def getMethodXrefs(self, unit, itemId): data = ActionXrefsData() # careful, with query-type actions, the data is returned after the action prep' if unit.prepareExecution( ActionContext(unit, Actions.QUERY_XREFS, itemId, None), data): # clean up the DEX address, extrac the method name return data.getAddresses()
def setOrStoreDecryptedStr(self, unit, itemId, comment, key): data = ActionXrefsData() if unit.prepareExecution(ActionContext(unit, Actions.QUERY_XREFS, itemId, None), data): if data.getAddresses().size() > 1: # If the variable is called by other class(main target class) self.dic[key] = comment # Store the key value pair into the dictionary else: self.addComments(self.codeUnit, itemId, comment) # If the variable is not called by other class(main target class), add the decrypted string as comment directly return "NULL"
def get_xrefs_by_item(dunit, itemid, addr): data = ActionXrefsData() result = [] if dunit.prepareExecution(ActionContext(dunit, Actions.QUERY_XREFS, itemid, addr), data): # item.getSignature() for xref_addr in data.getAddresses(): # print(xref_addr) result.append(xref_addr) return result
def findClassXRef(self, units, itemId, itemAddress): refs = [] for unit in units: data = ActionXrefsData() if unit.prepareExecution( ActionContext(unit, Actions.QUERY_XREFS, itemId, itemAddress), data): if len(data.getAddresses()) > 0: refs.append((unit, data.getAddresses())) return refs
def getMethodRefs(self, unit, itemId): r = [] data = ActionXrefsData() # careful, with query-type actions, the data is returned after the action prep' if unit.prepareExecution(ActionContext(unit, Actions.QUERY_XREFS, itemId, None), data): # clean up the DEX address, extrac the method name for a in data.getAddresses(): i = a.find('->') + 2 j = a.find('(', i) r.append(a[i:j]) return r
def findMethodXRef(self, units, itemId, itemAddress, refs): preNode = refs.getCurrentNode() refs.setCurrentNodeById(itemId) sub_address = [] total = 0 for unit in units: data = ActionXrefsData() if unit.prepareExecution( ActionContext(unit, Actions.QUERY_XREFS, itemId, itemAddress), data): if len(data.getAddresses()) > 0: sub_address.append((unit, data.getAddresses())) total += len(data.getAddresses()) else: row_m = unit.getMethod(itemAddress) impl_class = row_m.getClassType().getImplementingClass() if re.search(r'(\$\d+?)+;$', impl_class.getAddress()) != None: # sub_address.append((unit, impl_class.getAddress())) clxXref = self.findClassXRef(units, impl_class.getItemId(), impl_class.getAddress()) sub_address.extend(clxXref) for (unit, addresses) in clxXref: total += len(addresses) refs.getCurrentNode().setXrefCount(total) for (unit, addresses) in sub_address: for xref_addr in addresses: indexObj = re.search(r'\+[0-9A-F]+?h$', xref_addr) if indexObj != None: index = indexObj.group() last_index = 0 - len(index) method = unit.getMethod(xref_addr[0:last_index]) node = refs.buildNode(method.getItemId(), method.getAddress()) if node == None: refs.setCurrentNodeById(preNode.itemId) return else: self.findMethodXRef(units, method.getItemId(), method.getAddress(), refs) else: method = unit.getMethod(xref_addr) node = refs.buildNode(method.getItemId(), method.getAddress()) if node == None: refs.setCurrentNodeById(preNode.itemId) return else: self.findMethodXRef(units, method.getItemId(), method.getAddress(), refs) refs.setCurrentNodeById(preNode.itemId) return
def run(self, ctx): unit = ctx.getActiveView().getUnit() print(unit.getFormatType()) current_addr = ctx.getActiveView().getActiveFragment( ).getActiveAddress() print(current_addr) current_item = ctx.getActiveView().getActiveFragment().getActiveItem() print(current_item) data = ActionXrefsData() if unit.prepareExecution( ActionContext(unit, Actions.QUERY_XREFS, current_item.getItemId(), current_addr), data): for xref_addr in data.getAddresses(): print(xref_addr)
def xrefs_for(unit, item): data = ActionXrefsData() if unit.prepareExecution( ActionContext(unit, Actions.QUERY_XREFS, item.itemId, item.address), data): return data.addresses return []
def run(self, ctx): unit = ctx.getFocusedUnit() assert unit, 'Need a focused unit fragment' print(unit.getFormatType()) current_addr = ctx.getFocusedAddress() print(current_addr) current_item = ctx.getFocusedItem() print(current_item) data = ActionXrefsData() if unit.prepareExecution( ActionContext( unit, Actions.QUERY_XREFS, 0 if not current_item else current_item.getItemId(), current_addr), data): for xref_addr in data.getAddresses(): print(xref_addr)
def searchXref(self,dId, dAddr): actCntx = ActionContext(self.targetUnit, Actions.QUERY_XREFS, dId, dAddr) actData = ActionXrefsData() if(self.targetUnit.prepareExecution(actCntx, actData)): try: bRlt = self.targetUnit.executeAction(actCntx, actData) if(not bRlt): print('executeAction fail!') except Exception, e: print Exception, ":", e return []
def Test(ctx): assert isinstance(ctx, IClientContext) input_path = r"D:\tmp\2\project\about_dex_diff\code\jsq\jsq.dex" class_sign = "Lcom/BestCalculatorCN/MyCalculator;" method_sign = "Lcom/BestCalculatorCN/MyCalculator;->b(Lcom/BestCalculatorCN/MyCalculator;Ljava/lang/String;)V" unit = ctx.open(input_path) assert isinstance(unit, IUnit) prj = ctx.getMainProject() assert isinstance(prj, IRuntimeProject) dexUnit = prj.findUnit(IDexUnit) assert isinstance(dexUnit, IDexUnit) clz = dexUnit.getClass(class_sign) assert isinstance(clz, IDexClass) method = dexUnit.getMethod(method_sign) assert isinstance(method, IDexMethod) # 1 查询某method交叉引用列表 # 使用(unit,操作,地址,itemid)来创建一个context对象,提供给JEB引擎,用于后续执行 print "------------------------------------------------" actionXrefsData = ActionXrefsData() actionContext = ActionContext(dexUnit, Actions.QUERY_XREFS, method.getItemId(), None) if unit.prepareExecution(actionContext, actionXrefsData): for xref_addr in actionXrefsData.getAddresses(): print xref_addr # 2 查询整个class的交叉引用列表 print "------------------------------------------------" actionXrefsData = ActionXrefsData() actionContext = ActionContext(dexUnit, Actions.QUERY_XREFS, clz.getItemId(), None) if unit.prepareExecution(actionContext, actionXrefsData): for idx, xref_addr in enumerate(actionXrefsData.getAddresses()): print idx, xref_addr