def build_stack_variable(func_ea): stack_vars = dict() frame = idc.get_func_attr(func_ea, idc.FUNCATTR_FRAME) if not frame: return stack_vars f_name = get_symbol_name(func_ea) #grab the offset of the stored frame pointer, so that #we can correlate offsets correctly in referent code # e.g., EBP+(-0x4) will match up to the -0x4 offset delta = idc.GetMemberOffset(frame, " s") if delta == -1: delta = 0 if f_name not in _FUNC_UNSAFE_LIST: offset = idc.get_first_member(frame) while -1 != _signed_from_unsigned(offset): member_name = idc.get_member_name(frame, offset) if member_name is None: offset = idc.get_next_offset(frame, offset) continue if (member_name == " r" or member_name == " s"): offset = idc.get_next_offset(frame, offset) continue member_size = idc.GetMemberSize(frame, offset) if offset >= delta: offset = idc.get_next_offset(frame, offset) continue member_flag = idc.GetMemberFlag(frame, offset) flag_str = _get_flags_from_bits(member_flag) member_offset = offset-delta stack_vars[member_offset] = {"name": member_name, "size": member_size, "flags": flag_str, "writes": list(), "referent": list(), "reads": list(), "safe": False } offset = idc.get_next_offset(frame, offset) else: offset = idc.get_first_member(frame) frame_size = idc.get_func_attr(func_ea, idc.FUNCATTR_FRSIZE) flag_str = "" member_offset = _signed_from_unsigned(offset) - delta stack_vars[member_offset] = {"name": f_name, "size": frame_size, "flags": flag_str, "writes": list(), "referent": list(), "reads": list(), "safe": False } return stack_vars
def parse_function_args(ea: int) -> str: local_variables = [] arguments = [] current = local_variables frame = idc.get_func_attr(ea, FUNCATTR_FRAME) arg_string = "" if frame is None: return "" start = idc.get_first_member(frame) end = idc.get_last_member(frame) count = 0 max_count = 10000 args_str = "" while start <= end and count <= max_count: size = idc.get_member_size(frame, start) count = count + 1 if size is None: start = start + 1 continue name = idc.get_member_name(frame, start) start += size if name in [" r", " s"]: # Skip return address and base pointer current = arguments continue arg_string += f" {name}" current.append(name) args_str = ", ".join(arguments) if len(args_str) == 0: args_str = "void" return f"({args_str})"
def write_vtbl_struct(self, vtbl_name, struct_member_names): struct_name = "{0}_struct".format(vtbl_name) sid = idc.get_struc_id(struct_name) if sid == idc.BADADDR: # Doesn't exist sid = idc.add_struc(-1, struct_name, is_union=0) else: # Clear existing member_offset = idc.get_first_member(sid) while member_offset != idc.BADADDR: idc.del_struc_member(sid, member_offset) member_offset = idc.get_first_member(sid) for member_name in struct_member_names: idc.add_struc_member(sid, member_name, offset=-1, flag=idc.FF_DATA | idc.FF_QWORD, typeid=-1, nbytes=8, reftype=idc.REF_OFF64) member_offset = idc.get_last_member(sid) member_id = idc.get_member_id(sid, member_offset) idc.SetType(member_id, "void*")
def get_stack_arg(func_addr): print func_addr args = [] stack = idc.get_frame_id(func_addr) if not stack: return [] firstM = idc.get_first_member(stack) lastM = idc.get_last_member(stack) i = firstM while i <= lastM: mName = idc.get_member_name(stack, i) mSize = idc.get_member_size(stack, i) if mSize: i = i + mSize else: i = i + 4 if mName not in args and mName and ' s' not in mName and ' r' not in mName: args.append(mName) return args
def get_stackVariables(func_addr): #print func_addr args = [] stack = idc.get_frame_id(func_addr) if not stack: return 0 firstM = idc.get_first_member(stack) lastM = idc.get_last_member(stack) i = firstM while i <=lastM: mName = idc.get_member_name(stack,i) mSize = idc.get_member_size(stack,i) if mSize: i = i + mSize else: i = i+4 if mName not in args and mName and 'var_' in mName: args.append(mName) return len(args)
def StructMembers(sid): """ Get a list of structure members information (or stack vars if given a frame). @param sid: ID of the structure. @return: List of tuples (offset, name, size) @note: If 'sid' does not refer to a valid structure, an exception will be raised. @note: This will not return 'holes' in structures/stack frames; it only returns defined structure members. """ m = idc.get_first_member(sid) if m == -1: raise Exception("No structure with ID: 0x%x" % sid) while (m != ida_idaapi.BADADDR): name = idc.get_member_name(sid, m) if name: yield (m, name, idc.get_member_size(sid, m)) m = idc.get_next_offset(sid, m)
def __iter__(self): m_off = get_first_member(self._sid) while m_off != BADADDR and m_off != -1: if get_member_flag(self._sid, m_off) != -1: yield LocalVariable(self._sid, m_off) m_off = get_next_offset(self._sid, m_off)
def members(self): m_off = get_first_member(self._sid) while m_off != BADADDR and m_off != -1: if get_member_flag(self._sid, m_off) != -1: yield StructureMember(self._sid, m_off) m_off = get_next_offset(self._sid, m_off)