PaiMei and Sulley still rely on the power of IDA Pro to disassemble and identify basic blocks. This crucial piece of information is essential for setting breakpoints that identify entry and exit point of each basic block/function.
Thankfully the process of generating a PIDA file is rather simple these days. IDA Python has been included with the standard distribution of IDA Pro since 5.(2?). It is unfortunate that the whole process relies on having IDA Pro as it is a difficult product to license as an independant researcher. Thankfully I’ve got friends willing to generate my PIDA files for me. If anyone out there is interested, I’d love to develop a web front end/automated process for submitting a binary and generating a PIDA file.
In any case the process boils down to:
[1] Open the binary in IDA Pro and let it analyze the file. The console should alert you when AutoAnalysis is complete.
[2] Press ALT-9 and run C:\paimei\pida_dump.py
[3] Choose Full, Propagate nodes and edges for API calls (imports) Yes, Enumerate RPC Yes, Save.
Watch for this in the console log:
Analyzing IDB…
Analyzing functions…
Enumerating imports…
Enumerating RPC interfaces…
Enumerating intramodular cross references…
Done. Completed in 23.844000 seconds.Saving to file… 25% 50% 75% Done. Completed in 1.562000 seconds.
Previous 
Next 
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire
Hi
I’m a beginner to IDA Pro and Paimei and was practicing generating PIDA file for calc.exe
using “pida_dump.py”. When I run this script from IDA Pro I get the following error.
———————————————————————————–
Analyzing IDB…
Analyzing functions…
Traceback (most recent call last):
File “”, line 1, in
File “C:\Program Files\IDA\python\init.py”, line 65, in runscript
execfile(script, g)
File “C:/security/PaiMei-1.1-REV122/PaiMei-1.1-REV122/pida_dump.py”, line 69, in
module = pida.module(GetInputFile(), signature, depth, analysis)
File “C:\Python25\Lib\site-packages\pida\module.py”, line 92, in __init__
func = function(ea, self.depth, self.analysis, self)
File “C:\Python25\Lib\site-packages\pida\function.py”, line 157, in __init__
self.__init_basic_blocks__()
File “C:\Python25\Lib\site-packages\pida\function.py”, line 224, in __init_basic_blocks__
branches_from = self._branches_from(ea)
File “C:\Python25\Lib\site-packages\pida\function.py”, line 318, in _branches_from
if len(xrefs) == 1 and xrefs[0] == NextNotTail(ea):
TypeError: object of type ‘generator’ has no len()
———————————————————————————–
I’m using IDA PRo 5.5 and python 2.5 and recompiled “pydasm.pyd” as mentioned at this link
(http://www.openrce.org/forums/posts/633) but i have used libdasm-1.5.tar.gz from
(http://www.klake.org/~jt/misc/libdasm-1.5.tar.gz) instead of libdasm-1.4.tar.gz
Please help me in fixing this error.
Thanks
Amit Khanna
Hello Amit,
Thankfully this is a fairly simple thing to fix.
This error if “TypeError: object of type ‘generator’ has no len()” is due to a change in the way IDAPython generates xrefs. In older versions of IDAPython the returned data was a list. Now it returns a generator which can not be passed directly to len ().
The offending line, “len(xrefs) == 1 and xrefs[0] == NextNotTail(ea):” can simply be changed to:
len(list(xrefs)) == 1 and list(xrefs)[0] == NextNotTail(ea):
Thanks for bringing this to my attention. I’ll fix it up in the source so that we can eventually get all of these changes up in a repo somewhere. I’m pinging Pedram again today. You’ll notice I fixed a very similar problem in proc_peek_recon.py here.
Hi
I tried your solution but it still doesn’t work I got the same problem again:
File “C:\Python25\Lib\site-packages\pida\function.py”, line 318, in _branches_from
if len(list(xrefs)) == 1 and list(xrefs)[0] == NextNotTail(ea):
TypeError: object of type ‘generator’ has no len()
Is there any other way to fix this?
Thanks
Amit Khanna
When I try to generate the PIDA file, i got this:
Analyzing IDB...
Analyzing functions...
Enumerating imports...
Enumerating RPC interfaces...
Enumerating intramodular cross references...
Traceback (most recent call last):
File "", line 1, in
File "C:\Program Files (x86)\IDA\python\init.py", line 65, in runscript
execfile(script, g)
File "C:/paimei/pida_dump.py", line 71, in
module = pida.module(GetInputFile(), signature, depth, analysis)
File "C:/paimei\pida\module.py", line 125, in __init__
if not self.nodes[from_func.startEA].outbound_eas.has_key(ref):
KeyError: 1864419200
It is a .dll binary. I’m using IDA Pro 5.5 and python 2.5
friko,
I haven’t seen this myself so we will have to do some debugging.
They key error happens when we look in the dictionary and ref points to a key that doesn’t exist… a couple things may be happening…
from_func.startEA[] may be borked
ref may be borked.
can you debug and check to see what these values are?
================
EDIT
================
I’ve been able to replicate this now. When doing a PIDAdump on the new srv.sys that ws patch on tuesday I’m getting the same error.
The code causing this is in module.py and here is the weird thing… I put in some debug code and it started working…
—————————————————————————“, line 1, in
Using FLIRT signature: SEH for vc7/8
Propagating type information…
5F8D0: propagate_stkargs: function is already typed
Function argument information has been propagated
The initial autoanalysis has been finished.
Analyzing IDB…
Analyzing functions…
Enumerating imports…
Enumerating RPC interfaces…
Enumerating intramodular cross references…
Traceback (most recent call last):
File “
File “C:\Program Files\IDA\python\init.py”, line 65, in runscript
execfile(script, g)
File “C:/code/paimei/pida_dump.py”, line 71, in
module = pida.module(GetInputFile(), signature, depth, analysis)
File “C:/code/paimei\pida\module.py”, line 125, in __init__
if not self.nodes[from_func.startEA].outbound_eas.has_key(ref):
KeyError: 372574
Analyzing IDB…
Analyzing functions…
Enumerating imports…
Enumerating RPC interfaces…
Enumerating intramodular cross references…
Done. Completed in 98.406000 seconds.
Saving to file… 25% 50% 75% Done. Completed in 14.406000 seconds.