Esempi in Python per get_full_long, esempi in Python per idaapi.get_full_long

Esempio n. 1

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

    def define(ea):
        if CompleteObjectLocator.isDefined(ea):
            return
        if not CompleteObjectLocator.isValid(ea):
            raise RttiError(
                "%08X: doesn't look like a correct CompleteObjectLocator" %
                (ea))

        # Ensure referenced structs are defined.
        # An exception will be thrown if something goes wrong.
        tdPtr = idaapi.get_full_long(ea + 12)
        td = TypeDescriptor(tdPtr)
        chdPtr = idaapi.get_full_long(ea + 16)
        chd = ClassHierarchyDescriptor(chdPtr)

        strid = idaapi.get_struc_id('_s__RTTICompleteObjectLocator')
        size = idaapi.get_struc_size(strid)
        idaapi.do_unknown_range(ea, size, idaapi.DOUNK_DELNAMES)
        idaapi.doStruct(ea, size, strid)

        if chd.isMultipleInheritance:
            if chd.isVirtualInheritance:
                print '%08X: Cannot handle virtual inheritance yet.' % (ea)
            else:
                # '??_R4' + td.baseMangledName + '6B' + baseClassTd.baseMangledName + '@'
                # '??_7'  + ...
                print '%08X: Cannot handle multiple inheritance yet.' % (ea)
        else:
            idaapi.set_name(ea, '??_R4' + td.baseMangledName + '6B@', 0)

Esempio n. 2

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

    def define(ea):
        if CompleteObjectLocator.isDefined(ea):
            return
        if not CompleteObjectLocator.isValid(ea):
            raise RttiError("%08X: doesn't look like a correct CompleteObjectLocator" % (ea))

        # Ensure referenced structs are defined.
        # An exception will be thrown if something goes wrong.
        tdPtr = idaapi.get_full_long(ea + 12)
        td = TypeDescriptor(tdPtr)
        chdPtr = idaapi.get_full_long(ea + 16)
        chd = ClassHierarchyDescriptor(chdPtr)

        strid = idaapi.get_struc_id("_s__RTTICompleteObjectLocator")
        size = idaapi.get_struc_size(strid)
        idaapi.do_unknown_range(ea, size, idaapi.DOUNK_DELNAMES)
        idaapi.doStruct(ea, size, strid)

        if chd.isMultipleInheritance:
            if chd.isVirtualInheritance:
                print "%08X: Cannot handle virtual inheritance yet." % (ea)
            else:
                # '??_R4' + td.baseMangledName + '6B' + baseClassTd.baseMangledName + '@'
                # '??_7'  + ...
                print "%08X: Cannot handle multiple inheritance yet." % (ea)
        else:
            idaapi.set_name(ea, "??_R4" + td.baseMangledName + "6B@", 0)

Esempio n. 3

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def isValid(ea):
     """
     See if this looks like a type descriptor.
     """
     # FIXME: 64-bit compatibility
     if idaapi.get_full_long(ea) == 0:
         return False
     if idaapi.get_full_long(ea + 4) != 0:
         return False
     if idaapi.get_full_long(ea + 8) not in TypeDescriptor.typeNameMarkers:
         return False
     try:
         name = TypeDescriptor.makeName(ea)
     except:
         return False
     return True

Esempio n. 4

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

def scanRtti():
    dataBounds = getSegBoundaries(".data")
    rdataBounds = getSegBoundaries(".rdata")
    if dataBounds is None:
        print "No .data section found. Cannot continue."
        return False

    print "Scanning for TypeDescriptors (might take a while)..."
    tds = TypeDescriptor.findAll(dataBounds)
    print "Found %d descriptor(s)." % len(tds)

    print "Defining TypeDescriptors..."
    for ea in tds:
        x = TypeDescriptor(ea)
        print x

    print "Scanning TypeDescriptors for CompleteObjectLocator refs..."
    cols = []
    ea = rdataBounds[0]
    lastEa = rdataBounds[1]
    while ea < lastEa:
        ptr = idaapi.get_full_long(ea)
        if (dataBounds[0] <= ptr < dataBounds[1]) and (ptr in tds):
            # print "%08X" % ptr
            try:
                # Correct the address.
                colPtr = ea - 12
                col = CompleteObjectLocator(colPtr)
                print col
                cols.append(colPtr)
            except Exception, e:
                # print traceback.format_exc()
                pass
        ea += 4

