def parse(self): if ida_segment.get_segm_by_name('DYLD_CACHE_HEADER'): seg = ida_segment.get_first_seg() def handle(seg): name = ida_segment.get_segm_name(seg) try: mod, segname = name.split(':') except ValueError: return if segname == '__objc_protolist': self.handle_proto_seg(seg) elif segname == '__objc_classlist': self.handle_class_seg(seg) while seg: handle(seg) seg = ida_segment.get_next_seg(seg.start_ea) return protocols = ida_segment.get_segm_by_name('__objc_protolist') if protocols: self.handle_proto_seg(protocols) classes = ida_segment.get_segm_by_name('__objc_classlist') if classes: self.handle_class_seg(classes)
def find_segm_fixed(name): # ida_segments'getting segment by name returns a random one # segment_t.name is a bogus value # ... wtf? that "API" is a mess. it = ida_segment.get_first_seg() while ida_segment.get_segm_name(it) != name and it: it = ida_segment.get_next_seg(it.start_ea + 1) return it
def getBinary(self): result = b"" segment = ida_segment.get_first_seg() while segment: result += ida_bytes.get_bytes(segment.start_ea, segment.end_ea - segment.start_ea) segment = ida_segment.get_next_seg(segment.end_ea) return result
def find_segm_fixed(name): # ida_segments'getting segment by name returns a random one # segment_t.name is a bogus value # ... wtf? that "API" is a mess. res = [] it = ida_segment.get_first_seg() while it: if ida_segment.get_segm_name(it) == name: res += [it] it = ida_segment.get_next_seg(it.start_ea + 1) return res
def _find_segment_containing_ea(ea, seg_ref): """Find and return a `segment_t` containing `ea`, or `None`.""" seg = seg_ref[0] if seg and seg.contains(ea): return seg seg = ida_segment.get_first_seg() while seg: seg_ref[0] = seg if seg.contains(ea): return seg seg = ida_segment.get_next_seg(seg.start_ea) return None
def add_segment(ea, size, seg_class, debug=False): # align page size ea = ea & 0xFFFFF000 end_ea = ea + size is_changed = False if ea == 0: return False while ea < end_ea: cur_seg = ida_segment.getseg(ea) next_seg = ida_segment.get_next_seg(ea) if debug: print("=" * 30) if cur_seg: print("cur_seg: %x - %x" % (cur_seg.start_ea, cur_seg.end_ea)) if next_seg: print("next_seg: %x - %x" % (next_seg.start_ea, next_seg.end_ea)) print("new_seg: %x - %x" % (ea, end_ea)) # if there is no segment, so create new segment if not cur_seg: if not next_seg: ida_segment.add_segm(0, ea, end_ea, "", seg_class) is_changed = True break # if next_seg exists if end_ea <= next_seg.start_ea: ida_segment.add_segm(0, ea, end_ea, "", seg_class) is_changed = True break # end_ea > next_seg.start_ea, need to create more segments ida_segment.add_segm(0, ea, next_seg.start_ea, "", seg_class) # if segment already exists, we extend current segment else: if end_ea <= cur_seg.end_ea: break if not next_seg: ida_segment.set_segm_end(ea, end_ea, 0) ida_segment.set_segm_class(cur_seg, seg_class) is_changed = True break # if next_seg exists if end_ea <= next_seg.start_ea: ida_segment.set_segm_end(ea, end_ea, 0) ida_segment.set_segm_class(cur_seg, seg_class) is_changed = True break # end_ea > next_seg.start_ea, need to create more segments if cur_seg.end_ea < next_seg.start_ea: ida_segment.set_segm_end(ea, next_seg.start_ea, 0) ida_segment.set_segm_class(cur_seg, seg_class) is_changed = True ea = next_seg.start_ea return is_changed