├── idc └── nothing.idc ├── src ├── persist.h ├── persist.cpp ├── ipythonEmbed.h ├── proxy.py ├── ida_ipython.cpp └── ipythonEmbed.cpp ├── qtbasic.gif ├── qtwithgraph.gif ├── lib └── MinHook_13_lib │ ├── lib │ ├── libMinHook-x64-v90-md.lib │ ├── libMinHook-x64-v90-mt.lib │ ├── libMinHook-x86-v90-md.lib │ ├── libMinHook-x86-v90-mt.lib │ ├── libMinHook-x64-v100-md.lib │ ├── libMinHook-x64-v100-mdd.lib │ ├── libMinHook-x64-v100-mt.lib │ ├── libMinHook-x64-v100-mtd.lib │ ├── libMinHook-x64-v110-md.lib │ ├── libMinHook-x64-v110-mdd.lib │ ├── libMinHook-x64-v110-mt.lib │ ├── libMinHook-x64-v110-mtd.lib │ ├── libMinHook-x64-v120-md.lib │ ├── libMinHook-x64-v120-mdd.lib │ ├── libMinHook-x64-v120-mt.lib │ ├── libMinHook-x64-v120-mtd.lib │ ├── libMinHook-x64-v90-mdd.lib │ ├── libMinHook-x64-v90-mtd.lib │ ├── libMinHook-x86-v100-md.lib │ ├── libMinHook-x86-v100-mdd.lib │ ├── libMinHook-x86-v100-mt.lib │ ├── libMinHook-x86-v100-mtd.lib │ ├── libMinHook-x86-v110-md.lib │ ├── libMinHook-x86-v110-mdd.lib │ ├── libMinHook-x86-v110-mt.lib │ ├── libMinHook-x86-v110-mtd.lib │ ├── libMinHook-x86-v120-md.lib │ ├── libMinHook-x86-v120-mdd.lib │ ├── libMinHook-x86-v120-mt.lib │ ├── libMinHook-x86-v120-mtd.lib │ ├── libMinHook-x86-v90-mdd.lib │ └── libMinHook-x86-v90-mtd.lib │ ├── readme.txt │ └── include │ └── MinHook.h ├── kernel.json.template ├── launch_ida.py ├── releasezip.py ├── LICENSE ├── .gitignore ├── CMakeLists.txt ├── README.md ├── python └── ipythonEmbed.py └── notebook └── examples ├── Cython and IDA.ipynb └── Function Entropy.ipynb /idc/nothing.idc: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/persist.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | int persist(void); -------------------------------------------------------------------------------- /qtbasic.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/qtbasic.gif -------------------------------------------------------------------------------- /qtwithgraph.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/qtwithgraph.gif -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v90-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v90-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v90-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v90-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v90-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v90-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v90-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v90-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v100-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v100-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v100-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v100-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v100-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v100-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v100-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v100-mtd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v110-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v110-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v110-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v110-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v110-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v110-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v110-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v110-mtd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v120-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v120-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v120-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v120-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v120-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v120-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v120-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v120-mtd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v90-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v90-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x64-v90-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x64-v90-mtd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v100-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v100-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v100-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v100-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v100-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v100-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v100-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v100-mtd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v110-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v110-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v110-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v110-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v110-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v110-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v110-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v110-mtd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v120-md.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v120-md.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v120-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v120-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v120-mt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v120-mt.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v120-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v120-mtd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v90-mdd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v90-mdd.lib -------------------------------------------------------------------------------- /lib/MinHook_13_lib/lib/libMinHook-x86-v90-mtd.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/james91b/ida_ipython/HEAD/lib/MinHook_13_lib/lib/libMinHook-x86-v90-mtd.lib -------------------------------------------------------------------------------- /kernel.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "display_name": "{{DISPLAY_NAME}}", 3 | "language": "python", 4 | "argv": [ 5 | "python", 6 | "-c", 7 | "{{LAUNCH_SCRIPT}}", 8 | "{connection_file}", 9 | "C:\\Program Files (x86)\\IDA 6.8\\{{EXE_NAME}}" 10 | ], 11 | "codemirror_mode": { 12 | "version": 2, 13 | "name": "ipython" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /lib/MinHook_13_lib/readme.txt: -------------------------------------------------------------------------------- 1 | Each file name has these tags: 2 | 3 | "x86", "x64": 4 | CPU archtecture 5 | 6 | "v90", "v100", "v110", "v120": 7 | Platform toolset (compiler version) 8 | Choose "v110" for "v110_xp", "v120" for "v120_xp" 9 | 10 | "md", "mt", "mdd", "mtd": 11 | Runtime Link (Dynamic/Static) and Config (Release/Debug) 12 | Corresponding to "/MD", "/MT", "/MDd" and "/MTd" compiler options respectively. 13 | -------------------------------------------------------------------------------- /src/persist.cpp: -------------------------------------------------------------------------------- 1 | #include "persist.h" 2 | 3 | #include 4 | 5 | int persist(void) { 6 | 7 | BOOL bOk; 8 | HMODULE hModule; 9 | 10 | /* Make sure the module stays in memory until process termination. */ 11 | bOk = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_PIN , (LPWSTR)persist, &hModule); 12 | 13 | if (0 == bOk) { 14 | return -1; 15 | } 16 | 17 | return 0; 18 | } -------------------------------------------------------------------------------- /launch_ida.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import subprocess 3 | import os 4 | 5 | CONNECTION_ARG = '-Snothing.idc -f {file}' 6 | 7 | def launch_ida(): 8 | print sys.argv 9 | print str(os.getpid()) 10 | conn = CONNECTION_ARG.format(file=sys.argv[1]) 11 | ida_location=sys.argv[2] 12 | ida_process = subprocess.Popen( 13 | [ida_location, conn], 14 | env=dict( 15 | PARENT_PROCESS_PID=str(os.getpid()), 16 | **os.environ 17 | ) 18 | ) 19 | ida_process.wait() 20 | 21 | if __name__ == '__main__': 22 | launch_ida() 23 | -------------------------------------------------------------------------------- /releasezip.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import zipfile 4 | 5 | def zipdir(path, ziph): 6 | # ziph is zipfile handle 7 | for root, dirs, files in os.walk(path): 8 | for file in files: 9 | ziph.write(os.path.join(root, file)) 10 | 11 | def main(version) : 12 | release = zipfile.ZipFile('release-{}.zip'.format(version), 'w') 13 | zipdir('python', release) 14 | zipdir('idc', release) 15 | zipdir('notebook', release) 16 | release.write('build/release/ida_ipython.p64', 'plugins/ida_ipython.p64') 17 | release.write('build/release/ida_ipython.plw', 'plugins/ida_ipython.plw') 18 | release.write('README.md') 19 | release.close() 20 | 21 | if __name__ == "__main__": 22 | if len(sys.argv) > 1: 23 | main(sys.argv[1]) 24 | else: 25 | print "No release name provided" -------------------------------------------------------------------------------- /src/ipythonEmbed.h: -------------------------------------------------------------------------------- 1 | #ifndef IPYTHONEMBED_H 2 | #define IPYTHONEMBED_H 3 | 4 | #define _CRT_SECURE_NO_WARNINGS 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #include "Windows.h" 12 | #include "Python.h" 13 | #include "MinHook.h" 14 | 15 | #include "pro.h" 16 | #include "ida.hpp" 17 | #include "idp.hpp" 18 | #include "loader.hpp" 19 | #include "expr.hpp" 20 | 21 | 22 | typedef enum IPYTHONEMBED_STATUS 23 | { 24 | IPYTHONEMBED_UNKNOWN = -1, 25 | IPYTHONEMBED_OK = 0, 26 | IPYTHONEMBED_ERROR, 27 | IPYTHONEMBED_MINHOOK_INIT_FAILED, 28 | IPYTHONEMBED_CREATE_HOOK_FAILED, 29 | IPYTHONEMBED_ENABLE_HOOK_FAILED 30 | } IPYTHONEMBED_STATUS; 31 | 32 | IPYTHONEMBED_STATUS ipython_embed_start(PyObject* cmdline); 33 | void ipython_embed_term(); 34 | void ipython_start_qtconsole(); 35 | 36 | #endif //IPYTHONEMBED_H 37 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 james91b 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /src/proxy.py: -------------------------------------------------------------------------------- 1 | import win32process 2 | import win32event 3 | import sys 4 | 5 | args = '"{idaq_path}" "-Snothing.idc -f {connection_file}"' 6 | 7 | if __name__ == '__main__': 8 | hProcess, hThread, dwProcessId, dwThreadId = win32process.CreateProcess(None, 9 | args.format(idaq_path=sys.argv[1], 10 | connection_file=sys.argv[2]), 11 | None, 12 | None, 13 | 0, 14 | 0, 15 | None, 16 | None, 17 | win32process.STARTUPINFO()) 18 | while win32event.WAIT_OBJECT_0 != win32event.WaitForSingleObject(hProcess, win32event.INFINITE): 19 | pass 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build/* 