def get_write_bps_to_file(addr, comments, command="", outfilename=""): bp_str_fmt = "bp 0x%08x # %s" if command != "": bp_str_fmt = 'bp -c "%s" '%(command)+" 0x%08x # %s" bp_str_cmt_fmt = " Bp corresponds to Name: %s in function+offset: %s @ 0x%08x %s"+comments name = Name(addr) outfile = sys.stdout if outfilename != "": outfile = open(outfilename, 'a') bp_addr = idaapi.get_first_cref_to(addr) bp_lines = [] while (bp_addr != idc.BADADDR): bp_cmt = bp_str_cmt_fmt%(name, GetFuncOffset(bp_addr), bp_addr, GetDiasm(bp_addr)) bp_str = bp_str_fmt%(bp_addr, bp_cmt) bp_lines.append(bp_str+"\n") outfile.write(bp_str+"\n") bp_addr = idaapi.get_next_cref_to(addr, bp_addr) bp_addr = idaapi.get_first_cref_to(addr) while (bp_addr != idc.BADADDR): bp_cmt = bp_str_cmt_fmt%(name, GetFuncOffset(bp_addr), bp_addr) bp_str = bp_str_fmt%(bp_addr, bp_cmt) bp_lines.append(bp_str+"\n") outfile.write(bp_str+"\n") bp_addr = idaapi.get_next_cref_to(addr, bp_addr) return bp_lines
def activate(self, ctx):
hx_view = idaapi.get_tform_vdui(ctx.form)
address = hx_view.cfunc.entry_ea
xref_ea = idaapi.get_first_cref_to(address)
xrefs = set()
while xref_ea != idaapi.BADADDR:
xref_func_ea = idc.GetFunctionAttr(xref_ea, idc.FUNCATTR_START)
if xref_func_ea != idaapi.BADADDR:
xrefs.add(xref_func_ea)
else:
print "[Warning] Function not found at 0x{0:08X}".format(xref_ea)
xref_ea = idaapi.get_next_cref_to(address, xref_ea)
for func_ea in xrefs:
visitor = VariableLookupVisitor(address)
try:
cfunc = idaapi.decompile(func_ea)
if cfunc:
FunctionTouchVisitor(cfunc).process()
visitor.apply_to(cfunc.body, None)
for idx in visitor.result:
scanner = DeepSearchVisitor(cfunc, 0, idx)
scanner.process()
for field in scanner.candidates:
self.temporary_structure.add_row(field)
except idaapi.DecompilationFailure:
print "[Warning] Failed to decompile function at 0x{0:08X}".format(xref_ea)
DeepSearchVisitor.clear()
def getXRefsTo(self):
"""
Computes a list of the names of the xrefs to the data item and updates the xrefsto computed
parameter.
This includes all functions calls/branches, but also data xrefs such as LDR/STR and data (DCDs, DCBs..)
there is also the weird case that a labelless asm line has a cref to the last asm line.
:returns: a tuple of two lists: crefs and drefs
"""
# type: () -> (list[int], list[int])
crefs = []
drefs = []
# Find all code references to item
ref = idc.get_first_cref_to(self.ea)
while ref != idaapi.BADADDR:
crefs.append(ref)
ref = idaapi.get_next_cref_to(self.ea, ref)
# Find all data references to item
for ref in idautils.DataRefsTo(self.ea):
drefs.append(ref)
for ref in idautils.DataRefsTo(
self.ea - 1): # needed in case this is a code item
drefs.append(ref)
return (crefs, drefs)
def getXRefsTo(self):
"""
Computes a list of the names of the xrefs to the function.
This includes all functions that call this, but also data xrefs.
