def parse_func(pfn): try: hf = idaapi.hexrays_failure_t() cfunc = idaapi.decompile(pfn.start_ea, hf) mbr = idaapi.mba_ranges_t(pfn) mba = idaapi.gen_microcode( mbr, hf, None, idaapi.DECOMP_NO_WAIT | idaapi.DECOMP_NO_CACHE, idaapi.MMAT_GLBOPT3 ) except Exception: return if mba is None: return G = Graph() ctree_state, ctree_expr, ctree_int, ctree_str, micro_int = [], [], [], [], [] # node level for i in range(mba.qty): mb = mba.get_mblock(i) minsn = mb.head blk = [] while minsn: ins = parse_minsn(minsn, micro_int) blk.append(ins) minsn = minsn.next vp = idaapi.qstring_printer_t(None, True) mb._print(vp) G.add_node(mb.serial, feat=blk, raw_data=vp.s) for succ in mb.succset: G.add_edge(mb.serial, succ) G.remove_featempty_nodes() if not G.have_nodes(): return # add a fake edge if there is no edge if not G.have_edges(): G.add_edge(G.graph['nodes'][0]['id'], G.graph['nodes'][0]['id']) # graph level ctree_fea = CtreeFeature(ctree_state, ctree_expr, ctree_int, ctree_str) ctree_fea.apply_to(cfunc.body, None) G.graph['graph']['c_state'], G.graph['graph']['c_expr'], G.graph['graph']['c_int'], G.graph['graph'][ 'c_str'], G.graph['graph']['m_int'] = ctree_state, ctree_expr, ctree_int, ctree_str, micro_int G.graph['graph']['arg_num'] = len(cfunc.argidx) func_bytes = b'' for start, end in idautils.Chunks(pfn.start_ea): fb = idaapi.get_bytes(start, end-start) func_bytes += fb G.graph['graph']['hash'] = hashlib.md5(func_bytes).hexdigest() return G.graph
def upload_function(self, ea, funcset_id): func_feat = bai.ida.get_func_feature(ea) func_name = idaapi.get_func_name(ea) hf = idaapi.hexrays_failure_t() cfunc = idaapi.decompile(ea, hf, idaapi.DECOMP_NO_WAIT) if func_feat and func_name: func_id = bai.function.upload_function(self.client, func_name, func_feat, source_code=str(cfunc), funcset_id=funcset_id) return func_id
def upload(self, ea, funcset=None): func_feat = bai.ida.get_func_feature(ea) func_name = idaapi.get_func_name(ea) hf = idaapi.hexrays_failure_t() cfunc = idaapi.decompile(ea, hf, idaapi.DECOMP_NO_WAIT) if not (func_feat and func_name): return None func_id = bai.function.upload_function( self.client, func_name, func_feat, source_code=str(cfunc)) if funcset and func_id: bai.function.insert_function_set_member(self.client, funcset, [func_id]) return func_id
def get_func_feature(ea): """ get function feature by IDA Pro Args: ea(ea_t): function address Returns: func_feat(string): function feature """ try: hf = idaapi.hexrays_failure_t() cfunc = idaapi.decompile(ea, hf, idaapi.DECOMP_NO_WAIT) return str(cfunc) except Exception: return None
def get_func_feature(ea): """ get function feature by IDA Pro Args: ea(ea_t): function address Returns: func_feat(string): function feature """ try: hf = idaapi.hexrays_failure_t() if idaapi.IDA_SDK_VERSION >= 730: cfunc = idaapi.decompile(ea, hf, idaapi.DECOMP_NO_WAIT) else: cfunc = idaapi.decompile(ea, hf) return str(cfunc) except Exception as e: print(str(e)) return None
def get_upload_func_info(ea): """ get function upload info by IDA Pro Args: ea(ea_t): function address Returns: func_info(dict): function info """ func_info = {} try: hf = idaapi.hexrays_failure_t() if idaapi.IDA_SDK_VERSION >= 730: cfunc = idaapi.decompile(ea, hf, idaapi.DECOMP_NO_WAIT) else: cfunc = idaapi.decompile(ea, hf) func_info['feature'] = str(cfunc) func_info['pseudo_code'] = str(cfunc) except Exception as e: print(str(e)) return None func_info['binary_file'] = idaapi.get_root_filename() binary_sha256 = idaapi.retrieve_input_file_sha256() binary_sha256 = binary_sha256.hex() if isinstance(binary_sha256, bytes) else binary_sha256 func_info['binary_sha256'] = binary_sha256 func_info['binary_offset'] = idaapi.get_fileregion_offset(ea) func_info['platform'] = get_platform_info() func_info['name'] = idaapi.get_func_name(ea) func_bytes = b'' for start, end in idautils.Chunks(idaapi.get_func(ea).start_ea): fb = idaapi.get_bytes(start, end - start) func_bytes += fb func_bytes = func_bytes.hex() if isinstance(func_bytes, bytes) else func_bytes func_info['func_bytes'] = func_bytes return func_info