def add_random_item(self): R = random.random s = ida_segment.getnseg(int(ida_segment.get_segm_qty() * R())) ea = s.start_ea + int((s.end_ea - s.start_ea) * R()) radius = 4 + int(R() * 8) color = QtGui.QColor(int(255 * R()), int(255 * R()), int(255 * R())) self.add_item(ea, radius, color)
def get_code_segs(): codesegs = [] for n in range(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg.type == ida_segment.SEG_CODE: codesegs.append(seg) return codesegs
def map_segments(self): """Sets segment pages for delayed retrieval""" for n in range(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg: for page_index in range(seg.start_ea >> 12, ((seg.end_ea - 1) >> 12) + 1): self[page_index] = None
def get_base(self, ea): base = ida_idaapi.BADADDR qty = ida_segment.get_segm_qty() for i in xrange(qty): seg = ida_segment.getnseg(i) if seg and seg.contains(ea): base = seg.startEA break return base
def Segments(): """ Get list of segments (sections) in the binary image @return: List of segment start addresses. """ for n in xrange(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg: yield seg.start_ea
def __get_segments_map(self): segments = dict() for n in xrange(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg.sel not in segments: segments[seg.sel] = seg.start_ea elif seg.start_ea < segments[seg.sel]: segments[seg.sel] = seg.start_ea return segments
def update_protocols(): for n in range(get_segm_qty()): seg = getnseg(n) if seg.type == SEG_CODE or get_segm_name(seg.start_ea) == ".code": seg_beg = seg.start_ea seg_end = seg.end_ea for function in map(lambda x: Function(x), Functions(seg_beg, seg_end)): _process_function(function) return protocols
def processSegments(): segments = list() for n in xrange(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg: segm = { 'name': ida_segment.get_segm_name(seg), 'start_ea': seg.start_ea, 'class': ida_segment.get_segm_class(seg) } segments.append(segm) return segments
def __process_segments(self): segments = list() for n in xrange(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg: segm = { 'name' : ida_segment.get_segm_name(seg), 'start_rva' : seg.start_ea - self._base, 'class' : ida_segment.get_segm_class(seg), 'selector' : seg.sel } segments.append(segm) return segments
def dump_binary(path): sections = [] current_offset = 0 with open(path, 'wb+') as f: # over all segments for n in range(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) start_ea = seg.start_ea end_ea = seg.end_ea size = end_ea - start_ea dump_log.debug("Dumping 0x%x bytes from 0x%x", size, start_ea) f.write(ida_bytes.get_bytes(start_ea, size)) sections.append((ida_segment.get_segm_name(seg), start_ea, size, current_offset, size)) current_offset += size dump_log.debug(repr(sections)) return sections
def __process_segments(self): segments = list() for n in range(0, ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg: segm = { 'align' : self.__describe_alignment(seg.align), 'bitness' : self.__describe_bitness(seg.bitness), 'name' : ida_segment.get_segm_name(seg), 'rva_start' : seg.start_ea - self._base, 'rva_end' : seg.end_ea - self._base, 'permission': self.__describe_permission(seg.perm), 'selector' : seg.sel, 'type' : ida_segment.get_segm_class(seg), } segments.append(segm) return segments
def define_missed_functions(): def match(F): return ida_bytes.is_code(F) and not ida_bytes.is_flow(F) for n in range(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) if seg.type != ida_segment.SEG_CODE: continue print("[*] Browsing segment from %#x for %#x" % (seg.start_ea, seg.end_ea)) ea = seg.start_ea while ea < seg.end_ea: ea = ida_bytes.next_that(ea, seg.end_ea, match) if ea == ida_idaapi.BADADDR: break if ida_funcs.get_func(ea): continue s = "[*] Trying to define function at %#x... " % ea if not ida_funcs.add_func(ea): print(s + " Failed!") else: print(s + " Success!")
def find_first_moduledata_addr_by_brute(): magic_num = pclntbl.Pclntbl.MAGIC first_moduledata_addr = idc.BADADDR segn = ida_segment.get_segm_qty() for idx in range(segn): curr_seg = ida_segment.getnseg(idx) curr_addr = curr_seg.start_ea while curr_addr <= curr_seg.end_ea: if idc.Dword( read_mem(curr_addr, read_only=True) ) & 0xFFFFFFFF == magic_num: # possible firstmoduledata if test_firstmoduledata(curr_addr): break curr_addr += ADDR_SZ if curr_addr >= curr_seg.end_ea: continue first_moduledata_addr = curr_addr break return first_moduledata_addr
def _map_segments(self): """Maps segments into memory.""" for n in range(ida_segment.get_segm_qty()): seg = ida_segment.getnseg(n) seg_bytes = utils.get_segment_bytes(seg.start_ea) self.write(seg.start_ea, seg_bytes)