def _guess_architecture(): """Try to guess the current architecture.""" reg_names = ida_idp.ph_get_regnames() inf = ida_idaapi.get_inf_structure() if "ax" in reg_names and "xmm0" in reg_names: if inf.is_64bit(): return "amd64" else: return "x86" elif "ARM" in inf.procName: if inf.is_64bit(): return "aarch64" else: raise UnhandledArchitectureType( "Unrecognized 32-bit ARM architecture: {}".format(inf.procName) ) elif "sparc" in inf.procName: if inf.is_64bit(): return "sparc64" else: return "sparc32" else: raise UnhandledArchitectureType( "Unrecognized archictecture: {}".format(inf.procName) )
def ev_out_operand(self, outctx, op): insn = outctx.insn if insn.itype in [NewInstructions.NN_ld_hu, NewInstructions.NN_st_h]: if op.type == o_displ: outctx.out_value(op, OOF_ADDR) brackets = insn.ops[op.n].specflag1 & N850F_USEBRACKETS if brackets: outctx.out_symbol('[') outctx.out_register(ph_get_regnames()[op.reg]) if brackets: outctx.out_symbol(']') return True return False
info = idaapi.get_inf_structure() BITS = None ARCH = 'arm' if info.is_64bit(): BITS = 64 elif info.is_32bit(): BITS = 32 else: BITS = 16 FILE_TYPE = ENUM_FILE_TYPE[info.filetype] #print FILE_TYPE if 'PC' in ida_idp.ph_get_regnames() or 'pc' in ida_idp.ph_get_regnames(): ARCH = 'arm' else: ARCH = 'x86' # must be created idaapi.CompileLine( 'static LoadStrings() { RunPythonStatement("LoadStrings()"); }') idaapi.CompileLine( 'static LoadMethods() { RunPythonStatement("LoadMethods()"); }') idaapi.CompileLine('static AutoLoad() { RunPythonStatement("AutoLoad()"); }') idaapi.CompileLine( 'static LocationHelper() { RunPythonStatement("LocationHelper()"); }') # Add the hotkey AddHotkey("Ctrl-Alt-S", 'LoadStrings')
def GetRegisterList(): """Returns the register list""" return ida_idp.ph_get_regnames()
def _expand_locations(arch, pfn, ty, argloc, out_locs): """Expand the locations referred to by `argloc` into a list of `Location`s in `out_locs`.""" reg_names = ida_idp.ph_get_regnames() where = argloc.atype() if where == ida_typeinf.ALOC_STACK: sp_adjust_retaddr = int( ida_frame.frame_off_args(pfn) - ida_frame.frame_off_retaddr(pfn) ) loc = Location() loc.set_memory(arch.stack_pointer_name(), argloc.stkoff() + sp_adjust_retaddr) loc.set_type(ty) out_locs.append(loc) # Distributed across two or more locations. elif where == ida_typeinf.ALOC_DIST: for part in argloc.scattered(): part_ty = ty.extract(arch, part.off, part.size) _expand_locations(arch, pfn, part_ty, part, out_locs) # Located in a single register, possibly in a small part of the register # itself. elif where == ida_typeinf.ALOC_REG1: ty_size = ty.size(arch) reg_name = reg_names[argloc.reg1()].upper() try: reg_offset = argloc.regoff() family = arch.register_family(reg_name) # Try to guess the right name for the register based on the size of the # type that it will contain. For example, IDA will tell us register `ax` # is used, not specify if it's `al`, `ah`, `eax`, or `rax`. # # NOTE: The registers in the family tuple are sorted in descending # order of size. found = False for f_reg_name, f_reg_offset, f_reg_size in family: if f_reg_offset != reg_offset: continue if ty_size == f_reg_size: found = True reg_name = f_reg_name break if not found: raise Exception() except: reg_name = ( ida_idp.get_reg_name(argloc.reg1(), ty_size) or reg_name ).upper() loc = Location() loc.set_register(arch.register_name(reg_name)) loc.set_type(ty) out_locs.append(loc) # Located in a pair of registers. elif where == ida_typeinf.ALOC_REG2: ty_size = ty.size(arch) reg_name1 = reg_names[argloc.reg1()].upper() reg_name2 = reg_names[argloc.reg2()].upper() ty1 = ty.extract(arch, 0, ty_size / 2) ty2 = ty.extract(arch, ty_size / 2, ty_size / 2) try: found = False family1 = arch.register_family(reg_name1) family2 = arch.register_family(reg_name2) # Try to guess which registers IDA actually meant. For example, for # an `EDX:EAX` return value, our `ty_size` will be 8 bytes, but IDA will # report the registers as `ax` and `dx` (due to those being the names in # `ph_get_regnames`). So, we have to scan through the associated family # and try to see if we can guess the right version of those registers. for r1_info, r2_info in itertools.product(family1, family2): f_reg_name1, f_reg_offset1, f_reg_size1 = r1_info f_reg_name2, f_reg_offset2, f_reg_size2 = r2_info if f_reg_offset1 or f_reg_offset2: continue if ty_size == (f_reg_size1 + f_reg_size2): found = True reg_name1 = f_reg_name1 reg_name2 = f_reg_name2 ty1 = ty.extract(arch, 0, f_reg_size1) ty2 = ty.extract(arch, f_reg_size1, f_reg_size2) break if not found: raise Exception() except Exception as e: reg_name1 = ( ida_idp.get_reg_name(argloc.reg1(), ty_size) or reg_name1 ).upper() reg_name2 = ( ida_idp.get_reg_name(argloc.reg2(), ty_size) or reg_name2 ).upper() loc1 = Location() loc1.set_register(arch.register_name(reg_name1)) loc1.set_type(ty1) out_locs.append(loc1) loc2 = Location() loc2.set_register(arch.register_name(reg_name2)) loc2.set_type(ty2) out_locs.append(loc2) # Memory location computed as value in a register, plus an offset. # # TODO(pag): How does this work if the register itself is not # treated as an argument? elif where == ida_typeinf.ALOC_RREL: rrel = argloc.get_rrel() loc = Location() loc.set_memory( _get_address_sized_reg(arch, reg_names[rrel.reg].upper()), rrel.off ) loc.set_type(ty) out_locs.append(loc) # Global variable with a fixed address. We can represent this # as computing a PC-relative memory address. elif where == ida_typeinf.ALOC_STATIC: loc = Location() loc.set_memory(arch.program_counter_name(), argloc.get_ea() - ea) loc.set_type(ty) out_locs.append(loc) # Unsupported. else: raise InvalidLocationException( "Unsupported location {} with type {}".format( str(argloc), ty.serialize(arch, {}) ) )