def apply(self): func_frame = self.func_frame_pointer if self.new: ida_struct.add_struc_member(func_frame, self.data, self.offset, 0, ida_nalt.opinfo_t(), self.var_size) else: ida_struct.set_member_name(func_frame, self.offset, self.data) return True
def push_ptr_member_to_struct( struct, member_name, member_type, offset=BADADDR, overwrite=False ): mt = None flag = idaapi.FF_DWORD member_size = WORD_LEN if member_type is not None and (member_type.is_struct() or member_type.is_union()): logging.debug("Is struct!") substruct = extract_struct_from_tinfo(member_type) if substruct is not None: flag = idaapi.FF_STRUCT mt = ida_nalt.opinfo_t() mt.tid = substruct.id logging.debug( f"Is struct: {ida_struct.get_struc_name(substruct.id)}/{substruct.id}" ) member_size = ida_struct.get_struc_size(substruct.id) member_type = None elif WORD_LEN == 4: flag = idaapi.FF_DWORD elif WORD_LEN == 8: flag = idaapi.FF_QWORD new_member_name = member_name if overwrite and ida_struct.get_member(struct, offset): logging.debug("Overwriting!") ret_val = ida_struct.set_member_name(struct, offset, member_name) i = 0 while ret_val == ida_struct.STRUC_ERROR_MEMBER_NAME: new_member_name = "%s_%d" % (member_name, i) i += 1 if i > 250: return ret_val = ida_struct.set_member_name(struct, offset, new_member_name) else: ret_val = ida_struct.add_struc_member( struct, new_member_name, offset, flag, mt, member_size ) i = 0 while ret_val == ida_struct.STRUC_ERROR_MEMBER_NAME: new_member_name = "%s_%d" % (member_name, i) i += 1 if i > 250: return ret_val = ida_struct.add_struc_member( struct, new_member_name, offset, flag, mt, member_size ) if ret_val != 0: logging.debug(f"ret_val: {ret_val}") member_ptr = ida_struct.get_member_by_name(struct, new_member_name) if member_ptr is None: logging.debug("member is None") if member_type is not None and member_ptr is not None: ida_struct.set_member_tinfo( struct, member_ptr, 0, member_type, idaapi.TINFO_DEFINITE ) return member_ptr
def set_member_name(struct, offset, new_name): i = 0 ret_val = ida_struct.set_member_name(struct, offset, new_name) while not ret_val: formatted_new_name = "%s_%d" % (new_name, i) i += 1 if i > 250: return False ret_val = ida_struct.set_member_name(struct, offset, formatted_new_name) return True
def set_member_name_retry(member_ptr, new_name): """@return: True/False""" assert member_ptr assert new_name struct_ptr = get_sptr_by_member_id(member_ptr.id) offset = member_ptr.get_soff() if ida_struct.set_member_name(struct_ptr, offset, new_name): return True index = MIN_MEMBER_INDEX while index <= MAX_MEMBER_INDEX: if ida_struct.set_member_name( struct_ptr, offset, "%s%s%d" % (new_name, MEMBER_INDEX_SPLITTER, index) ): return True return False
def fill_stack_variable(self, func_addr, offset, user=None, artifact=None, ida_code_view=None, **kwargs): if ida_code_view is None: return False stack_var: StackVariable = artifact frame = idaapi.get_frame(stack_var.addr) changes = False if frame is None or frame.memqty <= 0: _l.warning( f"Function {stack_var.addr:x} does not have an associated function frame. Stopping sync here!" ) return False if ida_struct.set_member_name(frame, offset, stack_var.name): changes |= True ida_type = compat.convert_type_str_to_ida_type(stack_var.type) if ida_type is None: _l.warning(f"IDA Failed to parse type for stack var {stack_var}") return changes changes |= compat.set_stack_vars_types({offset: ida_type}, ida_code_view, self) return changes
def _f1(idx, ctx): import idc import ida_bytes obj = ctx.get_memref('stroff') print "%x" % obj.ea ti = idaapi.opinfo_t() f = idc.GetFlags(obj.ea) if idaapi.get_opinfo(obj.ea, 0, f, ti): print("tid=%08x - %s" % (ti.tid, idaapi.get_struc_name(ti.tid))) print "Offset: {}".format(obj.offset) import ida_struct obj2 = ctx.get_obj('fcn') print "%x" % obj2.addr name_str = ida_name.get_name(obj2.addr) print "Name {}".format(name_str) ida_struct.set_member_name(ida_struct.get_struc(ti.tid), obj.offset, name_str)
def __call__(self): struc = ida_struct.get_struc_id(Event.encode(self.sname)) sptr = ida_struct.get_struc(struc) ida_struct.set_member_name(sptr, self.offset, Event.encode(self.newname))
def implement(self): id_of_struct = ida_struct.get_struc_id(str(self._id)) ida_struct.set_member_name(ida_struct.get_struc(id_of_struct), int(self._offset), str(self._value))
def add_to_struct( struct, member_name, member_type=None, offset=BADADDR, is_offset=False, overwrite=False, ): mt = None flag = idaapi.FF_DWORD member_size = WORD_LEN if member_type is not None and (member_type.is_struct() or member_type.is_union()): logging.debug("Is struct!") substruct = extract_struct_from_tinfo(member_type) if substruct is not None: flag = idaapi.FF_STRUCT mt = ida_nalt.opinfo_t() mt.tid = substruct.id logging.debug( f"Is struct: {ida_struct.get_struc_name(substruct.id)}/{substruct.id}" ) member_size = ida_struct.get_struc_size(substruct.id) elif WORD_LEN == 4: flag = idaapi.FF_DWORD elif WORD_LEN == 8: flag = idaapi.FF_QWORD if is_offset: flag |= idaapi.FF_0OFF mt = ida_nalt.opinfo_t() r = ida_nalt.refinfo_t() r.init( ida_nalt.get_reftype_by_size(WORD_LEN) | ida_nalt.REFINFO_NOBASE) mt.ri = r new_member_name = member_name member_ptr = ida_struct.get_member(struct, offset) if overwrite and member_ptr: if ida_struct.get_member_name(member_ptr.id) != member_name: logging.debug("Overwriting!") ret_val = ida_struct.set_member_name(struct, offset, member_name) i = 0 while ret_val == ida_struct.STRUC_ERROR_MEMBER_NAME: new_member_name = "%s_%d" % (member_name, i) i += 1 if i > 250: logging.debug("failed change name") return ret_val = ida_struct.set_member_name(struct, offset, new_member_name) else: ret_val = ida_struct.add_struc_member(struct, new_member_name, offset, flag, mt, member_size) i = 0 while ret_val == ida_struct.STRUC_ERROR_MEMBER_NAME: new_member_name = "%s_%d" % (member_name, i) i += 1 if i > 250: return ret_val = ida_struct.add_struc_member(struct, new_member_name, offset, flag, mt, member_size) if ret_val != 0: logging.debug(f"ret_val: {ret_val}") member_ptr = ida_struct.get_member_by_name(struct, new_member_name) if member_type is not None and member_ptr is not None: ida_struct.set_member_tinfo(struct, member_ptr, 0, member_type, idaapi.TINFO_DEFINITE) return member_ptr
def set_struct_member_name(ida_struct, frame, offset, name): ida_struct.set_member_name(frame, offset, name)