def getImportTableData(self):
"""
Update rt_import_table with current import table data.
"""
def imp_cb(ea, name, ord):
"""
Import enumeration callback function. used by idaapi.enum_import_names .
"""
tmpImports.append([self.current_module_name, ea, name, ord])
return True
tmpImports = [
] # Contains static import table data (w\o real function addresses)
imp_num = idaapi.get_import_module_qty() # Number of imported modules
for i in xrange(0, imp_num):
self.current_module_name = idaapi.get_import_module_name(i).lower()
idaapi.enum_import_names(i, imp_cb)
# Get runtime function addresses and store in self.rt_import_table
if not idaapi.is_debugger_on():
raise RuntimeError("Debugger is not currently active.")
for module_name, ea, name, ord in tmpImports:
func_real_adrs = get_adrs_mem(ea)
self.rt_import_table[func_real_adrs] = (module_name, ea, name, ord)
def getRawValue(self):
"""
Retrieve the native size raw value stored at the argument`s memory address
@rtype : Returns the raw value at the given location or False if value was not retrieved.
"""
try:
# If memory value read native size bytes from ea
if self.storetype == MEM_VAL:
return get_adrs_mem(self.loc)
# native_size = self.instParser.get_native_size()
#
# if native_size is 16:
# return DbgWord(self.loc)
# if native_size is 32:
# return DbgDword(self.loc)
# if native_size is 64:
# return DbgQword(self.loc)
# If register value, read register`s value
if self.storetype == REG_VAL:
return GetRegValue(self.loc)
self.logger.error("Internal Error - storetype %d not supported.", self.storetype)
return False
except:
raise RuntimeError("Failed to retrieve raw value for arg %s", self.typeName())
return False
def getImportTableData(self):
"""
Update rt_import_table with current import table data.
"""
def imp_cb(ea, name, ord):
"""
Import enumeration callback function. used by idaapi.enum_import_names .
"""
tmpImports.append([self.current_module_name, ea, name, ord])
return True
tmpImports = [] # Contains static import table data (w\o real function addresses)
imp_num = idaapi.get_import_module_qty() # Number of imported modules
for i in xrange(0, imp_num):
self.current_module_name = idaapi.get_import_module_name(i).lower()
idaapi.enum_import_names(i, imp_cb)
# Get runtime function addresses and store in self.rt_import_table
if not idaapi.is_debugger_on():
raise RuntimeError("Debugger is not currently active.")
for module_name, ea, name, ord in tmpImports:
func_real_adrs = get_adrs_mem(ea)
self.rt_import_table[func_real_adrs] = (module_name, ea, name, ord)
def getRawValue(self):
"""
Retrieve the native size raw value stored at the argument`s memory address
@rtype : Returns the raw value at the given location or False if value was not retrieved.
"""
try:
# If memory value read native size bytes from ea
if self.storetype == MEM_VAL:
return get_adrs_mem(self.loc)
# If register value, read register`s value
if self.storetype == REG_VAL:
return GetRegValue(self.loc)
self.logger.error("Internal Error - storetype %d not supported.", self.storetype)
return False
except:
raise RuntimeError("Failed to retrieve raw value for arg %s", self.typeName())
return False
