+    import hashlib
+
+    path = idc.get_idb_path()
+    module = ida_nalt.get_root_filename()
+    base = hex(idaapi.get_imagebase())
+    size = hex(get_image_size())
+
+    input_path = ida_nalt.get_input_file_path()
+    try:
+        with open(input_path, "rb") as f:
+            data = f.read()
+        md5 = hashlib.md5(data).hexdigest()
+        sha256 = hashlib.sha256(data).hexdigest()
+        import zlib
+
+        crc32 = hex(zlib.crc32(data) & 0xFFFFFFFF)
+        filesize = hex(len(data))
+    except Exception:
+        md5 = sha256 = crc32 = filesize = "unavailable"
+
+    return Metadata(
+        path=path,
+        module=module,
+        base=base,
+        size=size,
+        md5=md5,
+        sha256=sha256,
+        crc32=crc32,
+        filesize=filesize,
+    )
+
+
+@resource("ida://idb/segments")
+@idasync
+def idb_segments_resource() -> list[Segment]:
+    """Get all memory segments with permissions"""
+    segments = []
+    for seg_ea in idautils.Segments():
+        seg = idaapi.getseg(seg_ea)
+        if seg:
+            perms = []
+            if seg.perm & idaapi.SEGPERM_READ:
+                perms.append("r")
+            if seg.perm & idaapi.SEGPERM_WRITE:
+                perms.append("w")
+            if seg.perm & idaapi.SEGPERM_EXEC:
+                perms.append("x")
+
+            segments.append(
+                Segment(
+                    name=ida_segment.get_segm_name(seg),
+                    start=hex(seg.start_ea),
+                    end=hex(seg.end_ea),
+                    size=hex(seg.size()),
+                    permissions="".join(perms) if perms else "---",
+                )
+            )
+    return segments
+
+
+@resource("ida://idb/entrypoints")
+@idasync
+def idb_entrypoints_resource() -> list[dict]:
+    """Get entry points (main, TLS callbacks, etc.)"""
+    entrypoints = []
+    entry_count = ida_nalt.get_entry_qty()
+    for i in range(entry_count):
+        ordinal = ida_nalt.get_entry_ordinal(i)
+        ea = ida_nalt.get_entry(ordinal)
+        name = ida_nalt.get_entry_name(ordinal)
+        entrypoints.append({"addr": hex(ea), "name": name, "ordinal": ordinal})
+    return entrypoints
+
+
+# ============================================================================
+# UI State
+# ============================================================================
+
+
+@resource("ida://cursor")
+@idasync
+def cursor_resource() -> dict:
+    """Get current cursor position and function"""
+    import ida_kernwin
+
+    ea = ida_kernwin.get_screen_ea()
+    func = idaapi.get_func(ea)
+
+    result = {"addr": hex(ea)}
+    if func:
+        try:
+            func_name = func.get_name()
+        except AttributeError:
+            func_name = ida_funcs.get_func_name(func.start_ea)
+
+        result["function"] = {
+            "addr": hex(func.start_ea),
+            "name": func_name,
+        }
+
+    return result
+
+
+@resource("ida://selection")
+@idasync
+def selection_resource() -> dict:
+    """Get current selection range (if any)"""
+    import ida_kernwin
+
+    start = ida_kernwin.read_range_selection(None)
+    if start:
+        return {"start": hex(start[0]), "end": hex(start[1]) if start[1] else None}
+    return {"selection": None}
+
+
+# ============================================================================
+# Type Information
+# ============================================================================
+
+
+@resource("ida://types")
+@idasync
+def types_resource() -> list[dict]:
+    """Get all local types"""
+    types = []
+    for ordinal in range(1, ida_typeinf.get_ordinal_qty(None)):
+        tif = ida_typeinf.tinfo_t()
+        if tif.get_numbered_type(None, ordinal):
+            name = tif.get_type_name()
+            types.append({"ordinal": ordinal, "name": name, "type": str(tif)})
+    return types
+
+
+@resource("ida://structs")
+@idasync
+def structs_resource() -> list[dict]:
+    """Get all structures/unions"""
+    structs = []
+    limit = ida_typeinf.get_ordinal_limit()
+    for ordinal in range(1, limit):
