def yatest_comments(self): eas = [] for offset in range(0, 3): for fn_cmt, fn_rpt, cmt, rpt, post, ant in tests: ea = get_func_item(offset) eas.append(ea) logger.debug("setting at 0x%08X : %r, %r, %r, %r, %r, %r" % (ea, fn_cmt, fn_rpt, cmt, rpt, post, ant)) if fn_cmt != None: self.assertEqual(idc.SetFunctionCmt(ea, fn_cmt, False), True) if fn_rpt != None: self.assertEqual(idc.SetFunctionCmt(ea, fn_rpt, True), True) if cmt != None: self.assertEqual(idc.MakeComm(ea, cmt), True) if rpt != None: self.assertEqual(idc.MakeRptCmt(ea, rpt), True) if post != None: for i, txt in enumerate(post.split('\n')): self.try_ext_lin(idc.ExtLinB, ea, i, txt) if ant != None: for i, txt in enumerate(ant.split('\n')): self.try_ext_lin(idc.ExtLinA, ea, i, txt) yaunit.save('comments', eas)
def refresh_comments(self): if self.ea == idc.BADADDR: return comment = self.get_comment() if comment: idc.SetFunctionCmt(self.ea, comment, False)
def handle_found(addr, candidates): """Callback when @candidates have been found for a given address @addr. Print and add an IDA comment at @addr @addr: address of the function analyzed @candidates: list of string of possible matched functions """ print "Found %s at %s" % (",".join(candidates), hex(addr)) idc.SetFunctionCmt(addr, "[Sibyl] %s?" % ",".join(candidates), False)
def unlink(self): if self.owner and self in self.owner.methods: self.owner.methods.remove(self) self.owner = None if self.ea != idc.BADADDR: del database.get().known_methods[self.ea] idc.MakeName(self.ea, '') idc.SetFunctionCmt(self.ea, '', False)
def make_header_comment(self, object_version, address): try: repeatable_headercomment = self.sanitize_comment_to_ascii( object_version.get_header_comment(True)) obj_type = object_version.get_type() if obj_type == ya.OBJECT_TYPE_FUNCTION: idc.SetFunctionCmt(address, repeatable_headercomment, 1) elif obj_type == ya.OBJECT_TYPE_STRUCT: struc_id = self.struc_ids[object_version.get_id()] idc.SetStrucComment(struc_id, repeatable_headercomment, 1) except KeyError: pass try: nonrepeatable_headercomment = self.sanitize_comment_to_ascii( object_version.get_header_comment(False)) obj_type = object_version.get_type() if obj_type == ya.OBJECT_TYPE_FUNCTION: idc.SetFunctionCmt(address, nonrepeatable_headercomment, 0) elif obj_type == ya.OBJECT_TYPE_STRUCT: struc_id = self.struc_ids[object_version.get_id()] idc.SetStrucComment(struc_id, nonrepeatable_headercomment, 0) except KeyError: pass
def apply_snippet_to_disasm(self, _func_address, _snippet_info): # set function name snippet_name = _snippet_info[0] while idc.MakeNameEx(_func_address, snippet_name, idc.SN_NON_AUTO) == 0: snippet_name = idc.AskStr( '', ' function name is already used, try another one') if snippet_name is None: return (False) # set function description idc.SetFunctionCmt(_func_address, _snippet_info[1], 0) # set comment(s) comments = _snippet_info[4] while comments: comm_len = struct.unpack('>I', comments[:4])[0] comments = comments[4:] offset = struct.unpack('>I', comments[:4])[0] comments = comments[4:] idc.MakeComm(_func_address + offset, comments[:comm_len]) comments = comments[comm_len:] return True
