Exemple #1
0
def Code(*args):
    """
    Enumerate code bytes

    @param <range>: see getrange

    @return: list of addresses of code bytes

    Example::

        for ea in Code():
            MakeUnkn(ea, DOUNK_EXPAND)
            Wait()

    Will delete all code in the selected area.


        len(list(MakeUnkn(ea, DOUNK_EXPAND) and Wait() for ea in enumerators.Code(idaapi.getseg(here()))))

    will delete all code in the current segment, and can be pasted in the command area of ida

    """
    (first, last) = getrange(args)

    ea = first
    # explicitly testing first byte, since find_code
    # implicitly sets SEARCH_NEXT flag
    if ea < last and not idaapi.is_code(idaapi.get_full_flags(ea)):
        ea = idaapi.find_code(ea, idaapi.SEARCH_DOWN)
    while ea != idaapi.BADADDR and ea < last:
        yield ea
        ea = idaapi.find_code(ea, idaapi.SEARCH_DOWN)
Exemple #2
0
def is_code_ea(ea):
    if idaapi.cvar.inf.procname == "ARM":
        # In case of ARM code in THUMB mode we sometimes get pointers with thumb bit set
        flags = idaapi.get_full_flags(ea & -2)  # flags_t
    else:
        flags = idaapi.get_full_flags(ea)
    return idaapi.is_code(flags)
Exemple #3
0
    def __init__(self, ea, info, cs):
        """Initialization function."""
        # Init the node structure
        node_t.__init__(self)

        # Check if it's a code instruction
        try:
            is_c = is_code(get_flags(ea))
        except:
            is_c = isCode(GetFlags(ea))
        if not is_c:
            raise CodeException

        #
        # fill node_t struct
        #

        # NodeInfo
        self.info = NodeInfo()
        inst_elements = []

        try:
            size = create_insn(ea)
            bytes = get_bytes(ea, size)
        except:
            size = MakeCode(ea)
            bytes = GetManyBytes(ea, size)

        (address, size, mnemonic, op_str) = cs.disasm_lite(bytes, ea, count=1).next()
        self.info.opcode = mnemonic.encode("ascii", "ignore")

        op_str_ascci = op_str.encode("ascii", "ignore")
        self.info.inst_str = self.info.opcode + " " + op_str_ascci

        splitted = op_str_ascci.split(", ")
        self.info.nargs = 0

        if len(splitted) >= 1:
            self.info.arg1 = splitted[0]
            self.info.nargs += 1
            if len(splitted) >= 2:
                self.info.arg2 = splitted[1]
                self.info.nargs += 1
                if len(splitted) >= 3:
                    self.info.arg3 = splitted[2]
                    self.info.nargs += 1

        # No node will be root but this is acceptable for CFGs
        self.info.is_root = False

        self.info.address = ea
        self.info.has_address = True

        # node_t
        self.node_id = self._genid()
Exemple #4
0
def NonFuncs(*args):
    """
    Enumerate code which is not in a function

    @param <range>: see getrange

    @return: list of addresses containing code, but not in a function

    Example::

        for ea in NonFuncs((FirstSeg(), BADADDR)):
            if not MakeFunction(ea):
                Jump(ea)
                break
            Wait()

    Will try to change non-function code to function
    until MakeFunction fails
    """

    (first, last) = getrange(args)

    ea = first
    while ea != idaapi.BADADDR and ea < last:
        nextcode = idaapi.find_code(ea,
                                    idaapi.SEARCH_NEXT | idaapi.SEARCH_DOWN)
        thischunk = idaapi.get_fchunk(ea)
        nextchunk = idaapi.get_next_fchunk(ea)
        if thischunk:
            ea = thischunk.end_ea
        elif idaapi.is_code(idaapi.get_full_flags(ea)):
            yield ea
            ea = idaapi.next_head(ea, last)
        elif nextchunk is None:
            return
        elif nextcode < nextchunk.start_ea:
            yield nextcode
            ea = nextcode
        else:
            ea = nextchunk.end_ea
    def _sig_instruction(self, addr: int) -> Optional[str]:
        """
        Get the bytes for a single instruction with wildcards
        :param addr: Instruction address
        :return: A signature chunk
        """
        # I'm not sure if either of these checks will ever happen
        # So let it explode until it does by trying to join None
        if not idaapi.is_code(idaapi.get_flags(addr)):
            return None

        if not idaapi.can_decode(addr):
            return None

        insn = idaapi.insn_t()
        insn.size = 0

        idaapi.decode_insn(insn, addr)
        if insn.size == 0:
            return None

        if insn.size < 5:
            return self._sig_bytes(insn.ea, insn.size)

        op_size = self._get_current_opcode_size(insn)
        if op_size == 0:
            return self._sig_bytes(insn.ea, insn.size)

        operand_size = insn.size - op_size
        sig = self._sig_bytes(insn.ea, op_size)

        if self._match_operands(insn.ea):
            sig += ' ' + self._sig_bytes(insn.ea + op_size, operand_size)
        else:
            sig += ' ' + self._sig_wildcards(operand_size)

        return sig
Exemple #6
0
 def is_code(self):
     """Is the line code."""
     return idaapi.is_code(self.flags)
Exemple #7
0
def is_code_ea(ea):
    flags = idaapi.getFlags(ea)  # flags_t
    return idaapi.is_code(flags)
Exemple #8
0
    def __init__(self, ea, cs, IDA_inst, IDA_inst_size, IDA_inst_string):
        """Initialization function, to disassemble with Capstone"""
        # Init the node structure
        node_t.__init__(self)

        # Check if it's a code instruction
        try:
            is_c = is_code(get_flags(ea))
        except:
            is_c = isCode(GetFlags(ea))
        if not is_c:
            raise CodeException

        #
        # fill node_t struct
        #

        # NodeInfo
        self.info = NodeInfo()
        inst_elements = []

        if cs is not None:
            try:
                size = create_insn(ea)
                bytes = get_bytes(ea, size)
            except:
                size = MakeCode(ea)
                bytes = GetManyBytes(ea, size)

            (address, size, mnemonic,
             op_str) = next(cs.disasm_lite(bytes, ea, count=1))
        else:
            address = ea
            size = IDA_inst_size
            splitted = IDA_inst_string.split(" ")
            mnemonic = splitted[0]
            op_str = " ".join(splitted[1:])

        self.info.opcode = mnemonic
        self.info.inst_str = self.info.opcode + " " + op_str

        splitted = op_str.split(", ")
        self.info.nargs = 0

        if len(splitted) >= 1:
            self.info.arg1 = splitted[0]
            self.info.nargs += 1
            if len(splitted) >= 2:
                self.info.arg2 = splitted[1]
                self.info.nargs += 1
                if len(splitted) >= 3:
                    self.info.arg3 = splitted[2]
                    self.info.nargs += 1

        # No node will be root but this is acceptable for CFGs
        self.info.is_root = False

        self.info.address = ea
        self.info.has_address = True

        # node_t
        self.node_id = self._genid()