Python get_visible_segm_nameの例

コード例 #1

def stringRecoveryB():

    #for exe
    _rodata_name = "_rodata"
    if not idaapi.get_segm_by_name(".rodata"):
        _rodata_name = "_rdata"

    userfunc = getUserFunctions(False)
    for func in userfunc:
        addr_list = []
        inst = func
        while inst < find_func_end(func):
            addr_list += [inst]
            inst = find_code(inst, SEARCH_DOWN)
        for i in range(len(addr_list) - 2):
            if print_insn_mnem(addr_list[i]) == "lea" and print_insn_mnem(
                    addr_list[i + 1]) == "mov" and print_insn_mnem(
                        addr_list[i + 2]) == "mov":
                if "qword ptr [" in print_operand(
                        addr_list[i + 1],
                        0) and "qword ptr [" in print_operand(
                            addr_list[i + 2], 0):
                    if get_operand_value(addr_list[i + 2],
                                         0) - get_operand_value(
                                             addr_list[i + 1], 0) == 8:
                        Addr = get_operand_value(addr_list[i], 1)
                        Len = get_operand_value(addr_list[i + 2], 1)
                        seg_name = idaapi.get_visible_segm_name(
                            idaapi.getseg(Addr))
                        if seg_name == _rodata_name:
                            if get_wide_byte(Addr + Len) != 0:
                                MyMakeStr(Addr, Len)
                                #print hex(Addr), Len
                elif print_operand(addr_list[i + 1],
                                   0) == "eax" and print_operand(
                                       addr_list[i + 2], 1) == "eax":
                    Addr = get_operand_value(addr_list[i], 1)
                    Len = get_operand_value(addr_list[i + 1], 1)
                    seg_name = idaapi.get_visible_segm_name(
                        idaapi.getseg(Addr))
                    if seg_name == _rodata_name:
                        if get_wide_byte(Addr + Len) == 0:
                            Len += 1
                        MyMakeStr(Addr, Len)
                        #print hex(addr_list[i]), hex(Addr), Len
            if print_insn_mnem(addr_list[i]) == "lea":
                if "ref_" in print_operand(addr_list[i],
                                           1) or "off_" in print_operand(
                                               addr_list[i], 1):
                    Addr = get_operand_value(addr_list[i], 1)
                    seg_name = idaapi.get_visible_segm_name(
                        idaapi.getseg(Addr))
                    if seg_name == _rodata_name or seg_name == "_data_rel_ro":
                        Len = get_qword(Addr + 8)
                        Cmt = get_string(get_qword(Addr), Len)
                        if Cmt != "":
                            #print hex(addr_list[i]),Len,get_string(get_qword(Addr),Len)
                            MakeRptCmt(addr_list[i], Cmt)

コード例 #2

ファイル: find_il2cpp_addrs.py プロジェクト: tututu-patch/Il2CppParser

 def checkTarget(func):
     #check write to global values' count.
     hitcount = 0
     for xref in func.xrefs_from:
         segment = idaapi.getseg(xref.to)
         if idaapi.get_visible_segm_name(segment) == '.bss' and repr(
                 xref.type) == "Data_Write":
             hitcount += 1
     if hitcount >= 8 and hitcount < 12:
         return 1
     return 0

コード例 #3

ファイル: find_il2cpp_addrs.py プロジェクト: tututu-patch/Il2CppParser

def findGlobalsByMetadataCacheInitialize():
    fInitialize = getNamedFunc("MetadataCache_Initialize")
    writeOrders = [
        's_GlobalMetadata', 's_GlobalMetadataHeader', 's_TypeInfoTable',
        's_TypeInfoDefinitionTable', 's_MethodInfoDefinitionTable',
        's_GenericMethodTable', 's_ImagesCount', 's_ImagesTable',
        's_AssembliesCount', 's_AssembliesTable'
    ]
    i = 0
    for xref in fInitialize.xrefs_from:
        segment = idaapi.getseg(xref.to)
        if idaapi.get_visible_segm_name(segment) == '.bss' and repr(
                xref.type) == "Data_Write":
            name = writeOrders[i]
            # print "find", name, "at", hex(int(xref.to))
            idc.set_name(xref.to, name, SN_NOWARN | SN_NOCHECK)
            globals()[name] = int(xref.to)
            i += 1
            if i >= 10:
                break

