Python apply_tinfoの例、idaapi.apply_tinfo Pythonの例

コード例 #1

0

ファイルを表示

ファイル: std_string.py プロジェクト: iweizime/IDAPython

def process_funcs(all_funcs):
    for func in all_funcs:
        # rename
        idc.set_name(func.start_ea, f"string_{func.start_ea:X}")

        # set type
        struc_id = idaapi.get_struc_id("std::string")
        # print(f"{struc_id:x}")

        if struc_id == idaapi.BADADDR:
            idc.set_local_type(-1, "struct std::string {char *ptr; size_t length; char buf[0x10];};", idaapi.PT_TYP)
            print("create std::string")

        func_tinfo = idaapi.tinfo_t()
        cfunc = idaapi.decompile(func.start_ea)
        cfunc.get_func_type(func_tinfo)
        func_details = idaapi.func_type_data_t()
        func_tinfo.get_func_details(func_details)


        std_string_tinfo = idaapi.tinfo_t()
        std_string_tinfo.get_named_type(idaapi.get_idati(), "std::string")
        std_string_ptr_tinfo = idaapi.tinfo_t()
        std_string_ptr_tinfo.create_ptr(std_string_tinfo)

        func_details[0].type = std_string_ptr_tinfo
        func_tinfo.create_func(func_details)
        idaapi.apply_tinfo(func.start_ea, func_tinfo, idaapi.TINFO_DEFINITE)

コード例 #2

0

ファイルを表示

    def activate(self, ctx):
        hx_view = idaapi.get_widget_vdui(ctx.widget)
        result = self.__extract_rename_info(hx_view.cfunc, hx_view.item)

        if result:
            func_tinfo, address, arg_index, name = result
            helper.set_func_arg_name(func_tinfo, arg_index, name)
            idaapi.apply_tinfo(address, func_tinfo, idaapi.TINFO_DEFINITE)
            hx_view.refresh_view(True)

コード例 #3

0

ファイルを表示

 def commit(self):
     addresses = self.addresses
     if self.name_modified:
         self.name_modified = False
         if len(addresses) == 1:
             idaapi.set_name(addresses[0], self.name)
     if self.tinfo_modified:
         self.tinfo_modified = False
         if len(addresses) == 1:
             idaapi.apply_tinfo(addresses[0], self.tinfo.get_pointed_object(), idaapi.TINFO_DEFINITE)

コード例 #4

0

ファイルを表示

 def activate(self, ctx):
     vu = idaapi.get_widget_vdui(ctx.widget)
     function_tinfo = idaapi.tinfo_t()
     if not vu.cfunc.get_func_type(function_tinfo):
         return
     function_details = idaapi.func_type_data_t()
     function_tinfo.get_func_details(function_details)
     if function_details.rettype.equals_to(const.VOID_TINFO):
         function_details.rettype = idaapi.tinfo_t(const.PVOID_TINFO)
     else:
         function_details.rettype = idaapi.tinfo_t(idaapi.BT_VOID)
     function_tinfo.create_func(function_details)
     idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo,
                        idaapi.TINFO_DEFINITE)
     vu.refresh_view(True)

コード例 #5

0

ファイルを表示

    def activate(self, ctx):
        vu = idaapi.get_widget_vdui(ctx.widget)
        function_tinfo = idaapi.tinfo_t()
        if not vu.cfunc.get_func_type(function_tinfo):
            return
        function_details = idaapi.func_type_data_t()
        function_tinfo.get_func_details(function_details)
        del_arg = vu.item.get_lvar()

        function_details.erase(
            [x for x in function_details if x.name == del_arg.name][0])

        function_tinfo.create_func(function_details)
        idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo,
                           idaapi.TINFO_DEFINITE)
        vu.refresh_view(True)

