Python Opnd Examples

Programming Language: Python

Namespace/Package Name: idaobj

Method/Function: Opnd

Examples at hotexamples.com: 5

Python Opnd - 5 examples found. These are the top rated real world Python examples of idaobj.Opnd extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

    def make_arg_opnd(self, arg_idx):
        arg_opnd = make_reg_arg_opnd(arg_idx)
        if arg_opnd is not None:
            return arg_opnd
        else:
            od = '[rsp+arg_{}]'.format(idabuty.beautify_offset(8 * arg_idx))

            return idaobj.Opnd(ot=idc.o_displ, od=od)

Example #2

Show file

    def make_arg_opnd(self, arg_idx):
        arg_opnd = make_reg_arg_opnd(arg_idx)
        if arg_opnd is not None:
            return arg_opnd
        else:
            stack_base = self.func.find_stack_base().od
            offset = int(stack_base.rstrip('h'), 16) - (8 * arg_idx)
            od = '[rsp+{}+var_{}]'.format(stack_base,
                                          idabuty.beautify_offset(offset))

            return idaobj.Opnd(ot=idc.o_displ, od=od)

Example #3

Show file

    def find_dispatch_dev_ctrl(self):
        print idabuty.beautify_title('DriverObject:'), self.find_drv_obj()

        for ea in idautils.Heads(self.f.startEA, self.f.endEA):
            if idc.GetMnem(ea) == 'mov':
                opnd = idaobj.Opnd(ea=ea, oi=0)
                if opnd.ot == idc.o_displ:
                    parsed_opnd = opnd.parse()

                    if len(parsed_opnd) == 2:
                        pass
                        #print idabuty.beautify_ea(ea)

                    if len(parsed_opnd) == 3:
                        base_reg, idx, displ = parsed_opnd

                        # ['rcx', 'rax', '70h']
                        if ('*' not in idx) and (not idx.endswith('h')):
                            idx_reg = idx

                            opnd1 = self.find_drv_obj(
                            )  # mov     [rsp+drv_obj], rcx
                            opnd2 = idafind.find(
                                ea,
                                idaobj.Opnd(ot=idc.o_reg, od=base_reg),
                                is_bwd=1)  # mov     rcx, [rsp+48h+drv_obj]
                            is_drv_obj = idaobj.cmp_od_displ(opnd1, opnd2)

                            opnd = idafind.find(ea,
                                                idaobj.Opnd(ot=idc.o_reg,
                                                            od=idx_reg),
                                                is_bwd=True)
                            is_mj_dev_ctrl = '0Eh' == idaobj.parse_opnd(opnd)

                            is_mj_func = '70h' == displ

                            if is_drv_obj and is_mj_dev_ctrl and is_mj_func:
                                return idafind.get_func_from_opnd(
                                    idaobj.Opnd(ea=ea, oi=1))

        raise idafind.NotFoundError

Example #4

Show file

    def find_io_stack_loc(self):
        irp_opnd = self.find_irp()
        print beautify_title('IRP:'), irp_opnd

        call_eas = self.find_mnem_eas('call')
        call_eas = filter(
            lambda ea: idafind.is_func_call_arg(self.f, ea, 0, irp_opnd),
            call_eas)
        call_eas = filter(
            lambda ea: 'IofCompleteRequest' not in idcnew.GetOpnd(ea, 0),
            call_eas)

        assert len(call_eas) == 1  # TODO: check +0B8h

        return idafind.find(call_eas[0], idaobj.Opnd(ot=idc.o_reg, od='rax'))

Example #5

Show file

    def find_stack_base(self):
        from_ea = idcnew.GetBB(self.f.startEA).endEA
        target_opnd = idaobj.Opnd(ot=idc.o_reg, od='rsp')

        return idafind.find(from_ea, target_opnd, is_bwd=True)