コード例 #4

ファイル: find_il2cpp_addrs.py プロジェクト: tututu-patch/Il2CppParser

def findMetadataRegistration():
    global s_Il2CppMetadataRegistration
    fgetType = getNamedFunc("GetTypeInfoFromTypeDefinitionIndex")
    readRefCount = {}
    for xref in fgetType.xrefs_from:
        segment = idaapi.getseg(xref.to)
        if idaapi.get_visible_segm_name(segment) == '.bss' and repr(
                xref.type) == "Data_Read":
            if readRefCount.get(xref.to, -1) == -1:
                readRefCount[xref.to] = 1
            else:
                readRefCount[xref.to] += 1

    for ref in readRefCount:
        if readRefCount[ref] > 4:
            # print "find s_Il2CppMetadataRegistration at", hex(int(ref))
            idc.set_name(ref, "s_Il2CppMetadataRegistration",
                         SN_NOWARN | SN_NOCHECK)
            s_Il2CppMetadataRegistration = int(ref)
            return

    print "can't find s_Il2CppMetadataRegistration"

コード例 #5

def getUserFunctions(is_dwarf=False):
    ret = []
    if is_dwarf:
        for func in idautils.Functions():
            if chkFlagsin(func, FUNC_LIB) == False and chkFlagsin(
                    func, FUNC_STATIC) == False:
                if idaapi.get_visible_segm_name(
                        idaapi.getseg(func)) == "_text":
                    if "main::" in GetFunctionName(func):
                        ret += [func]
    else:
        main_addr = 0
        for func in idautils.Functions():
            if GetFunctionName(func) == "main":
                main_addr = func
                break
        if main_addr != 0:
            lea_addr = main_addr
            while GetMnem(lea_addr) != "lea":
                lea_addr = FindCode(lea_addr, SEARCH_DOWN)
            main_main = GetOperandValue(lea_addr, 1)
            for func in idautils.Functions(main_main, main_addr):
                ret += [func]
    return ret

コード例 #6

def stringRecoveryA():
    _rodata = idaapi.get_segm_by_name(".rodata")
    _data_rel_ro = idaapi.get_segm_by_name(".data.rel.ro")
    _rodata_name = "_rodata"

    #for exe
    if not _rodata:
        _rodata = idaapi.get_segm_by_name(".rdata")
        _data_rel_ro = idaapi.get_segm_by_name(".rdata")
        _rodata_name = "_rdata"
    StringDict = {}
    startEA = _data_rel_ro.startEA
    loopcount = _data_rel_ro.endEA - startEA
    for addr in xrange(0, loopcount, 8):
        Len = Qword(startEA + addr)
        Addr = Qword(startEA + addr - 8)
        if Len < 1024:
            if Byte(Addr + Len) == 0:
                Len += 1
            if idaapi.get_visible_segm_name(
                    idaapi.getseg(Addr)) == _rodata_name:
                StringDict[Addr] = Len
    for k in StringDict.keys():
        MyMakeStr(k, StringDict[k])

コード例 #7

def stringRecoveryA():
    _rodata = idaapi.get_segm_by_name(".rodata")
    _data_rel_ro = idaapi.get_segm_by_name(".data.rel.ro")
    _rodata_name = "_rodata"

    #for exe
    if not _rodata:
        _rodata = idaapi.get_segm_by_name(".rdata")
        _data_rel_ro = idaapi.get_segm_by_name(".rdata")
        _rodata_name = "_rdata"
    StringDict = {}
    start_ea = _data_rel_ro.start_ea
    loopcount = _data_rel_ro.end_ea - start_ea
    for addr in range(0, loopcount, 8):
        Len = get_qword(start_ea + addr)
        Addr = get_qword(start_ea + addr - 8)
        if Len < 1024 and Addr + Len < 2**64:
            if get_wide_byte(Addr + Len) == 0:
                Len += 1
            if idaapi.get_visible_segm_name(
                    idaapi.getseg(Addr)) == _rodata_name:
                StringDict[Addr] = Len
    for k in StringDict.keys():
        MyMakeStr(k, StringDict[k])