def getRegOffset(eax, reg, opnum):
reg_val = idaversion.getRegVarValue(reg)
#except:
# ''' reg is a symbol, get its value and read memory at that address '''
# x = idc.get_name_ea_simple(reg)
# reg_val = idc.read_dbg_dword(x)
# print('reg %s is symbol, got x of 0x%x, read that to get 0x%x' % (reg, x, reg_val))
offset = idaversion.get_operand_value(eax, opnum)
retval = reg_val+offset
return retval
def getRefAddr():
''' Get address from the operand currently under the cursor.
If just a register, use that. If calculated within brackets,
try decoding that.
'''
retval = None
ea = idaversion.get_screen_ea()
flags = idaversion.get_full_flags(ea)
if idaversion.is_code(flags):
opnum = idaapi.get_opnum()
op_type = idaversion.get_operand_type(ea, opnum)
op = idc.print_operand(ea, opnum)
print('is code, type %d op %s' % (op_type, op))
#if op_type == idc.o_disp:
if op_type == 4:
''' displacement from reg address '''
val = op.split('[', 1)[1].split(']')[0]
if ',' in val:
reg = val.split(',')[0]
retval = getRegOffset(ea, reg, opnum)
elif '+' in val:
reg = val.split('+')[0]
retval = getRegOffset(ea, reg, opnum)
else:
try:
retval = idaversion.getRegVarValue(val)
except:
print('%s not a reg' % reg)
elif op_type == 3:
retval = idaversion.get_operand_value(ea, opnum)
elif op_type == 1:
retval = idaversion.getRegVarValue(op)
else:
print('Op type %d not handled' % op_type)
else:
return ea
return retval