def get_write_bps_to_file(addr, comments, command="", outfilename=""): bp_str_fmt = "bp 0x%08x # %s" if command != "": bp_str_fmt = 'bp -c "%s" '%(command)+" 0x%08x # %s" bp_str_cmt_fmt = " Bp corresponds to Name: %s in function+offset: %s @ 0x%08x %s"+comments name = Name(addr) outfile = sys.stdout if outfilename != "": outfile = open(outfilename, 'a') bp_addr = idaapi.get_first_cref_to(addr) bp_lines = [] while (bp_addr != idc.BADADDR): bp_cmt = bp_str_cmt_fmt%(name, GetFuncOffset(bp_addr), bp_addr, GetDiasm(bp_addr)) bp_str = bp_str_fmt%(bp_addr, bp_cmt) bp_lines.append(bp_str+"\n") outfile.write(bp_str+"\n") bp_addr = idaapi.get_next_cref_to(addr, bp_addr) bp_addr = idaapi.get_first_cref_to(addr) while (bp_addr != idc.BADADDR): bp_cmt = bp_str_cmt_fmt%(name, GetFuncOffset(bp_addr), bp_addr) bp_str = bp_str_fmt%(bp_addr, bp_cmt) bp_lines.append(bp_str+"\n") outfile.write(bp_str+"\n") bp_addr = idaapi.get_next_cref_to(addr, bp_addr) return bp_lines
def activate(self, ctx): hx_view = idaapi.get_tform_vdui(ctx.form) address = hx_view.cfunc.entry_ea xref_ea = idaapi.get_first_cref_to(address) xrefs = set() while xref_ea != idaapi.BADADDR: xref_func_ea = idc.GetFunctionAttr(xref_ea, idc.FUNCATTR_START) if xref_func_ea != idaapi.BADADDR: xrefs.add(xref_func_ea) else: print "[Warning] Function not found at 0x{0:08X}".format(xref_ea) xref_ea = idaapi.get_next_cref_to(address, xref_ea) for func_ea in xrefs: visitor = VariableLookupVisitor(address) try: cfunc = idaapi.decompile(func_ea) if cfunc: FunctionTouchVisitor(cfunc).process() visitor.apply_to(cfunc.body, None) for idx in visitor.result: scanner = DeepSearchVisitor(cfunc, 0, idx) scanner.process() for field in scanner.candidates: self.temporary_structure.add_row(field) except idaapi.DecompilationFailure: print "[Warning] Failed to decompile function at 0x{0:08X}".format(xref_ea) DeepSearchVisitor.clear()
def getXRefsTo(self): """ Computes a list of the names of the xrefs to the data item and updates the xrefsto computed parameter. This includes all functions calls/branches, but also data xrefs such as LDR/STR and data (DCDs, DCBs..) there is also the weird case that a labelless asm line has a cref to the last asm line. :returns: a tuple of two lists: crefs and drefs """ # type: () -> (list[int], list[int]) crefs = [] drefs = [] # Find all code references to item ref = idc.get_first_cref_to(self.ea) while ref != idaapi.BADADDR: crefs.append(ref) ref = idaapi.get_next_cref_to(self.ea, ref) # Find all data references to item for ref in idautils.DataRefsTo(self.ea): drefs.append(ref) for ref in idautils.DataRefsTo( self.ea - 1): # needed in case this is a code item drefs.append(ref) return (crefs, drefs)
def getXRefsTo(self): """ Computes a list of the names of the xrefs to the function. This includes all functions that call this, but also data xrefs. :returns: a tuple of two lists: crefs and drefs """ # type: () -> (list[int], list[int]) crefs = [] drefs = [] # If the current address is function process it if idc.get_func_flags(self.func_ea) != -1: # Find all code references to func ref = idc.get_first_cref_to(self.func_ea) while ref != idaapi.BADADDR: # name = get_func_name(ref) # if not name: name = "ROM:%08X" % ref crefs.append(ref) ref = idaapi.get_next_cref_to(self.func_ea, ref) # Find all data references to func for ref in idautils.DataRefsTo(self.func_ea): drefs.append(ref) for ref in idautils.DataRefsTo(self.func_ea + 1): drefs.append(ref) return crefs, drefs
