def segmentName(self, idx): """Return the name of the wanted segment. Args: idx (int): segment index (in the range [0, numSegments() - 1]) Return Value: string name of the given segment """ return sark.Segment(index=idx).name
def segmentFunctions(self, idx): """Return a collection / generator of addresses (ea) of the functions in the given segment. Args: idx (int): segment index (in the range [0, numSegments() - 1]) Return Value: collection of function addresses """ return map(lambda x: x.ea, sark.Segment(index=idx).functions)
import sark import idaapi import idautils # anim = sark.structure.get_struct('BalokImage') anim = sark.structure.get_struct('AnimationFrame') end_of_frame = sark.structure.get_struct("EndOfAnimFrame") play_sound = sark.structure.get_struct("PartialFuncPlaySound") func_with_count = sark.structure.get_struct("PartialFuncWithCount") partial_func_param1 = sark.structure.get_struct("PartialFuncParam1Func") set_image_width = sark.structure.get_struct("PartialFuncSetImageWidth") dataseg = sark.Segment(name='dataseg').ea # anim_offset = idaapi.get_word(sark.Line(ea=dataseg + idautils.cpu.di + 2).ea) current_position = sark.Line().ea # current_byte = idaapi.get_byte(current_position) done = False print("running") while not done: current_byte = idaapi.get_byte(current_position) if current_byte == 0xff: print("applying EndOfAnimFrame") idaapi.doStruct(current_position, 2, end_of_frame) next_byte = idaapi.get_byte(current_position + 1) if next_byte == 0xff: done = True current_position += 2 elif current_byte < 0x80: # print(current_byte) print("applying AnimationFrame")
import sark import idautils import idaapi import csv dataseg = sark.Segment(name="dataseg") with open('c:/Users/Joe/applied_structs.csv', 'r') as csvfile: for row in csv.reader(csvfile): struct_id = idaapi.get_struc_id(row[1]) size = idaapi.get_struc_size(struct_id) idaapi.doStruct(int(row[0]) + dataseg.ea, size, struct_id)
import sark import idautils import idaapi import csv with open('c:/Users/Joe/test.csv', 'r') as csvfile: reader = csv.reader(csvfile) segment = sark.Segment() for row in reader: try: print row new_seg_addr = int(row[1]) + segment.ea func = sark.Function.create(ea=new_seg_addr) except sark.exceptions.SarkFunctionExists: func = sark.Function(ea=new_seg_addr) func.name = row[0]
import sark import idaapi import idautils anim = sark.structure.get_struct('AnimationFrame') while idaapi.is_debugger_on(): dataseg = sark.Segment(name='dataseg').ea anim_offset = idaapi.get_word(sark.Line(ea=dataseg + idautils.cpu.di + 2).ea) anim_addr = dataseg + anim_offset idaapi.doStruct(anim_addr, 6, anim) idaapi.jumpto(sark.Segment(name='dataseg').ea + anim_offset) idaapi.continue_process() idaapi.wait_for_next_event(2, 10000)
def get_segment_names(name): seg = sark.Segment(name=name) for ea, name in idautils.Names(): if seg.startEA <= ea < seg.endEA: yield ea, name
def get_segment_names(self, name): rval = sark.Segment(name=name) for ea, name in idautils.Names(): if rval.startEA <= ea < rval.endEA: yield ea, name
""" IDAPython get argument function. @hikai """ import sark extern = list(sark.Segment(name="extern").functions) system = filter(lambda x: x.name == 'system', extern)[0] xrefs = filter(lambda x: x.iscode == 1, system.xrefs_to) func_xrefs = [] for xref in xrefs: func_xrefs.append(sark.Function(xref.frm).startEA) func_xrefs = set(func_xrefs) for xref in func_xrefs: func = sark.Function(xref) lines = map(lambda x: x.disasm, func.lines) for index, line in enumerate(lines): if "jalr" in line and "websGetVar" in line: for i in range(index, 0, -1): if "$a1" in lines[i]: print(func, lines[i]) break
import sark import idautils def in_segment(address, segment): return address >= segment.startEA and address <= segment.endEA codeseg = sark.Segment(name='seg004') names = [i for i in idautils.Names() if in_segment(i[0], codeseg)] names = [(i[0] - codeseg.startEA, i[1]) for i in names] with open('c:/Users/Joe/dataseg.csv', 'w') as csvfile: writer = csv.writer(csvfile) writer.writerows(names)