def get_ea_by_name(self, name):
"""
Get the address of a location by name.
@name - Location name
Returns the address of the named location, or idc.BADADDR on failure.
"""
# This allows support of the function offset style names (e.g., main+0C)
ea = 0
if '+' in name:
(func_name, offset) = name.split('+')
base_ea = ida_shims.get_name_ea_simple(func_name)
if base_ea != idc.BADADDR:
try:
ea = base_ea + int(offset, 16)
except:
ea = idc.BADADDR
else:
ea = ida_shims.get_name_ea_simple(name)
if ea == idc.BADADDR:
try:
ea = int(name, 0)
except:
ea = idc.BADADDR
return ea
def OnCommand(self, n, cmd):
if cmd == self.show_all_toggle_cmd:
if self.min_xrefs == self.MIN_XREFS:
self.min_xrefs = 0
if self.min_xrefs != self.MIN_XREFS:
self.min_xrefs = self.MIN_XREFS
if self.must_have_loop == self.MUST_HAVE_LOOP:
self.must_have_loop = False
else:
self.must_have_loop = self.MUST_HAVE_LOOP
elif cmd == self.rename_cmd:
response = ida_shims.ask_yn(
0,
"Are you sure you want to rename all 'sub_XXXXXX' functions "
"to 'leaf_XXXXXX'?")
if response:
for item in self.items:
# Is this a leaf function?
if item[-1] is True:
current_name = item[0]
if current_name.startswith('sub_'):
new_name = current_name.replace('sub_', 'leaf_')
ida_shims.set_name(
ida_shims.get_name_ea_simple(current_name),
new_name)
self.populate_items()
return 0
def _find_system_calls(self, start_ea, end_ea):
system_calls = []
system_load = MIPSInstruction("la", "$t9", "system")
stack_arg_zero = MIPSInstruction("addiu", "$a0", "$sp")
for xref in idautils.XrefsTo(ida_shims.get_name_ea_simple('system')):
ea = xref.frm
mnem = ida_shims.print_insn_mnem(ea)
if mnem and ea >= start_ea and \
ea <= end_ea and mnem[0] in ['j', 'b']:
a0_ea = self._find_next_instruction_ea(
ea+self.INSIZE, stack_arg_zero, ea+self.INSIZE)
if a0_ea == idc.BADADDR:
a0_ea = self._find_prev_instruction_ea(
ea, stack_arg_zero, ea-(self.SEARCH_DEPTH*self.INSIZE))
if a0_ea != idc.BADADDR:
control_ea = self._find_prev_instruction_ea(
ea-self.INSIZE, system_load,
ea-(self.SEARCH_DEPTH*self.INSIZE))
if control_ea != idc.BADADDR:
system_calls.append(
ROPGadget(
self._get_instruction(control_ea),
self._get_instruction(ea),
self._get_instruction(a0_ea),
description="System call", base=self.base))
ea += self.INSIZE
else:
break
return system_calls
def apply(self, extsigs):
count = 0
start = time.time()
# This applies formal matches first, then fuzzy matches
for (match, fuzzy) in self.match(extsigs):
# Keeps track of all function names that we've identified candidate
# functions for
rename = {}
for (curfunc, newfunc) in match.items():
if newfunc not in rename:
rename[newfunc.name] = []
# Attempt to rename this function
rename[newfunc.name].append(curfunc.ea)
bm = {}
duplicates = set()
# Search for unique matching code blocks inside this function
for nblock in newfunc.blocks:
nblock = RizzoBlockDescriptor(nblock)
for cblock in curfunc.blocks:
cblock = RizzoBlockDescriptor(cblock)
if cblock.match(nblock, fuzzy):
if cblock in bm:
del bm[cblock]
duplicates.add(cblock)
elif cblock not in duplicates:
bm[cblock] = nblock
# Rename known function calls from each unique code block
for (cblock, nblock) in bm.items():
for n in range(0, len(cblock.functions)):
ea = ida_shims.get_name_ea_simple(cblock.functions[n])
if ea != idc.BADADDR:
if nblock.functions[n] in rename:
rename[nblock.functions[n]].append(ea)
else:
rename[nblock.functions[n]] = [ea]
