IDAPython is a powerful feature of IDA Pro, and there are many open-sourced IDAPython projects. However, we cannot use every GUI-based IDAPython script due to some Qt-related breaking changes between IDA Pro 6.8 and 6.9 or later. The main problem is about migrating no longer supported PySide code to PyQt5.
Recently I ported PySide code within idasec–one of the most sophisticated deobfuscation frameworks, which tackles opaque predicates and call stack tampering in terms of infeasibility questions, by utilizing Backward-Bounded Dynamic Symbolic Execution proposed in the remarkably well written paper S. Bardin et al. IEEE S&P’17–to PyQt5.
That’s why I decided to write this blog post for a note to self and for someone trying to do similar thing.
There are 2 guidances to migrate PySide code to PyQt5:
Please read them before. I only give supplemental information in addition to predecessors.
Now let’s get started.
Most methods in
QtGui migrated to
As an example,
QTextEdit described in Hex Blog. In additions, the methods to be rewritten are as follows:
- There might be more…
My experience says that other than the following 3 methods may be rewritten:
idacute may overwrite all of
QtGui methods, so I think there still needs to be manual works.
We also need to overwrite
These issues are described by predecessors:
- Handling SIGNAL
This time, I was able to run idasec on IDA Pro 7.0 with some bug fixes and dirty patches – like this cool video:
If you are an IDA Pro 7.0 user, note that other backward-compatibility issue described in IDA: IDAPython backward-compatibility with 6.95 APIs will occur.
HAI DOMO VIRTUAL YOUTUBER KIZUNA AI DESU. I’m still working on my English.