def make_offsets(segname):
segea = idc.SegByBase(idc.SegByName(segname))
segend = idc.SegEnd(segea)
while segea < segend:
idc.OpOffset(segea, 0)
ptr = idc.Dword(segea)
idc.OpOffset(ptr, 0)
segea += 4
def make_offsets(segname):
'''
change the segment's data value into offset by class name
'''
segea = idc.SegByBase(idc.SegByName(segname))
segend = idc.SegEnd(segea)
while segea < segend:
idc.OpOffset(segea, 0)
ptr = idc.Dword(segea)
idc.OpOffset(ptr, 0)
segea += 4
def make_offset():
"""Resolve an offset to a pointer
For some reason, it seems as though IDA will not auto-define a pointer DWORD. Ex:
.rodata:08E30000 dd 8271234h
In the case that 0x8271234 is actually a function, resolving the offset will
result in:
.rodata:08E30000 dd offset _ZN29ClassAD1Ev ; ClassA::~ClassA()
"""
idc.OpOffset(idc.ScreenEA(), 0)
def main():
for segstart, segend, segname in enum_segments():
if segname not in ('.text', '.data'):
continue
for src, dst in find_pointers(segstart, segend):
if is_code(src):
# ignore instructions like:
#
# call ds:__vbaGenerateBoundsError
#print('code pointer: 0x%x -> 0x%x' % (src, dst))
continue
if is_in_string(src):
# for example, the following contains 0x444974 (a common valid offset):
#
# text:004245B0 aRequestid db 'requestID',
#
# enable or disable this behavior as you wish
print('string pointer: 0x%x -> 0x%x' % (src, dst))
pass
#continue
print('pointer from 0x%x to 0x%x' % (src, dst))
if is_unknown(dst):
print('destination unknown, making byte: 0x%x' % (dst))
idc.MakeByte(dst)
elif is_head(dst):
# things are good
pass
else:
# need to undefine head, and make byte
head_va = get_head(dst)
print('destination overlaps with head: 0x%x' % (head_va))
idc.MakeUnkn(head_va, dst - head_va)
idc.MakeByte(head_va)
idc.MakeByte(dst)
idc.MakeUnkn(src, 4)
idc.MakeDword(src)
# this doesn't seem to always work :-(
idc.OpOffset(src, 0)