def getFuncEAForVTableMember(member):
funcEA = None
memberId = member.id
memberOff = member.soff
memberFullName = idaapi.get_member_fullname(memberId)
memberName = idaapi.get_member_name(memberId)
structName = memberFullName[:-len(memberName)]
xref = get_first_dref_from(memberId)
if structName.startswith("vtable_"):
className = structName[len("vtable_"):]
funcEA = xref
if xref == None:
if className in classNameToVTableAddrMap:
vtableStartEA, vtableEndEA = classNameToVTableAddrMap[
className]
funcEA = Qword(vtableStartEA + memberOff)
else:
if className.endswith("::MetaClass"):
hostClassName = className[:-len("::MetaClass")]
vtableName = "__ZTVN" + str(
len(hostClassName)) + hostClassName + "9MetaClassE"
else:
vtableName = "__ZTV" + str(len(className)) + className
vtableEA = get_name_ea(0, vtableName)
if vtableEA != BADADDR:
funcEA = Qword(vtableEA + 0x10 + memberOff)
return funcEA
def struc_member_updated(self, struc_id, member_id, member_offset):
try:
struc_set = self.strucmember_to_process[struc_id]
except KeyError:
struc_set = set()
self.strucmember_to_process[struc_id] = struc_set
struc_set.add((member_id, member_offset))
self.repo_manager.add_auto_comment(struc_id, "Member updated at offset 0x%X : %s" % (
member_offset, idaapi.get_member_fullname(member_id)))
def rename(self, ea, new_name):
"""
This function only records information about the element *before* it is renamed
"""
if idaapi.is_member_id(ea):
name = idaapi.get_member_fullname(ea)
elif idaapi.get_struc(ea) is not None:
name = idaapi.get_struc_name(ea)
elif idaapi.get_enum_idx(ea) != idc.BADADDR:
name = idaapi.get_enum_name(ea)
elif idaapi.get_enum_idx(idaapi.get_enum_member_enum(ea)) != idc.BADADDR:
# this is an enum member id
enum_id = idaapi.get_enum_member_enum(ea)
name = idaapi.get_enum_name(enum_id) + "." + idaapi.get_enum_member_name(ea)
else:
name = idc.Name(ea)
hooks.current_rename_infos[ea] = name
return 0
def get_member(ea):
return idaapi.get_member_fullname(ea)
def hexraysCallBackToProcessPseucodeAction(event, *args):
if event == hxe_right_click:
#print "rightclick",event,args[0].item.get_memptr().id
None
elif event == hxe_populating_popup:
#print "popup", event, args
widget = args[0]
popup = args[1]
member = args[2].item.get_memptr()
#print args[1]
if not None is member:
memberId = member.id
memberOff = member.soff
memberFullName = idaapi.get_member_fullname(memberId)
struct = get_member_struc(memberFullName)
structName = get_struc_name(struct.id)
childFuncEAList = []
if structName.startswith("vtable_"):
funcEA = getFuncEAForVTableMember(member)
className = structName[len("vtable_"):]
childVirtualFuncEAToClassNameMap = getAllChildVirtualFuncAtOffset(
className, funcEA, memberOff)
keys = childVirtualFuncEAToClassNameMap.keys()
keys.sort()
count = 0
while count < len(keys):
funcEA = keys[count]
funcName = HelperUtils.getName(funcEA)
demangledFuncName = Demangle(funcName,
GetLongPrm(INF_LONG_DN))
if demangledFuncName != None:
funcName = demangledFuncName
#add_custom_viewer_popup_item(args[0].ct, funcName, str(count+1), open_pseudocode, funcEA)
desc = action_desc_t(act_name_pseucode + str(count + 1),
funcName,
PopupItemForChildFunc(funcEA),
str(count + 1))
attach_dynamic_action_to_popup(widget, popup, desc)
count += 1
None
elif event == hxe_double_click:
member = args[0].item.get_memptr()
if not None is member:
memberId = member.id
memberOff = member.soff
memberFullName = idaapi.get_member_fullname(memberId)
struct = get_member_struc(memberFullName)
structName = get_struc_name(struct.id)
childFuncEAList = []
if structName.startswith("vtable_"):
funcEA = getFuncEAForVTableMember(member)
if funcEA != None:
open_pseudocode(funcEA, False)
#print "doubleclick",event,args[0].item
elif event == hxe_keyboard:
#print hex(args[0].item.get_ea())
if args[1] == 84: # 84 = "T"
member = args[0].item.get_memptr()
if not None is member:
memberId = member.id
