def yatest_reference_views(self): addr = yaunit.get_next_function() f = idaapi.get_flags_novalue(addr) while not idaapi.isNum1(f) and not idaapi.isOff(f, 1): addr += idc.ItemSize(addr) f = idaapi.get_flags_novalue(addr) self.assertTrue(idaapi.set_offset(addr, self.operand, self.reference_addr)) yaunit.save('reference_view_addr', addr)
def yatest_reference_views(self): eas = [] for (operand, is_num, reference) in tests: ea = yaunit.get_next_function() f = idaapi.get_flags_novalue(ea) while not is_num(f) and not idaapi.isOff(f, operand): ea += idc.ItemSize(ea) f = idaapi.get_flags_novalue(ea) self.assertTrue(idaapi.set_offset(ea, operand, reference)) eas.append(ea) yaunit.save('reference_views', eas)
def get_ea(): while True: ea = yaunit.get_next_function() for eai in idautils.FuncItems(ea): flags = idaapi.get_flags_novalue(eai) if idaapi.isNum1(flags) and not idaapi.isEnum(flags, 1): return eai
def yacheck_apply_struct(self): addrs = yaunit.load('apply_struct') for k in range(-1, 4): # retrieve struct id addr = addrs[k + 1] sid = idc.GetStrucIdByName('apply_struct_%x' % (k + 1)) self.assertNotEqual(sid, idaapi.BADADDR) # begin to check if something is applied flags = idaapi.get_flags_novalue(addr) self.assertTrue(idaapi.isStroff(flags, 1)) ti = idaapi.opinfo_t() flags = idc.GetFlags(addr) self.assertTrue(idaapi.get_opinfo(addr, 1, flags, ti)) # apply struct only if k == -1: # check struct is applied self.assertEqual(ti.path.ids[0], sid) continue # check union is selected & applied at target address uid = idc.GetStrucIdByName('apply_union_%x' % (k + 1)) self.assertNotEqual(uid, idaapi.BADADDR) fid = idc.GetMemberId(uid, k) self.assertNotEqual(fid, -1) # check union is applied self.assertEqual([x for x in ti.path.ids if x], [sid, fid])
def find_operand_addr(self): while True: addr = yaunit.get_next_function() self.assertNotEqual(addr, idaapi.BADADDR) for ea in idautils.FuncItems(addr): flags = idaapi.get_flags_novalue(ea) if idaapi.isNum1(flags): return ea
def getInvariantsBytes(InstructionAddress, Size, ida_instruction_bytes_cache): # while no instruction currentEa = InstructionAddress while not idaapi.isCode(idaapi.get_flags_novalue(currentEa)): currentEa += idc.ItemSize(currentEa) if currentEa >= (InstructionAddress + Size): return (('', ''), currentEa - InstructionAddress) FirstInstructionOffset = currentEa - InstructionAddress (hashes, instruction_size) = decodeInstruction(InstructionAddress + FirstInstructionOffset, ida_instruction_bytes_cache[FirstInstructionOffset:]) # concac hash of code and instruction id return (hashes, instruction_size + FirstInstructionOffset)
def getOperandView(ea): operands = list() fl = idaapi.get_flags_novalue(ea) flags = [idaapi.get_optype_flags0(fl), idaapi.get_optype_flags1(fl) >> 4] for i in xrange(0, len(flags)): if flags[i] != 0: if (flags[i] & idaapi.FF_0STRO) != idaapi.FF_0STRO: # Offset property is independent : handle it first if flags[i] == idaapi.FF_0OFF: ti = idaapi.opinfo_t() if idaapi.get_opinfo(ea, i, fl, ti): try: offset_name = "-" + OFFSET_TYPE_MAP_NAMES[ti.ri.flags] except KeyError: logger.error( "OperandView at 0x%08X : no valid offset found for flags 0x%08X" % (ea, ti.ri.flags)) offset_name = "" operands.append((i, "offset" + offset_name)) elif flags[i] == idaapi.FF_0NUMD: value = "" operand = i if idaapi.is_invsign(ea, fl, i): value = "signeddecimal" else: value = "unsigneddecimal" operands.append((operand, value)) elif flags[i] == idaapi.FF_0NUMH: if idaapi.is_invsign(ea, fl, i): operands.append((i, "signedhexadecimal")) else: operands.append((i, "unsignedhexadecimal")) elif flags[i] == idaapi.FF_0CHAR: operands.append((i, "char")) elif flags[i] == idaapi.FF_0NUMB: operands.append((i, "binary")) elif flags[i] == idaapi.FF_0NUMO: operands.append((i, "octal")) return operands
