def dump(): ret = [] for addr, name in idautils.Names(): flags = ida_bytes.get_flags(addr) # The 'a' heuristic is fairly bad but we need to filter out IDA's default # naming for strings if ida_bytes.has_dummy_name(flags) or ida_bytes.has_auto_name(flags) or not ida_bytes.is_data(flags) or name[0] == 'a': continue # Sometimes the auto-generated names don't actually usually have the # right flags set, so skip these auto-looking names. if any(name.startswith(s) for s in ['byte_', 'word_', 'dword_', 'unk_', 'jpt_']): continue sz = ida_bytes.get_item_size(addr) if ida_bytes.is_struct(flags): ti = ida_nalt.opinfo_t() ida_bytes.get_opinfo(ti, addr, 0, flags) typ = ida_struct.get_struc_name(ti.tid) else: typ = None ret.append(filter_none({ 'address': addr, 'name': name, 'type': typ, 'sz': sz, 'flags': flags, })) return ret
def _read_struct_member(struct, sid, union, ea, offset, name, size, asobject): """Read a member into a struct for read_struct.""" flags = idc.get_member_flag(sid, offset) assert flags != -1 # Extra information for parsing a struct. member_sid, member_ssize = None, None if ida_bytes.is_struct(flags): member_sid = idc.get_member_strid(sid, offset) member_ssize = ida_struct.get_struc_size(member_sid) # Get the address of the start of the member. member = ea if not union: member += offset # Now parse out the value. array = [] processed = 0 while processed < size: value, read = _read_struct_member_once(member + processed, flags, size, member_sid, member_ssize, asobject) assert size % read == 0 array.append(value) processed += read if len(array) == 1: value = array[0] else: value = array struct[name] = value
def guess_dummy_type(self, interface_ea): if self.dummy: if is_struct(get_full_flags(interface_ea)): return t = guess_type(interface_ea) if t is not None: next(self.members()).type = t
def __call__(self): mt = ida_nalt.opinfo_t() if ida_bytes.is_struct(self.flag): mt.tid = self.extra['id'] if ida_bytes.is_off0(self.flag) or ida_bytes.is_off1(self.flag): mt.ri = ida_nalt.refinfo_t(self.extra['flags'], self.extra['base'], self.extra['target'], self.extra['tdelta']) if ida_bytes.is_strlit(self.flag): mt.strtype = self.extra['strtype'] struc = ida_struct.get_struc_id(Event.encode(self.sname)) sptr = ida_struct.get_struc(struc) ida_struct.set_member_type(sptr, self.soff, self.flag, mt, self.eoff - self.soff)
def op_type_changed(self, ea, n): flags = ida_bytes.get_flags(ea) self.log("op_type_changed(ea=0x%08X, n=%d). Flags now: 0x%08X" % (ea, n, flags)) buf = ida_nalt.opinfo_t() opi = ida_bytes.get_opinfo(buf, ea, n, flags) if opi: if ida_bytes.is_struct(flags): self.log("New struct: 0x%08X (name=%s)" % ( opi.tid, ida_struct.get_struc_name(opi.tid))) elif ida_bytes.is_strlit(flags): encidx = ida_nalt.get_str_encoding_idx(opi.strtype) if encidx == ida_nalt.STRENC_DEFAULT: encidx = ida_nalt.get_default_encoding_idx(ida_nalt.get_strtype_bpu(opi.strtype)) encname = ida_nalt.get_encoding_name(encidx) strlen = ida_bytes.get_max_strlit_length( ea, opi.strtype, ida_bytes.ALOPT_IGNHEADS | ida_bytes.ALOPT_IGNCLT) raw = ida_bytes.get_strlit_contents(ea, strlen, opi.strtype) or b"" self.log("New strlit: 0x%08X, raw hex=%s (encoding=%s)" % ( opi.strtype, binascii.hexlify(raw), encname)) elif ida_bytes.is_off(flags, n): self.log("New offset: refinfo={target=0x%08X, base=0x%08X, tdelta=0x%08X, flags=0x%X}" % ( opi.ri.target, opi.ri.base, opi.ri.tdelta, opi.ri.flags)) elif