2 | ### Windows template 3 | # Windows image file caches 4 | Thumbs.db 5 | ehthumbs.db 6 | 7 | # Folder config file 8 | Desktop.ini 9 | 10 | # Recycle Bin used on file shares 11 | $RECYCLE.BIN/ 12 | 13 | # Windows Installer files 14 | *.cab 15 | *.msi 16 | *.msm 17 | *.msp 18 | 19 | # Windows shortcuts 20 | *.lnk 21 | ### JetBrains template 22 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio 23 | 24 | *.iml 25 | 26 | ## Directory-based project format: 27 | .idea/ 28 | # if you remove the above rule, at least ignore the following: 29 | 30 | # User-specific stuff: 31 | # .idea/workspace.xml 32 | # .idea/tasks.xml 33 | # .idea/dictionaries 34 | 35 | # Sensitive or high-churn files: 36 | # .idea/dataSources.ids 37 | # .idea/dataSources.xml 38 | # .idea/sqlDataSources.xml 39 | # .idea/dynamic.xml 40 | # .idea/uiDesigner.xml 41 | 42 | # Gradle: 43 | # .idea/gradle.xml 44 | # .idea/libraries 45 | 46 | # Mongo Explorer plugin: 47 | # .idea/mongoSettings.xml 48 | 49 | ## File-based project format: 50 | *.ipr 51 | *.iws 52 | 53 | ## Plugin-specific files: 54 | 55 | # IntelliJ 56 | /out/ 57 | 58 | # mpeltonen/sbt-idea plugin 59 | .idea_modules/ 60 | 61 | # JIRA plugin 62 | atlassian-ide-plugin.xml 63 | 64 | # Crashlytics plugin (for Android Studio and IntelliJ) 65 | com_crashlytics_export_strings.xml 66 | crashlytics.properties 67 | crashlytics-build.properties 68 | ### Python template 69 | # Byte-compiled / optimized / DLL files 70 | __pycache__/ 71 | *.py[cod] 72 | *$py.class 73 | 74 | # C extensions 75 | *.so 76 | 77 | # Distribution / packaging 78 | .Python 79 | env/ 80 | build/ 81 | develop-eggs/ 82 | dist/ 83 | downloads/ 84 | eggs/ 85 | .eggs/ 86 | lib/ 87 | lib64/ 88 | parts/ 89 | sdist/ 90 | var/ 91 | *.egg-info/ 92 | .installed.cfg 93 | *.egg 94 | 95 | # PyInstaller 96 | # Usually these files are written by a python script from a template 97 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 98 | *.manifest 99 | *.spec 100 | 101 | # Installer logs 102 | pip-log.txt 103 | pip-delete-this-directory.txt 104 | 105 | # Unit test / coverage reports 106 | htmlcov/ 107 | .tox/ 108 | .coverage 109 | .coverage.* 110 | .cache 111 | nosetests.xml 112 | coverage.xml 113 | *,cover 114 | 115 | # Translations 116 | *.mo 117 | *.pot 118 | 119 | # Django stuff: 120 | *.log 121 | 122 | # Sphinx documentation 123 | docs/_build/ 124 | 125 | # PyBuilder 126 | target/ 127 | 128 | -------------------------------------------------------------------------------- /src/ida_ipython.cpp: -------------------------------------------------------------------------------- 1 | #include "ipythonEmbed.h" 2 | 3 | #include "pro.h" 4 | #include "ida.hpp" 5 | 6 | #include "persist.h" 7 | 8 | 9 | //Return the arguments in passed via IDC script arguments as a 10 | //python list 11 | PyObject* idc_script_args() 12 | { 13 | PyObject *py_args = PyList_New(0); 14 | int nArgs = 0; 15 | LPWSTR *szArglist = CommandLineToArgvW(GetCommandLineW(), &nArgs); 16 | 17 | if (szArglist == NULL) { 18 | wprintf(L"CommandLineToArgvW failed\n"); 19 | } else { 20 | for (int i = 0; i < nArgs; i++) { 21 | LPWSTR warg = szArglist[i]; 22 | if (warg[0] != '-' || warg[1] != 'S') 23 | continue; 24 | 25 | char carg[512]; 26 | wcstombs(carg, warg + 2, 512); 27 | 28 | qstrvec_t out_args; 29 | parse_command_line(carg, &out_args); 30 | 31 | for (unsigned int j = 0; j < out_args.size(); j++) { 32 | PyList_Insert(py_args, j, PyString_FromString(out_args[j].c_str())); 33 | } 34 | } 35 | } 36 | 37 | LocalFree(szArglist); 38 | return py_args; 39 | } 40 | 41 | int idaapi init(void) 42 | { 43 | PyObject* idc_args = idc_script_args(); 44 | int success = -1; 45 | 46 | IPYTHONEMBED_STATUS status = ipython_embed_start(idc_args); 47 | if (status != IPYTHONEMBED_OK) { 48 | switch (status) { 49 | case IPYTHONEMBED_MINHOOK_INIT_FAILED: 50 | warning("[IDA IPython] Failed to initialize MinHook"); 51 | break; 52 | case IPYTHONEMBED_CREATE_HOOK_FAILED: 53 | warning("[IDA IPython] Failed to create the QT hook"); 54 | break; 55 | case IPYTHONEMBED_ENABLE_HOOK_FAILED: 56 | warning("[IDA IPython] Failed to enable the QT hook"); 57 | break; 58 | default: 59 | warning("[IDA IPython] Failed to start ipython kernel"); 60 | } 61 | return PLUGIN_SKIP; 62 | } 63 | 64 | 65 | /* Try and make the module persist in memory until termination. Failing to do so can cause IDA to crash 66 | when it terminates the plugin. */ 67 | success = persist(); 68 | if (0 != success) { 69 | warning("[IDA IPython] Failed to lock the module in memory"); 70 | return PLUGIN_SKIP; 71 | } 72 | 73 | return PLUGIN_KEEP; 74 | } 75 | 76 | void idaapi term(void) 77 | { 78 | ipython_embed_term(); 79 | } 80 | 81 | void idaapi run(int options) 82 | { 83 | ipython_start_qtconsole(); 84 | } 85 | //-------------------------------------------------------------------------- 86 | // 87 | // PLUGIN DESCRIPTION BLOCK 88 | // 89 | //-------------------------------------------------------------------------- 90 | static char wanted_name[] = "IDA IPython QTConsole"; 91 | static char comment[] = "Runs an IPython Kernel within IDA"; 92 | static char help[] = "This plugin allows the user to run an IPython kernel within IDA\n"; 93 | 94 | plugin_t PLUGIN = 95 | { 96 | IDP_INTERFACE_VERSION, 97 | PLUGIN_FIX, // plugin flags 98 | init, // initialize 99 | term, // terminate. this pointer may be NULL. 100 | run, // invoke plugin 101 | comment, // long comment about the plugin 102 | // it could appear in the status line 103 | // or as a hint 104 | help, // multiline help about the plugin 105 | wanted_name, // the preferred short name of the plugin 106 | NULL // the preferred hotkey to run the plugin 107 | }; 108 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 2.8) 2 | project(ida_ipython) 3 | 4 | cmake_policy(SET CMP0015 NEW) 5 | 6 | set(CMAKE_BUILD_TYPE Release) 7 | 8 | if (WIN32) 9 | add_definitions(-D__NT__ 10 | -DUNICODE 11 | -DWIN32 12 | -D__IDP__) 13 | 14 | find_library(IDA32_LIB 15 | NAMES "ida" 16 | PATHS "${IDA_SDK}/lib/x86_win_vc_32") 17 | 18 | find_library(IDA64_LIB 19 | NAMES "ida" 20 | PATHS "${IDA_SDK}/lib/x86_win_vc_64") 21 | 22 | find_library(MINHOOK_LIB 23 | NAMES "libMinHook-x86-v90-md" 24 | PATHS "lib/MinHook_13_lib/lib") 25 | 26 | find_library(PYTHON_LIB 27 | NAMES "python27" 28 | PATHS "${PYTHON_DIR}/libs") 29 | 30 | elseif (APPLE) 31 | add_definitions(-D__MAC__=1) 32 | find_library (IDA_LIB 33 | NAMES "ida" 34 | PATHS "${IDA_DIR}") 35 | #TODO... 36 | elseif (UNIX) 37 | add_definitions(-D__LINUX__=1) 38 | #TODO... 39 | endif ( ) 40 | 41 | set (SOURCES 42 | src/ida_ipython.cpp 43 | src/ipythonEmbed.cpp 44 | src/ipythonEmbed.h 45 | src/persist.h 46 | src/persist.cpp) 47 | 48 | include_directories(${IDA_SDK}/include 49 | ${PYTHON_DIR}/include 50 | lib/MinHook_13_lib/include) 51 | 52 | add_library(ida32_ipython MODULE ${SOURCES}) 53 | add_library(ida64_ipython MODULE ${SOURCES}) 54 | 55 | if (WIN32) 56 | set (IDA32_SUFFIX ".plw") 57 | set (IDA64_SUFFIX ".p64") 58 | elseif (APPLE) 59 | # set (IDA_SUFFIX ".pmc") 60 | elseif (UNIX) 61 | # set (IDA_SUFFIX ".plx") 62 | endif () 63 | 64 | set_target_properties (ida32_ipython 65 | PROPERTIES 66 | SUFFIX ${IDA32_SUFFIX} 67 | OUTPUT_NAME ida_ipython) 68 | 69 | set_target_properties (ida64_ipython 70 | PROPERTIES 71 | SUFFIX ${IDA64_SUFFIX} 72 | COMPILE_DEFINITIONS __EA64__ 73 | OUTPUT_NAME ida_ipython) 74 | 75 | target_link_libraries (ida32_ipython 76 | ${IDA32_LIB} 77 | ${MINHOOK_LIB} 78 | ${PYTHON_LIB}) 79 | 80 | target_link_libraries (ida64_ipython 81 | ${IDA64_LIB} 82 | ${MINHOOK_LIB} 83 | ${PYTHON_LIB}) 84 | 85 | #Read the launch script and escape chars 86 | file(READ "launch_ida.py" LAUNCH_IDA_PY) 87 | string(REPLACE "\"" "\\\"" LAUNCH_IDA_PY "${LAUNCH_IDA_PY}") 88 | string(REPLACE "\n" "\\n" LAUNCH_IDA_PY "${LAUNCH_IDA_PY}") 89 | string(REPLACE "\r" "\\r" LAUNCH_IDA_PY "${LAUNCH_IDA_PY}") 90 | 91 | #Read the template replace script placeholder 92 | file(READ "kernel.json.template" KERNEL_TEMPLATE) 93 | string(REPLACE 94 | "{{LAUNCH_SCRIPT}}" 95 | ${LAUNCH_IDA_PY} 96 | IDA_KERNEL 97 | ${KERNEL_TEMPLATE} 98 | ) 99 | 100 | 101 | #Create the IDA32 kernel 102 | string(REPLACE 103 | "{{DISPLAY_NAME}}" 104 | "IDA32" 105 | IDA_32_KERNEL 106 | ${IDA_KERNEL} 107 | ) 108 | string(REPLACE 109 | "{{EXE_NAME}}" 110 | "idaq.exe" 111 | IDA_32_KERNEL 112 | ${IDA_32_KERNEL} 113 | ) 114 | #Create the IDA64 kernel 115 | string(REPLACE 116 | "{{DISPLAY_NAME}}" 117 | "IDA64" 118 | IDA_64_KERNEL 119 | ${IDA_KERNEL} 120 | ) 121 | string(REPLACE 122 | "{{EXE_NAME}}" 123 | "idaq64.exe" 124 | IDA_64_KERNEL 125 | ${IDA_64_KERNEL} 126 | ) 127 | 128 | file(WRITE notebook/kernels/ida32/kernel.json ${IDA_32_KERNEL}) 129 | file(WRITE notebook/kernels/ida64/kernel.json ${IDA_64_KERNEL}) 130 | 131 | install(TARGETS ida32_ipython DESTINATION ${IDA_DIR}/plugins) 132 | install(TARGETS ida64_ipython DESTINATION ${IDA_DIR}/plugins) 133 | install(FILES python/ipythonEmbed.py DESTINATION ${IDA_DIR}/python) 134 | install(FILES idc/nothing.idc DESTINATION ${IDA_DIR}/idc) 135 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # What's New 2 | - Improve python plugin load order (prevents crashes when python does not load correctly) 3 | - Add in safe IDA process termination (Special thanks to @tmr232 for this) 4 | 5 | # What and Why? 6 | This is a plugin to embed an IPython kernel in IDA Pro. The Python ecosystem has amazing libraries (and communities) for scientific computing. IPython itself is great for exploratory data analysis. Using tools such as the IPython notebook make it easy to share code and explanations with rich media. IPython makes using IDAPython and interacting with IDA programmatically really fun and easy. 7 | 8 | ## Example Uses 9 | ## QT Console 10 | You can just use IPython qtconsole for a better interactive python shell for IDA. 11 | 12 | ![Image of Basic QT Usage](qtbasic.gif) 13 | 14 | 15 | You can also use the QT console to graph things. This is an example creating a bar chart for the occurrences of each instruction mnemonic in a function (in notepad.exe). 16 | 17 | ![Image of QT with graph](qtwithgraph.gif) 18 | 19 | ### Notebooks 20 | 21 | Another useful case is using IPython notebooks. 22 | 23 | - [Function Entropy](http://nbviewer.ipython.org/github/james91b/ida_ipython/blob/master/notebook/examples/Function%20Entropy.ipynb) - Here is an example where we compute the entropy (using scipy stats module) of each function in notepad.exe and graph the result. 24 | - [Cython and IDA](http://nbviewer.ipython.org/github/james91b/ida_ipython/blob/master/notebook/examples/Cython%20and%20IDA.ipynb) - Here is an example where we use the cython cell magic to call IDA Api's that are not exposed via IDAPython. 