+        tif = ida_typeinf.tinfo_t()
+        if tif.get_numbered_type(None, ordinal) and tif.is_udt():
+            udt_data = ida_typeinf.udt_type_data_t()
+            is_union = False
+            if tif.get_udt_details(udt_data):
+                is_union = udt_data.is_union
+            structs.append(
+                {
+                    "name": tif.get_type_name(),
+                    "size": hex(tif.get_size()),
+                    "is_union": is_union,
+                }
+            )
+    return structs
+
+
+@resource("ida://struct/{name}")
+@idasync
+def struct_name_resource(name: Annotated[str, "Structure name"]) -> dict:
+    """Get structure definition with fields"""
+    tif = ida_typeinf.tinfo_t()
+    if not tif.get_named_type(None, name):
+        return {"error": f"Structure not found: {name}"}
+
+    if not tif.is_udt():
+        return {"error": f"'{name}' is not a structure/union"}
+
+    udt_data = ida_typeinf.udt_type_data_t()
+    if not tif.get_udt_details(udt_data):
+        return {"error": f"Failed to get struct details for '{name}'"}
+
+    members = []
+    for member in udt_data:
+        members.append(
+            StructureMember(
+                name=member.name,
+                offset=hex(member.offset // 8),
+                size=hex(member.size // 8),
+                type=str(member.type),
+            )
+        )
+
+    return StructureDefinition(name=name, size=hex(tif.get_size()), members=members)
+
+
+# ============================================================================
+# Import/Export Lookup by Name
+# ============================================================================
+
+
+@resource("ida://import/{name}")
+@idasync
+def import_name_resource(name: Annotated[str, "Import name"]) -> dict:
+    """Get specific import details by name"""
+    nimps = ida_nalt.get_import_module_qty()
+    for i in range(nimps):
+        module = ida_nalt.get_import_module_name(i)
+        result = {}
+
+        def callback(ea, imp_name, ordinal):
+            if imp_name == name or f"ord_{ordinal}" == name:
+                result.update(
+                    {
+                        "addr": hex(ea),
+                        "name": imp_name or f"ord_{ordinal}",
+                        "module": module,
+                        "ordinal": ordinal,
+                    }
+                )
+                return False  # Stop enumeration
+            return True
+
+        ida_nalt.enum_import_names(i, callback)
+        if result:
+            return result
+
+    return {"error": f"Import not found: {name}"}
+
+
+@resource("ida://export/{name}")
+@idasync
+def export_name_resource(name: Annotated[str, "Export name"]) -> dict:
+    """Get specific export details by name"""
+    entry_count = ida_nalt.get_entry_qty()
+    for i in range(entry_count):
+        ordinal = ida_nalt.get_entry_ordinal(i)
+        ea = ida_nalt.get_entry(ordinal)
+        entry_name = ida_nalt.get_entry_name(ordinal)
+
+        if entry_name == name:
+            return {
+                "addr": hex(ea),
+                "name": entry_name,
+                "ordinal": ordinal,
+            }
+
+    return {"error": f"Export not found: {name}"}
+
+
+# ============================================================================
+# Cross-references
+# ============================================================================
+
+
+@resource("ida://xrefs/from/{addr}")
+@idasync
+def xrefs_from_resource(addr: Annotated[str, "Source address"]) -> list[dict]:
+    """Get cross-references from address"""
+    ea = parse_address(addr)
+    xrefs = []
+    for xref in idautils.XrefsFrom(ea, 0):
+        xrefs.append(
+            {
+                "addr": hex(xref.to),
+                "type": "code" if xref.iscode else "data",
+            }
+        )
+    return xrefs

ida_pro_mcp/ida_mcp/api_stack.py

@@ -0,0 +1,167 @@
+"""Stack frame operations for IDA Pro MCP.
+
+This module provides batch operations for managing stack frame variables,
+including reading, creating, and deleting stack variables in functions.