memberOff = member.soff
memberFullName = idaapi.get_member_fullname(memberId)
struct = get_member_struc(memberFullName)
structName = get_struc_name(struct.id)
childFuncEAList = []
if structName.startswith("vtable_"):
funcEA = getFuncEAForVTableMember(member)
className = structName[len("vtable_"):]
childVirtualFuncEAToClassNameMap = getAllChildVirtualFuncAtOffset(
className, funcEA, memberOff)
if not className in predefinedClassNameSet:
#if args[1] > 48 and args[1]-49<len(childVirtualFuncEAToClassNameMap) : # 48 = "0"
# keys = childVirtualFuncEAToClassNameMap.keys()
# keys.sort()
# funcEA = keys[args[1] - 49]
# open_pseudocode(funcEA, False)
if len(childVirtualFuncEAToClassNameMap
) > 0: # 84 = "T"
keys = childVirtualFuncEAToClassNameMap.keys()
keys.sort()
childFuncList = []
for funcEA in keys:
funcName = HelperUtils.getName(funcEA)
demangledFuncName = Demangle(
funcName, GetLongPrm(INF_LONG_DN))
if demangledFuncName != None:
funcName = demangledFuncName
childFuncList.append([hex(funcEA), funcName])
child_func_choose(True, childFuncList)
elif isEAFuncStart(args[0].item.get_ea()):
funcEA = args[0].item.get_ea()
if isFuncVirtual(funcEA):
className = getClassNameFromFuncStartEA(funcEA)
if className != None and not className in predefinedClassNameSet:
#print "func child?"
offset = getFuncVirtualOffset(funcEA, className)
childVirtualFuncEAToClassNameMap = getAllChildVirtualFuncAtOffset(
className, funcEA, offset)
if len(childVirtualFuncEAToClassNameMap) > 0:
keys = childVirtualFuncEAToClassNameMap.keys()
keys.sort()
childFuncList = []
for funcEA in keys:
funcName = HelperUtils.getName(funcEA)
demangledFuncName = Demangle(
funcName, GetLongPrm(INF_LONG_DN))
if demangledFuncName != None:
funcName = demangledFuncName
childFuncList.append([hex(funcEA), funcName])
child_func_choose(True, childFuncList)
return 0
def name(self):
return idaapi.get_member_fullname(self.id)
def fullname(self):
return idaapi.get_member_fullname(self.id)
def refs(self):
"""Return the (address, opnum, type) of all the references (code & data) to this structure within the database.
If `opnum` is None, then the `address` has the structure applied to it.
If `opnum` is defined, then the instruction at `address` references a field that is the specified structure.
"""
x, sid = idaapi.xrefblk_t(), self.id
# grab first reference to structure
ok = x.first_to(sid, 0)
if not ok:
return []
# collect rest of it's references
refs = [(x.frm, x.iscode, x.type)]
while x.next_to():
refs.append((x.frm, x.iscode, x.type))
# calculate the high-byte which is used to differentiate an address from a structure
bits = math.trunc(math.ceil(math.log(idaapi.BADADDR) / math.log(2.0)))
highbyte = 0xff << (bits - 8)
# iterate through figuring out if sid is applied to an address or another structure
res = []
for ref, _, _ in refs:
# structure (probably a frame member)
if ref & highbyte == highbyte:
# get sptr, mptr
name = idaapi.get_member_fullname(ref)
mptr, _ = idaapi.get_member_by_fullname(name)
if not isinstance(mptr, idaapi.member_t):
cls = self.__class__
raise TypeError(
"{:s} : Unexpected type {!r} for netnode '{:s}'".
format('.'.join((__name__, cls.__name__)),
mptr.__class__, name))
sptr = idaapi.get_sptr(mptr)
# get frame, func_t
frname, _ = name.split('.', 2)
frid = internal.netnode.get(frname)
ea = idaapi.get_func_by_frame(frid)
f = idaapi.get_func(ea)
# now find all xrefs to member within function
xl = idaapi.xreflist_t()
idaapi.build_stkvar_xrefs(xl, f, mptr)
# now we can add it
for xr in xl:
ea, opnum, state = xr.ea, int(
xr.opnum), instruction.op_state(ea, opnum)
res.append(
interface.OREF(ea, opnum,
interface.ref_t.of_state(state)))
continue
# address
res.append(interface.OREF(ref, None, interface.ref_t.of_state(
'*'))) # using '*' to describe being applied to the an address
return res
def fullname(self):
'''Return the member's fullname.'''
return idaapi.get_member_fullname(self.id)