def annotate_vector_table(self, vtoffset=0x0000000000): ''' Name the vector table entries according to docs: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0552a/BABIFJFG.html Vector tables can appear in mulitple places in device flash Functions are not renamed because multiple vectors might point to a single function Append the address of the VT entry to the name from self.annotations to keep unique names ''' for annotation_index in range(len(self.annotations)): entry_addr = vtoffset + 4 * annotation_index entry_name = "%s_%08x" % (self.annotations[annotation_index], entry_addr) idc.MakeDword(entry_addr) ida_name.set_name(entry_addr, entry_name, 0) # get the bytes of the vt entry dword = idc.Dword(entry_addr) if dword != 0: # print "ea %08x = 0x%08x" % (ea, dword) idc.MakeCode(dword - 1) idc.MakeFunction(dword - 1) # TODO fix the offsets created here # for thumb, they show to be off by a byte # one of the end args controls stuff about this idc.OpOffEx(entry_addr, 0, idaapi.REF_OFF32, -1, 0, 0) instruction = idc.Word(dword - 1) # functions like this are common if instruction == 0xe7fe: idc.SetFunctionCmt(dword - 1, 'Infinite Loop', 1)
def fn_empty(cls, address, repeatable=1): idc.SetFunctionCmt(int(address), '', repeatable) pass
def fn_write(cls, address, key, value, repeatable=1): result = cls.fn_read(address, repeatable=repeatable) result[key] = value if '__address__' in result: del(result['__address__']) return idc.SetFunctionCmt(int(address), comment.toString(result).encode('ascii'), repeatable)
def setComment(ea, string, repeatable=1): return idc.SetFunctionCmt(int(ea), string, repeatable)
def set_comment(self, comment, repeteable=True): return idc.SetFunctionCmt(self.addr, comment, repeteable)
"nm -C {}".format(executable), shell=True, stdout=PIPE, stderr=PIPE) out_demangled, err = proc.communicate() errcode = proc.returncode if errcode != 0: raise Exception("cannot get demangled symbols!") symbols = {} for nlist, dlist in zip(out.splitlines(), out_demangled.splitlines()): a, t, name = nlist.split(" ") ad, td, named = dlist.split(" ", 2) if a != ad: raise Exception("error processing %s/%s, %s != %s".format( name, named, a, ad)) addr = int(a, 16) if t in ["t", "T"]: make_func(addr) if name.lstrip("_") != named.lstrip("_"): idc.SetFunctionCmt(addr, named, 0) idc.MakeNameEx(addr, name, idc.SN_NOWARN) if name.lstrip("_") != named.lstrip("_"): idc.MakeComm(addr, named)
comment = "%s = 0" % (idc.GetOpnd(ea, 0)) idc.MakeComm(ea, comment) # 利用idc.GetCommentEx(ea, repeatable)获取注释 # 0x1000014f8L xor r11d, r11d; r11d = 0 # r11d = 0 ea = here() print hex(ea),idc.GetDisasm(ea) print idc.GetCommentEx(ea, False) # 利用idc.SetFunctionCmt(ea, cmt, repeatable)给函数添加注释 如果将函数的注释标记为可重复性的话,那么它会在任何调用该函数的地方增加注释 # 利用idc.GetFunctionCmt(ea, repeatable)获取函数的注释 ea = here() print hex(ea),idc.GetDisasm(ea) print idc.GetFunctionName(ea) idc.SetFunctionCmt(ea, "Check out later", True) # 利用idc.MakeName(ea, name)重命名函数或者地址 要重命令函数的话,ea一定要是函数的起始地址 ea = 0x1000039A4 print idc.GetFunctionName(ea) print hex(ea),idc.GetDisasm(ea) print idc.MakeName(ea, "wgetmainargs_wrap") print idc.GetFunctionName(ea) # 重命名操作数 #0x100003bc2L mov eax, cs:dword_100006170 #0x100006170L dd 0 #True #0x100003bc2L mov eax, cs:BETA ea = here() print hex(ea), idc.GetDisasm(ea)
def __init__(self, first_addr): for func_item in list(idautils.FuncItems(first_addr)): idc.MakeComm(func_item, "") idc.MakeRptCmt(func_item, "") idc.SetFunctionCmt(first_addr, "", 0) idc.SetFunctionCmt(first_addr, "", 1)
def _embed_func_cmnt(self, comment, repeatable): idc.SetFunctionCmt(self._first_addr, comment, repeatable)