+"""
+
+from typing import Annotated
+import ida_typeinf
+import ida_frame
+import idaapi
+
+from .rpc import tool
+from .sync import idasync
+from .utils import (
+    normalize_list_input,
+    normalize_dict_list,
+    parse_address,
+    get_type_by_name,
+    StackVarDecl,
+    StackVarDelete,
+    get_stack_frame_variables_internal,
+)
+
+
+# ============================================================================
+# Stack Frame Operations
+# ============================================================================
+
+
+@tool
+@idasync
+def stack_frame(addrs: Annotated[list[str] | str, "Address(es)"]) -> list[dict]:
+    """Get stack vars"""
+    addrs = normalize_list_input(addrs)
+    results = []
+
+    for addr in addrs:
+        try:
+            ea = parse_address(addr)
+            vars = get_stack_frame_variables_internal(ea, True)
+            results.append({"addr": addr, "vars": vars})
+        except Exception as e:
+            results.append({"addr": addr, "vars": None, "error": str(e)})
+
+    return results
+
+
+@tool
+@idasync
+def declare_stack(
+    items: list[StackVarDecl] | StackVarDecl,
+):
+    """Create stack vars"""
+    items = normalize_dict_list(items)
+    results = []
+    for item in items:
+        fn_addr = item.get("addr", "")
+        offset = item.get("offset", "")
+        var_name = item.get("name", "")
+        type_name = item.get("ty", "")
+
+        try:
+            func = idaapi.get_func(parse_address(fn_addr))
+            if not func:
+                results.append(
+                    {"addr": fn_addr, "name": var_name, "error": "No function found"}
+                )
+                continue
+
+            ea = parse_address(offset)
+
+            frame_tif = ida_typeinf.tinfo_t()
+            if not ida_frame.get_func_frame(frame_tif, func):
+                results.append(
+                    {"addr": fn_addr, "name": var_name, "error": "No frame returned"}
+                )
+                continue
+
+            tif = get_type_by_name(type_name)
+            if not ida_frame.define_stkvar(func, var_name, ea, tif):
+                results.append(
+                    {"addr": fn_addr, "name": var_name, "error": "Failed to define"}
+                )
+                continue
+
+            results.append({"addr": fn_addr, "name": var_name, "ok": True})
+        except Exception as e:
+            results.append({"addr": fn_addr, "name": var_name, "error": str(e)})
+
+    return results
+
+
+@tool
+@idasync
+def delete_stack(
+    items: list[StackVarDelete] | StackVarDelete,
+):
+    """Delete stack vars"""
+
+    items = normalize_dict_list(items)
+    results = []
+    for item in items:
+        fn_addr = item.get("addr", "")
+        var_name = item.get("name", "")
+
+        try:
+            func = idaapi.get_func(parse_address(fn_addr))
+            if not func:
+                results.append(
+                    {"addr": fn_addr, "name": var_name, "error": "No function found"}
+                )
+                continue
+
+            frame_tif = ida_typeinf.tinfo_t()
+            if not ida_frame.get_func_frame(frame_tif, func):
+                results.append(
+                    {"addr": fn_addr, "name": var_name, "error": "No frame returned"}
+                )
+                continue
+
+            idx, udm = frame_tif.get_udm(var_name)
+            if not udm:
+                results.append(
+                    {
+                        "addr": fn_addr,
+                        "name": var_name,
+                        "error": f"{var_name} not found",
+                    }
+                )
+                continue
+
+            tid = frame_tif.get_udm_tid(idx)
+            if ida_frame.is_special_frame_member(tid):
+                results.append(
+                    {
+                        "addr": fn_addr,
+                        "name": var_name,
+                        "error": f"{var_name} is special frame member",
+                    }
+                )
+                continue
+
+            udm = ida_typeinf.udm_t()
+            frame_tif.get_udm_by_tid(udm, tid)
+            offset = udm.offset // 8
+            size = udm.size // 8
+            if ida_frame.is_funcarg_off(func, offset):
+                results.append(
+                    {
+                        "addr": fn_addr,
+                        "name": var_name,
+                        "error": f"{var_name} is argument member",
+                    }
+                )
+                continue
+
+            if not ida_frame.delete_frame_members(func, offset, offset + size):
+                results.append(
+                    {"addr": fn_addr, "name": var_name, "error": "Failed to delete"}
+                )
+                continue
+
+            results.append({"addr": fn_addr, "name": var_name, "ok": True})
+        except Exception as e:
+            results.append({"addr": fn_addr, "name": var_name, "error": str(e)})
+
+    return results