:returns: a tuple of two lists: crefs and drefs
"""
# type: () -> (list[int], list[int])
crefs = []
drefs = []
# If the current address is function process it
if idc.get_func_flags(self.func_ea) != -1:
# Find all code references to func
ref = idc.get_first_cref_to(self.func_ea)
while ref != idaapi.BADADDR:
# name = get_func_name(ref)
# if not name: name = "ROM:%08X" % ref
crefs.append(ref)
ref = idaapi.get_next_cref_to(self.func_ea, ref)
# Find all data references to func
for ref in idautils.DataRefsTo(self.func_ea):
drefs.append(ref)
for ref in idautils.DataRefsTo(self.func_ea + 1):
drefs.append(ref)
return crefs, drefs
def get_funcs_calling_address(ea):
""" Returns all addresses of functions which make call to a function at `ea`"""
xref_ea = idaapi.get_first_cref_to(ea)
xrefs = set()
while xref_ea != idaapi.BADADDR:
xref_func_ea = idc.GetFunctionAttr(xref_ea, idc.FUNCATTR_START)
if xref_func_ea != idaapi.BADADDR:
xrefs.add(xref_func_ea)
else:
print "[Warning] Function not found at 0x{0:08X}".format(xref_ea)
xref_ea = idaapi.get_next_cref_to(ea, xref_ea)
return xrefs
def traverse_xrefs(func):
func_created = 0
if func is None:
return func_created
# First
func_xref = idaapi.get_first_cref_to(func.startEA)
# Attempt to go through crefs
while func_xref != BADADDR:
# See if there is a function already here
if idaapi.get_func(func_xref) is None:
# Ensure instruction bit looks like a jump
func_end = FindCode(func_xref, SEARCH_DOWN)
if GetMnem(func_end) == "jmp":
# Ensure we're jumping back "up"
func_start = GetOperandValue(func_end, 0)
if func_start < func_xref:
if idc.MakeFunction(func_start, func_end):
func_created += 1
else:
# If this fails, we should add it to a list of failed functions
# Then create small "wrapper" functions and backtrack through the xrefs of this
error(
'Error trying to create a function @ 0x%x - 0x%x' %
(func_start, func_end))
else:
xref_func = idaapi.get_func(func_xref)
# Simple wrapper is often runtime_morestack_noctxt, sometimes it isn't though...
if is_simple_wrapper(xref_func.startEA):
debug('Stepping into a simple wrapper')
func_created += traverse_xrefs(xref_func)
if idaapi.get_func_name(
xref_func.startEA
) is not None and 'sub_' not in idaapi.get_func_name(
xref_func.startEA):
debug('Function @0x%x already has a name of %s; skipping...' %
(func_xref, idaapi.get_func_name(xref_func.startEA)))
else:
debug('Function @ 0x%x already has a name %s' %
(xref_func.startEA,
idaapi.get_func_name(xref_func.startEA)))
func_xref = idaapi.get_next_cref_to(func.startEA, func_xref)
return func_created
def _addRefs(self, startea) -> bool:
self.__plugin.log('Adding references', LogOptions.LOG_DEBUG)
if idaapi.get_func_num(startea) != -1:
sig = SigCreateStruct()
sig.dwStartAddress = startea
sig.dwCurrentAddress = startea
sig.eType = PatternType.PT_DIRECT
self.Sigs.append(sig)
self.__plugin.log('Added direct reference 0x%X' % startea,
LogOptions.LOG_DEBUG)
eaCurrent = idaapi.get_first_cref_to(startea)
while eaCurrent != BADADDR:
if eaCurrent != startea:
sig = SigCreateStruct()
sig.dwStartAddress = eaCurrent
sig.dwCurrentAddress = eaCurrent
sig.eType = PatternType.PT_REFERENCE
self.Sigs.append(sig)
self.__plugin.log('Added reference 0x%X' % eaCurrent,
LogOptions.LOG_DEBUG)
if self.__plugin.Settings.maxRefs > 0 and len(
self.Sigs) >= self.__plugin.Settings.maxRefs:
break
eaCurrent = idaapi.get_next_cref_to(startea, eaCurrent)
if len(self.Sigs) < 5:
self.__plugin.log(
'Not enough references were found (%i so far), trying the function.'
% len(self.Sigs), LogOptions.LOG_DEBUG)
func = idaapi.get_func(startea)
if not func or func.start_ea == BADADDR:
self.__plugin.log('Selected address not in a valid function.',
LogOptions.LOG_ERROR)
return False
if func.start_ea != startea:
eaCurrent = idaapi.get_first_cref_to(func.start_ea)
while eaCurrent != BADADDR:
if eaCurrent != startea:
sig = SigCreateStruct()
sig.dwStartAddress = func.start_ea
sig.dwCurrentAddress = eaCurrent
sig.eType = PatternType.PT_FUNCTION
self.Sigs.append(sig)
self.__plugin.log('Added function 0x%X' % eaCurrent,
LogOptions.LOG_DEBUG)
if self.__plugin.Settings.maxRefs > 0 and len(
self.Sigs) >= self.__plugin.Settings.maxRefs:
break
eaCurrent = idaapi.get_next_cref_to(
func.start_ea, eaCurrent)
if not len(self.Sigs):
self.__plugin.log(
'Automated signature generation failed, no references found.',
LogOptions.LOG_ERROR)
return False
self.__plugin.log('Added %i references.' % len(self.Sigs),
LogOptions.LOG_DEBUG)
return True
