def Code(*args):
"""
Enumerate code bytes
@param <range>: see getrange
@return: list of addresses of code bytes
Example::
for ea in Code():
MakeUnkn(ea, DOUNK_EXPAND)
Wait()
Will delete all code in the selected area.
len(list(MakeUnkn(ea, DOUNK_EXPAND) and Wait() for ea in enumerators.Code(idaapi.getseg(here()))))
will delete all code in the current segment, and can be pasted in the command area of ida
"""
(first, last) = getrange(args)
ea = first
# explicitly testing first byte, since find_code
# implicitly sets SEARCH_NEXT flag
if ea < last and not idaapi.is_code(idaapi.get_full_flags(ea)):
ea = idaapi.find_code(ea, idaapi.SEARCH_DOWN)
while ea != idaapi.BADADDR and ea < last:
yield ea
ea = idaapi.find_code(ea, idaapi.SEARCH_DOWN)
def is_code_ea(ea):
if idaapi.cvar.inf.procname == "ARM":
# In case of ARM code in THUMB mode we sometimes get pointers with thumb bit set
flags = idaapi.get_full_flags(ea & -2) # flags_t
else:
flags = idaapi.get_full_flags(ea)
return idaapi.is_code(flags)
def __init__(self, ea, info, cs):
"""Initialization function."""
# Init the node structure
node_t.__init__(self)
# Check if it's a code instruction
try:
is_c = is_code(get_flags(ea))
except:
is_c = isCode(GetFlags(ea))
if not is_c:
raise CodeException
#
# fill node_t struct
#
# NodeInfo
self.info = NodeInfo()
inst_elements = []
try:
size = create_insn(ea)
bytes = get_bytes(ea, size)
except:
size = MakeCode(ea)
bytes = GetManyBytes(ea, size)
(address, size, mnemonic, op_str) = cs.disasm_lite(bytes, ea, count=1).next()
self.info.opcode = mnemonic.encode("ascii", "ignore")
op_str_ascci = op_str.encode("ascii", "ignore")
self.info.inst_str = self.info.opcode + " " + op_str_ascci
splitted = op_str_ascci.split(", ")
self.info.nargs = 0
if len(splitted) >= 1:
self.info.arg1 = splitted[0]
self.info.nargs += 1
if len(splitted) >= 2:
self.info.arg2 = splitted[1]
self.info.nargs += 1
if len(splitted) >= 3:
self.info.arg3 = splitted[2]
self.info.nargs += 1
# No node will be root but this is acceptable for CFGs
self.info.is_root = False
self.info.address = ea
self.info.has_address = True
# node_t
self.node_id = self._genid()
def NonFuncs(*args):
"""
Enumerate code which is not in a function
@param <range>: see getrange
@return: list of addresses containing code, but not in a function
Example::
for ea in NonFuncs((FirstSeg(), BADADDR)):
if not MakeFunction(ea):
Jump(ea)
break
Wait()
Will try to change non-function code to function
until MakeFunction fails
"""
(first, last) = getrange(args)
ea = first
while ea != idaapi.BADADDR and ea < last:
nextcode = idaapi.find_code(ea,
idaapi.SEARCH_NEXT | idaapi.SEARCH_DOWN)
thischunk = idaapi.get_fchunk(ea)
nextchunk = idaapi.get_next_fchunk(ea)
if thischunk:
ea = thischunk.end_ea
elif idaapi.is_code(idaapi.get_full_flags(ea)):
yield ea
ea = idaapi.next_head(ea, last)
elif nextchunk is None:
return
elif nextcode < nextchunk.start_ea:
yield nextcode
ea = nextcode
else:
ea = nextchunk.end_ea
def _sig_instruction(self, addr: int) -> Optional[str]:
"""
Get the bytes for a single instruction with wildcards
:param addr: Instruction address
:return: A signature chunk
"""
# I'm not sure if either of these checks will ever happen
# So let it explode until it does by trying to join None
if not idaapi.is_code(idaapi.get_flags(addr)):
return None
if not idaapi.can_decode(addr):
return None
insn = idaapi.insn_t()
insn.size = 0
idaapi.decode_insn(insn, addr)
if insn.size == 0:
return None
if insn.size < 5:
return self._sig_bytes(insn.ea, insn.size)
op_size = self._get_current_opcode_size(insn)
if op_size == 0:
return self._sig_bytes(insn.ea, insn.size)
operand_size = insn.size - op_size
sig = self._sig_bytes(insn.ea, op_size)
if self._match_operands(insn.ea):
sig += ' ' + self._sig_bytes(insn.ea + op_size, operand_size)
else:
sig += ' ' + self._sig_wildcards(operand_size)
return sig
def is_code(self):
"""Is the line code."""
return idaapi.is_code(self.flags)
def is_code_ea(ea):
flags = idaapi.getFlags(ea) # flags_t
return idaapi.is_code(flags)
def __init__(self, ea, cs, IDA_inst, IDA_inst_size, IDA_inst_string):
"""Initialization function, to disassemble with Capstone"""
# Init the node structure
node_t.__init__(self)
# Check if it's a code instruction
try:
is_c = is_code(get_flags(ea))
except:
is_c = isCode(GetFlags(ea))
if not is_c:
raise CodeException
#
# fill node_t struct
#
# NodeInfo
self.info = NodeInfo()
inst_elements = []
if cs is not None:
try:
size = create_insn(ea)
bytes = get_bytes(ea, size)
except:
size = MakeCode(ea)
bytes = GetManyBytes(ea, size)
(address, size, mnemonic,
op_str) = next(cs.disasm_lite(bytes, ea, count=1))
else:
address = ea
size = IDA_inst_size
splitted = IDA_inst_string.split(" ")
mnemonic = splitted[0]
op_str = " ".join(splitted[1:])
self.info.opcode = mnemonic
self.info.inst_str = self.info.opcode + " " + op_str
splitted = op_str.split(", ")
self.info.nargs = 0
if len(splitted) >= 1:
self.info.arg1 = splitted[0]
self.info.nargs += 1
if len(splitted) >= 2:
self.info.arg2 = splitted[1]
self.info.nargs += 1
if len(splitted) >= 3:
self.info.arg3 = splitted[2]
self.info.nargs += 1
# No node will be root but this is acceptable for CFGs
self.info.is_root = False
self.info.address = ea
self.info.has_address = True
# node_t
self.node_id = self._genid()