25 | - [Sark Snapshots](http://nbviewer.ipython.org/github/james91b/ida_ipython/blob/master/notebook/examples/Sark%20Snapshots.ipynb) - Example of screen snapshots using Sark. 26 | 27 | More examples..soon... 28 | 29 | # How the plugin works 30 | IDA is predominantly single threaded application, so we cannot safely run the kernel in a separate thread. So instead of using another thread a hook is created on the QT process events function and the `do_one_iteration` method of the ipython kernel is executed each frame. 31 | 32 | # Installation 33 | I suggest using the [Anaconda](http://continuum.io/downloads) distribution of Python as it comes with all the required python libraries pre-built and installed. To get IDA to use Anaconda, simply set the PYTHONHOME enviroment variable. Alternatively you can install IPython and the dependencies separately. 34 | 35 | This plugin should work on all 6.X x86 QT versions of IDA on Windows. 36 | 37 | ## Basic Installation and QTConsole 38 | 1. Download and extract the [release](https://github.com/james91b/ida_ipython/releases/latest) 39 | 2. Copy the contents of the `plugins` and `python` directories under IDA's installation directory. 40 | 4. Launch IDA. 41 | 5. At the command line (Windows), start an IPython qtconsole with the kernel instance (outputted in the IDA console) e.g `ipython qtconsole --existing kernel-4264.json` 42 | 43 | ## Using the Notebook 44 | 1. Copy `idc` directory to your IDA directory. (the `nothing.idc` script is used to pass command line parameters to the plugin) 45 | 2. Change the paths to the `idaq.exe` and `idaq64.exe` executables in the `kernel.json` under the `notebook\kernels\ida32` 46 | and `notebook\kernels\ida64` directories respectively 47 | 3. Install the kernels using `jupyter-kernelspec install` (e.g. `jupyter-kernelspec install --user notebook\kernels\ida64`) 48 | 4. When starting a notebook, choose the `IDA32` or `IDA64` kernels, depending on your desired IDA version. 49 | 50 | # How to Build 51 | 1. Install cmake 52 | 2. At the command line cd to the root directory and run the following 53 | 3. `mkdir build` 54 | 4. `cd build` 55 | 5. `cmake -G "Visual Studio 11" -DPYTHON_DIR="" -DIDA_SDK="" -DIDA_DIR="" ..` 56 | e.g. 57 | `cmake -G "Visual Studio 11" -DPYTHON_DIR="C:\Anaconda" -DIDA_SDK="C:\dev\IDA\idasdks\idasdk64" -DIDA_DIR="C:/Program Files (x86)/IDA 6.4" ..` 58 | 6. `cmake --build . --config Release` 59 | 60 | So far only tested with "Visual Studio 11" compiler. 61 | 62 | # Changelog 63 | 0.5 64 | - Improve python plugin load order (prevents crashes when python does not load correctly) 65 | - Add in safe IDA process termination (Special thanks to @tmr232 for this) 66 | 67 | 0.4 68 | - Added IDA 6.9 support 69 | 70 | 0.3 71 | - 2015-10-04: Running the plugin from the plugins menu or view menu will now launch an IPython QTConsole. Consoles are terminated on exit. 72 | - 2015-10-04: Only capture standard output and error when executing the kernel 73 | - 2015-10-21: Improve error reporting 74 | 75 | 0.2 76 | - 2015-09-30: Added support for Jupyter (replaces original support for IPython). 77 | - 2015-10-01: Added support for ida64. 78 | 79 | 0.1 80 | - First release 81 | 82 | # To do/Future Ideas 83 | - More examples 84 | - Create a library for cell/line magic functions specific to IDA 85 | -------------------------------------------------------------------------------- /lib/MinHook_13_lib/include/MinHook.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MinHook - The Minimalistic API Hooking Library for x64/x86 3 | * Copyright (C) 2009-2014 Tsuda Kageyu. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 20 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 23 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 24 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 25 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | #pragma once 30 | 31 | #if !(defined _M_IX86) && !(defined _M_X64) 32 | #error MinHook supports only x86 and x64 systems. 33 | #endif 34 | 35 | #include 36 | 37 | // MinHook Error Codes. 38 | typedef enum MH_STATUS 39 | { 40 | // Unknown error. Should not be returned. 41 | MH_UNKNOWN = -1, 42 | 43 | // Successful. 44 | MH_OK = 0, 45 | 46 | // MinHook is already initialized. 47 | MH_ERROR_ALREADY_INITIALIZED, 48 | 49 | // MinHook is not initialized yet, or already uninitialized. 50 | MH_ERROR_NOT_INITIALIZED, 51 | 52 | // The hook for the specified target function is already created. 53 | MH_ERROR_ALREADY_CREATED, 54 | 55 | // The hook for the specified target function is not created yet. 56 | MH_ERROR_NOT_CREATED, 57 | 58 | // The hook for the specified target function is already enabled. 59 | MH_ERROR_ENABLED, 60 | 61 | // The hook for the specified target function is not enabled yet, or already 62 | // disabled. 63 | MH_ERROR_DISABLED, 64 | 65 | // The specified pointer is invalid. It points the address of non-allocated 66 | // and/or non-executable region. 67 | MH_ERROR_NOT_EXECUTABLE, 68 | 69 | // The specified target function cannot be hooked. 70 | MH_ERROR_UNSUPPORTED_FUNCTION, 71 | 72 | // Failed to allocate memory. 73 | MH_ERROR_MEMORY_ALLOC, 74 | 75 | // Failed to change the memory protection. 76 | MH_ERROR_MEMORY_PROTECT 77 | } 78 | MH_STATUS; 79 | 80 | // Can be passed as a parameter to MH_EnableHook, MH_DisableHook, 81 | // MH_QueueEnableHook or MH_QueueDisableHook. 82 | #define MH_ALL_HOOKS NULL 83 | 84 | #ifdef __cplusplus 85 | extern "C" { 86 | #endif 87 | 88 | // Initialize the MinHook library. You must call this function EXACTLY ONCE 89 | // at the beginning of your program. 90 | MH_STATUS WINAPI MH_Initialize(VOID); 91 | 92 | // Uninitialize the MinHook library. You must call this function EXACTLY 93 | // ONCE at the end of your program. 94 | MH_STATUS WINAPI MH_Uninitialize(VOID); 95 | 96 | // Creates a Hook for the specified target function, in disabled state. 97 | // Parameters: 98 | // pTarget [in] A pointer to the target function, which will be 99 | // overridden by the detour function. 100 | // pDetour [in] A pointer to the detour function, which will override 101 | // the target function. 102 | // ppOriginal [out] A pointer to the trampoline function, which will be 103 | // used to call the original target function. 104 | // This parameter can be NULL. 105 | MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); 106 | 107 | // Removes an already created hook. 108 | // Parameters: 109 | // pTarget [in] A pointer to the target function. 110 | MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); 111 | 112 | // Enables an already created hook. 113 | // Parameters: 114 | // pTarget [in] A pointer to the target function. 115 | // If this parameter is MH_ALL_HOOKS, all created hooks are 116 | // enabled in one go. 117 | MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); 118 | 119 | // Disables an already created hook. 120 | // Parameters: 121 | // pTarget [in] A pointer to the target function. 122 | // If this parameter is MH_ALL_HOOKS, all created hooks are 123 | // disabled in one go. 124 | MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); 125 | 126 | // Queues to enable an already created hook. 127 | // Parameters: 128 | // pTarget [in] A pointer to the target function. 129 | // If this parameter is MH_ALL_HOOKS, all created hooks are 130 | // queued to be enabled. 131 | MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); 132 | 133 | // Queues to disable an already created hook. 134 | // Parameters: 135 | // pTarget [in] A pointer to the target function. 136 | // If this parameter is MH_ALL_HOOKS, all created hooks are 137 | // queued to be disabled. 138 | MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); 139 | 140 | // Applies all queued changes in one go. 141 | MH_STATUS WINAPI MH_ApplyQueued(VOID); 142 | 143 | #ifdef __cplusplus 144 | } 145 | #endif 146 | 147 | -------------------------------------------------------------------------------- /python/ipythonEmbed.py: -------------------------------------------------------------------------------- 1 | import traceback 2 | 3 | try: 4 | import os 5 | import sys 6 | import platform 7 | import subprocess 8 | import idaapi 9 | import atexit 10 | import contextlib 11 | 12 | # This is a hack to get zmq to work with the Anaconda distribution and IDA. 13 | try: 14 | platform.python_implementation() 15 | except ValueError: 16 | sys.version = '2.7.5 |Anaconda 2.1.0 (32-bit)| (default, May 31 2013, 10:43:53) [MSC v.1500 32 bit (Intel)]' 17 | 18 | import __main__ 19 | from ipykernel.kernelapp import IPKernelApp 20 | from IPython.utils.frame import extract_module_locals 21 | 22 | kernel_app = None 23 | menu_items = [] 24 | qtconsole_processes = [] 25 | 26 | 27 | def embed_kernel(module=None, local_ns=None, **kwargs): 28 | """Embed and start an IPython kernel in a given scope. 29 | 30 | Parameters 31 | ---------- 32 | module : ModuleType, optional 33 | The module to load into IPython globals (default: caller) 34 | local_ns : dict, optional 35 | The namespace to load into IPython user namespace (default: caller) 36 | 37 | kwargs : various, optional 38 | Further keyword args are relayed to the IPKernelApp constructor, 39 | allowing configuration of the Kernel. Will only have an effect 40 | on the first embed_kernel call for a given process. 41 | 42 | """ 43 | # get the app if it exists, or set it up if it doesn't 44 | if IPKernelApp.initialized(): 45 | app = IPKernelApp.instance() 46 | else: 47 | app = IPKernelApp.instance(**kwargs) 48 | app.initialize(sys.argv) 49 | # Undo unnecessary sys module mangling from init_sys_modules. 50 | # This would not be necessary if we could prevent it 51 | # in the first place by using a different InteractiveShell 52 | # subclass, as in the regular embed case. 53 | main = app.kernel.shell._orig_sys_modules_main_mod 54 | if main is not None: 55 | sys.modules[app.kernel.shell._orig_sys_modules_main_name] = main 56 | 57 | # load the calling scope if not given 58 | (caller_module, caller_locals) = extract_module_locals(1) 59 | if module is None: 60 | module = caller_module 61 | if local_ns is None: 62 | local_ns = caller_locals 63 | 64 | app.kernel.user_module = None 65 | app.kernel.user_ns = None 66 | app.shell.set_completer_frame() 67 | 68 | if app.poller is not None: 69 | app.poller.start() 70 | 71 | app.kernel.start() 72 | return app 73 | 74 | 75 | @contextlib.contextmanager 76 | def capture_output_streams(): 77 | _capture_output_streams() 78 | try: 79 | yield 80 | finally: 81 | _release_output_streams() 82 | 83 | 84 | def _capture_output_streams(): 85 | sys.__stdout__, sys.__stderr__, sys.stdout, sys.stderr = sys.stdout, sys.stderr, sys.