コード例 #6

0

ファイルを表示

ファイル: fn_fuzzy.py プロジェクト: dhulliger/ida_haru

    def activate(self, ctx):
        sel = []
        for idx in ctx.chooser_selection:
            # rename the function
            ea = get_name_ea_simple(self.items[idx][2])
            sfname = str(self.items[idx][4])
            #set_name(ea, sfname)
            idaapi.do_name_anyway(ea, sfname)
            success('{:#x}: renamed to {}'.format(ea, sfname))
            # set the function prototype
            sptype = str(self.items[idx][5])
            if sptype != 'None':
                tinfo = idaapi.tinfo_t()
                idaapi.parse_decl2(idaapi.cvar.idati, sptype, tinfo, 0)
                #idaapi.apply_callee_tinfo(ea, tinfo)
                if idaapi.apply_tinfo(ea, tinfo, 0):
                    success('{:#x}: function prototype set to {}'.format(
                        ea, sptype))
                else:
                    error(
                        '{:#x}: function prototype set FAILED (maybe you should import the types?)'
                        .format(ea))
                    if ask_yn(0, 'Do you import types from the secondary idb?'
                              ) == 1:
                        if self.import_types():
                            tinfo = idaapi.tinfo_t()
                            idaapi.parse_decl2(idaapi.cvar.idati, sptype,
                                               tinfo, 0)
                            if idaapi.apply_tinfo(ea, tinfo, 0):
                                success('{:#x}: function prototype set to {}'.
                                        format(ea, sptype))
                            else:
                                error(
                                    '{:#x}: function prototype set FAILED again'
                                    .format(ea))

            # insert the comment
            score = self.items[idx][0]
            mmatch = self.items[idx][1]
            cmt = 'fn_fuzzy: ssdeep={}, machoc={}'.format(score, mmatch)
            set_func_cmt(ea, cmt, 1)
            #set_decomplier_cmt(ea, cmt) # not sure how to avoid orphan comment

        # update the Choose rows
        ida_kernwin.refresh_chooser(self.title)

コード例 #7

0

ファイルを表示

ファイル: scanners.py プロジェクト: sfinktah/HexRaysPyTools

    def activate(self, ctx):
        hx_view = idaapi.get_widget_vdui(ctx.widget)
        cfunc = hx_view.cfunc

        if not self._can_be_scanned(cfunc, hx_view.item):
            return

        obj = api.ScanObject.create(cfunc, hx_view.item)
        tmp_struct = TemporaryStructureModel()
        visitor = NewShallowSearchVisitor(cfunc, 0, obj, tmp_struct)
        visitor.process()
        tinfo = tmp_struct.get_recognized_shape()
        if tinfo:
            tinfo.create_ptr(tinfo)
            if obj.id == api.SO_LOCAL_VARIABLE:
                hx_view.set_lvar_type(obj.lvar, tinfo)
            elif obj.id == api.SO_GLOBAL_OBJECT:
                idaapi.apply_tinfo(obj.obj_ea, tinfo, idaapi.TINFO_DEFINITE)
            hx_view.refresh_view(True)

コード例 #8

0

ファイルを表示

 def activate(self, ctx):
     vu = idaapi.get_widget_vdui(ctx.widget)
     function_tinfo = idaapi.tinfo_t()
     if not vu.cfunc.get_func_type(function_tinfo):
         return
     function_details = idaapi.func_type_data_t()
     function_tinfo.get_func_details(function_details)
     convention = idaapi.CM_CC_MASK & function_details.cc
     if convention == idaapi.CM_CC_CDECL:
         function_details.cc = idaapi.CM_CC_SPECIAL
     elif convention in (idaapi.CM_CC_STDCALL, idaapi.CM_CC_FASTCALL,
                         idaapi.CM_CC_PASCAL, idaapi.CM_CC_THISCALL):
         function_details.cc = idaapi.CM_CC_SPECIALP
     elif convention == idaapi.CM_CC_ELLIPSIS:
         function_details.cc = idaapi.CM_CC_SPECIALE
     else:
         return
     function_tinfo.create_func(function_details)
     idaapi.apply_tinfo(vu.cfunc.entry_ea, function_tinfo,
                        idaapi.TINFO_DEFINITE)
     vu.refresh_view(True)

