def find_imm_compares(self): """ Find all immediate compares in the current function. Very useful when debugging parsers, for example. @return: list of tuples [(address, disassembly),...] """ cmp_addr = [] for addr, dis in misc.iter_disasm(): if "cmp" in dis: if GetOpType(addr, 1) == o_imm: # 5: immediate value cmp_addr.append((addr, dis)) return cmp_addr
def calls_in_function(self, unique = True): """ Find calls within current function Execution transfer like jmp sub_xxx included @return: a list of tuples [(addr, dis)] """ callees = [] for addr, dis in misc.iter_disasm(): if is_call_insn(addr) or misc.is_external_jmp(addr): if dis not in callees: callees.append((addr, dis)) return callees
def comments_in_function(self): """ Searches the current function for IDA generated annotations Useful when dealing with large functions doing lots of logging @return: a list of tuples [(addr, comment)] """ comments = [] for addr, dis in misc.iter_disasm(): comm = Comment(addr) # Comment returns None if no comment if comm: comments.append((addr, comm)) return comments
def find_imm_compares(self): """ Find all immediate compares in the current function. Very useful when debugging parsers, for example. @return: list of tuples [(address, disassembly),...] """ cmp_addr = [] for addr, dis in misc.iter_disasm(): if "cmp" in dis: if GetOpType(addr, 1) == o_imm: # 5: immediate value # If this is ASCII, display for convenience v = GetOperandValue(addr, 1) if v > 0x20 and v <0x7F: msg = "{0} ({1})".format(addr, chr(v)) else: msg = dis cmp_addr.append((addr, msg)) return cmp_addr