def AnalyzeRange( self, startEA, endEA ): CurrentAddress = startEA CurrentBlockAddress = CurrentAddress NewBlockStart = True last_op_code = '' while CurrentAddress < endEA: if idaapi.isCode( idaapi.get_flags_novalue( CurrentAddress ) ): idaapi.decode_insn( CurrentAddress ) op_code = idaapi.ua_mnem( CurrentAddress ) operands=[] disasm_line = op_code + ' ' for i in range(0, 6, 1): operand = idaapi.ua_outop2( CurrentAddress, i ) if not operand: break; operand = idaapi.tag_remove( operand ) operands.append( operand ) if i != 0: disasm_line += ',' disasm_line += operand #disasm_line = idaapi.tag_remove( idaapi.generate_disasm_line( CurrentAddress ) ) xref = idaapi.xrefblk_t() ret = xref.first_to( CurrentAddress, idaapi.XREF_FAR ) while ret: ret = xref.next_to() NewBlockStart = True if NewBlockStart and last_op_code[0:3] != 'ret' and last_op_code != 'new block': self.AddToMap( CurrentBlockAddress, CurrentAddress, None, 'link') if NewBlockStart: CurrentBlockAddress = CurrentAddress self.BlockData[CurrentBlockAddress]=[] if self.DebugLevel > 2: print '='*80 if self.DebugLevel > 2: print hex(CurrentAddress), disasm_line self.BlockData[CurrentBlockAddress].append( ( CurrentAddress, disasm_line ) ) NewBlockStart = False CallIsResolved = False ret = xref.first_from( CurrentAddress, idaapi.XREF_FAR ) while ret: if xref.iscode: if op_code == 'jmp' and xref.to == CurrentAddress + idaapi.cvar.cmd.size: NewBlockStart = True elif op_code == 'call': CallIsResolved = True self.AddToMap( CurrentBlockAddress,xref.to, operands[0], 'call') else: if len(operands) > 0 : self.AddToMap( CurrentBlockAddress,xref.to, operands[0], 'from') NewBlockStart = True ret = xref.next_from() if ( op_code == 'call' or op_code =='' ) and not CallIsResolved: self.AddToMap( CurrentBlockAddress, operands[0], operands[0], 'call') if NewBlockStart and op_code != 'jmp': self.AddToMap( CurrentBlockAddress, CurrentAddress + idaapi.cvar.cmd.size, '', 'link') if op_code[0:3] == 'ret': NewBlockStart = True last_op_code = op_code CurrentAddress += idaapi.cvar.cmd.size else: CurrentAddress += 1
def AnalyzeRange(self, startEA, endEA): CurrentAddress = startEA CurrentBlockAddress = CurrentAddress NewBlockStart = True last_op_code = '' while CurrentAddress < endEA: if idaapi.isCode(idaapi.get_flags_novalue(CurrentAddress)): idaapi.decode_insn(CurrentAddress) op_code = idaapi.ua_mnem(CurrentAddress) operands = [] disasm_line = op_code + ' ' for i in range(0, 6, 1): operand = idaapi.ua_outop2(CurrentAddress, i) if not operand: break operand = idaapi.tag_remove(operand) operands.append(operand) if i != 0: disasm_line += ',' disasm_line += operand #disasm_line = idaapi.tag_remove( idaapi.generate_disasm_line( CurrentAddress ) ) xref = idaapi.xrefblk_t() ret = xref.first_to(CurrentAddress, idaapi.XREF_FAR) while ret: ret = xref.next_to() NewBlockStart = True if NewBlockStart and last_op_code[ 0:3] != 'ret' and last_op_code != 'new block': self.AddToMap(CurrentBlockAddress, CurrentAddress, None, 'link') if NewBlockStart: CurrentBlockAddress = CurrentAddress self.BlockData[CurrentBlockAddress] = [] if self.DebugLevel > 2: print '=' * 80 if self.DebugLevel > 2: print hex(CurrentAddress), disasm_line self.BlockData[CurrentBlockAddress].append( (CurrentAddress, disasm_line)) NewBlockStart = False CallIsResolved = False ret = xref.first_from(CurrentAddress, idaapi.XREF_FAR) while ret: if xref.iscode: if op_code == 'jmp' and xref.to == CurrentAddress + idaapi.cvar.cmd.size: NewBlockStart = True elif op_code == 'call': CallIsResolved = True self.AddToMap(CurrentBlockAddress, xref.to, operands[0], 'call') else: if len(operands) > 0: self.AddToMap(CurrentBlockAddress, xref.to, operands[0], 'from') NewBlockStart = True ret = xref.next_from() if (op_code == 'call' or op_code == '') and not CallIsResolved: self.AddToMap(CurrentBlockAddress, operands[0], operands[0], 'call') if NewBlockStart and op_code != 'jmp': self.AddToMap(CurrentBlockAddress, CurrentAddress + idaapi.cvar.cmd.size, '', 'link') if op_code[0:3] == 'ret': NewBlockStart = True last_op_code = op_code CurrentAddress += idaapi.cvar.cmd.size else: CurrentAddress += 1