コード例 #9

0

ファイルを表示

    def remove_rettype(self, vu):
        if vu.item.citype == idaapi.VDI_FUNC:
            # current function
            ea = vu.cfunc.entry_ea
            old_func_type = idaapi.tinfo_t()
            if not vu.cfunc.get_func_type(old_func_type):
                return False
        elif vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr(
        ) and vu.item.e.type.is_funcptr():
            # call xxx
            ea = vu.item.get_ea()
            old_func_type = idaapi.tinfo_t()

            func = idaapi.get_func(ea)
            if func:
                try:
                    cfunc = idaapi.decompile(func)
                except idaapi.DecompilationFailure:
                    return False

                if not cfunc.get_func_type(old_func_type):
                    return False
            else:
                return False
        else:
            return False

        fi = idaapi.func_type_data_t()
        if ea != idaapi.BADADDR and old_func_type.get_func_details(fi):
            # Return type is already void
            if fi.rettype.is_decl_void():
                # Restore ret type
                if ea not in self.ret_type:
                    return True
                ret = self.ret_type[ea]
            else:
                # Save ret type and change it to void
                self.ret_type[ea] = fi.rettype
                ret = idaapi.BT_VOID

            # Create new function info with new rettype
            fi.rettype = idaapi.tinfo_t(ret)

            # Create new function type with function info
            new_func_type = idaapi.tinfo_t()
            new_func_type.create_func(fi)

            # Apply new function type
            if idaapi.apply_tinfo(ea, new_func_type, idaapi.TINFO_DEFINITE):
                return vu.refresh_view(True)

        return False

コード例 #10

0

ファイルを表示

    def activate(self, ctx):
        hx_view = idaapi.get_widget_vdui(ctx.widget)
        ri = self.extract_recast_info(hx_view.cfunc, hx_view.item)
        if not ri:
            return 0

        if isinstance(ri, RecastLocalVariable):
            hx_view.set_lvar_type(ri.local_variable, ri.recast_tinfo)

        elif isinstance(ri, RecastGlobalVariable):
            idaapi.apply_tinfo(ri.global_variable_ea, ri.recast_tinfo,
                               idaapi.TINFO_DEFINITE)

        elif isinstance(ri, RecastArgument):
            if ri.recast_tinfo.is_array():
                ri.recast_tinfo.convert_array_to_ptr()
            helper.set_func_argument(ri.func_tinfo, ri.arg_idx,
                                     ri.recast_tinfo)
            idaapi.apply_tinfo(ri.func_ea, ri.func_tinfo,
                               idaapi.TINFO_DEFINITE)

        elif isinstance(ri, RecastReturn):
            cfunc = helper.decompile_function(ri.func_ea)
            if not cfunc:
                return 0

            func_tinfo = idaapi.tinfo_t()
            cfunc.get_func_type(func_tinfo)
            helper.set_func_return(func_tinfo, ri.recast_tinfo)
            idaapi.apply_tinfo(cfunc.entry_ea, func_tinfo,
                               idaapi.TINFO_DEFINITE)

        elif isinstance(ri, RecastStructure):
            tinfo = idaapi.tinfo_t()
            tinfo.get_named_type(idaapi.cvar.idati, ri.structure_name)
            ordinal = idaapi.get_type_ordinal(idaapi.cvar.idati,
                                              ri.structure_name)
            if ordinal == 0:
                return 0

            udt_member = idaapi.udt_member_t()
            udt_member.offset = ri.field_offset * 8
            idx = tinfo.find_udt_member(udt_member, idaapi.STRMEM_OFFSET)
            if udt_member.offset != ri.field_offset * 8:
                print("[Info] Can't handle with arrays yet")
            elif udt_member.type.get_size() != ri.recast_tinfo.get_size():
                print("[Info] Can't recast different sizes yet")
            else:
                udt_data = idaapi.udt_type_data_t()
                tinfo.get_udt_details(udt_data)
                udt_data[idx].type = ri.recast_tinfo
                tinfo.create_udt(udt_data, idaapi.BTF_STRUCT)
                tinfo.set_numbered_type(idaapi.cvar.idati, ordinal,
                                        idaapi.NTF_REPLACE, ri.structure_name)
        else:
            raise NotImplementedError

        hx_view.refresh_view(True)
        return 0

コード例 #11

0

ファイルを表示

 def add(name, types=None, fields=None, cmts=None, flags=0, lib=None):
     t = Type.add(name, types, fields, cmts, flags, lib)
     if not idaapi.apply_tinfo(0, t.ti, 0):
         print "[-] can't add struct `%s`" % name
     return Struct(name)