def argv(self, func):
'''
Attempts to identify what types of arguments are passed to a given
function. Currently unused.
'''
args = [None for x in self.arch.argv]
if not self.arch.unknown:
start_ea = ida_shims.start_ea(func)
for xref in idautils.XrefsTo(start_ea):
if idaapi.is_call_insn(xref.frm):
insn = ida_shims.decode_insn(xref.frm)
ea = xref.frm + (self.arch.delay_slot *
self.arch.insn_size)
end_ea = (xref.frm - (self.arch.insn_size * 10))
while ea >= end_ea:
if idaapi.is_basic_block_end(ea) or \
(ea != xref.frm and idaapi.is_call_insn(ea)):
break
insn = ida_shims.decode_insn(ea)
features = ida_shims.get_canon_feature(insn)
for n in range(0, len(self.CHANGE_OPND)):
ops = ida_shims.get_operands(insn)
if ops[n].type in [
idaapi.o_reg, idaapi.o_displ,
idaapi.o_phrase
]:
try:
regname = self.arch.registers[ops[n].reg]
index = self.arch.argv.index(regname)
except ValueError:
continue
if features & self.CHANGE_OPND[n]:
for xref in idautils.XrefsFrom(ea):
# TODO: Where is this xref type defined?
if xref.type == 1:
string = \
ida_shims.get_strlit_contents(
xref.to)
if string and len(string) > 4:
args[index] = str
break
ea -= self.arch.insn_size
yield args
def __init__(self, ea):
self.ea = ea
self.dword = ida_shims.get_wide_dword(self.ea)
self.type = None
self.value = None
string = ida_shims.get_strlit_contents(self.dword)
name = ida_shims.get_func_name(self.dword)
if ida_shims.get_name_ea_simple(name) != self.dword:
name = ''
if name:
self.type = int
self.value = name
elif string:
self.type = str
self.value = string
def parse_function_tables(self):
count = 0
for pattern in self.search():
name2func = {}
ea = pattern.start
while ea < pattern.stop:
string_address = ida_shims.get_wide_dword(
ea + (pattern.name_element * pattern.element_size))
function_address = ida_shims.get_wide_dword(
ea + (pattern.function_element * pattern.element_size))
new_function_name = ida_shims.get_strlit_contents(
string_address).decode("utf8")
current_function_name = ida_shims.get_name(function_address)
if not self.valid_function_name(new_function_name):
print("ERROR: '%s' is not a valid function name. This is " \
"likely not a function table, or I have parsed it " \
"incorrectly!" % new_function_name)
print(" Ignoring all entries in the structures " \
"between 0x%X and 0x%X.\n" % (pattern.start,
pattern.stop))
name2func = {}
break
elif current_function_name.startswith("sub_"):
name2func[new_function_name] = function_address
ea += (pattern.num_elements * pattern.element_size)
for (name, address) in name2func.items():
print("0x%.8X => %s" % (address, name))
ida_shims.set_name(address, name)
count += 1
print("Renamed %d functions!" % count)
