def main():
kbase = min(Segments())
define_funcs = []
define_data = []
# Add functions
for ea in Functions():
fname = idc.get_name(ea)
ftype = idc.get_type(ea)
fslide = ea - kbase
if fname.startswith('sub_'):
continue
if ftype is None:
if TYPED_FUNCS_ONLY:
continue
ftype = 'uint64_t (...)'
define_funcs.append((fname, fslide, ftype))
# Add data
for ea, _ in Names():
dname = idc.get_name(ea)
dtype = idc.get_type(ea)
dslide = ea - kbase
flags = GetFlags(ea)
if idc.is_code(flags) or idc.is_strlit(flags):
continue
if dtype is None:
if TYPED_DATA_ONLY:
continue
dtype = 'void'
define_data.append((dname, dslide, dtype))
# Generate source files
generate_sdk(define_funcs, define_data)
def main():
kbase = min(Segments())
define_funcs = []
define_data = []
# Add functions
for ea in Functions():
fname = idc.get_name(ea)
ftype = idc.get_type(ea)
fslide = ea - kbase
if fname.startswith('sub_'):
continue
if ftype is None:
if TYPED_FUNCS_ONLY:
continue
ftype = 'uint64_t (...)'
define_funcs.append((fname, fslide, ftype))
# Add data
for ea, _ in Names():
dname = idc.get_name(ea)
dtype = idc.get_type(ea)
dslide = ea - kbase
flags = GetFlags(ea)
if idc.is_code(flags) or idc.is_strlit(flags):
continue
if dtype is None:
if TYPED_DATA_ONLY:
continue
dtype = 'void'
define_data.append((dname, dslide, dtype))
# Generate source files
generate_sdk(define_funcs, define_data)
def base64_decode(std):
addr = idc.BADADDR
ea = idc.get_screen_ea()
flags = idaapi.get_flags(ea)
if idc.is_strlit(flags):
addr = ea # cursor is on the string
elif idc.is_code(flags):
addr = idc.get_first_dref_from(ea) # get data reference from the instruction
if addr == idc.BADADDR:
plg_print("No string or reference to the string found\n")
return
b64str_enc = None
try:
b64str_enc = idc.get_strlit_contents(addr, -1, idc.get_str_type(addr))
except:
pass
if not b64str_enc:
plg_print("Could not get string at address 0x%X" % addr)
return
try:
b64str_dec = base64.standard_b64decode(b64str_enc) if std else base64.urlsafe_b64decode(b64str_enc)
except Exception as e:
plg_print("Could not decode. %s" % str(e))
return
if b64str_dec:
plg_print("Base64 decode of string '%s':" % b64str_enc)
process_data_result(ea, bytearray(b64str_dec))
def iter_dynamic_functions() -> Iterable[Tuple[int, str]]:
"""
Iterates the dynamically resolved function signatures.
:yield: (ea, name)
"""
# Look for data elements in the .data segment in which IDA has placed
# a function signature element on.
data_segment = ida_segment.get_segm_by_name(".data")
for ea in idautils.Heads(start=data_segment.start_ea,
end=data_segment.end_ea):
flags = ida_bytes.get_flags(ea)
if idc.is_data(flags) and not idc.is_strlit(flags) and _is_func_type(
ea):
yield ea, ida_name.get_name(ea)
def _read_struct_member_once(ea, flags, size, member_sid, member_size,
asobject):
"""Read part of a struct member for _read_struct_member."""
if idc.is_byte(flags):
return read_word(ea, 1), 1
elif idc.is_word(flags):
return read_word(ea, 2), 2
elif idc.is_dword(flags):
return read_word(ea, 4), 4
elif idc.is_qword(flags):
return read_word(ea, 8), 8
elif idc.is_oword(flags):
return read_word(ea, 16), 16
elif idc.is_strlit(flags):
return idc.GetManyBytes(ea, size), size
elif idc.is_float(flags):
return idc.Float(ea), 4
elif idc.is_double(flags):
return idc.Double(ea), 8
elif idc.is_struct(flags):
value = read_struct(ea, sid=member_sid, asobject=asobject)
return value, member_size
return None, size