def dump(): ret = [] for struct_idx, struct_id, struct_name in idautils.Structs(): struct = ida_struct.get_struc(struct_id) members = [{'offset': offset, 'name': name, 'size': size} for offset, name, size in idautils.StructMembers(struct_id)] # Find all xrefs to any members of this struct. xrefs = [] for offset, name, size in idautils.StructMembers(struct_id): member = ida_struct.get_member_by_name(struct, name) if member is not None: for xref in idautils.XrefsTo(member.id): d = { 'from': xref.frm, 'type': xref.type, } # Get offset base if it's an offset xref. if xref.type == 1: d['offset'] = ida_offset.get_offbase(xref.frm, 1) xrefs.append(d) ret.append({ 'idx': struct_idx, 'name': struct_name, 'members': members, 'xrefs': xrefs, }) return ret
def get_struct_members(struct, sid): """Get members belonging to a structure by structure ID """ members = {} for offset, name, size in idautils.StructMembers(sid): members[name] = {} members[name]["type"] = get_member_type(struct, offset) members[name]["offset"] = offset members[name]["size"] = size return members
def retrieve_stack_members(func_ea): members = {} base = None frame = idc.GetFrame(func_ea) for frame_member in idautils.StructMembers(frame): member_offset, member_name, _ = frame_member members[member_offset] = member_name if member_name == ' r': base = member_offset if not base: raise ValueError("Failed identifying the stack's base address using the return address hidden stack member") return members, base
def find_stack_members(func_ea): members = {} base = None frame = idc.GetFrame(func_ea) try: for frame_member in idautils.StructMembers(frame): member_offset, member_name, size = frame_member members[member_offset] = size if member_name == ' s': base = member_offset if not base: base = 3 except: return 0, 0 return members, base
def read_struct(ea, struct=None, sid=None, members=None, asobject=False): """Read a structure from the given address. This function reads the structure at the given address and converts it into a dictionary or accessor object. Arguments: ea: The linear address of the start of the structure. Options: sid: The structure ID of the structure type to read. struct: The name of the structure type to read. members: A list of the names of the member fields to read. If members is None, then all members are read. Default is None. asobject: If True, then the struct is returned as a Python object rather than a dict. One of sid and struct must be specified. """ # Handle sid/struct. if struct is not None: sid2 = idc.GetStrucIdByName(struct) if sid2 == idc.BADADDR: raise ValueError('Invalid struc name {}'.format(struct)) if sid is not None and sid2 != sid: raise ValueError('Invalid arguments: sid={}, struct={}'.format( sid, struct)) sid = sid2 else: if sid is None: raise ValueError('Invalid arguments: sid={}, struct={}'.format( sid, struct)) if idc.GetStrucName(sid) is None: raise ValueError('Invalid struc id {}'.format(sid)) # Iterate through the members and add them to the struct. union = idc.IsUnion(sid) struct = {} for offset, name, size in idautils.StructMembers(sid): if members is not None and name not in members: continue _read_struct_member(struct, sid, union, ea, offset, name, size, asobject) if asobject: struct = objectview(struct, ea, idc.GetStrucSize(sid)) return struct
def do_struct(self, name): s = '' sid = idc.GetStrucIdByName(name) s += 'class %s():\n' % (name, ) s += ' def __init__(self):\n' for offset, name, size in idautils.StructMembers(sid): flags = idc.GetMemberFlag(sid, offset) if flags & idaapi.FF_STRU == idaapi.FF_STRU: msid = idc.GetMemberStrId(sid, offset) value = idc.GetStrucName(msid) if value not in self.used_structs: self.used_structs.append(value) else: value = '0' s += ' self.%s = %s\n' % (name, value) s += ' return' return s
def get_struct_members(struct, sid): """ Get members belonging to a structure by structure ID :param struct: Structure object :param sid: Structure ID :return: Dict containing structure member information """ members = {} for offset, name, size in idautils.StructMembers(sid): members[name] = {} typ = get_member_type(struct, offset) if typ: members[name]['type'] = typ else: # Type isn't set so make it a byte array members[name]['type'] = 'uint8_t [{}]'.format(size) members[name]['offset'] = offset members[name]['size'] = size return members
def walk_struct_members(): for (idx, sid, name) in idautils.Structs(): s = idaapi.get_struc(sid) for (offset, name, size) in idautils.StructMembers(sid): m = idaapi.get_member(s, offset) yield m.id
def all_struct_members(): for struct in idautils.Structs(): print struct members = idautils.StructMembers(struct[1]) for member in members: yield struct[2], member[0], member[1], member[2]
yield v, m bmask = idc.GetNextBmask(eid, bmask) # iterate on regular constants for v, m in get_enums(-1): yield v, m for idx in range(0, idaapi.get_enum_qty()): num_enums += 1 eid = idaapi.getn_enum(idx) for (value, bmask) in walk_enum(eid): num_enum_members += 1 for (idx, sid, name) in idautils.Structs(): num_structs += 1 for (offset, name, size) in idautils.StructMembers(sid): num_struct_members += 1 print "blocks", num_blocks print "binaries", num_binaries print "codes", num_codes print "datas", num_datas print "enum_members", num_enum_members print "enums", num_enums print "functions", num_functions print "segment_chunks", num_segment_chunks print "segments", num_segments print "stackframe_members", num_stackframe_members print "stackframes", num_stackframes print "struct_members", num_struct_members print "structs", num_structs
return opnds def get_stkvar_map(ea): '''ea_t -> {int : (str, tinfo_t)}''' # NOTE mutates d frame = idaapi.get_frame(ea) def make_map(d, (off, name, _)): mem = idaapi.get_member(frame, off) ti = idaapi.tinfo_t() idaapi.get_or_guess_member_tinfo2(mem, ti) d[off] = (name, ti) return d return reduce(make_map, idautils.StructMembers(frame.id), {}) def get_mnem(ea): '''ea -> str''' mnem = re.search(r'^([a-zA-Z0-9.]+)', idc.GetDisasm(ea)) if mnem is None: raise NoInsnError("can't get insn at %s" % ida.atoa(ea)) else: return mnem.groups()[0] def array_details(ti): if ti.is_array() is False: raise NotArrayError('ti is not an array') ai = idaapi.array_type_data_t()