Esempio n. 5

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def isValid(ea):
     # Signature field must be zero
     if idaapi.get_full_long(ea) != 0:
         # print "Signature fail"
         return False
     # At offset 12, there should be a pointer to a valid TypeDescriptor
     tdPtr = idaapi.get_full_long(ea + 12)
     if not TypeDescriptor.isValid(tdPtr):
         # print "TD fail"
         return False
     # At offset 16, there should be a pointer to a valid ClassHierarchyDescriptor
     chdPtr = idaapi.get_full_long(ea + 16)
     if not ClassHierarchyDescriptor.isValid(chdPtr):
         # print "CHD fail"
         return False
     return True

Esempio n. 6

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def isValid(ea):
     """
     See if this looks like a type descriptor.
     """
     # FIXME: 64-bit compatibility
     if idaapi.get_full_long(ea) == 0:
         return False
     if idaapi.get_full_long(ea + 4) != 0:
         return False
     if idaapi.get_full_long(ea + 8) not in TypeDescriptor.typeNameMarkers:
         return False
     try:
         name = TypeDescriptor.makeName(ea)
     except:
         return False
     return True

Esempio n. 7

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def isValid(ea):
     # Signature field must be zero
     if idaapi.get_full_long(ea) != 0:
         # print "Signature fail"
         return False
     # At offset 12, there should be a pointer to a valid TypeDescriptor
     tdPtr = idaapi.get_full_long(ea + 12)
     if not TypeDescriptor.isValid(tdPtr):
         # print "TD fail"
         return False
     # At offset 16, there should be a pointer to a valid ClassHierarchyDescriptor
     chdPtr = idaapi.get_full_long(ea + 16)
     if not ClassHierarchyDescriptor.isValid(chdPtr):
         # print "CHD fail"
         return False
     return True

Esempio n. 8

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

def scanRtti():
    dataBounds = getSegBoundaries(".data")
    rdataBounds = getSegBoundaries(".rdata")
    if dataBounds is None:
        print "No .data section found. Cannot continue."
        return False

    print "Scanning for TypeDescriptors (might take a while)..."
    tds = TypeDescriptor.findAll(dataBounds)
    print "Found %d descriptor(s)." % len(tds)

    print "Defining TypeDescriptors..."
    for ea in tds:
        x = TypeDescriptor(ea)
        print x

    print "Scanning TypeDescriptors for CompleteObjectLocator refs..."
    cols = []
    ea = rdataBounds[0]
    lastEa = rdataBounds[1]
    while ea < lastEa:
        ptr = idaapi.get_full_long(ea)
        if (dataBounds[0] <= ptr < dataBounds[1]) and (ptr in tds):
            # print "%08X" % ptr
            try:
                # Correct the address.
                colPtr = ea - 12
                col = CompleteObjectLocator(colPtr)
                print col
                cols.append(colPtr)
            except Exception, e:
                # print traceback.format_exc()
                pass
        ea += 4

Esempio n. 9

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

    def define(ea, count):
        # TODO: sanity checks

        idaapi.do_unknown_range(ea, count * 4, idaapi.DOUNK_DELNAMES)
        idaapi.doDwrd(ea, 4)
        idaapi.do_data_ex(ea, idaapi.getFlags(ea), count * 4, idaapi.BADADDR)
        # TODO: rewrite into idaapi calls
        idc.SetArrayFormat(ea, idc.AP_INDEX | idc.AP_IDXDEC, 1, 0)

        # Entry 0 describes the class itself => I can find out the class name.
        bcd = BaseClassDescriptor(idaapi.get_full_long(ea))
        idaapi.set_name(ea, "??_R2" + bcd.typeDescriptor.baseMangledName + "8", 0)

        i = 1
        while i < count:
            bcd = BaseClassDescriptor(idaapi.get_full_long(ea + i * 4))
            i += 1

Esempio n. 10

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

    def define(ea, count):
        # TODO: sanity checks

        idaapi.do_unknown_range(ea, count * 4, idaapi.DOUNK_DELNAMES)
        idaapi.doDwrd(ea, 4)
        idaapi.do_data_ex(ea, idaapi.getFlags(ea), count * 4, idaapi.BADADDR)
        # TODO: rewrite into idaapi calls
        idc.SetArrayFormat(ea, idc.AP_INDEX | idc.AP_IDXDEC, 1, 0)

