def load_kmdf_types_into_idb():
header_path = idautils.GetIdbDir()
idaapi.idc_parse_types("".join([header_path, "WDFStructs.h"]), idc.PT_FILE)
for idx in range(1, idc.get_ordinal_qty()):
#Fails to add some of the types
print((idx, idc.get_numbered_type_name(idx)))
idc.import_type(idx, idc.get_numbered_type_name(idx))
def ParseTypeString(type_string):
if fDebug:
pydevd_pycharm.settrace('127.0.0.1',
port=31337,
stdoutToServer=True,
stderrToServer=True,
suspend=False)
tp = TinfoReader(type_string)
# print idc_print_type(type_, fields, "fun_name", 0)
# print type_.encode("string_escape")
output = []
"""
Attempt to copy the tinfo from a location, replacing any Local Types with our own representation of them.
Pass all other bytes through as-is.
"""
while tp.keep_going():
a_byte = tp.read_byte()
unwritten_bytes = [a_byte]
if a_byte == ord("=") and tp.pos < len(tp.tp): # a type begins
ordinal_length = tp.read_byte()
if tp.pos < len(
tp.tp) and len(tp.tp) - (tp.pos + ordinal_length - 1) >= 0:
number_marker = tp.read_byte()
if number_marker == ord(
"#"
): # this is a Local Type referred to by its ordinal
ordinal = decode_ordinal_string(
struct.pack("B", ordinal_length) + b"#" +
tp.read_string(ordinal_length - 2))
t = idc.get_numbered_type_name(ordinal)
output.append({"local_type": t})
# if t not in self.depends:
# self.depends.append(t)
# self.depends_ordinals.append(ordinal)
continue
else:
unwritten_bytes.append(ordinal_length)
unwritten_bytes.append(number_marker)
else:
unwritten_bytes.append(ordinal_length)
elif a_byte == ord("#") and (
(len(output) >= 4 and output[-4:-1] == [0x0A, 0x0D, 0x01]) or
(len(output) >= 3 and output[-3:-1] == [0x0D, 0x01])):
ordinal_length = output[-1]
output.pop(-1)
ordinal = decode_ordinal_string(
struct.pack("B", ordinal_length) + b"#" +
tp.read_string(ordinal_length - 2))
t = idc.get_numbered_type_name(ordinal)
output.append({"rare_local_type": t})
# if t not in self.depends:
# self.depends.append(t)
# self.depends_ordinals.append(ordinal)
continue
output += unwritten_bytes # put all the bytes we didn't consume into the output as-is
return output
def initialize_nodes(self):
for ordinal in range(1, idc.get_ordinal_qty()):
# if ordinal == 15:
# import pydevd
# pydevd.settrace("localhost", port=12345, stdoutToServer=True, stderrToServer=True)
local_tinfo = StructureGraph.get_tinfo_by_ordinal(ordinal)
if not local_tinfo:
continue
name = idc.get_numbered_type_name(ordinal)
if local_tinfo.is_typeref():
typeref_ordinal = local_tinfo.get_ordinal()
members_ordinals = []
if typeref_ordinal:
typeref_tinfo = StructureGraph.get_tinfo_by_ordinal(
typeref_ordinal)
if typeref_tinfo.is_typeref() or typeref_tinfo.is_udt(
) or typeref_tinfo.is_ptr():
members_ordinals = [typeref_ordinal]
cdecl_typedef = idaapi.print_tinfo(None, 4, 5, 0x3,
local_tinfo, None, None)
self.local_types[ordinal] = LocalType(name,
members_ordinals,
cdecl_typedef,
is_typedef=True)
elif local_tinfo.is_udt():
# udt_data = idaapi.udt_type_data_t()
# local_tinfo.get_udt_details(udt_data)
members_ordinals = StructureGraph.get_members_ordinals(
local_tinfo)
cdecl_typedef = idaapi.print_tinfo(None, 4, 5, 0x1,
local_tinfo, None, None)
self.local_types[ordinal] = LocalType(
name,
members_ordinals,
cdecl_typedef,
is_union=local_tinfo.is_union())
elif local_tinfo.is_ptr():
typeref_ordinal = StructureGraph.get_ordinal(local_tinfo)
members_ordinals = [typeref_ordinal] if typeref_ordinal else []
cdecl_typedef = idaapi.print_tinfo(None, 4, 5, 0x2,
local_tinfo, None, None)
self.local_types[ordinal] = LocalType(name,
members_ordinals,
cdecl_typedef + ' *',
is_typedef=True)
elif local_tinfo.is_enum():
cdecl_typedef = idaapi.print_tinfo(None, 4, 5, 0x21,
local_tinfo, None, None)
self.local_types[ordinal] = LocalType(name, [],
cdecl_typedef,
is_enum=True)
self.ordinal_list = set(self.ordinal_list).intersection(
self.local_types)
for ordinal in self.ordinal_list:
self.local_types[ordinal].is_selected = True
def get_type_from_name(name):
target_idx = 0
for idx in range(1, idc.get_ordinal_qty()):
if name in idc.get_numbered_type_name(idx):
target_idx = idx
break
if target_idx != 0:
return idc.GetLocalType(target_idx, 0)
return None
def get_struct_idx(name):
for idx in range(1, idc.get_ordinal_qty()):
if name == idc.get_numbered_type_name(idx):
return idx
return None
