def scan_virtual_function(self, index): if helper.is_imported_ea(self.virtual_functions[index].address): print "[INFO] Ignoring import function at 0x{0:08X}".format( self.address) return try: function = idaapi.decompile(self.virtual_functions[index].address) except idaapi.DecompilationFailure: print "[ERROR] Failed to decompile function at 0x{0:08X}".format( self.address) return if helper.FunctionTouchVisitor(function).process(): function = idaapi.decompile(self.virtual_functions[index].address) if function.arguments and function.arguments[ 0].is_arg_var and helper.is_legal_type( function.arguments[0].tif): print "[Info] Scanning virtual function at 0x{0:08X}".format( function.entry_ea) # TODO: Remove usage `temporary_structure' as global obj = api.VariableObject(function.get_lvars()[0], 0) scanner = variable_scanner.NewDeepSearchVisitor( function, self.offset, obj, cache.temporary_structure) scanner.process() else: print "[Warning] Bad type of first argument in virtual function at 0x{0:08X}".format( function.entry_ea)
def _manipulate(self, cexpr, obj): super(SearchVisitor, self)._manipulate(cexpr, obj) if obj.tinfo and not helper.is_legal_type(obj.tinfo): logger.warn("Variable obj.name has weird type at {}".format( helper.to_hex(self._find_asm_address(cexpr)))) return if cexpr.type.is_ptr(): member = self.__extract_member_from_pointer(cexpr, obj) else: member = self.__extract_member_from_xword(cexpr, obj) if member: logger.debug( "\tCreating member with type {}, {}, offset - {}".format( member.type_name, member.scanned_variables, member.offset)) self.__temporary_structure.add_row(member)
def set_first_argument_type(self, name): func_data = idaapi.func_type_data_t() func_tinfo = self.tinfo.get_pointed_object() class_tinfo = idaapi.tinfo_t() if func_tinfo.get_func_details(func_data) and func_tinfo.get_nargs() and \ class_tinfo.get_named_type(idaapi.cvar.idati, name): class_tinfo.create_ptr(class_tinfo) first_arg_tinfo = func_data[0].type if (first_arg_tinfo.is_ptr() and first_arg_tinfo.get_pointed_object().is_udt()) or \ helper.is_legal_type(func_data[0].type): func_data[0].type = class_tinfo func_data[0].name = "this" func_tinfo.create_func(func_data) func_tinfo.create_ptr(func_tinfo) if func_tinfo.dstr() != self.tinfo.dstr(): self.tinfo = func_tinfo self.tinfo_modified = True for parent in self.parents: parent.modified = True else: print "[Warning] function {0} probably have wrong type".format( self.name)