ida_bytes.is_enum(flags, n): self.log("New enum: 0x%08X (enum=%s), serial=%d" % ( opi.ec.tid, ida_enum.get_enum_name(opi.ec.tid), opi.ec.serial)) pass elif ida_bytes.is_stroff(flags, n): parts = [] for i in range(opi.path.len): tid = opi.path.ids[i] parts.append("0x%08X (name=%s)" % (tid, ida_struct.get_struc_name(tid))) self.log("New stroff: path=[%s] (len=%d, delta=0x%08X)" % ( ", ".join(parts), opi.path.len, opi.path.delta)) elif ida_bytes.is_custom(flags) or ida_bytes.is_custfmt(flags, n): self.log("New custom data type") # unimplemented else: print("Cannot retrieve opinfo_t")
def __call__(self): mt = ida_nalt.opinfo_t() if ida_bytes.is_struct(self.flag): mt.tid = self.extra["id"] if ida_bytes.is_off0(self.flag) or ida_bytes.is_off1(self.flag): mt.ri = ida_nalt.refinfo_t( self.extra["flags"], self.extra["base"], self.extra["target"], self.extra["tdelta"], ) if ida_bytes.is_strlit(self.flag): mt.strtype = self.extra["strtype"] struc = ida_struct.get_struc_id(Event.encode(self.sname)) sptr = ida_struct.get_struc(struc) ida_struct.set_member_type(sptr, self.soff, self.flag, mt, self.eoff - self.soff)
def dump(): ret = [] for addr, name in idautils.Names(): flags = ida_bytes.get_flags(addr) if ida_bytes.has_dummy_name(flags) or ida_bytes.has_auto_name( flags) or not ida_bytes.is_data(flags): print('skip auto:', name) continue # Sometimes the auto-generated names don't actually usually have the # right flags set, so skip these auto-looking names. if any( name.startswith(s) for s in ['byte_', 'word_', 'dword_', 'unk_', 'jpt_']): continue # print('%08x' % addr, '%08x' % flags, name, # ida_bytes.is_data(flags)) sz = ida_bytes.get_item_size(addr) if ida_bytes.is_struct(flags): ti = ida_nalt.opinfo_t() ida_bytes.get_opinfo(ti, addr, 0, flags) # itemsize = ida_bytes.get_data_elsize(addr, flags, ti) typ = ida_struct.get_struc_name(ti.tid) else: # itemsize = ida_bytes.get_item_size(addr) typ = None ret.append({ 'address': addr, 'name': name, 'type': typ, 'sz': sz, 'flags': flags, }) return ret
def _read_struct_member_once(ea, flags, size, member_sid, member_size, asobject): """Read part of a struct member for _read_struct_member.""" if ida_bytes.is_byte(flags): return read_word(ea, 1), 1 elif ida_bytes.is_word(flags): return read_word(ea, 2), 2 elif ida_bytes.is_dword(flags): return read_word(ea, 4), 4 elif ida_bytes.is_qword(flags): return read_word(ea, 8), 8 elif ida_bytes.is_oword(flags): return read_word(ea, 16), 16 elif ida_bytes.is_strlit(flags): return idc.get_bytes(ea, size), size elif ida_bytes.is_float(flags): return idc.Float(ea), 4 elif ida_bytes.is_double(flags): return idc.Double(ea), 8 elif ida_bytes.is_struct(flags): value = read_struct(ea, sid=member_sid, asobject=asobject) return value, member_size return None, size
def __call__(self): mt = ida_nalt.opinfo_t() if ida_bytes.is_struct(self.flag): mt.tid = self.extra["id"] if ida_bytes.is_off0(self.flag) or ida_bytes.is_off1(self.flag): mt.ri = ida_nalt.refinfo_t( self.extra["flags"], self.extra["base"], self.extra["target"], self.extra["tdelta"], ) if ida_bytes.is_strlit(self.flag): mt.strtype = self.extra["strtype"] struc = ida_struct.get_struc_id(self.sname) sptr = ida_struct.get_struc(struc) ida_struct.add_struc_member( sptr, self.fieldname, self.offset, self.flag, mt, self.nbytes, )