__stdout__, sys.__stderr__ 86 | 87 | 88 | def _release_output_streams(): 89 | sys.stdout, sys.stderr, sys.__stdout__, sys.__stderr__ = sys.__stdout__, sys.__stderr__, sys.stdout, sys.stderr 90 | 91 | 92 | def find_python_dir(): 93 | # We need to get the python directory like this, because 94 | # sys.executable will return idaq.exe. This just goes two 95 | # directories up from os.py location 96 | return os.path.dirname(os.path.dirname(os.__file__)) 97 | 98 | 99 | def start_qtconsole(): 100 | try: 101 | if kernel_app: 102 | python_directory = find_python_dir() 103 | cmd_line = [ 104 | "{}/pythonw".format(python_directory), 105 | "-m", "qtconsole", 106 | "--existing", kernel_app.connection_file 107 | ] 108 | process = subprocess.Popen(cmd_line, 109 | stdin=None, 110 | stdout=None, 111 | stderr=None, 112 | close_fds=True) 113 | qtconsole_processes.append(process) 114 | else: 115 | print "Error: No kernel defined!" 116 | except Exception, e: 117 | traceback.print_exc() 118 | 119 | 120 | @atexit.register 121 | def term(): 122 | kill_qtconsoles() 123 | remove_menus() 124 | 125 | def kill_qtconsoles(): 126 | for process in qtconsole_processes: 127 | process.kill() 128 | 129 | 130 | def remove_menus(): 131 | for menu_item in menu_items: 132 | idaapi.del_menu_item(menu_item) 133 | 134 | 135 | def add_idaipython_menu(): 136 | menu_item = idaapi.add_menu_item('View/', 'IDAIPython QtConsole', '', 0, start_qtconsole, tuple()) 137 | menu_items.append(menu_item) 138 | 139 | 140 | def start(argv=None): 141 | try: 142 | with capture_output_streams(): 143 | global kernel_app 144 | if argv: 145 | sys.argv = argv 146 | 147 | kernel_app = embed_kernel(module=__main__, local_ns={}) 148 | """ 149 | Starting with ipython 4.2.0 whenever certain exceptions are thrown, there is a call to get_terminal_size(). 150 | in that function , in case environment variables for "COLUMNS" and "LINES" are not defined there is a call 151 | to sys.__stdout__.fileno() in order to get a handle to the current terminal. IDAPythonStdOut doesn't have an attribute fileno 152 | so the call fails , and the kernel dies. the right way to solve it, is add AttributeError to the try/except in get_terminal_size. 153 | a work around is to add this 2 environment variables 154 | """ 155 | os.environ["COLUMNS"] = "80" 156 | os.environ["LINES"] = "24" 157 | def kernel_iteration(): 158 | with capture_output_streams(): 159 | kernel_app.kernel.do_one_iteration() 160 | 161 | add_idaipython_menu() 162 | 163 | return kernel_iteration 164 | except Exception, e: 165 | traceback.print_exc() 166 | raise 167 | 168 | except Exception, e: 169 | traceback.print_exc() 170 | -------------------------------------------------------------------------------- /src/ipythonEmbed.cpp: -------------------------------------------------------------------------------- 1 | #include "ipythonEmbed.h" 2 | #include 3 | #include 4 | #include 5 | 6 | static const char IPYTHON_EMBED_MODULE[] = "ipythonEmbed"; 7 | static const char IPYTHON_EMBED_START_METHOD_NAME[] = "start"; 8 | static const char IPYTHON_EMBED_START_QTCONSOLE_METHOD_NAME[] = "start_qtconsole"; 9 | static const char QT4_MODULE_NAME[] = "QtCore4.dll"; 10 | static const char QT5_MODULE_NAME[] = "Qt5Core.dll"; 11 | static const char EVENT_LOOP_FUNC_NAME[] = "?processEvents@QEventDispatcherWin32@QT@@UAE_NV?$QFlags@W4ProcessEventsFlag@QEventLoop@QT@@@2@@Z"; 12 | static const char PARENT_PID_ENV_NAME[] = "PARENT_PROCESS_PID"; 13 | static const char IDA_PYTHON_PLUGIN[] = "python"; 14 | 15 | static PyObject* kernel_do_one_iteration = NULL; 16 | static PyObject* commandline_args = NULL; 17 | static bool attempted_start_kernel = false; 18 | static bool python_loaded = false; 19 | 20 | typedef int (__fastcall *tQEventDispatcherWin32)(void*, void*, int); 21 | tQEventDispatcherWin32 pQEventDispatcherWin32 = NULL; 22 | 23 | PyObject* start_ipython_kernel(PyObject* cmdline) 24 | { 25 | PyObject *ipython_embed_module = NULL, 26 | *ipython_start_func = NULL, 27 | *ipython_kernel = NULL, 28 | *arglist = NULL; 29 | 30 | ipython_embed_module = PyImport_ImportModule(IPYTHON_EMBED_MODULE); 31 | if (ipython_embed_module == NULL) { 32 | goto error; 33 | } 34 | 35 | ipython_start_func = PyObject_GetAttrString(ipython_embed_module, IPYTHON_EMBED_START_METHOD_NAME); 36 | if (ipython_start_func == NULL) { 37 | goto error; 38 | } 39 | 40 | if (PyCallable_Check(ipython_start_func)) { 41 | if (cmdline != NULL) { 42 | arglist = Py_BuildValue("(O)", cmdline); 43 | ipython_kernel = PyObject_CallObject(ipython_start_func, arglist); 44 | } else { 45 | ipython_kernel = PyObject_CallObject(ipython_start_func, NULL); 46 | } 47 | } 48 | 49 | if (ipython_kernel == NULL || !PyCallable_Check(ipython_kernel)) { 50 | goto error; 51 | } 52 | 53 | goto cleanup; 54 | error: 55 | ipython_kernel = NULL; 56 | cleanup: 57 | Py_XDECREF(arglist); 58 | Py_XDECREF(ipython_embed_module); 59 | Py_XDECREF(ipython_start_func); 60 | return ipython_kernel; 61 | } 62 | 63 | void init_python(void) 64 | { 65 | // Make sure the python is initialized 66 | if (!Py_IsInitialized()) { 67 | Py_Initialize(); 68 | } 69 | } 70 | 71 | void init_ipython_kernel(void) 72 | { 73 | init_python(); 74 | kernel_do_one_iteration = start_ipython_kernel(commandline_args); 75 | } 76 | 77 | DWORD get_parent_pid() 78 | { 79 | static BOOL already_check_environment = FALSE; 80 | static DWORD ppid = 0; 81 | 82 | if (TRUE == already_check_environment) { 83 | return ppid; 84 | } 85 | 86 | /* Get the environment variable for the parent pid */ 87 | char pszPidString[30]; 88 | DWORD ret = GetEnvironmentVariableA(PARENT_PID_ENV_NAME, pszPidString, sizeof(pszPidString)); 89 | 90 | already_check_environment = TRUE; 91 | 92 | if ((0 == ret) || (sizeof(pszPidString) == ret)) { 93 | msg("No parent PID provided.\n"); 94 | return 0; 95 | } 96 | 97 | /* Parse it into a number and return it.*/ 98 | OutputDebugStringA("Found parent PID"); 99 | ppid = strtoul(pszPidString, NULL, 10); 100 | } 101 | 102 | HANDLE get_parent_handle() 103 | { 104 | DWORD ppid = get_parent_pid(); 105 | 106 | if (0 == ppid) { 107 | return NULL; 108 | } 109 | 110 | HANDLE hParentProcess = OpenProcess(SYNCHRONIZE, FALSE, get_parent_pid()); 111 | return hParentProcess; 112 | } 113 | 114 | BOOL is_parent_dead() 115 | { 116 | int nArgs = 0; 117 | 118 | qstrvec_t out_args; 119 | nArgs = parse_command_line3(GetCommandLineA(), &out_args, NULL, 0); 120 | 121 | 122 | static HANDLE hParentProcess = NULL; 123 | DWORD dwResult; 124 | 125 | if (NULL == hParentProcess) { 126 | hParentProcess = get_parent_handle(); 127 | } 128 | 129 | /* Still no parent handle? Well, it can't be dead then! */ 130 | if (NULL == hParentProcess) { 131 | return FALSE; 132 | } 133 | 134 | dwResult = WaitForSingleObject(hParentProcess, 0); 135 | if (WAIT_OBJECT_0 == dwResult) { 136 | return TRUE; 137 | } 138 | 139 | return FALSE; 140 | } 141 | 142 | void ipython_embed_iteration() 143 | { 144 | if (TRUE == is_parent_dead()) { 145 | OutputDebugStringA("[IDA-IPython] Parent is dead. Terminating."); 146 | ipython_embed_term(); 147 | qexit(0); 148 | } 149 | 150 | PyGILState_STATE state = PyGILState_Ensure(); 151 | 152 | if (kernel_do_one_iteration == NULL && !attempted_start_kernel) { 153 | attempted_start_kernel = true; 154 | init_ipython_kernel(); 155 | //TODO: Report the error, call stack etc. 156 | if ( PyErr_Occurred() ) { 157 | msg("A Python Error Occurred trying to start the kernel!\n"); 158 | } 159 | } else if (kernel_do_one_iteration != NULL) { 160 | PyObject_CallObject(kernel_do_one_iteration, NULL); 161 | } 162 | 163 | PyGILState_Release(state); 164 | 165 | } 166 | 167 | FARPROC eventloop_address() 168 | { 169 | HMODULE qtmodule = GetModuleHandleA(QT4_MODULE_NAME); 170 | 171 | if (NULL == qtmodule) { 172 | qtmodule = GetModuleHandleA(QT5_MODULE_NAME); 173 | } 174 | 175 | FARPROC src = GetProcAddress(qtmodule, EVENT_LOOP_FUNC_NAME); 176 | return src; 177 | } 178 | 179 | int __fastcall DetourQEventDispatcherWin32(void* ecx, void* edx, int i) 180 | { 181 | try { 182 | ipython_embed_iteration(); 183 | return pQEventDispatcherWin32(ecx, edx, i); 184 | } catch (const std::exception& ex) { 185 | std::string error = ex.what(); 186 | const char *cstr = error.c_str(); 187 | warning(cstr); 188 | } catch (...) { 189 | warning("Something went wrong in the detour!"); 190 | } 191 | 192 | return 0; 193 | } 194 | 195 | void ipython_start_qtconsole() 196 | { 197 | PyGILState_STATE state = PyGILState_Ensure(); 198 | 199 | PyObject *ipython_embed_module = NULL, 200 | *ipython_qtconsole_func = NULL; 201 | 202 | ipython_embed_module = PyImport_ImportModule(IPYTHON_EMBED_MODULE); 203 | if (ipython_embed_module == NULL) { 204 | warning("could not import ipythonEmbed module"); 205 | goto cleanup; 206 | } 207 | 208 | ipython_qtconsole_func = PyObject_GetAttrString(ipython_embed_module, IPYTHON_EMBED_START_QTCONSOLE_METHOD_NAME); 209 | if (ipython_qtconsole_func == NULL) { 210 | warning("could not find start_qtconsole function"); 211 | goto cleanup; 212 | } 213 | 214 | if (!PyCallable_Check(ipython_qtconsole_func)) { 215 | warning("ipython start_qtconsole function is not callable"); 216 | goto cleanup; 217 | } 218 | 219 | PyObject_CallObject(ipython_qtconsole_func, NULL); 220 | 221 | cleanup: 222 | Py_XDECREF(ipython_embed_module); 223 | Py_XDECREF(ipython_qtconsole_func); 224 | 225 | PyGILState_Release(state); 226 | } 227 | 228 | IPYTHONEMBED_STATUS ipython_embed_start(PyObject* cmdline) 229 | { 230 | commandline_args = cmdline; 231 | 232 | if (MH_Initialize() != MH_OK) { 233 | return IPYTHONEMBED_MINHOOK_INIT_FAILED; 234 | } 235 | 236 | void* qt_eventloop = (void*)eventloop_address(); 237 | if (MH_CreateHook(qt_eventloop, 238 | &DetourQEventDispatcherWin32, 239 | (LPVOID*)&pQEventDispatcherWin32) != MH_OK) { 240 | return IPYTHONEMBED_CREATE_HOOK_FAILED; 241 | } 242 | 243 | if (MH_EnableHook(qt_eventloop) != MH_OK) { 244 | return IPYTHONEMBED_ENABLE_HOOK_FAILED; 245 | } 246 | 247 | return IPYTHONEMBED_OK; 248 | } 249 | 250 | void ipython_embed_term() 251 | { 252 | MH_DisableHook(MH_ALL_HOOKS); 253 | MH_Uninitialize(); 254 | Py_XDECREF(kernel_do_one_iteration); 255 | Py_XDECREF(commandline_args); 256 | } 257 | -------------------------------------------------------------------------------- /notebook/examples/Cython and IDA.ipynb: -------------------------------------------------------------------------------- 1 | { 2 | "metadata": { 3 | "name": "", 4 | "signature": "sha256:f5408c7d078b1f23da341f6b83115e8bbd05fe67e7e12e5d53bf667162b1525b" 5 | }, 6 | "nbformat": 3, 7 | "nbformat_minor": 0, 8 | "worksheets": [ 9 | { 10 | "cells": [ 11 | { 12 | "cell_type": "markdown", 13 | "metadata": {}, 14 | "source": [ 15 | "#Cython and IDA Pro\n", 16 | "To run this notebook you will need the [ida_ipython](https://github.com/james91b/ida_ipython) plugin. The binary used is notepad.exe. This notebook shows how you can use [Cython](https://github.com/cython/cython) to access IDA api's that are not exposed via IDAPython. As you can see below in this example i used gcc with the [Anaconda](http://continuum.io/downloads) distribution to compile the Cython code. I suggest trying to trying to compile some Cython outside of IDA first, to make sure that it is all working." 