def _calc_displacement(self): """ Calculate the displacement offset of the operand's text. e.g: word ptr [rdi+rbx] :return int: calculated value """ size = 8 if idc.__EA64__ else 4 insn = idaapi.insn_t() idaapi.decode_insn(insn, self.ip) op = insn.ops[self.idx] offset = utils.signed(op.addr, utils.get_bits()) scale = utils.sib_scale(op) base_reg = utils.x86_base_reg(insn, op) indx_reg = utils.x86_index_reg(insn, op) base_val = self._cpu_context.registers[utils.reg2str(base_reg, size)] indx_val = self._cpu_context.registers[utils.reg2str( indx_reg, size)] if indx_reg != -1 else 0 result = base_val + indx_val * scale + offset logger.debug("calc_displacement :: Displacement {} -> {}".format( self.text, result)) # Before returning, record the frame_id and stack_offset for this address. # (This can become useful information for retrieving the original location of a variable) frame_id = idc.get_frame_id(self.ip) stack_var = ida_frame.get_stkvar(insn, op, offset) if stack_var: _, stack_offset = stack_var self._cpu_context.stack_variables[result] = (frame_id, stack_offset) return result
def _calc_displacement(self): """ Calculate the displacement offset of the operand's text. e.g: word ptr [rdi+rbx] :return int: calculated value """ addr = self.base + self.index * self.scale + self.offset logger.debug( "Calculating operand: %s -> 0x%X + 0x%X*0x%X %s 0x%X = 0x%X" % (self.text, self.base, self.index, self.scale, "-" if self.offset < 0 else "+", abs(self.offset), addr)) if addr < 0: logger.debug("Address is negative, resorting to address of 0.") addr = 0 # Before returning, record the stack variable that we have encountered. # Ignore if base is 0, because that means we don't have enough information to designate this to a variable. if self.base: stack_var = ida_frame.get_stkvar(self._insn, self._op, self.offset) if stack_var: frame_id = idc.get_frame_id(self.ip) member, stack_offset = stack_var # If the offset in the member object is different than the given stack_offset # then we are indexing into a variable. # We need to adjust the address to be pointing to the base variable address. var_addr = addr - (stack_offset - member.soff) self._cpu_context.variables.add(var_addr, frame_id=frame_id, stack_offset=member.soff, reference=self.ip) return addr
def _calc_displacement(self): """ Calculate the displacement offset of the operand's text. e.g: word ptr [rdi+rbx] :return int: calculated value """ addr = self.base + self.index * self.scale + self.offset logger.debug( "calc_displacement :: Displacement {} -> {} + {}*{} + {} = {}". format(self.text, self.base, self.index, self.scale, self.offset, addr)) if addr < 0: logger.debug( 'calc_displacement :: Address is negative, resorting to address of 0.' ) addr = 0 # Before returning, record the stack variable that we have encountered. stack_var = ida_frame.get_stkvar(self._insn, self._op, self.offset) if stack_var: frame_id = idc.get_frame_id(self.ip) member, stack_offset = stack_var # If the offset in the member object is different than the given stack_offset # then we are indexing into a variable. # We need to adjust the address to be pointing to the base variable address. var_addr = addr - (stack_offset - member.soff) self._cpu_context.variables.add(var_addr, frame_id=frame_id, stack_offset=member.soff, reference=self.ip) return addr
def _record_stack_variable(self, addr): """ Record the stack variable encountered at the given address. """ # Ignore if base is 0, because that means we don't have enough information to designate this to a variable. if self.base: stack_var = ida_frame.get_stkvar(self._insn, self._op, self.offset) if stack_var: frame_id = idc.get_frame_id(self.ip) member, stack_offset = stack_var # If the offset in the member object is different than the given stack_offset # then we are indexing into a variable. # We need to adjust the address to be pointing to the base variable address. var_addr = addr - (stack_offset - member.soff) self._cpu_context.variables.add(var_addr, frame_id=frame_id, stack_offset=member.soff, reference=self.ip)
def get_stkvar_name(inst_t, op_n): operand = inst_t.ops[op_n] if operand.addr > 2**31: addr = -(2**32 - operand.addr) else: addr = operand.addr var = ida_frame.get_stkvar(inst_t, operand, addr) if not var: log_file.write("<get_stkvar_name><get_stkvar> error: " + hex(inst_t.ea) + "\n") return None var = var[0] var_name = ida_struct.get_member_name(var.id) if var_name: return var_name else: # log_file.write("<get_stkvar_name><get_member_name> error: " + hex(inst_t.ea) + "\n") # return "STKVAR" return None