# Rename the identified functions
for (name, candidates) in rename.items():
if candidates:
winner = \
collections.Counter(candidates).most_common(1)[0][0]
count += self.rename(winner, name)
end = time.time()
print("Renamed %d functions in %.2f seconds." % (count, (end - start)))
def rename(self, ea, name):
# Don't rely on the name in curfunc, it could have already been renamed
curname = ida_shims.get_name(ea)
# Don't rename if the name is a special identifier, or if the ea has
# already been named
if curname.startswith('sub_') and \
name.split('_')[0] not in \
['sub', 'loc', 'unk', 'dword', 'word', 'byte']:
# Don't rename if the name already exists in the IDB
if ida_shims.get_name_ea_simple(name) == idc.BADADDR:
if ida_shims.set_name(ea, name):
ida_shims.set_func_flags(
ea, (ida_shims.get_func_flags(ea) | idc.FUNC_LIB))
return 1
return 0
def __init__(self, ea):
self.ea = ea
self.dword = ida_shims.get_wide_dword(self.ea)
self.type = None
self.value = None
string = ida_shims.get_strlit_contents(self.dword)
name = ida_shims.get_func_name(self.dword)
if ida_shims.get_name_ea_simple(name) != self.dword:
name = ''
if name:
self.type = int
self.value = name
elif string:
self.type = str
self.value = string
def pointify(self):
counter = 0
print("Renaming pointers...", end=' ')
for (name_ea, name) in idautils.Names():
for xref in idautils.XrefsTo(name_ea):
xref_name = ida_shims.get_name(xref.frm)
if xref_name and xref_name.startswith("off_"):
i = 0
new_name = name + "_ptr"
while ida_shims.get_name_ea_simple(
new_name) != idc.BADADDR:
new_name = name + "_ptr%d" % i
i += 1
if ida_shims.set_name(xref.frm, new_name):
counter += 1
#else:
# print "Failed to create name '%s'!" % new_name
print("renamed %d pointers" % counter)
def _profile_function(self):
current_ea = ida_shims.get_screen_ea()
current_function = ida_shims.get_func_name(current_ea)
current_function_ea = ida_shims.get_name_ea_simple(current_function)
if current_function:
self.function = current_function
ea = ida_shims.get_func_attr(current_function_ea, idc.FUNCATTR_START)
end_ea = ida_shims.get_func_attr(current_function_ea, idc.FUNCATTR_END)
self.highlighted = ida_shims.get_highlighted_identifier()
while ea < end_ea and ea != idc.BADADDR and self.highlighted:
i = 0
match = False
optype = self.READ
insn = ida_shims.decode_insn(ea)
mnem = ida_shims.print_insn_mnem(ea)
if self.highlighted in mnem:
match = True
elif idaapi.is_call_insn(ea):
for xref in idautils.XrefsFrom(ea):
if xref.type != 21:
name = ida_shims.get_name(xref.to)
if name and self.highlighted in name:
match = True
break
else:
while True:
opnd = ida_shims.print_operand(ea, i)
if opnd:
if self.highlighted in opnd:
canon_feature = ida_shims.get_canon_feature(insn)
match = True
if canon_feature & self.OPND_WRITE_FLAGS[i]:
optype = self.WRITE
i += 1
else:
break
if not match:
comment = idc.GetCommentEx(ea, 0)
if comment and self.highlighted in comment:
match = True
else:
comment = idc.GetCommentEx(ea, 1)
if comment and self.highlighted in comment:
match = True
else:
comment = None
if match:
if ea > current_ea:
direction = self.DOWN
elif ea < current_ea:
direction = self.UP
else:
direction = self.THIS
self.xrefs[ea] = {
'offset': ida_shims.get_func_off_str(ea),
'mnem': mnem,
'type': optype,
'direction': direction,
'text': idc.GetDisasm(ea),
}
ea = ida_shims.next_head(ea)
def OnSelectLine(self, n):
ida_shims.jumpto(ida_shims.get_name_ea_simple(self.items[n][0]))