def get_funcs_calling_address(ea): """ Returns all addresses of functions which make call to a function at `ea`""" xref_ea = idaapi.get_first_cref_to(ea) xrefs = set() while xref_ea != idaapi.BADADDR: xref_func_ea = idc.GetFunctionAttr(xref_ea, idc.FUNCATTR_START) if xref_func_ea != idaapi.BADADDR: xrefs.add(xref_func_ea) else: print "[Warning] Function not found at 0x{0:08X}".format(xref_ea) xref_ea = idaapi.get_next_cref_to(ea, xref_ea) return xrefs
def traverse_xrefs(func): func_created = 0 if func is None: return func_created # First func_xref = idaapi.get_first_cref_to(func.startEA) # Attempt to go through crefs while func_xref != BADADDR: # See if there is a function already here if idaapi.get_func(func_xref) is None: # Ensure instruction bit looks like a jump func_end = FindCode(func_xref, SEARCH_DOWN) if GetMnem(func_end) == "jmp": # Ensure we're jumping back "up" func_start = GetOperandValue(func_end, 0) if func_start < func_xref: if idc.MakeFunction(func_start, func_end): func_created += 1 else: # If this fails, we should add it to a list of failed functions # Then create small "wrapper" functions and backtrack through the xrefs of this error( 'Error trying to create a function @ 0x%x - 0x%x' % (func_start, func_end)) else: xref_func = idaapi.get_func(func_xref) # Simple wrapper is often runtime_morestack_noctxt, sometimes it isn't though... if is_simple_wrapper(xref_func.startEA): debug('Stepping into a simple wrapper') func_created += traverse_xrefs(xref_func) if idaapi.get_func_name( xref_func.startEA ) is not None and 'sub_' not in idaapi.get_func_name( xref_func.startEA): debug('Function @0x%x already has a name of %s; skipping...' % (func_xref, idaapi.get_func_name(xref_func.startEA))) else: debug('Function @ 0x%x already has a name %s' % (xref_func.startEA, idaapi.get_func_name(xref_func.startEA))) func_xref = idaapi.get_next_cref_to(func.startEA, func_xref) return func_created
def _addRefs(self, startea) -> bool: self.__plugin.log('Adding references', LogOptions.LOG_DEBUG) if idaapi.get_func_num(startea) != -1: sig = SigCreateStruct() sig.dwStartAddress = startea sig.dwCurrentAddress = startea sig.eType = PatternType.PT_DIRECT self.Sigs.append(sig) self.__plugin.log('Added direct reference 0x%X' % startea, LogOptions.LOG_DEBUG) eaCurrent = idaapi.get_first_cref_to(startea) while eaCurrent != BADADDR: if eaCurrent != startea: sig = SigCreateStruct() sig.dwStartAddress = eaCurrent sig.dwCurrentAddress = eaCurrent sig.eType = PatternType.PT_REFERENCE self.Sigs.append(sig) self.__plugin.log('Added reference 0x%X' % eaCurrent, LogOptions.LOG_DEBUG) if self.__plugin.Settings.maxRefs > 0 and len( self.Sigs) >= self.__plugin.Settings.maxRefs: break eaCurrent = idaapi.get_next_cref_to(startea, eaCurrent) if len(self.Sigs) < 5: self.__plugin.log( 'Not enough references were found (%i so far), trying the function.' % len(self.Sigs), LogOptions.LOG_DEBUG) func = idaapi.get_func(startea) if not func or func.start_ea == BADADDR: self.__plugin.log('Selected address not in a valid function.', LogOptions.LOG_ERROR) return False if func.start_ea != startea: eaCurrent = idaapi.get_first_cref_to(func.start_ea) while eaCurrent != BADADDR: if eaCurrent != startea: sig = SigCreateStruct() sig.dwStartAddress = func.start_ea sig.dwCurrentAddress = eaCurrent sig.eType = PatternType.PT_FUNCTION self.Sigs.append(sig) self.__plugin.log('Added function 0x%X' % eaCurrent, LogOptions.LOG_DEBUG) if self.__plugin.Settings.maxRefs > 0 and len( self.Sigs) >= self.__plugin.Settings.maxRefs: break eaCurrent = idaapi.get_next_cref_to( func.start_ea, eaCurrent) if not len(self.Sigs): self.__plugin.log( 'Automated signature generation failed, no references found.', LogOptions.LOG_ERROR) return False self.__plugin.log('Added %i references.' % len(self.Sigs), LogOptions.LOG_DEBUG) return True