17 | ] 18 | }, 19 | { 20 | "cell_type": "code", 21 | "collapsed": false, 22 | "input": [ 23 | "import idc\n", 24 | "print \"MD5: {} Binary: {}\".format(idc.GetInputMD5(), idc.GetInputFile())" 25 | ], 26 | "language": "python", 27 | "metadata": {}, 28 | "outputs": [ 29 | { 30 | "output_type": "stream", 31 | "stream": "stdout", 32 | "text": [ 33 | "-----------------------------------------------------------------------------------------------------\n", 34 | "Python 2.7.5 |Anaconda 2.1.0 (32-bit)| (default, May 31 2013, 10:43:53) [MSC v.1500 32 bit (Intel)] \n", 35 | "IDAPython v1.7.0 final (serial 0) (c) The IDAPython Team \n", 36 | "-----------------------------------------------------------------------------------------------------\n", 37 | "MD5: E30299799C4ECE3B53F4A7B8897A35B6 Binary: notepad.exe" 38 | ] 39 | }, 40 | { 41 | "output_type": "stream", 42 | "stream": "stdout", 43 | "text": [ 44 | "\n" 45 | ] 46 | } 47 | ], 48 | "prompt_number": 1 49 | }, 50 | { 51 | "cell_type": "markdown", 52 | "metadata": {}, 53 | "source": [ 54 | "##My configuration\n", 55 | "Below are some commands to show my configuration, so you can use it for comparision. " 56 | ] 57 | }, 58 | { 59 | "cell_type": "code", 60 | "collapsed": false, 61 | "input": [ 62 | "!echo %PYTHONHOME%\n", 63 | "!where gcc\n", 64 | "!gcc -v" 65 | ], 66 | "language": "python", 67 | "metadata": {}, 68 | "outputs": [ 69 | { 70 | "output_type": "stream", 71 | "stream": "stdout", 72 | "text": [ 73 | "C:\\Anaconda\n" 74 | ] 75 | }, 76 | { 77 | "output_type": "stream", 78 | "stream": "stdout", 79 | "text": [ 80 | "C:\\Anaconda\\Scripts\\gcc.bat\n" 81 | ] 82 | }, 83 | { 84 | "output_type": "stream", 85 | "stream": "stderr", 86 | "text": [ 87 | "Using built-in specs.\n", 88 | "COLLECT_GCC=C:\\Anaconda\\Scripts\\gcc.bat\\..\\..\\MinGW\\bin\\gcc.exe\n", 89 | "COLLECT_LTO_WRAPPER=c:/anaconda/mingw/bin/../libexec/gcc/i686-w64-mingw32/4.7.0/lto-wrapper.exe\n", 90 | "Target: i686-w64-mingw32\n", 91 | "Configured with: ../../../build/gcc/src/configure --target=i686-w64-mingw32 --prefix=/c/bb/vista64-mingw32/mingw-x86-x86/build/build/root --with-sysroot=/c/bb/vista64-mingw32/mingw-x86-x86/build/build/root --enable-languages=all,obj-c++ --enable-fully-dynamic-string --disable-multilib\n", 92 | "Thread model: win32\n", 93 | "gcc version 4.7.0 20111219 (experimental) (GCC) \n" 94 | ] 95 | } 96 | ], 97 | "prompt_number": 2 98 | }, 99 | { 100 | "cell_type": "markdown", 101 | "metadata": {}, 102 | "source": [ 103 | "I have also set my compiler to MinGW32 in `disutils.cfg` file" 104 | ] 105 | }, 106 | { 107 | "cell_type": "code", 108 | "collapsed": false, 109 | "input": [ 110 | "!type %PYTHONHOME%\\Lib\\distutils\\distutils.cfg" 111 | ], 112 | "language": "python", 113 | "metadata": {}, 114 | "outputs": [ 115 | { 116 | "output_type": "stream", 117 | "stream": "stdout", 118 | "text": [ 119 | "[build]\n", 120 | "compiler=mingw32\n" 121 | ] 122 | } 123 | ], 124 | "prompt_number": 3 125 | }, 126 | { 127 | "cell_type": "markdown", 128 | "metadata": {}, 129 | "source": [ 130 | "##The Actual Cython Code" 131 | ] 132 | }, 133 | { 134 | "cell_type": "markdown", 135 | "metadata": {}, 136 | "source": [ 137 | "First we load the Cython extention for IPython, then we create a simple test to call in msg funciton." 138 | ] 139 | }, 140 | { 141 | "cell_type": "code", 142 | "collapsed": false, 143 | "input": [ 144 | "%load_ext cythonmagic" 145 | ], 146 | "language": "python", 147 | "metadata": {}, 148 | "outputs": [], 149 | "prompt_number": 4 150 | }, 151 | { 152 | "cell_type": "code", 153 | "collapsed": false, 154 | "input": [ 155 | "%%cython -+ -f -IC:/dev/IDA/idasdks/idasdk61/include -c \"-D__NT__ -D__IDP__ -DWIN32\" --link-args \"C:/dev/IDA/idasdks/idasdk61/lib/x86_win_gcc_32/ida.a\"\n", 156 | "cdef extern from \"pro.h\": pass\n", 157 | "cdef extern from \"kernwin.hpp\":\n", 158 | " int msg(const char* msg, ...)\n", 159 | " \n", 160 | "msg(\"Hello from Cython!\\n\")" 161 | ], 162 | "language": "python", 163 | "metadata": {}, 164 | "outputs": [], 165 | "prompt_number": 5 166 | }, 167 | { 168 | "cell_type": "markdown", 169 | "metadata": {}, 170 | "source": [ 171 | "The command line parameters mean the following.\n", 172 | "\n", 173 | "- `-+` forces C++ mode\n", 174 | "- `-f` will force recompile/execution each time\n", 175 | "- `-IC:/dev/IDA/idasdks/idasdk61/include` points to your IDA SDK include\n", 176 | "- `-c \"-D__NT__ -D__IDP__ -DWIN32\"` definitions for the IDA SDK to compile\n", 177 | "- `--link-args \"C:/dev/IDA/idasdks/idasdk61/lib/x86_win_gcc_32/ida.a\"` library file for linking\n", 178 | "\n", 179 | "You will need to change some of these to get it to work on other compilers, you can read more of the documentation below." 180 | ] 181 | }, 182 | { 183 | "cell_type": "code", 184 | "collapsed": false, 185 | "input": [ 186 | "%%cython?" 187 | ], 188 | "language": "python", 189 | "metadata": {}, 190 | "outputs": [], 191 | "prompt_number": 6 192 | }, 193 | { 194 | "cell_type": "markdown", 195 | "metadata": {}, 196 | "source": [ 197 | "Below is a slightly more complicated example exposing some of the type info api" 198 | ] 199 | }, 200 | { 201 | "cell_type": "code", 202 | "collapsed": false, 203 | "input": [ 204 | "%%cython -+ -f -lm -IC:/dev/IDA/idasdks/idasdk61/include -c \"-D__NT__ -D__IDP__ -DWIN32\" --link-args \"C:/dev/IDA/idasdks/idasdk61/lib/x86_win_gcc_32/ida.a\"\n", 205 | "ctypedef unsigned int ea_t\n", 206 | "ctypedef int bool\n", 207 | "\n", 208 | "cdef extern from \"pro.h\":\n", 209 | " cdef cppclass _qstring[T]:\n", 210 | " T *c_str() \n", 211 | " ctypedef _qstring[uchar] qtype\n", 212 | "\n", 213 | "cdef extern from \"nalt.hpp\":\n", 214 | " bool get_tinfo(ea_t ea, qtype *type, qtype *fields) \n", 215 | " \n", 216 | "cpdef pget_tinfo(ea_t ea):\n", 217 | " cdef qtype typ\n", 218 | " cdef qtype fields\n", 219 | " get_tinfo(ea, &typ, &fields)\n", 220 | " return typ.c_str(), fields.c_str()" 221 | ], 222 | "language": "python", 223 | "metadata": {}, 224 | "outputs": [], 225 | "prompt_number": 7 226 | }, 227 | { 228 | "cell_type": "code", 229 | "collapsed": false, 230 | "input": [ 231 | "hex(idc.LocByName(\"_WinMain@16\"))" 232 | ], 233 | "language": "python", 234 | "metadata": {}, 235 | "outputs": [ 236 | { 237 | "metadata": {}, 238 | "output_type": "pyout", 239 | "prompt_number": 8, 240 | "text": [ 241 | "'0x401005'" 242 | ] 243 | } 244 | ], 245 | "prompt_number": 8 246 | }, 247 | { 248 | "cell_type": "code", 249 | "collapsed": false, 250 | "input": [ 251 | "pget_tinfo(idc.LocByName(\"_WinMain@16\"))" 252 | ], 253 | "language": "python", 254 | "metadata": {}, 255 | "outputs": [ 256 | { 257 | "metadata": {}, 258 | "output_type": "pyout", 259 | "prompt_number": 9, 260 | "text": [ 261 | "('\\x0cS\\x07\\x05=\\nHINSTANCE=\\nHINSTANCE=\\x06LPSTR\\x07',\n", 262 | " '\\nhInstance\\x0ehPrevInstance\\nlpCmdLine\\tnShowCmd')" 263 | ] 264 | } 265 | ], 266 | "prompt_number": 9 267 | }, 268 | { 269 | "cell_type": "markdown", 270 | "metadata": {}, 271 | "source": [ 272 | "Cython can be used to access the C API or to speed up code. You could also just write most of the code in C then just call in from Cython in the notebook, if you\u2019re more comfortable with that. For more information have a look at the [documentation](http://docs.cython.org/)." 273 | ] 274 | } 275 | ], 276 | "metadata": {} 277 | } 278 | ] 279 | } -------------------------------------------------------------------------------- /notebook/examples/Function Entropy.ipynb: -------------------------------------------------------------------------------- 1 | { 2 | "metadata": { 3 | "name": "", 4 | "signature": "sha256:32798cc93d482d240b34bba4f91b030a0f39714241cbd5fb3b4ea246670e7b38" 5 | }, 6 | "nbformat": 3, 7 | "nbformat_minor": 0, 8 | "worksheets": [ 9 | { 10 | "cells": [ 11 | { 12 | "cell_type": "markdown", 13 | "metadata": {}, 14 | "source": [ 15 | "#Function Entropy for \"notepad.exe\"\n", 16 | "The purpose of this example is to showcase how you can use the python scientifc computing tools with IDA Pro. In order to complete this demo you will need to have numpy, pandas, scipy and matplotlib installed. Once installed launch IDA with a notepad.exe database loaded (actually doesn't have to be notepad.exe but it's the one used in this example)." 17 | ] 18 | }, 19 | { 20 | "cell_type": "code", 21 | "collapsed": false, 22 | "input": [ 23 | "%matplotlib inline\n", 24 | "import scipy.stats\n", 25 | "import idc\n", 26 | "import idaapi\n", 27 | "import idautils\n", 28 | "import numpy as np\n", 29 | "import pandas as pd\n", 30 | "import pylab\n", 31 | "#Better looking Graphs..