def parse_function_args(ea: int) -> str: local_variables = [] arguments = [] current = local_variables frame = idc.get_func_attr(ea, FUNCATTR_FRAME) arg_string = "" if frame is None: return "" start = idc.get_first_member(frame) end = idc.get_last_member(frame) count = 0 max_count = 10000 args_str = "" while start <= end and count <= max_count: size = idc.get_member_size(frame, start) count = count + 1 if size is None: start = start + 1 continue name = idc.get_member_name(frame, start) start += size if name in [" r", " s"]: # Skip return address and base pointer current = arguments continue arg_string += f" {name}" current.append(name) args_str = ", ".join(arguments) if len(args_str) == 0: args_str = "void" return f"({args_str})"
def set_struct_offsets(offsets, sid): for offset in offsets: try: add_struct_member(sid, offset_name(offset), offset.offset, offset.size) except exceptions.SarkErrorStructMemberName: # Get the offset of the member with the same name existing_offset = idc.get_member_offset(sid, offset_name(offset)) if offset.offset == existing_offset: pass else: raise except exceptions.SarkErrorStructMemberOffset: # Get the size of the member at the same offset if offset.size == idc.get_member_size(sid, offset.offset): # If they are the same, all is well. pass
def get_stack_arg(func_addr): print func_addr args = [] stack = idc.get_frame_id(func_addr) if not stack: return [] firstM = idc.get_first_member(stack) lastM = idc.get_last_member(stack) i = firstM while i <= lastM: mName = idc.get_member_name(stack, i) mSize = idc.get_member_size(stack, i) if mSize: i = i + mSize else: i = i + 4 if mName not in args and mName and ' s' not in mName and ' r' not in mName: args.append(mName) return args
def get_stackVariables(func_addr): #print func_addr args = [] stack = idc.get_frame_id(func_addr) if not stack: return 0 firstM = idc.get_first_member(stack) lastM = idc.get_last_member(stack) i = firstM while i <=lastM: mName = idc.get_member_name(stack,i) mSize = idc.get_member_size(stack,i) if mSize: i = i + mSize else: i = i+4 if mName not in args and mName and 'var_' in mName: args.append(mName) return len(args)
def StructMembers(sid): """ Get a list of structure members information (or stack vars if given a frame). @param sid: ID of the structure. @return: List of tuples (offset, name, size) @note: If 'sid' does not refer to a valid structure, an exception will be raised. @note: This will not return 'holes' in structures/stack frames; it only returns defined structure members. """ m = idc.get_first_member(sid) if m == -1: raise Exception("No structure with ID: 0x%x" % sid) while (m != ida_idaapi.BADADDR): name = idc.get_member_name(sid, m) if name: yield (m, name, idc.get_member_size(sid, m)) m = idc.get_next_offset(sid, m)
def size(self): if self.is_stack: return idc.get_member_size(self.frame_id, self.stack_offset) else: return idc.get_item_size(self.addr)
def build_stack_variable(func_ea): stack_vars = dict() frame = idc.get_func_attr(func_ea, idc.FUNCATTR_FRAME) if not frame: return stack_vars f_name = get_symbol_name(func_ea) #grab the offset of the stored frame pointer, so that #we can correlate offsets correctly in referent code # e.g., EBP+(-0x4) will match up to the -0x4 offset delta = idc.get_member_offset(frame, " s") if delta == -1: delta = 0 if f_name not in _FUNC_UNSAFE_LIST: offset = idc.get_first_member(frame) while -1 != _signed_from_unsigned(offset): member_name = idc.get_member_name(frame, offset) if member_name is None: offset = idc.get_next_offset(frame, offset) continue if (member_name == " r" or member_name == " s"): offset = idc.get_next_offset(frame, offset) continue member_size = idc.get_member_size(frame, offset) if offset >= delta: offset = idc.get_next_offset(frame, offset) continue member_flag = idc.get_member_flag(frame, offset) flag_str = _get_flags_from_bits(member_flag) member_offset = offset - delta stack_vars[member_offset] = { "name": member_name, "size": member_size, "flags": flag_str, "writes": list(), "referent": list(), "reads": list(), "safe": False } offset = idc.get_next_offset(frame, offset) else: offset = idc.get_first_member(frame) frame_size = idc.get_func_attr(func_ea, idc.FUNCATTR_FRSIZE) flag_str = "" member_offset = _signed_from_unsigned(offset) - delta stack_vars[member_offset] = { "name": f_name, "size": frame_size, "flags": flag_str, "writes": list(), "referent": list(), "reads": list(), "safe": False } return stack_vars