def _add_xrefs(view: BinaryView): log_debug('_add_xrefs') method_t = view.types.get('method_t') if method_t is None: return method_t_struct = method_t.structure method_t_name = method_t_struct['name'] for function in view.functions: data_refs = view.get_data_refs(function.start) log_debug(f'{function.name}: {data_refs}') method_t_list = [ var for var in map( view.get_data_var_at, (ref for ref in data_refs) ) ] log_debug(f'{function.name}: {method_t_list}') for method in method_t_list: name_ptr = int.from_bytes( view.read(method.address + method_t_name.offset, view.address_size), "little" if view.endianness == Endianness.LittleEndian else "big" ) for xref in view.get_code_refs(name_ptr): xref_mlil = xref.function.get_low_level_il_at(xref.address).mmlil if xref_mlil is None: log_debug(f'{xref.address:x}') return if xref_mlil.operation == MediumLevelILOperation.MLIL_SET_VAR: call_mlil = next( (use for use in xref_mlil.function.get_ssa_var_uses(xref_mlil.ssa_form.dest) if (use.instr_index > xref_mlil.instr_index and use.il_basic_block == xref_mlil.il_basic_block)), None ) else: return if call_mlil is not None: xref.function.set_user_xref(call_mlil.address, function.start)
def define_cfstrings_plugin(view: BinaryView): log_debug("define_cfstrings_plugin") from_bytes = _get_from_bytes(view) cfstring_type = view.get_type_by_name('CFString') if cfstring_type is None: cfstring_type = view.platform.parse_types_from_source( _cfstring_definition).types['CFString'] view.define_user_type('CFString', cfstring_type) wchar_type = view.platform.parse_types_from_source( _wchar_definition).types['wchar'] cfstring = Type.named_type_from_type('CFString', cfstring_type) __cfstring = view.get_section_by_name('__cfstring') if __cfstring is None: return buffer = cfstring_type.structure['buffer'] length = cfstring_type.structure['length'] for addr in range(__cfstring.start, __cfstring.end, cfstring_type.width): view.define_user_data_var(addr, cfstring) for xref in view.get_data_refs(addr): view.define_user_data_var(xref, Type.pointer(view.arch, cfstring)) string_pointer = from_bytes( view.read(addr + buffer.offset, buffer.type.width)) string_length = from_bytes( view.read(addr + length.offset, length.type.width), ) + 1 string_section = view.get_sections_at(string_pointer) if not string_section: return if string_section[0].name == '__ustring': char_type = wchar_type else: char_type = Type.char() view.define_user_data_var(string_pointer, Type.array(char_type, string_length))