        # Entry 0 describes the class itself => I can find out the class name.
        bcd = BaseClassDescriptor(idaapi.get_full_long(ea))
        idaapi.set_name(ea, '??_R2' + bcd.typeDescriptor.baseMangledName + '8',
                        0)

        i = 1
        while i < count:
            bcd = BaseClassDescriptor(idaapi.get_full_long(ea + i * 4))
            i += 1

Esempio n. 11

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def isValid(ea):
     if idaapi.get_full_long(ea) != 0:
         return False
     attrs = ClassHierarchyDescriptor.__attributes(ea)
     if attrs > 3:
         return False
     baseCount = ClassHierarchyDescriptor.__baseClassCount(ea)
     if baseCount > 1024:
         return False
     # TODO: add sanity checks.
     return True

Esempio n. 12

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def isValid(ea):
     if idaapi.get_full_long(ea) != 0:
         return False
     attrs = ClassHierarchyDescriptor.__attributes(ea)
     if attrs > 3:
         return False
     baseCount = ClassHierarchyDescriptor.__baseClassCount(ea)
     if baseCount > 1024:
         return False
     # TODO: add sanity checks.
     return True

Esempio n. 13

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def __attributes(ea):
     return idaapi.get_full_long(ea + 20)

Esempio n. 14

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def __containedBasesCount(ea):
     return idaapi.get_full_long(ea + 4)

Esempio n. 15

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def __typeDescriptorPtr(ea):
     return idaapi.get_full_long(ea)

Esempio n. 16

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def __attributes(ea):
     return idaapi.get_full_long(ea + 20)

Esempio n. 17

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

    def __getitem__(self, index):
        if index < 0 or index >= self.count:
            raise IndexError("Index too large")

        return BaseClassDescriptor(idaapi.get_full_long(self.ea + index * 4))

Esempio n. 18

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def __containedBasesCount(ea):
     return idaapi.get_full_long(ea + 4)

Esempio n. 19

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def classHierarchyDescriptor(self):
     at = idaapi.get_full_long(self.ea + 16)
     return ClassHierarchyDescriptor(at)

Esempio n. 20

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def ctorDispOffset(self):
     return idaapi.get_full_long(self.ea + 8)

Esempio n. 21

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def __v2ChdPtr(ea):
     return idaapi.get_full_long(ea + 24)

Esempio n. 22

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def __v2ChdPtr(ea):
     return idaapi.get_full_long(ea + 24)

Esempio n. 23

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def classHierarchyDescriptor(self):
     at = idaapi.get_full_long(self.ea + 16)
     return ClassHierarchyDescriptor(at)

Esempio n. 24

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def typeDescriptor(self):
     at = idaapi.get_full_long(self.ea + 12)
     return TypeDescriptor(at)

Esempio n. 25

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def ctorDispOffset(self):
     return idaapi.get_full_long(self.ea + 8)

Esempio n. 26

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def vftableOffset(self):
     return idaapi.get_full_long(self.ea + 4)

Esempio n. 27

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def vftableOffset(self):
     return idaapi.get_full_long(self.ea + 4)

Esempio n. 28

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def __baseClassCount(ea):
     return idaapi.get_full_long(ea + 8)

Esempio n. 29

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def typeDescriptor(self):
     at = idaapi.get_full_long(self.ea + 12)
     return TypeDescriptor(at)

Esempio n. 30

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def __baseClassArrayPtr(ea):
     return idaapi.get_full_long(ea + 12)

Esempio n. 31

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def __baseClassCount(ea):
     return idaapi.get_full_long(ea + 8)

Esempio n. 32

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

 def __typeDescriptorPtr(ea):
     return idaapi.get_full_long(ea)

Esempio n. 33

0

Mostra file

File: Rtti.py Progetto: nihilus/idascripts-1

 def __baseClassArrayPtr(ea):
     return idaapi.get_full_long(ea + 12)

Esempio n. 34

0

Mostra file

File: Rtti.py Progetto: psolyca/idascripts

    def __getitem__(self, index):
        if index < 0 or index >= self.count:
            raise IndexError('Index too large')

        return BaseClassDescriptor(idaapi.get_full_long(self.ea + index * 4))