예제 #1
0
def is_mapped(ea, size=1, value=True):
    """Check if the given address is mapped.

    Specify a size greater than 1 to check if an address range is mapped.

    Arguments:
        ea: The linear address to check.

    Options:
        size: The number of bytes at ea to check. Default is 1.
        value: Only consider an address mapped if it has a value. For example, the contents of a
            bss section exist but don't have a static value. If value is False, consider such
            addresses as mapped. Default is True.

    Notes:
        This function is currently a hack: It only checks the first and last byte.
    """
    if size < 1:
        raise ValueError('Invalid argument: size={}'.format(size))
    # HACK: We only check the first and last byte, not all the bytes in between.
    if value:
        return ida_bytes.is_loaded(ea) and (size == 1 or
                                            ida_bytes.is_loaded(ea + size - 1))
    else:
        return idaapi.getseg(ea) and (size == 1
                                      or idaapi.getseg(ea + size - 1))
예제 #2
0
def get_byte_chunks(address: int, size: int) -> Iterable[Tuple[int, int]]:
    """
    Iterates the chunks of defined bytes found within the given address range.

    :param address: Starting address.
    :param size: Size of address range.
    :yields: Tuples of chunks of (address, size)
    """
    if size == 0:
        return
    elif size < 0:
        raise ValueError(f"Size must be positive. Got {size}")

    start = address
    end = start + size

    if not ida_bytes.is_loaded(address):
        address = ida_bytes.next_inited(address, end)

    chunk_start = address
    while address != idc.BADADDR:
        prev_address = address
        # Get the next address that has a byte with is_loaded() == True
        address = ida_bytes.next_inited(address, end)
        if address != prev_address + 1:
            # Found a hole.
            yield chunk_start, prev_address - chunk_start + 1
            chunk_start = address
예제 #3
0
def is_loaded(address: int, size: int) -> bool:
    """
    Checks if all bytes are loaded.

    :param address: Address of first byte.
    :param size: Number of bytes to check.
    """
    return all(ida_bytes.is_loaded(offset) for offset in range(address, address + size))
예제 #4
0
    def jump_in_hex(self):
        ea = self.ea
        if not ea or not ida_bytes.is_loaded(ea):
            FELogger.warn("地址错误")
            return

        widget = self.find_hex_view()
        if not widget:
            FELogger.warn("无法找到十六进制窗口")
            return

        self.jumpto_in_view(widget, ea)
예제 #5
0
    def jump_in_new_window(self):
        ea = self.ea
        if not ea or not ida_bytes.is_loaded(ea):
            FELogger.warn("地址错误")
            return

        window_name = "D-0x%x" % ea
        widget = ida_kernwin.open_disasm_window(window_name)
        if widget:
            self.jumpto_in_view(widget, ea)
        else:
            FELogger.warn("创建新窗口失败")
예제 #6
0
    def jump_in_disassembly(self):
        ea = self.ea
        if not ea or not ida_bytes.is_loaded(ea):
            FELogger.warn("地址错误")
            return

        widget = self.find_disass_view()
        if not widget:
            FELogger.warn("无法找到反汇编窗口")
            return

        self.jumpto_in_view(widget, ea)
예제 #7
0
def get_consts(start_addr, end_addr):
    consts = []
    for h in idautils.Heads(start_addr, end_addr):
        insn = DecodeInstruction(h)
        if insn:
            for op in insn.ops:
                if op.type == idaapi.o_imm:
                    # get operand value
                    imm_value = op.value
                    # check if addres is loaded in idb
                    if not ida_bytes.is_loaded(imm_value):
                        consts.append(imm_value)
    return consts