def get_node_name(self, ea):
name = idc.Name(ea)
if not name:
name = idc.GetFuncOffset(ea)
if not name:
name = "0x%X" % ea
return name
def _name(self, ea):
name = idc.Name(ea)
if not name:
name = idc.GetFuncOffset(ea)
if not name:
name = '0x%X' % ea
return name
def get_name(addr):
'''
trys to get the named value by function and offset
other wise return %segment%:addr
'''
name = idc.GetFuncOffset(addr)
if not name is None:
return name
def get_name_by_ea(self, ea):
'''
Get the name of the specified address.
@ea - Address.
Returns a name for the address, one of idc.Name, idc.GetFuncOffset or 0xXXXXXXXX.
'''
name = idc.Name(ea)
if not name:
name = idc.GetFuncOffset(ea)
if not name:
name = "0x%X" % ea
return name
def get_name_by_ea(ea):
"""
Get the name of the specified address.
@ea - Address.
Returns a name for the address, one of idc.Name, idc.GetFuncOffset or 0xXXXXXXXX.
"""
name = idc.Name(ea)
if not name:
name = idc.GetFuncOffset(ea)
if not name:
name = '0x%X' % ea
return name
def add_auto_comment(self, ea, text):
if ea is not None:
prefix = ""
if idaapi.get_struc(ea) is not None:
if idc.GetStrucIdx(ea) == idc.BADADDR:
prefix = "stackframe '%s'" % idc.GetFunctionName(
idaapi.get_func_by_frame(ea))
else:
prefix = "structure '%s'" % idc.GetStrucName(ea)
elif idc.GetEnumIdx(ea) != idc.BADADDR:
prefix = "enum '%s'" % idc.GetEnumName(ea)
else:
foffset = idc.GetFuncOffset(ea)
if foffset is None:
prefix = yatools.ea_to_hex(ea)
else:
prefix = "%s,%s" % (yatools.ea_to_hex(ea), foffset)
self.auto_comments.add((prefix, text))
else:
self.auto_comments.add(("", text))
def get_area_name(self, ea, val_type):
name = None
if val_type == T_CODE:
fcn_name = idc.GetFuncOffset(ea)
if fcn_name:
name = fcn_name
else:
symbol_name = idaapi.get_name(ea)
if symbol_name:
name = symbol_name
else:
symbol_name = idaapi.get_name(ea)
if symbol_name:
name = symbol_name
seg_name = idc.SegName(ea)
if seg_name is not None:
if name:
name = "%s ! %s" % (seg_name, name)
else:
name = seg_name
return name
def _profile_function(self):
current_ea = idc.ScreenEA()
current_function = idc.GetFunctionName(current_ea)
current_function_ea = idc.LocByName(current_function)
if current_function:
self.function = current_function
ea = start_ea = idc.GetFunctionAttr(current_function_ea,
idc.FUNCATTR_START)
end_ea = idc.GetFunctionAttr(current_function_ea, idc.FUNCATTR_END)
self.highlighted = idaapi.get_highlighted_identifier()
while ea < end_ea and ea != idc.BADADDR and self.highlighted:
i = 0
match = False
optype = self.READ
comment = None
idaapi.decode_insn(ea)
mnem = idc.GetMnem(ea)
if self.highlighted in mnem:
match = True
elif idaapi.is_call_insn(ea):
for xref in idautils.XrefsFrom(ea):
if xref.type != 21:
name = idc.Name(xref.to)
if name and self.highlighted in name:
match = True
break
else:
while True:
opnd = idc.GetOpnd(ea, i)
if opnd:
if self.highlighted in opnd:
try:
canon_feature = idaapi.insn_t_get_canon_feature(
idaapi.cmd.ityp)
except AttributeError:
insn_t = idaapi.insn_t()
canon_feature = insn_t.get_canon_feature()
match = True
if canon_feature & self.OPND_WRITE_FLAGS[i]:
optype = self.WRITE
i += 1
else:
break
if not match:
comment = idc.GetCommentEx(ea, 0)
if comment and self.highlighted in comment:
match = True
else:
comment = idc.GetCommentEx(ea, 1)
if comment and self.highlighted in comment:
match = True
else:
comment = None
if match:
if ea > current_ea:
direction = self.DOWN
elif ea < current_ea:
direction = self.UP
else:
direction = self.THIS
self.xrefs[ea] = {
'offset': idc.GetFuncOffset(ea),
'mnem': mnem,
'type': optype,
'direction': direction,
'text': idc.GetDisasm(ea),
}
ea += idaapi.cmd.size
def get_name(addr):
'''
trys to get the named value by function and offset
other wise return %segment%:addr
'''
name = idc.GetFuncOffset(addr)
if not name is None:
return name
name = idc.SegName(name)
if not name is None:
return name+"%08x"%addr
return idc.BADADDR
get_import_flow_information = lambda x: [ '%s ==> %s'%(idc.GetFuncOffset(xref.frm), idc.Name(xref.to), ) for xref in idautils.XrefsTo(LocByName(x)) if xref.iscode]
get_name_flow_info = lambda x: [ '0x%08x ==> 0x%08x # %s ==> %s '%(xref.frm, xref.to, get_name(xref.frm), idc.Name(xref.to) ) for xref in idautils.XrefsTo(idc.LocByName(x)) if xref.iscode]
get_addr_flow_info = lambda x: [ '0x%08x ==> 0x%08x # %s ==> %s '%(xref.frm, xref.to, get_name(xref.frm), idc.Name(xref.to) ) for xref in idautils.XrefsTo(x) if xref.iscode]
idx = 0
def get_flow_to_name(name):
global idx
mflow_addrs = []
mflow_names = []
print "In call %x Name: %s"%(idx,name)
idx+=1
for flow in get_name_flow_info(name):
print flow
a2a = get_addr_to_addr(flow)
n2n = get_name_to_name(flow)
src = a2a.split()[0].strip()
# arrows at 1
def display(self, message): print "%-25s %s" % (idc.GetFuncOffset(self.idasim.cpu.ReturnAddress()), message)
import idaapi
import sys
import idautils
hilight_color = 0x009900
prolog_sequence = "55 89 e5"
ea = idc.ScreenEA()
addr = idc.SegStart(ea)
print "[!] Analyzing from %#x" % addr
while True:
res = idc.FindBinary(addr, idaapi.BIN_SEARCH_FORWARD, prolog_sequence, 16)
if res == idaapi.BADADDR:
break
func = idc.GetFuncOffset(res)
if func is not None:
print "[*] %#x already matching function %s" % (res, func)
else:
print "[+] Matching at %#x" % res
idc.Jump(res)
col = idc.GetColor(res, idc.CIC_ITEM)
idc.SetColor(res, idc.CIC_ITEM, hilight_color)
idc.SetColor(res + 1, idc.CIC_ITEM, hilight_color)
ret = idc.AskYN(0,
"Would you like to create a function at %#x ?" % res)
if ret == 1:
idc.MakeFunction(res)
print "[+] Creating function at %#x" % res