\n", 32 | "pd.options.display.mpl_style = 'default' \n", 33 | "pylab.rcParams['figure.figsize'] = 12.0, 8.0\n", 34 | "#Binary Info\n", 35 | "print \"MD5: {} Binary: {}\".format(idc.GetInputMD5(), idc.GetInputFile())" 36 | ], 37 | "language": "python", 38 | "metadata": {}, 39 | "outputs": [ 40 | { 41 | "output_type": "stream", 42 | "stream": "stdout", 43 | "text": [ 44 | "-----------------------------------------------------------------------------------------------------\n", 45 | "Python 2.7.5 |Anaconda 2.1.0 (32-bit)| (default, May 31 2013, 10:43:53) [MSC v.1500 32 bit (Intel)] \n", 46 | "IDAPython v1.7.0 final (serial 0) (c) The IDAPython Team \n", 47 | "-----------------------------------------------------------------------------------------------------\n", 48 | "MD5: E30299799C4ECE3B53F4A7B8897A35B6 Binary: notepad.exe" 49 | ] 50 | }, 51 | { 52 | "output_type": "stream", 53 | "stream": "stdout", 54 | "text": [ 55 | "\n" 56 | ] 57 | } 58 | ], 59 | "prompt_number": 1 60 | }, 61 | { 62 | "cell_type": "code", 63 | "collapsed": false, 64 | "input": [ 65 | "def entropy(in_bytes):\n", 66 | " bytes = np.array(np.fromstring(in_bytes,dtype='uint8'), dtype='int32')\n", 67 | " return scipy.stats.entropy(bytes[np.nonzero(bytes)])" 68 | ], 69 | "language": "python", 70 | "metadata": {}, 71 | "outputs": [], 72 | "prompt_number": 2 73 | }, 74 | { 75 | "cell_type": "code", 76 | "collapsed": false, 77 | "input": [ 78 | "def get_func_bytes(func_ea):\n", 79 | " bytes = \"\"\n", 80 | " for start, end in idautils.Chunks(func_ea):\n", 81 | " bytes += idaapi.get_many_bytes(start, end - start)\n", 82 | " return bytes\n", 83 | " \n", 84 | "func_start = idc.GetFunctionAttr(idc.ScreenEA(), idc.FUNCATTR_START)" 85 | ], 86 | "language": "python", 87 | "metadata": {}, 88 | "outputs": [], 89 | "prompt_number": 3 90 | }, 91 | { 92 | "cell_type": "code", 93 | "collapsed": false, 94 | "input": [ 95 | "data = ((func_ea, entropy(get_func_bytes(func_ea))) for func_ea in idautils.Functions())\n", 96 | "func_df = pd.DataFrame(data, columns=[\"EA\", \"Entropy\"])" 97 | ], 98 | "language": "python", 99 | "metadata": {}, 100 | "outputs": [], 101 | "prompt_number": 4 102 | }, 103 | { 104 | "cell_type": "code", 105 | "collapsed": false, 106 | "input": [ 107 | "func_df['Formatted_EA'] = func_df['EA'].map(lambda ea: \"{:X}\".format(ea))" 108 | ], 109 | "language": "python", 110 | "metadata": {}, 111 | "outputs": [], 112 | "prompt_number": 5 113 | }, 114 | { 115 | "cell_type": "code", 116 | "collapsed": false, 117 | "input": [ 118 | "df_plt = func_df\n", 119 | "ax = df_plt.plot(kind='scatter', x='EA', y='Entropy')\n", 120 | "ax.set_xticklabels(['{:X}'.format(int(ea)) for ea in ax.get_xticks()])\n", 121 | "ax" 122 | ], 123 | "language": "python", 124 | "metadata": {}, 125 | "outputs": [ 126 | { 127 | "metadata": {}, 128 | "output_type": "pyout", 129 | "prompt_number": 6, 130 | "text": [ 131 | "" 132 | ] 133 | }, 134 | { 135 | "metadata": {}, 136 | "output_type": "display_data", 137 | "png": "iVBORw0KGgoAAAANSUhEUgAAAtoAAAHuCAYAAACh7asVAAAABHNCSVQICAgIfAhkiAAAAAlwSFlz\nAAALEgAACxIB0t1+/AAAIABJREFUeJzt3WtwVPeZ5/GfQAK5sbjIWEZchGSDrTW24mAMOFHsxdgp\nO4kd2Wt7JhPbmd1KpipMTU3W+8KJp1zrLdewlU3icZWrqGRnayfJTMoVexbkG8EGhWCEQwjmIpDc\nGBACAgLZbi6CRqBL7wusTkv0Ud/OpZ/u7+eVTtPq/qt/9DlP//s5/1MSi8ViAgAAAOCqcUEPAAAA\nAChEFNoAAACAByi0AQAAAA9QaAMAAAAeoNAGAAAAPOBpoT00NKTBwUEvnwIAAADIS6VePfC6devU\n2dmppqYmzZw5U5LU3t6uffv2aWhoSEuXLtXs2bO9enoAAAAgUJ4V2vfff786OjpG3Pbpp5/qkUce\nkSStXbuWQhsAAAAFy9ce7bvuusvPpwMAAAACE8jJkOvXr9fixYuDeGoAAADAF561jjjZtGmT5s+f\nr+nTpzvep6WlxccRAQAAoJgtX77ck8f1tdDevHmzrrvuOtXW1qa878KFC70fEAAAAIrajh07PHts\nz1pHNmzYoNbWVm3YsEHvvfeeenp6tGXLFoXDYTU3N+tf//VfvXpqBKy1tTXoISBLZGcb+dlGfnaR\nHZx4NqN97733XnHb97//fa+eDgAAAMgrJbFYLBb0IEZraWmhdQQAAACe27Fjh2c92lyCHQAAAPAA\nhTZcR6+aXWRnG/nZRn52kR2cUGgDAAAAHqBHGwAAAEWLHm0AAADAGAptuI5eNbvIzjbys4387CI7\nOKHQBgAAADxAjzYAAACKFj3aAAAAgDEU2nAdvWp2kZ1t5Gcb+dlFdnBCoQ0AAAB4gB5tAAAAFC16\ntAEAAABjKLThOnrV7CI728jPNvKzi+zghEIbAAAA8AA92gAAACha9GgDAAAAxlBow3X0qtlFdraR\nn23kZxfZwQmFNgAAAOABerQBAABQtOjRBgAAAIyh0Ibr6FWzi+xsIz/byM8usoMTCm0AAADAA/Ro\nAwAAoGjRow0AAAAYQ6EN19GrZhfZ2UZ+tpGfXWQHJxTaAAAAgAfo0QYAAEDRokcbAAAAMIZCG66j\nV80usrON/GwjP7vIDk4otAEAAAAP0KMNAACAokWPNgAAAGAMhTZcR6+aXWRnG/nZRn52kR2cUGgD\nAAAAHqBHGwAAAEWLHm0AAADAGAptuI5eNbvIzjbys4387CI7OKHQBgAAADxAjzYAAACKFj3aAAAA\ngDEU2nAdvWp2kZ1t5Gcb+dlFdnBCoQ0AAAB4gB5tAAAAFC16tAEAAABjKLThOnrV7CI728jPNvKz\ni+zghEIbgGci0X5Fov1BDwMAgEDQow3AE23dvVq5sUuS9OyyWjVUVwQ6HgAAkqFHG4ApkWi/Vm7s\nUiQ6oEh04LOfmdkGABQXCm24jl41u8jONvKzjfzsIjs4odAG4LrKUJmeXVarylCpKkOln/1cFvSw\nAADwFT3aADwz3C5CkQ0AyFde9miXevKoACAKbABAcaN1BK6jV80usrON/GwjP7vIDk48K7SHhoY0\nODjo1cMDAAAAec2THu1169aps7NTTU1NmjlzpiTpxIkTamlp0fjx43X33Xerurra8ffp0QYAAIAf\nzPVo33///ero6Bhx27Zt2/TNb35TktTc3KympiYvnhoAAADIC771aIdCofjPEyZM8OtpEQB61ewi\nO9vIzzbys4vs4MS3QjuxQ6WsjJUIAAAAUNh8K7QTT4wsKSlJef/ET4etra1sG9oevi1fxsN2+tuN\njY15NR62ya+YtsnP7nZjY2NejYft7La94NkFazo6OjR16tT4yZBr1qzRww8/rFgsprfeeksPPvig\n4+9yMiQAAAD84OXJkJ7MaG/YsEGtra3asGGD3nvvPUnSkiVL9Morr+iVV17RkiVLvHha5AmvPx3C\nO2RnG/nZRn52kR2clHrxoPfee+8Vt82cOVPf+MY3vHg6AAAAIO941jqSC1pHAAAA4AdzrSMAAABA\nsaPQhuvoVbOL7GwjP9vIzy6ygxMKbQAAAMAD9GgDAACgaNGjDQAAABhDoQ3X0atmF9nZRn62kZ9d\nZAcnFNoAAACAB+jRBgAAQNGiRxsAAAAwhkIbrqNXzS6ys438bCM/u8gOTii0AQAAAA/Qow0AAICi\nRY82AAAAYAyFNlxHr5pdZGcb+dlGfnaRHZxQaAMAAAAeoEcbAAAARYsebQAAAMAYCm3kLBLtVyTa\nH9+mV80usrON/GwjP7vIDk5Kgx4AbGvr7tXKjV2SpGeX1aqhuiLQ8QAAAOQLerSRtUi0Xyuaw4pE\nByRJlaFSrWqqV2WoLOCRAQAApIcebQAAAMAYCm1krTJUpmeX1aoyVKrKUOlnP5fRq2YY2dlGfraR\nn11kByf0aCMnDdUVWtVUL0m0jAAAACSgRxsAAABFix5tAAAAwBgKbbiOXjW7yM428rON/OwiOzih\n0AYAAAA8QI82AAAAihY92gAAAIAxFNpwHb1qdpGdbeRnG/nZRXZwQqENAAAAeIAebQAAABQterQB\nAAAAYyi04Tp61ewiO9vIzzbys4vs4IRCGwAAAPAAPdoAAAAoWvRoAwAAAMZQaMN19KrZRXa2kZ9t\n5GcX2cEJhTYAAADgAXq0AQAAULTo0QYAAACModCG6+hVs4vsbCM/28jPLrKDEwptAAAAwAP0aAMA\nAKBo0aMNAAAAGEOhDdfRq2YX2dlGfraRn11kBycU2gAAAIAH6NEGAABA0aJHGwAAADCGQhuuo1fN\nLrKzjfxsIz+7yA5OKLQBAAAAD9CjDQAAgKJFjzYAAABgDIU2XEevml1kZxv52UZ+dpEdnFBoAwAA\nAB7wtUf70KFD+uCDDzQ0NKQ777xTc+bMSXo/erQBAADgBy97tEs9eVQH4XBYjz76qCRp7dq1joU2\nAAAAYJ2vrSODg4MaGhrS4OCg8nCxE7iEXjW7yM428rON/OwiOzjxdUb7lltu0Y9+9CNJ0pNPPunn\nUwMAAAC+8rVH+/XXX9fXv/51DQ0N6a233tJDDz2U9H4tLS2KRqNqbGyU9OdPimyzzTbbbLPNNtts\ns+3mdigU8qxH29dC+ze/+Y0eeOCBK34ejZMhAQAA4IeCuWBNXV2dVq9erdWrV+v666/386nho+FP\niLCH7GwjP9vIzy6yg5NSP5+svr5e9fX1fj4lAAAAEAhfW0fSResIAAAA/FAwrSMAAABAsaDQhuvo\nVbOL7GwjP9vIzy6ygxMKbQAAAMAD9GgDAACgaNGjDQAAABhDoQ3X0atmF9nZRn62kZ9dZAcnFNoA\nAACAB+jRBgAAQNGiRxsAAAAwhkIbrqNXzS6ys438bCM/u8gOTii0AQAAAA/Qow0AAICiRY82AAAA\nYAyFNlxHr5pdZGcb+dlGfnaRHZxQaAMAAAAeoEcbAAAARYsebQAAAMAYCm24jl41u8jONvKzjfzs\nIjs4odAGAAAAPECPNgAAAIoWPdoAAACAMRTacB29anaRnW3kZxv52RCJ9isS7R9xG9nBSWnQAwAA\nALCgrbtXKzd2SZKeXVarhuqKQMeD/EePNgAAQAqRaL9WNIcViQ5IkipDpVrVVK/KUFnAI0Ou6NEG\nAAAAjKHQhuvoVbOL7GwjP9vIL79Vhsr07LJaVYZKVRkq/ezny7PZZAcn9GgDAACkoaG6Qqua6iWJ\nlhGkhR5tAAAAFC16tFHwki2XBAAAYBmFNlyXaa9aW3evVjSHtaI5rLbuXo9GhXTQZ2gb+dlGfnaR\nHZxQaCNQkWi/Vm7sUiQ6oEh04LOfmdkGAAD2UWjDdY2NjUEPAVkiO9vIzzbys4vs4IRCG4Eaa7kk\nAAAAyyi04bpMe9WGl0ta1VTP5WwDRp+hbeRnG/nZRXZwwjrayAvMYgMAgELDOtoAAAAoWqyjDQAA\nABhDoQ3X0atmF9nZRn62kZ9dZAcnFNoAAAAu44rHkOjRBgAAcFVbd69WbuySJD27rJYVtfIcPdoA\nfMVMDABkhyseIxGFNlxHr5pdW7duVVt3r1Y0h7WiOay27t6gh4QM8N6zjfzsIjs4odAGEHfVtGuZ\niQGAHHDFYyTigjVwXWNjY9BDQJbmzKmRPggHPQxkifeebeRn1+jshq94LHFBtmLHjDbMoX/YO8zE\nAIA7KkNl7D9BoQ33edmrRv+wt1pbW+MzMaua6jlT3hj6RG0jP7vIDk4otGEGZ3L7h5kYAAByR6EN\n19FnaBfZ2UZ+tpGfu/xsMyQ7OKHQhhn0DwMA0kGbIfIFhTZc52WvGv3D3qLP0Dbys4383BFEmyHZ\nwQnL+8EcZrEBAIAFJbFYLBb0IEZraWnRwoULgx4GAAAwqK27Vys3dkmSnl1Wm/Ib0OEZbyZyitOO\nHTu0fPlyTx6bGW0AAFBQMrlgTKZFOZAJerThOnrV7CI728jPNvJzVzrLlLrVz012cEKhDQAAzOJq\nwchnvvdod3Z26oMPPtDEiRN1//33a8KECVfchx5tAACQihttH7SOoGB6tE+fPq3u7m499thjfj4t\nAAAoMIltH5K0cmOXVjXVZ3xCYyb93ECmfG0d2bVrlyZNmqTVq1fro48+8vOp4SN61ezave8gX8Ea\nxnvPNvILTjr93GMhOzjxtdDu6enR6dOn9cgjj2j//v0aGhry8+kBjKGtu1f/84MoV1IDYAJXC4YF\nvp8Medddd0mSZs2apUgk4ni/xE+Hra2tbBvaHr4tX8bDdurt3fsOOp55nw/jYzu97cbGxrwaD9vk\n5/V29HC7fnB7KH614KDG09jYmBevB9u5bXvB15Mhd+3apauvvlrz5s3Txo0b1djYqLKyKz99cjIk\n4K9ItF8rmsPxXsfKUGlWvY4AAFjj5cmQvs5o33bbbdq1a5fWrFmjsrKypEU27PP60yHcx1ewhYH3\nnm3kZxfZwUmp30/46KOP+v2UcBGXqS1cDdUV+sHtIc2ZU0O+AIoaxzq4xfd1tNNB60h+Yq1RAEAh\nSVZQc6wrPgXTOgK73LpMLQAA+aCtu1crmsMjVlriWAe3UWjDdfSq2UV2tpGfbeTnH7cLarKDEwpt\npIWT5QAAfohE+wObReZYB7el7NE+ceKEZsyY4dd4JNGjnc84QQQA4BU/+6PHei6/j3UcW4MVaI/2\nz372M23evFl5eM4kApDrZWoBAEgmVTuH2zPdDdUVWtVUH7/YTSI/j3XJesVROFIW2o899pjq6ur0\n61//Wu+//74fY4Jx9KrZRXa2kZ9t5OfMq2LUrYI62+w4+bLwpSy0b775Zs2ePVt/+Zd/qcrKSr3w\nwgvatm2bfve73/kwPAAAUAyc+qMpRmFZykK7p6dH/f39evfdd/Xhhx/q7//+73XNNdfovffe82N8\nMKixsTHoISBLZGcb+dlGfmO3c+SzbLPj5MvCl/LKkD/72c9000036Z577tH06dMlSZMnT1ZDQ4Pn\ngwMAAMVldKE5XIwmnrhYSMXo8IcLiZMhC1HKGe0HH3xQjz/+eLzIHnbjjTd6NijYRp+hXWRnG/nZ\nRn7O8n2mO9fsWGigcKWc0b7tttuS3n7zzTe7PhgAAIBkEgtRlsODFSnX0R4YGNC6devU19enSZMm\n6ctf/rLGjx/v6aBYRxsAACTj51rbKA6BrqO9evVq3XnnnXr00Ud1xx13qLm52ZOBAAAAjCWoFUiC\nvFolbEtZaJeWluqaa66RJE2fPt3z2WzYR5+hHaMPHmRnG/nZVkz5WSpc01nDu5iyQ2ZSFtqjO0su\nXbokSers7PRmRAB8wdXIALgtnQI6l32P38vhsYY3cpWy0J44caK2bt2qvr4+bdu2TVVVVZKktrY2\nzwcHm1gLNv85HTzIzjbys816fukU0G4Urvm4Aon17OCdlIX2zp07dfToUb355ps6fPiwPv74Y732\n2mvas2ePH+MDAAB5zu+ZX7+Ww+OCMshVyuX9nnjiCdXV1V1xe1dXlxfjQQFobW3l032ec7oABNnZ\nRn62FXp+kWi/SiTHi8/k65J96VxQptCzQ/ZSFtp1dXX65JNP1NnZqeuvvz5+4Zra2lqvx4Y8k687\nQWSHq5EBcEuqqzcmLsn33D11V+x78n3JPvaRyFbKdbTb2tp07Ngx3XrrrWpra9Ps2bM9v/w662jn\nn3zfCQIAgpdsQiYS7deK5rAi0YHP/q1Uq5rqR8xkj/XvhWqsySsmtvwV6Dra+/bt0wMPPKDZs2fr\nK1/5isLhsCcDQf7irGsAQDq86p22tBxgOnYeO+t44igrQhWWlIV2WdnIN8yECRM8GwwKA+uJ2kV2\ntpGfbYWaX6oTClP9u4XCM5Pswj3n9cNNh5NOXjGxVXhS9mj39fWNuY3Cl6r3DgAAJ5Fov+ZMKR/z\nnBCnc0YSC09JWrmxK7C2EjfaOSLRfm3pOu3WkGBAykL77rvv1i9+8Qtdd9116unp0Ze//GU/xoU8\nk8mJc5x5nf+cDhhkZxv52VaI+WVyfk8+T+Ck+jsyyW7r0TP65m0z9KtdJyRJz9w9N/63M7FVeFKe\nDDns3Llzuvrqq70ejyROhgS8xImtAPzg1kmOQe+z3D5Zs627Vy+/f1RL50zRF2unqr5qUtLnvPxc\nFNl+CPRkyLNnz0qSb0U27CvUPsNCkKr/j+xsIz/byC+5fLwS5GiZZNdQXaEfPjBfD99SlbTIlvy7\nIA+8l7LQXrdu3Yjt3t78PBEBAADkDzevquhW4ZnN6iVuXx2S2erikrJ15NVXX9Xjjz8e33799df1\n9a9/3dNB0ToCeCfor2EBFJd8KSxz3fe58Xew/81PgbaO1NTUaM+ePfHtNFu6AeSpZF/DFtoatQDy\nh99tEMn2Z4ltcwODMf3x6FkdP5PZKmq5/h25LN3HPtqulIX2zp071dLSotdee02vvfbaiKIbSIY+\nw/yXeMBIXKN268GTAY8MueC9Zxv55S7VmtuTJ47Xt26v1voDET399n7X1uX2MjsL64jDWcpCu66u\nTt/73vf02GOP6bHHHvP88usA/DN6huWlP/SMOWvCrAqAfDXWjPFwn/UDN12jX+06EcgFYbLp9eYC\nNvalXEf7/vvvH7G9bNkyzwaDwlCIa8GC3kILeO/ZRn7eaqiu0PRQmdYfiLj+2Olml8k1KVAYUs5o\njzZ58mQvxgEgAOnOsDCrAsAt6X4zluk3aOnsz2ZOKXd1BZFsZNLrXaLhC9oEN17kJuWM9sDAgEpL\n/3y33/72t7rnnns8HRRsa21tZWbGkMQZlo/aPpCqlwY8ImSL955txZBfut+MDd+vYuJ4/bcvzVXV\n1RPSKjDTmTH2YlbZi+wSX4Pn770+7dcA+SXljPbatWtHbJ87d86zwQAIxvAMy8DAgOO/Bz0LBMCu\nSLRfx8/0pfXN2PA3aAODMT30H67V8xs6MzoRMJ0Z43y/IEzit4iHT13U8xs6gx4SspRyRntoaMiP\ncaCAFPqMTCEbKzt6C/Mf7z3bCjG/U9F+dZ26oB9uOqz75lVm9LtfvrEyfuKiJK3c2BW/9Hm+rM09\nrBCzgzscC+1Tp05pYGBA58+f1yeffKJYLKbBwUFmtIEili8HNQD5r627V388elbrD0QUiQ7oN/s+\n1X+5Y6Z+uaNbkhy/GasMlem5e+p0vn9Qvz14asS/lag4Tswe/hYx8e9k/2uTY+tIR0eH2tvbdfLk\nSe3du1ft7e06cOCAHnzwQT/Hhzw11kkqrAVrF9nZRn62FVJ+w60PFwb+/K342YuDWtPeoxe/On/E\nBbOSqZ48Uf+87Zi+eduMeMvaM3fPVUzKyxOzvcgu2cXFYI/jjPYXv/hFSVJVVZVuvvlm3waE/FcM\nswnIzOivcfPta10AwfjdwVP61u3V+tWuE5Kkv/vCHM2cUp7W7/ZeHNQvPujWf7xhmq4qHafaaVfJ\nyrWp3doHsg+1rySWh9dUb2lp0cKFC4MeBpKIRPu1ojkc75mrDJXGe+ZQnBI/eD13T50GYzE+iAHI\neuWQ0b8vjdyX5PtkT76PD1fasWOHli9f7sljpzwZcrTt27dr0aJFXowFgDGJZ8ZL0tYjZ+L9mNLI\nk5cAFJdcT6B2+n03Tsz26lu30fvEVPtAvv0rfCmX99u0aZNeffVVrV69WqtXr9Y777zjx7iQp9JZ\n5q2Q+gyLTabZ9fUPejQSZIP3nm3W80t27k6qZfRSXZTG6fdzWZ6vrbtXK5rDGS0ZmEo22XkxDuSf\nlDPaZ86c0eOPPx7fZtURsMwbpMsHiZffP6qnFlbHVxFYWjNFd8yZzJnyQJHJpl0iiBaLTGech39H\nSu94l+5qIdmMAzalLLQvXrw4Yru8PL2TGFDYxtoZsJ6oXelkF4n2q69/MH6Q+L9/PK4HbrpGX62/\nRhNKx6tE4oNYQHjv2WY1v2yLVwuFZrofBhKzYzIKiVK2jnz88cfavHmzOjo61NHRoZ///Oc+DAtA\nPhr+qrPlYCR+29mLg9p69Iy6ey9pRXNY320O609n+jjAAAiMU0tKJle5TfwwkOlSgqlaW4bHMXfa\nRP1FQ5Wev/d69pkFKmWhHQqFdM011/gxFhiUbGdmvc+wmI2VXeJB5+JATE8trI4frL6zeJZ+uOlw\n3q1tW2x479lmNb9MitdcfiddqXqf012fuufcpbSfM5vsGqortGLpbK0/ENHzGzrp0y5QKVtH/vqv\n/zr+czgcZsURxLGEUfHqGxjSmvYeNdZOlSTt+/h8wCMCEKRs2iW8aLFItyUl1fNFov36yebD+uZt\nM+JrgD9z91xXZ50j0f74BMVYY4VtjjPa//iP/6jVq1ervb39z3ceN07bt2/3ZWDIb2N9pWa1zxBj\nZ5c4A7W7u1ffWTxLrV2n1dp1WgtnTvZsdgrp471nm/X8EtslUq0mkux38s3wBXMaa6fqvnmVqp12\nleN9rWcH7zjOaC9YsEBNTU0aHBxUR0eHQqGQbrzxRnV0dPg5PgB5ZPQM1OjZKE4AAhDkt53prvqR\nyeO0dp3Ws8tqNc3l/ZpbY0V+S9mjPTQ0pNbWVo0bl/KuKCKVobLPvka7cgbTap8h0ssucQZq9GxU\nPs9OFQPee7YVQn7pnECY7mx3ttLtwXbzcbLNzq2xIn+l7NEuKytTVVWVampq/BgPjGjr7tWqrX/S\nffMq9cXaqaqvmhT0kAAAec6v2W63PvD7MXHA5ERhK4nFYrFk//DCCy+ovr7+itvD4bCee+45TwfV\n0tKihQsXevocyF4k2q8VzeH4CRyVoVJO4MhTmVxogUsBA3CDUzE91rGD/Q+CtGPHDi1fvtyTx3ac\n0X7iiSdUV1d3xe2HDh3yZCAA3JXJzBEryABwSyariZSI/Q8Km2PjdbIie6zbUTxSrX9aCH2G1o3V\nJzm6PzIS7dfL7x9VY+1UNdZO1cvvH2UNbKN479lWSPklO18j2bEjJmV9UZhsedEjXkjZwV0pe7Td\nduHCBb300kv61re+pZkzZ/r99HAJl5i1x2nmqETSwwuq9Msd3ZKkpxZWqySoQQIoaKOPHX5/qGf2\nHH5z7NH2yrp161RVVaUZM2Y4Ftr0aAO5G31AmT2lPGl/pCR67gEEpv3EOW09ckaStLRmihbMuNqT\n5+H8IjgJpEfbC6dOnVIoFFJ5ebmfTwsUpaBnjgAUt3RPcByMxbT+QETS5UKbEyNRSHxdHLu1tZWr\nJxUBetXyx+g1r5P11leGyvT0l2rit1/+OfcD3PEzfTp+pi/nx0H6eO/ZVkj5tXX3akVzWCuaw2rr\n7nW8X+L5JAODMR0+3ZfW72Uj1flFuXAru2T9416vOw5v+TqjffLkSb3xxhvq6elRbW3tmD3aiUX5\n8H9gtm1s79mzJ6/Gw/aftxuqK/SD20OSFO9N3L3voP5570U11k6VJP3ztmOaGP1En7vphqyeb/v2\n7Rq49ga9tOVPkqTvfXG2Sj8+qEWLFgX+97PNNtveb1dcW63/+UE03qKxcmNXvEVj9P2PHj2iYf/x\nhmn65Y7uEb/3g9tD6v2427XxRQ+36we3X6s5c2qSjifb7WG5PF6y/vGtB0/qpT/0xG+LHm7XwMBA\nXuVdCNuh0OXjohd879GWpI6ODk2dOpUebSAPuN23ePjUBT3zmwMjHu/Fr87XzCm0jAHFINN9ynCB\ned+8Sq0/ECnKHupkr9mLX52vp9/eX5Svh9+87NH2/brqkUhEra2t2rt3r99PDSAJN79Obevu1cFP\nL7g6PgC2ZLpPGT6f5JFbqlxt7aDlAvkgkBntVJjRtq21lV58iyLRfh09eiTeMjKWE2f7dHEwpoqJ\npfED4fCMzFWl4/TtxbP08vtHJUlPf6lGi+dM8XTsuIz3nm2Fll+2JzW6cTJkOsv4uXnSpRvZJRsz\nyxH6o2BWHQGQvypDZer4uFtKUWjvOHZWJ3ovxdfdHt7595y7JEk6dvaS/s+2Y/qbxbN0wzVXae60\nq7weOoA8lG0Bm2vhm3iCpTSyR3xYPhawya5PMb6kRPfNq4z/DHt8bx1B4SukGZlikyq742f6tPNY\nb/yEpeEruR0/06efbD6sb942Q5WhUl0YGNK0q0opsn3Ge8828vPHWFfOzZZb2SWuFBWJ9uuF3x7S\nr9t69Ou2Hr3w20O0whhEoQ3AFb0XB/WLD7rVWDtV982rVC1FNoAAeLmMH5ApCm24bvRyR7AjVXYz\np5Tr87Mq9NTC6hEHsZlTyvXsslqVji9Ra9dp3TFnsqZxYPMd7z3byM89w20Yq5rqr2gL8aIQ9yI7\nPjAUBnq0AWRk4azJOnG2TwuumzfiZMhk/YUAEJR0VjpJdb+gWRknnLHqCAAAAIpWQa2jDQAAABQD\nCm24jj5Du8jONvKzjfzcEcSFasgOTujRBgAABSEf18d2i5sX2IF/6NEGAADmDV+ddvhCNZWh0isu\nVGNVIX+AyAf0aAMAABQhLy6wA/9QaMN19KrZRXa2kZ9t5JebylCZnrl7biDrTpMdnFBoAwAA89q6\ne7Vq659037xKPX/v9QXTXsGFa2yjRxsoYJw8A6AYFHJ/9jD2597xskebVUeAApXLyTPHz/RJunzJ\ndQBA8CjpanymAAAaWElEQVSwbaJ1BK6jVy142Z48s337dm07ekZPv71fT7+9X9uOnvFhtHAL7z3b\nyC97QbdXkB2cMKONnPBVVmGZdF2N/sfmI/GvX1/cfEQvfnU+M9sA0hLkMaGhukKrmuoDe34gGWa0\nkbW27l6taA5rRXNYbd298dsbGxsDHBWkzGZ3Eq+iNmXyZP8GCdfx3rPNen7Jjgl+X6WxMlQWSJFt\nPTt4h0IbWWFdz/w3PLuzqqnesT979IFx5pRyPf2lmniB/vSXapjNBpDS6GPCy+8f1c5jZ5NOxiC1\nZB9Qgri0PHJHoQ3X0auWP8aa3Un2YWn3voNaPGeKXvzqfL341flaPGeKzyNGLnjv2VZI+S2dM0U/\n3HS4aCZj3Mwu2TcDTt8gI/9RaCMrQZ94Mhqf9N01c0o5M9kA0jb6mPDF2qmuPXYx7d+TTYAcP9PH\nN8iGcTIksuZ04onfvWq5LGNXzIYPjLx2hYM+Udus5zf6mDB6/5LNZIyV/bv17OAdLlgD04rhIgW5\nSGcFAFaOAeCVXPYvlvfvufzdyT5cWPnAYZWXF6yhdQSuK6Q+Q8vS7elL7OMmO9vIz7ZCzC+oVUD8\nlphdrv3UyU5kT+fkduQnCm2Ylm+94vmCVWEABC3X3mqL+3e39r3JPqAUy4eWQkOPNlznd68aFylw\nD32GtpGfbYWUn1utDlb274WUHdzFjDYKAp/0R7I4EwSgMLj9jZql/Tv7XoxGoQ3XFWKfoUXZ9PSR\nnW3kZxv52ZWYHf3USEShDRQwSzNBAGxK7MWORPtVIhX9rG6u+95iWju80LG8H1DAWLoPgJeGe7Er\nJo7XdxbP0oubj0iSnrunTtWTJ0pi/5MplvLzH8v7AcgYl+wF4KXEXuzPVVfoxc1H4n3ZL205or7+\nwcDGZXU2mBWjCg+FNlxHn2Hwst1Zk51t5GdboeQ3eeJ4/adbqvTfN3Rqzd4ehXvO+/bcQU0wFEp2\ncB+FNgAAyFjiChu7u3v19JdqVBkq1dcXTNf/29ujh/7DtVp/IKLnN3Rq57Gzno+nEGaDK0Nleu6e\nOv1FQ5X+oqFKz91TR+uNcayjDdexnmjwhg+AiX1+6eysyc428rPNYn6j17le1VSv3osDujQQ0692\nnYhfPv2Hmw57fvn0ZK0ql2/zvlB1M7vBWEzrD0QkSXfMmeza4yIYzGgDBYolpgD4IXGFjcpQmSaO\nL9Gt1Vf7Po6rysbrqYXV8dVOnlpYravKxvs+jlwUwqw8RqLQhuvoVcsfmS4xRXa2kZ9thZLfxNLx\nil4a1HeXzo4Xvc/cPdfzFohpoTLNnVqu++ZV6r55lZo7tVzTfGq7KJTs4D5aR5AzlpADAAybFirT\ntZMmaOfxXv3N4lmaNXmibqqa5MtzL5hxtellBbNt+0P+Yh1t5IT1PgGgeI010cIkTPZ47fzFOtrI\nS/SS2WB5TVkA+SvVUnpcmTZ7vHaFg0IbrqNXLX9kuqYs2dlGfrZZyo+JlpEsZQd/UWgja4lrqFaG\nSuklyzMcCAEACBY92sgZvWT5KRLt14rmcHwd28pQqefr2AIoHpyjg0LhZY82q44gZxRu+Ymz1wF4\nafTFagBcidYRuI5etfyR6UVryM428rPNYn6ctHeZxezgD2a0gQLHQRAAgGDQow0AAICixTraAAAA\ngDEU2nAdvWp2kZ1t5Gcb+dnlZnZcZKyw0KMNAACQB9pPnNPWI2ckSUtrpmjBjKsDHhFyRaEN1zU2\nNgY9BGSJ7GwjP9vIzy43sjsV7dfh031afyAiSaqePFEzJ0/UNE5oN43WEQB8VQkAAbvQP6hf7uiO\nX833lzu6daF/MOhhIUcU2nAdfYa2tHX3akVzWCuaw9p68GTQw0EOeO/ZRn52uZFdedl4VUwcr4du\nnq6Hbp6uionjVV423oXRIUgU2kARi0T7tXJjV3wG5aU/9OQ0s83MOABk53zfRX37jllq7Tqt1q7T\n+vYds7gOQgGg0Ibr6DMsTokz423dvUEPpyjx3rON/OzKNbvT0X5dHCrRP7UeiU98/FPrER2KRF0a\nIYJCoQ0UscpQmZ5dVqvKUKkqQ6Wf/Zz5DMromfHLPzOzDQDpOHNxQPl3+UC4gUIbGUvVHkCfoS0N\n1RVa1VSvVU31ih5uD3o4yAHvPdvIz65csysbV6LTff16amF1fOLjqYXVuqqUMs0635f3a29v1759\n+zQ0NKSlS5dq9uzZfg8BOWjr7tXKjV2SpGeX1aqhuiLQ8cAdw7PYAwMDWf/+s8tqR/zfoLcQANIz\nc0q5TvcN6H9vO67G2qmSpDXtPVpaMyXgkSFXJbGYv19WvPfee7rrrrskSWvXrtVXvvKVK+7T0tKi\nhQsX+jkspCES7deK5rAi0cvFWGWoVKua6imoEDf8TQf/JwBko9j3ITv+dFb/673DkpjM8tOOHTu0\nfPlyTx7b9xnt4SIbQOEp1oMjgNzxjam0cPZkrWqql8T+tFAE1vyzfv16LV68OKinRxbSPXGOPkO7\nyM428rOtmPOzfkK1m9lVhsoosgtIIJdg37Rpk+bPn6/p06c73qe1tTW+XM7wf2C2g99uqK7QD24P\nSVJ8tmH0/ffs2ZM342WbbbbZZjv/t29euETJ5Mv4Um1bGy/bI7dDoct1jRd879HevHmzrr32WtXX\n1zvehx5tAACKC60jCErB9Gj39PRoy5Ytqq+vVzgcVm9vr5588kk/hwAAAPLQ8FKjEv3JKBy+9mhX\nVVXp+9//vpqamtTU1ESRXaBGf5UGO8jONvKzjfzs9ieTHZywEjoAAADgAd97tNNBjzYAAAD84GWP\nNjPaAAAAgAcotOE6etXsIjvbyM828rOL7OCEQhsAAADwAD3aAAAAKFr0aAMAAADGUGjDdfSq2UV2\ntpGfbeRnF9nBCYU2AAAA4AF6tGFOJNoviUv0AgCA3HnZo13qyaMCHmnr7tXKjV2SpGeX1aqhuiLQ\n8QAAADihdQQ5i0T747PMkne9apFov1Zu7FIkOqBIdOCzn/tT/yJSGs5w69atQQ8FOaBP1Dbys8vL\n7I6f6dOJs31XHGthAzPayIlbM8y0gwQnMcPvLakLdjAACgL79Owlvnbbjp7RP287pocXVOmXO7ol\n8W2uNfRoI2uRaL9WNIcViQ5IkipDpVrVVJ/xjjWTYp3WEXe5lSEASNKJs306dvaSfvTeYUnspzOV\neIx74b7r9dz6TjXWTlVr12n20x6iRxsFK7EdRJJWbuwacwfSUF2hVU31kpgpAYB8su3oGe3pPqf1\nByJp79PxZ6OPh0fPXAx4RHADPdrIWmWoTM8uq1VlqFSVodLPfi7zvM+wMlTGTtslozP83pIqXlvD\n6PG1zXJ+x8/06cXNR3RhYCjooQTCi+ze/PBj/dfGGu3u7tVTC6uvONbCBma0kZNcZ5iHC73EdhB2\nIP5KzPCjtg+kG64LeEQArPrdwVP61u3V+tWuE5LYp2di9PHwPy+aqYbqCs2ZMlHjSqSlNXybaxE9\n2sgLnDgDALZtO3pGL24+ooqJ4/X3X5yjmZPL2adngeOh/+jRRsFjhwIANg0XhovnTNGLX50vSZo5\npTzIIZnG8bCw0KMN11nuMyx2ZGcb+dlmMb+27l6taA5rRXNYbd29mjmlvCiLbDezY73swkKhDQAA\nMsZFxNw3+oML7KPQhusaGxuDHgKyRHa2kZ9t5GeXG9lFov16+f2jaqydqsbaqXr5/aN8cCkAFNoA\nACBjTku8Ijslkh5eUKXd3b26qnScvrN4FkVaASBDuM5inyEuIzvbyM82i/kNLw+6qqm+qK8A6UZ2\nMUnr93+qv7qtWusPRPTi5iM6dOpC7oNDoCi0AQCAKziRL3slkr5x2wz97A9/ive9/3DTYV5P41je\nD66jz9AusrON/GyzmF9bd69WbuxSxcTx+s7iWXpx8xFJly9UU0wz3G5kF5O0p/tc7oNBXmFGGwCz\nUAAylrjqyOeqK/Ti5iOsQJKjrUfP6Ju3zYj3vT9z91z63o2j0IbrLPYZFrPE5aS2HjwZ9HCQA957\ntpGfXW5kVxkq0999YY7e+PBj3TevUs/fe70+P2uyC6NDkCi0gSI2eh3cl/7QwywUgLQkrjqyu7tX\nT3+phhVIctRQXaEfPjBfD99SpfqqSUEPBy6gRxuus9hnCBQC3nu2WcxveNUR6XLhnfhzMXEzu2J7\n7QodM9pAEWMdXAC5qgyVxfcbiT8DoNCGB+gztCVxHdzo4fagh4Mc8N6zjfzsIjs4oXUEQHwGamBg\nIOCRAABQOEpisVgs6EGM1tLSooULFwY9DAAAABS4HTt2aPny5Z48Nq0jAAAAgAcotOE6etXsIjvb\nyM828rOL7OCEQhsAAADwAD3aAAAAKFr0aAMAAADGUGjDdfSq2UV2tpGfbeRnF9nBCYU2AAAA4AF6\ntAEAAFC06NEGAAAAjKHQhuvoVbOL7GwjP9vIzy6ygxMKbQAAAMAD9GgDAACgaNGjDQAAABhDoQ3X\n0atmF9nZRn62kZ9dZAcnFNoAAACAB+jRBgAAQNGiRxsAAAAwhkIbrqNXzS6ys438bCM/u8gOTii0\nAQAAAA/Qow0AAICiRY82AAAAYAyFNlxHr5pdZGcb+dlGfnaRHZyU+vlkJ06cUEtLi8aPH6+7775b\n1dXVfj49AAAA4Btfe7TfeOMNPfTQQ5Kk5uZmNTU1Jb0fPdoAAAAjRaL9kqTKUFnAIyksXvZo+zqj\nHQqF4j9PmDDBz6cGAAAwq627Vys3dkmSnl1Wq4bqikDHg/T42qOdOHleVsansUJFr5pdZGcb+dlG\nfnZ5nV0k2q+VG7sUiQ4oEh347Od+T58T7vB1RntwcDD+c0lJyZj3bW1tVWNjY/xnSWwb2d6zZ09e\njYdtttlmm222vdwe5tXj37xwiZLJl7/f+nZix4XbfO3RXrNmjR5++GHFYjG99dZbevDBB5Pejx5t\nAACAP6N1xDsF06O9ZMkSvfLKK4rFYrr33nv9fGoAAACzGqortKqpXhInQ1ria4/2zJkz9Y1vfEN/\n9Vd/paqqKj+fGj4a/VUa7CA728jPNvKzy6/sKkNlFNnGcMEaAAAAwAO+9minix5tAAAA+MHLHm1m\ntAEAAAAPUGjDdfQZ2kV2tpGfbeRnF9nBCYU2AAAA4AF6tAEAAFC06NEGAAAAjKHQhuvoVbOL7Gwj\nP9vIzy6ygxMKbQAAAMAD9GgDAACgaNGjDQAAABhDoQ3X0atmF9nZRn62kZ9dZAcnFNoAAACAB+jR\nBgAAQNGiRxsAAAAwhkIbrqNXzS6ys438bCM/u8gOTii0AQAAAA/Qow0AAICiRY82AAAAYAyFNlxH\nr5pdZGcb+dlGfnaRHZxQaAMAAAAeoEcbAAAARYsebQAAAMAYCm24jl41u8jONvKzjfzsIjs4odAG\nAAAAPECPNgAAAIoWPdoAAACAMRTacB29anaRnW3kZxv52UV2cEKhDQAAAHiAHm0AAAAULXq0AQAA\nAGMotOE6etXsIjvbyM828rOL7OCEQhsAAADwAD3aAAAAKFr0aAMAAADGUGjDdfSq2UV2tpGfbeRn\nF9nBCYU2AAAA4AF6tAEAAFC06NEGAAAAjKHQhuvoVbOL7GwjP9vIzy6ygxMKbQAAAMAD9GgDAACg\naNGjDQAAABhDoQ3X0atmF9nZRn62kZ9dZAcnFNoAAACAB+jRBgAAQNGiRxsAAAAwhkIbrqNXzS6y\ns438bCM/u8gOTii0AQAAAA/Qow0AAICiRY82AAAAYAyFNlxHr5pdZGcb+dlGfnaRHZxQaAMAAAAe\noEcbAAAARYsebQAAAMAYCm24jl41u8jONvKzjfzsIjs4KfXzydrb27Vv3z4NDQ1p6dKlmj17tp9P\nDwAAAPjG10L7008/1SOPPCJJWrt2LYV2gWpsbAx6CMgS2dlGfraRn11kBye+to7cddddfj4dAAAA\nEJhAerTXr1+vxYsXB/HU8AG9anaRnW3kZxv52UV2cOLJ8n6ffPKJXn311RG3fe1rX1NNTY02bdqk\nuXPnqra21vH3W1pa3B4SAAAAkJRXy/v5uo725s2bde2116q+vt6vpwQAAAAC4VuhffLkSf3Lv/xL\nvMju7e3Vk08+6cdTAwAAAL7LyytDAgAAANZxwRoAAADAAxTayNnQ0JAGBweDHgYA5CX2kXaRnW35\nkN/4559//nm3H/T999/X9u3bFQ6HFY1GNXXqVL388svq7u7Wvn37FA6H1dbWpgULFqitrU1btmzR\n/v37tXv3bpWWlmr69Ok6dOiQWlpatHfvXk2ePFlTpkyRdPnqkq2trWpvb9fkyZM1efJkSdKJEyf0\n+uuvq6OjQ9dcc40qKirc/rOKxoULF/TjH/9YN9xwQ/x1dHp9161bp/Xr12vOnDlXvOadnZ3asGGD\nDh48qLq6Oo0fPz7jx0fmMn19M8nJ6f7k5450swuHw/r5z3+unp4effjhhzpz5kz8AmBO+0infSrZ\nuSdZfk77SKfX3en2tWvXas2aNTp37pzmzZuX8nGQmUyyS3b/xPdkOBzWW2+9pS984QuS5FjnkJ17\nMsmvp6dHb775pg4ePKgJEyZo2rRpkpLn9MknnzjmmnZ+MY+98847sVgsFtu4cWOsv78/fvu7774b\ni0ajsTfffDN+2759+2L79++PxWKx2Nq1a+O3v/322/GfN23alPT2119/Pf7zmjVrXPwLis9vfvOb\n2AcffBA7duxY/LaxXt/29vYR943FYrFTp07FWltbXXl8ZCaT1zfTnJzuT37uyCS7d999d8TvDXPa\nRzrtU8nOPcnyi8WS7yOdXvex8nj77bdH5Jjq/khfJtk53T/xPTn88/nz5x3rHLJzTyb5rVu3Lv7z\n5s2bY7HY2DklyzUWSz8/z1pHurq69JOf/GTEJ+9YLKZLly5Jkurq6tTe3q6lS5fG//3GG2+M339w\ncDA+5R9LOF/T6eqSoVAo/vOECRNc/VuKyalTpxQKhVReXj7i9kxf3127dmnSpElavXq1PvroI9cf\nH8ll+vpmmpPT/ckvd7m8N6LRaPxnp32k0z6V7NzhlJ8Tp9fd6faPP/5Y06dPV2VlpSKRSMr7I32Z\nZpfq/hcvXlRdXZ0kqaOjQ3feeWf83xLrHLJzR6b5TZw4URcuXNDg4KB27dqlS5cujZnTsMRcpfTz\n86zQrq2t1d/+7d/qj3/8Y/y2N998Uz/96U8lSfPmzdP58+fjX1+Odsstt+hHP/qRfvzjH+vzn//8\nFf8++uqSiQeOsrIyt/6MotPa2qrGxsYrbs/09e3p6dHp06f1yCOPaP/+/RoaGnL18ZFcpq9vpjk5\n3Z/8cpdpdseOHVNzc7N++tOfamBg4IrfG72PdNqnkp07nPJz4vS6O92+e/duNTQ0qKGhQbt27Up5\nf6Qv0+yc7j/8nly7dm28SDt//ny8fWs0snNHpvk1NjaqpaVFr7/+um688UadP39+zJyS5Sqln19p\n2iPLQnl5+YielQcffFC///3v49sVFRU6deqUqqqqrvjd3bt365lnntHQ0JDeeustPfTQQ/F/27Rp\nk+bPn6/p06fHb0tsdi8pKXH7TykaJ0+e1BtvvKGenh7V1tZq5syZkrJ7fYdn1mbNmqVIJKLp06e7\n+vi4UjavbyY5Od2f/HKXaXazZs3SfffdJ0nauXOnwuFw/DoFyfaRTvtUsnPHWO+ZZJxed6fbjxw5\nonXr1kmSTp8+nfL+SF+m2Tndf/g9uX379vh9x6pzyM4dmeZXWlqqr33ta5Kk5uZmTZo0acyckuUq\npZ+fJ4V2JBJRZWWlpJEVvzTya81bb71V77zzTvwPPn78uPr7+zV37tz4NPy4ceNGfFLYvHmzrrvu\nuisu4X7hwoX48w3/jMx9+9vflnT5666pU6fGb8/09b3xxhvV2dmpefPm6dSpU1qwYIGrj4/kMn19\nM83J6f7kl7tc3htz587VgQMHJDnvI532qWTnDqf8nDi97slu7+vrU21tre655x5J0saNG9XX16fy\n8nLyc0Gm2aW6/6JFi3T8+HGdPXt2zDqH7NyRaX7DTp8+rXPnzmnChAlj5jQsMdf6+vq08/Ok0N6y\nZYsuXrwYH1g0GtXOnTsViURUU1OjRYsWSbo81V5fX6/XXntNZWVlIz5l1NXVafXq1ZIUP5ifPHlS\nW7ZsUX19vcLh8IirSy5ZskSvvPKKYrGY7r33Xi/+rKIRiUTU2to64pOh0+u7YcMGdXZ2qry8XLW1\ntfEPUrfddpv+/d//XXv27NG111474sCeyeMjc5m8vpnm5HR/8nNHutmFw2Ht3r1b58+fl3S5EHv0\n0UfH3Ecm26c6PT6ykyw/p32k0+ue7PbVq1erv79ffX19GjdunI4ePapjx47piSeeID+XZJJdsvt/\n+OGHI96TZ8+e1aJFi8asc8jOPZnkt2fPHoXDYcViMT3++OOSnOtRp1yl9PPjypAAAACAB7hgDQAA\nAOABCm0AAADAAxTaAAAAgAcotAEAAAAPUGgDAAAAHqDQBgAAADzg6ZUhAQDuOnTokP7t3/5Nt956\na/y29vZ2/cM//IMOHDigvXv3avfu3Vq8eLEeeOCBAEcKAKDQBgBD6urqVF9fr6ampvhtQ0NDkqR5\n8+apoqJCU6ZM0YkTJ4IaIgDgM7SOAIBR/f39Ghwc1E033RS/7fe//72WLFmimpoaHTlyJMDRAQCY\n0QYAg5qbm9XT06PGxsYRl1Q/d+6cQqGQFi1apDfffFM1NTUBjhIAihuFNgAY1NTUpCNHjsTbRiTp\nwIEDOnXqlJqbmyVJnZ2dGhoa0rhxfHkJAEGg0AYAo4Znqz/66CMNDQ1p7969+u53v6vS0su79o6O\nDu3Zs0ef+9znghwmABQtCm0AMOTQoUMKh8PxWWtJ+uSTT7RkyRJ1dHRoxowZamxs1MDAgA4cOKDd\nu3drxowZuu666wIcNQAUp5JYLBYLehAAAABAoaFxDwAAAPAAhTYAAADgAQptAAAAwAMU2gAAAIAH\nKLQBAAAAD1BoAwAAAB6g0AYAAAA8QKENAAAAeOD/A1PtnhzPM0sxAAAAAElFTkSuQmCC\n", 138 | "text": [ 139 | "" 140 | ] 141 | } 142 | ], 143 | "prompt_number": 6 144 | }, 145 | { 146 | "cell_type": "code", 147 | "collapsed": false, 148 | "input": [ 149 | "func_df.sort(['Entropy'], ascending=False)" 150 | ], 151 | "language": "python", 152 | "metadata": {}, 153 | "outputs": [ 154 | { 155 | "html": [ 156 | "
