def add_enums(function): """ Add standard enums from parsed MSDN documentation for all imported library calls and their arguments. Arguments: function -- function object """ enum_count = 0 for argument in function.arguments: # Add standard enums if not argument.enums: g_logger.debug(' No standard constants available for %s' % argument.name) else: for enum in argument.enums: g_logger.debug(' Importing enum %s for argument %s' % (enum, argument.name)) if idc.import_type(-1, enum) != idaapi.BADADDR: g_logger.debug(' ' + enum + ' ' + hex(idc.get_enum(enum)) + ' added successfully') enum_count = enum_count + 1 else: g_logger.debug(' Could not add ' + enum) if not argument.constants: # No constants for this argument continue argument.name = argument.name.encode('utf-8') function.name = function.name.encode('utf-8') # Add constant descriptions for constant in argument.constants: constant.name = constant.name.encode('utf-8') if constant.name == 'NULL': # Create unique name, so we can add descriptive comment to it constant.name = 'NULL_{}_{}'.format(argument.name, function.name) # Add custom enum for NULL values if it does not exist yet enumid = idc.get_enum(NULL_ENUM_NAME) if enumid == idaapi.BADADDR: enumid = idc.add_enum(-1, NULL_ENUM_NAME, ida_bytes.hex_flag()) idc.add_enum_member(enumid, constant.name, 0, -1) constid = idc.get_enum_member_by_name(constant.name) idc.set_enum_member_cmt(constid, format_comment(constant.description), False) else: constid = idc.get_enum_member_by_name(constant.name) if constid: if idc.set_enum_member_cmt(constid, format_comment(constant.description), False): g_logger.debug(' Description added for %s' % constant.name) else: g_logger.debug(' No description added for %s' % constant.name) return enum_count
def op_type_changed(self, ea, n): self._plugin.logger.debug("op_type_changed(ea = %x, n = %d)" % (ea, n)) def gather_enum_info(ea, n): id = ida_bytes.get_enum_id(ea, n)[0] serial = ida_enum.get_enum_idx(id) return id, serial extra = {} mask = ida_bytes.MS_0TYPE if not n else ida_bytes.MS_1TYPE flags = ida_bytes.get_full_flags(ea) self._plugin.logger.debug("op_type_changed: flags = 0x%X)" % flags) def is_flag(type): return flags & mask == mask & type if is_flag(ida_bytes.hex_flag()): op = "hex" elif is_flag(ida_bytes.dec_flag()): op = "dec" elif is_flag(ida_bytes.char_flag()): op = "chr" elif is_flag(ida_bytes.bin_flag()): op = "bin" elif is_flag(ida_bytes.oct_flag()): op = "oct" elif is_flag(ida_bytes.off_flag()): op = "offset" elif is_flag(ida_bytes.enum_flag()): op = "enum" id, serial = gather_enum_info(ea, n) ename = ida_enum.get_enum_name(id) extra["ename"] = Event.decode(ename) extra["serial"] = serial elif flags & ida_bytes.stroff_flag(): op = "struct" path = ida_pro.tid_array(1) delta = ida_pro.sval_pointer() path_len = ida_bytes.get_stroff_path(path.cast(), delta.cast(), ea, n) spath = [] for i in range(path_len): sname = ida_struct.get_struc_name(path[i]) spath.append(Event.decode(sname)) extra["delta"] = delta.value() extra["spath"] = spath elif is_flag(ida_bytes.stkvar_flag()): op = "stkvar" # FIXME: No hooks are called when inverting sign # elif ida_bytes.is_invsign(ea, flags, n): # op = 'invert_sign' else: return 0 # FIXME: Find a better way to do this self._send_packet(evt.OpTypeChangedEvent(ea, n, op, extra)) return 0
def op_type_changed(self, ea, n): def gather_enum_info(ea, n): id = ida_bytes.get_enum_id(ea, n)[0] serial = ida_enum.get_enum_idx(id) return id, serial extra = {} mask = ida_bytes.MS_0TYPE if not n else ida_bytes.MS_1TYPE flags = ida_bytes.get_full_flags(ea) & mask def is_flag(type): return flags == mask & type if is_flag(ida_bytes.hex_flag()): op = 'hex' elif is_flag(ida_bytes.dec_flag()): op = 'dec' elif is_flag(ida_bytes.char_flag()): op = 'chr' elif is_flag(ida_bytes.bin_flag()): op = 'bin' elif is_flag(ida_bytes.oct_flag()): op = 'oct' elif is_flag(ida_bytes.enum_flag()): op = 'enum' id, serial = gather_enum_info(ea, n) ename = ida_enum.get_enum_name(id) extra['ename'] = Event.decode(ename) extra['serial'] = serial elif is_flag(flags & ida_bytes.stroff_flag()): op = 'struct' path = ida_pro.tid_array(1) delta = ida_pro.sval_pointer() path_len = ida_bytes.get_stroff_path(path.cast(), delta.cast(), ea, n) spath = [] for i in range(path_len): sname = ida_struct.get_struc_name(path[i]) spath.append(Event.decode(sname)) extra['delta'] = delta.value() extra['spath'] = spath elif is_flag(ida_bytes.stkvar_flag()): op = 'stkvar' # IDA hooks for is_invsign seems broken # Inverting sign don't trigger the hook # elif ida_bytes.is_invsign(ea, flags, n): # op = 'invert_sign' else: return 0 # FIXME: Find a better way self._send_event(OpTypeChangedEvent(ea, n, op, extra)) return 0
def op_type_changed(self, ea, n): extra = {} mask = ida_bytes.MS_0TYPE if not n else ida_bytes.MS_1TYPE flags = ida_bytes.get_full_flags(ea) & mask if flags == mask & ida_bytes.hex_flag(): op = 'hex' elif flags == mask & ida_bytes.dec_flag(): op = 'dec' elif flags == mask & ida_bytes.char_flag(): op = 'chr' elif flags == mask & ida_bytes.bin_flag(): op = 'bin' elif flags == mask & ida_bytes.oct_flag(): op = 'oct' elif flags == mask & ida_bytes.enum_flag(): op = 'enum' enum_id = ida_bytes.get_enum_id(ea, n)[0] enum_serial = ida_enum.get_enum_idx(enum_id) ename = ida_enum.get_enum_name(enum_id) extra['ename'] = Unicoder.decode(ename) extra['serial'] = enum_serial elif flags == mask & ida_bytes.stroff_flag(): op = 'struct' path = ida_pro.tid_array(1) delta = ida_pro.sval_pointer() path_len = ida_bytes.get_stroff_path(path.cast(), delta.cast(), ea, n) spath = [] for i in range(path_len): sname = ida_struct.get_struc_name(path[i]) spath.append(Unicoder.decode(sname)) extra['delta'] = delta.value() extra['spath'] = spath elif flags == mask & ida_bytes.stkvar_flag(): op = 'stkvar' else: return 0 self._network.send_event( EventType.OPTYPECHANGED, ea=ea, n=n, op=Unicoder.decode(op), extra=extra, ) return 0