def RenameMod(orig, new):
i = idc.get_next_func(0)
while (i != BADADDR):
n = idc.get_func_name(i)
if n.startswith(orig + "_"):
RenameFuncWithNewMod(i, new)
i = NextFunction(i)
def get_function_bounds(ea):
"""Get the bounds of the function containing `ea`. We want to discover jump
table targets that are missed by IDA, and it's possible that they aren't
marked as being part of the current function, and perhaps are after the
assumed range of the current function. Ideally they will fall before the
beginning of the next function, though.
We need to be pretty careful with the case that one function tail-calls
another. IDA will sometimes treat the end of the tail-called function
(e.g. a thunk) as if it is the end of the caller. For this reason, we start
with loose bounds using the prev/next functions, then try to narrow with
the bounds of the function containing `ea`.
TODO(pag): Handle discontinuous regions (e.g. because of function chunks).
It may be worth to return an object here that can we queried
for membership using the `__in__` method.
"""
seg_start, seg_end = idc.get_segm_start(ea), idc.get_segm_end(ea)
min_ea = seg_start
max_ea = seg_end
if is_invalid_ea(min_ea) or not is_code(ea):
return ea, ea
# Get an upper bound using the next function.
next_func_ea = idc.get_next_func(ea)
if not is_invalid_ea(next_func_ea):
max_ea = min(next_func_ea, max_ea)
# Get a lower bound using the previous function.
prev_func_ea = idc.get_prev_func(ea)
if not is_invalid_ea(prev_func_ea):
min_ea = max(min_ea, prev_func_ea)
prev_func = idaapi.get_func(prev_func_ea)
if prev_func and prev_func.end_ea < ea:
min_ea = max(min_ea, prev_func.end_ea)
# Try to tighten the bounds using the function containing `ea`.
func = idaapi.get_func(ea)
if func:
min_ea = max(min_ea, func.start_ea)
max_ea = min(max_ea, func.end_ea)
return min_ea, max_ea
def get_function_bounds(ea):
"""Get the bounds of the function containing `ea`. We want to discover jump
table targets that are missed by IDA, and it's possible that they aren't
marked as being part of the current function, and perhaps are after the
assumed range of the current function. Ideally they will fall before the
beginning of the next function, though.
We need to be pretty careful with the case that one function tail-calls
another. IDA will sometimes treat the end of the tail-called function
(e.g. a thunk) as if it is the end of the caller. For this reason, we start
with loose bounds using the prev/next functions, then try to narrow with
the bounds of the function containing `ea`.
TODO(pag): Handle discontinuous regions (e.g. because of function chunks).
It may be worth to return an object here that can we queried
for membership using the `__in__` method.
"""
seg_start, seg_end = idc.get_segm_start(ea), idc.get_segm_end(ea)
min_ea = seg_start
max_ea = seg_end
if is_invalid_ea(min_ea) or not is_code(ea):
return ea, ea
# Get an upper bound using the next function.
next_func_ea = idc.get_next_func(ea)
if not is_invalid_ea(next_func_ea):
max_ea = min(next_func_ea, max_ea)
# Get a lower bound using the previous function.
prev_func_ea = idc.get_prev_func(ea)
if not is_invalid_ea(prev_func_ea):
min_ea = max(min_ea, prev_func_ea)
prev_func = idaapi.get_func(prev_func_ea)
if prev_func and prev_func.end_ea < ea:
min_ea = max(min_ea, prev_func.end_ea)
# Try to tighten the bounds using the function containing `ea`.
func = idaapi.get_func(ea)
if func:
min_ea = max(min_ea, func.start_ea)
max_ea = min(max_ea, func.end_ea)
return min_ea, max_ea
def NextFunction(x): return idc.get_next_func(x)
def function_containing(ea):
return idc.get_next_func(idc.get_prev_func(ea))
# Iterate over all the functions, querying from the database and printing them.
fnhandled = 0
conn = httplib.HTTPConnection("symgrate.com", 80)
qstr = ""
start = 0
end = 0
t = ida_segment.get_segm_by_name(".text")
if (t and t.start_ea != ida_idaapi.BADADDR):
start = t.start_ea
end = t.end_ea
else:
start = idc.get_next_func(0)
end = ida_idaapi.BADADDR
f = start
while (f != ida_idaapi.BADADDR) and (f <= end):
iname = idc.get_func_name(f)
adr = f
adrstr = "%x" % f
res = None
B = bytearray(ida_bytes.get_bytes(adr, LEN))
bstr = ""
for b in B:
bstr += "%02x" % (0x00FF & b)
def def_functions(s_start):
num_added_functions = 0
s_addr = s_start
s_end = idc.get_segm_attr(s_start, SEGATTR_END) #idc.SegEnd(segm)
print("0x%08x 0x%08x" % (s_start, s_end))
while (s_addr < s_end):
print("Testing address 0x%08x" % s_addr)
#optimization assumes that function chunks are consecutive (no "function-in-function" monkey business)
if (idaapi.get_func(s_addr)):
next_func = idc.get_next_func(s_addr)
ea = s_addr
for c in idautils.Chunks(s_addr):
#only use chunks in lookahead that do not jump over the next function and that are not smaller than where we are atm.
if (c[1] > ea) and (c[1] <= next_func):
ea = c[1]
if ea == s_addr:
s_addr += 2
else:
s_addr = ea
#s_addr += 4
continue
else:
#This is not a good optimization, there WILL be data refs to function start addresses sometimes.
'''
if sum(1 for _ in (CodeRefsTo(s_addr, 1))) != 0:
s_addr += 4
continue
'''
#also add STMFD
if ((idc.print_insn_mnem(s_addr) == "STM") and
("SP!" in idc.print_operand(s_addr, 0)) and
("LR" in idc.print_operand(s_addr, 1))) or (
((idc.print_insn_mnem(s_addr) == "PUSH") or
(idc.print_insn_mnem(s_addr) == "PUSH.W") or
(idc.print_insn_mnem(s_addr) == "STR.W")) and
("LR" in idc.print_operand(s_addr, 0))):
print("Found function at 0x%08x" % s_addr)
ida_funcs.add_func(s_addr)
f = idaapi.get_func(s_addr)
if (type(f) == type(None)):
print("Failed to create function! Undefined instructions?")
s_addr += 2
else:
num_added_functions += 1
ea = -1
for c in idautils.Chunks(s_addr):
if c[1] > ea:
ea = c[1]
if ea != -1:
s_addr = ea
#failed?
else:
s_addr += 2
else:
s_addr += 2
print("finished segment")
return num_added_functions