\n", 157 | "\n", 158 | " \n", 159 | " \n", 160 | " \n", 161 | " \n", 162 | " \n", 163 | " \n", 164 | " \n", 165 | " \n", 166 | " \n", 167 | " \n", 168 | " \n", 169 | " \n", 170 | " \n", 171 | " \n", 172 | " \n", 173 | " \n", 174 | " \n", 175 | " \n", 176 | " \n", 177 | " \n", 178 | " \n", 179 | " \n", 180 | " \n", 181 | " \n", 182 | " \n", 183 | " \n", 184 | " \n", 185 | " \n", 186 | " \n", 187 | " \n", 188 | " \n", 189 | " \n", 190 | " \n", 191 | " \n", 192 | " \n", 193 | " \n", 194 | " \n", 195 | " \n", 196 | " \n", 197 | " \n", 198 | " \n", 199 | " \n", 200 | " \n", 201 | " \n", 202 | " \n", 203 | " \n", 204 | " \n", 205 | " \n", 206 | " \n", 207 | " \n", 208 | " \n", 209 | " \n", 210 | " \n", 211 | " \n", 212 | " \n", 213 | " \n", 214 | " \n", 215 | " \n", 216 | " \n", 217 | " \n", 218 | " \n", 219 | " \n", 220 | " \n", 221 | " \n", 222 | " \n", 223 | " \n", 224 | " \n", 225 | " \n", 226 | " \n", 227 | " \n", 228 | " \n", 229 | " \n", 230 | " \n", 231 | " \n", 232 | " \n", 233 | " \n", 234 | " \n", 235 | " \n", 236 | " \n", 237 | " \n", 238 | " \n", 239 | " \n", 240 | " \n", 241 | " \n", 242 | " \n", 243 | " \n", 244 | " \n", 245 | " \n", 246 | " \n", 247 | " \n", 248 | " \n", 249 | " \n", 250 | " \n", 251 | " \n", 252 | " \n", 253 | " \n", 254 | " \n", 255 | " \n", 256 | " \n", 257 | " \n", 258 | " \n", 259 | " \n", 260 | " \n", 261 | " \n", 262 | " \n", 263 | " \n", 264 | " \n", 265 | " \n", 266 | " \n", 267 | " \n", 268 | " \n", 269 | " \n", 270 | " \n", 271 | " \n", 272 | " \n", 273 | " \n", 274 | " \n", 275 | " \n", 276 | " \n", 277 | " \n", 278 | " \n", 279 | " \n", 280 | " \n", 281 | " \n", 282 | " \n", 283 | " \n", 284 | " \n", 285 | " \n", 286 | " \n", 287 | " \n", 288 | " \n", 289 | " \n", 290 | " \n", 291 | " \n", 292 | " \n", 293 | " \n", 294 | " \n", 295 | " \n", 296 | " \n", 297 | " \n", 298 | " \n", 299 | " \n", 300 | " \n", 301 | " \n", 302 | " \n", 303 | " \n", 304 | " \n", 305 | " \n", 306 | " \n", 307 | " \n", 308 | " \n", 309 | " \n", 310 | " \n", 311 | " \n", 312 | " \n", 313 | " \n", 314 | " \n", 315 | " \n", 316 | " \n", 317 | " \n", 318 | " \n", 319 | " \n", 320 | " \n", 321 | " \n", 322 | " \n", 323 | " \n", 324 | " \n", 325 | " \n", 326 | " \n", 327 | " \n", 328 | " \n", 329 | " \n", 330 | " \n", 331 | " \n", 332 | " \n", 333 | " \n", 334 | " \n", 335 | " \n", 336 | " \n", 337 | " \n", 338 | " \n", 339 | " \n", 340 | " \n", 341 | " \n", 342 | " \n", 343 | " \n", 344 | " \n", 345 | " \n", 346 | " \n", 347 | " \n", 348 | " \n", 349 | " \n", 350 | " \n", 351 | " \n", 352 | " \n", 353 | " \n", 354 | " \n", 355 | " \n", 356 | " \n", 357 | " \n", 358 | " \n", 359 | " \n", 360 | " \n", 361 | " \n", 362 | " \n", 363 | " \n", 364 | " \n", 365 | " \n", 366 | " \n", 367 | " \n", 368 | " \n", 369 | " \n", 370 | " \n", 371 | " \n", 372 | " \n", 373 | " \n", 374 | " \n", 375 | " \n", 376 | " \n", 377 | " \n", 378 | " \n", 379 | " \n", 380 | " \n", 381 | " \n", 382 | " \n", 383 | " \n", 384 | " \n", 385 | " \n", 386 | " \n", 387 | " \n", 388 | " \n", 389 | " \n", 390 | " \n", 391 | " \n", 392 | " \n", 393 | " \n", 394 | " \n", 395 | " \n", 396 | " \n", 397 | " \n", 398 | " \n", 399 | " \n", 400 | " \n", 401 | " \n", 402 | " \n", 403 | " \n", 404 | " \n", 405 | " \n", 406 | " \n", 407 | " \n", 408 | " \n", 409 | " \n", 410 | " \n", 411 | " \n", 412 | " \n", 413 | " \n", 414 | " \n", 415 | " \n", 416 | " \n", 417 | " \n", 418 | " \n", 419 | " \n", 420 | " \n", 421 | " \n", 422 | " \n", 423 | " \n", 424 | " \n", 425 | " \n", 426 | " \n", 427 | " \n", 428 | " \n", 429 | " \n", 430 | " \n", 431 | " \n", 432 | " \n", 433 | " \n", 434 | " \n", 435 | " \n", 436 | " \n", 437 | " \n", 438 | " \n", 439 | " \n", 440 | " \n", 441 | " \n", 442 | " \n", 443 | " \n", 444 | " \n", 445 | " \n", 446 | " \n", 447 | " \n", 448 | " \n", 449 | " \n", 450 | " \n", 451 | " \n", 452 | " \n", 453 | " \n", 454 | " \n", 455 | " \n", 456 | " \n", 457 | " \n", 458 | " \n", 459 | " \n", 460 | " \n", 461 | " \n", 462 | " \n", 463 | " \n", 464 | " \n", 465 | " \n", 466 | " \n", 467 | " \n", 468 | " \n", 469 | " \n", 470 | " \n", 471 | " \n", 472 | " \n", 473 | " \n", 474 | " \n", 475 | " \n", 476 | " \n", 477 | " \n", 478 | " \n", 479 | " \n", 480 | " \n", 481 | " \n", 482 | " \n", 483 | " \n", 484 | " \n", 485 | " \n", 486 | " \n", 487 | " \n", 488 | " \n", 489 | " \n", 490 | " \n", 491 | " \n", 492 | " \n", 493 | " \n", 494 | " \n", 495 | " \n", 496 | " \n", 497 | " \n", 498 | " \n", 499 | " \n", 500 | " \n", 501 | " \n", 502 | " \n", 503 | " \n", 504 | " \n", 505 | " \n", 506 | " \n", 507 | " \n", 508 | " \n", 509 | " \n", 510 | " \n", 511 | " \n", 512 | " \n", 513 | " \n", 514 | " \n", 515 | " \n", 516 | " \n", 517 | " \n", 518 | " \n", 519 | " \n", 520 | " \n", 521 | " \n", 522 | " \n", 523 | " \n", 524 | " \n", 525 | " \n", 526 | " \n", 527 | " \n", 528 | " \n", 529 | " \n", 530 | " \n", 531 | " \n", 532 | " \n", 533 | " \n", 534 | "
EAEntropyFormatted_EA
50 4223618 10.309925 407282
9 4199506 9.205673 401452
114 4279164 7.074449 414B7C
11 4202542 6.874658 40202E
117 4281006 6.558433 4152AE
34 4220529 6.495139 406671
13 4204565 6.365993 402815
101 4275385 6.263491 413CB9
108 4277295 6.136212 41442F
93 4274148 6.068605 4137E4
31 4220082 5.946059 4064B2
109 4277951 5.812822 4146BF
1 4198624 5.805990 4010E0
107 4276843 5.769901 41426B
84 4272057 5.663713 412FB9
123 4282943 5.635076 415A3F
90 4273209 5.622370 413439
92 4273763 5.433877 413663
112 4278645 5.361000 414975
22 4219325 5.339757 4061BD
77 4270842 5.337793 412AFA
61 4269088 5.297247 412420
74 4270285 5.212553 4128CD
81 4271678 5.192738 412E3E
0 4198405 5.168159 401005
144 4283747 5.157894 415D63
120 4282474 5.152816 41586A
89 4272974 5.110607 41334E
119 4282243 5.108883 415783
113 4278944 5.052786 414AA0
............
128 4283454 2.196426 415C3E
138 4283610 2.190622 415CDA
133 4283528 2.184170 415C88
126 4283418 2.176904 415C1A
43 4222965 2.173053 406FF5
131 4283492 2.168547 415C64
127 4283436 2.158516 415C2C
137 4283594 2.143894 415CCA
2 4198750 2.060482 40115E
82 4271969 2.008445 412F61
12 4204543 1.496372 4027FF
8 4199495 1.433464 401447
153 4284699 1.433189 41611B
147 4284279 1.433088 415F77
148 4284290 1.432506 415F82
27 4219819 1.430097 4063AB
10 4202531 1.420613 402023
135 4283564 1.418097 415CAC
63 4269465 1.412329 412599
59 4269062 1.396386 412406
60 4269075 1.377923 412413
53 4268456 1.229824 4121A8
129 4283472 1.189524 415C50
130 4283482 1.126457 415C5A
140 4283638 1.090974 415CF6
139 4283628 1.069728 415CEC
58 4269052 1.045125 4123FC
54 4268460 1.039051 4121AC
25 4219744 0.972180 406360
154 4284712 -0.000000 416128
\n", 535 | "

155 rows \u00d7 3 columns

\n", 536 | "
" 537 | ], 538 | "metadata": {}, 539 | "output_type": "pyout", 540 | "prompt_number": 7, 541 | "text": [ 542 | " EA Entropy Formatted_EA\n", 543 | "50 4223618 10.309925 407282\n", 544 | "9 4199506 9.205673 401452\n", 545 | "114 4279164 7.074449 414B7C\n", 546 | "11 4202542 6.874658 40202E\n", 547 | "117 4281006 6.558433 4152AE\n", 548 | "34 4220529 6.495139 406671\n", 549 | "13 4204565 6.365993 402815\n", 550 | "101 4275385 6.263491 413CB9\n", 551 | "108 4277295 6.136212 41442F\n", 552 | "93 4274148 6.068605 4137E4\n", 553 | "31 4220082 5.946059 4064B2\n", 554 | "109 4277951 5.812822 4146BF\n", 555 | "1 4198624 5.805990 4010E0\n", 556 | "107 4276843 5.769901 41426B\n", 557 | "84 4272057 5.663713 412FB9\n", 558 | "123 4282943 5.635076 415A3F\n", 559 | "90 4273209 5.622370 413439\n", 560 | "92 4273763 5.433877 413663\n", 561 | "112 4278645 5.361000 414975\n", 562 | "22 4219325 5.339757 4061BD\n", 563 | "77 4270842 5.337793 412AFA\n", 564 | "61 4269088 5.297247 412420\n", 565 | "74 4270285 5.212553 4128CD\n", 566 | "81 4271678 5.192738 412E3E\n", 567 | "0 4198405 5.168159 401005\n", 568 | "144 4283747 5.157894 415D63\n", 569 | "120 4282474 5.152816 41586A\n", 570 | "89 4272974 5.110607 41334E\n", 571 | "119 4282243 5.108883 415783\n", 572 | "113 4278944 5.052786 414AA0\n", 573 | ".. ... ... ...\n", 574 | "128 4283454 2.196426 415C3E\n", 575 | "138 4283610 2.190622 415CDA\n", 576 | "133 4283528 2.184170 415C88\n", 577 | "126 4283418 2.176904 415C1A\n", 578 | "43 4222965 2.173053 406FF5\n", 579 | "131 4283492 2.168547 415C64\n", 580 | "127 4283436 2.158516 415C2C\n", 581 | "137 4283594 2.143894 415CCA\n", 582 | "2 4198750 2.060482 40115E\n", 583 | "82 4271969 2.008445 412F61\n", 584 | "12 4204543 1.496372 4027FF\n", 585 | "8 4199495 1.433464 401447\n", 586 | "153 4284699 1.433189 41611B\n", 587 | "147 4284279 1.433088 415F77\n", 588 | "148 4284290 1.432506 415F82\n", 589 | "27 4219819 1.430097 4063AB\n", 590 | "10 4202531 1.420613 402023\n", 591 | "135 4283564 1.418097 415CAC\n", 592 | "63 4269465 1.412329 412599\n", 593 | "59 4269062 1.396386 412406\n", 594 | "60 4269075 1.377923 412413\n", 595 | "53 4268456 1.229824 4121A8\n", 596 | "129 4283472 1.189524 415C50\n", 597 | "130 4283482 1.126457 415C5A\n", 598 | "140 4283638 1.090974 415CF6\n", 599 | "139 4283628 1.069728 415CEC\n", 600 | "58 4269052 1.045125 4123FC\n", 601 | "54 4268460 1.039051 4121AC\n", 602 | "25 4219744 0.972180 406360\n", 603 | "154 4284712 -0.000000 416128\n", 604 | "\n", 605 | "[155 rows x 3 columns]" 606 | ] 607 | } 608 | ], 609 | "prompt_number": 7 610 | }, 611 | { 612 | "cell_type": "code", 613 | "collapsed": false, 614 | "input": [ 615 | "idc.Message(str(func_df.sort(['Entropy'], ascending=False)))" 616 | ], 617 | "language": "python", 618 | "metadata": {}, 619 | "outputs": [], 620 | "prompt_number": 8 621 | } 622 | ], 623 | "metadata": {} 624 | } 625 | ] 626 | } --------------------------------------------------------------------------------