def _add_xrefs(view: BinaryView):
log_debug('_add_xrefs')
method_t = view.types.get('method_t')
if method_t is None:
return
method_t_struct = method_t.structure
method_t_name = method_t_struct['name']
for function in view.functions:
data_refs = view.get_data_refs(function.start)
log_debug(f'{function.name}: {data_refs}')
method_t_list = [
var
for var in map(
view.get_data_var_at,
(ref for ref in data_refs)
)
]
log_debug(f'{function.name}: {method_t_list}')
for method in method_t_list:
name_ptr = int.from_bytes(
view.read(method.address + method_t_name.offset, view.address_size),
"little" if view.endianness == Endianness.LittleEndian else "big"
)
for xref in view.get_code_refs(name_ptr):
xref_mlil = xref.function.get_low_level_il_at(xref.address).mmlil
if xref_mlil is None:
log_debug(f'{xref.address:x}')
return
if xref_mlil.operation == MediumLevelILOperation.MLIL_SET_VAR:
call_mlil = next(
(use
for use in xref_mlil.function.get_ssa_var_uses(xref_mlil.ssa_form.dest)
if (use.instr_index > xref_mlil.instr_index and
use.il_basic_block == xref_mlil.il_basic_block)),
None
)
else:
return
if call_mlil is not None:
xref.function.set_user_xref(call_mlil.address, function.start)
def define_cfstrings_plugin(view: BinaryView):
log_debug("define_cfstrings_plugin")
from_bytes = _get_from_bytes(view)
cfstring_type = view.get_type_by_name('CFString')
if cfstring_type is None:
cfstring_type = view.platform.parse_types_from_source(
_cfstring_definition).types['CFString']
view.define_user_type('CFString', cfstring_type)
wchar_type = view.platform.parse_types_from_source(
_wchar_definition).types['wchar']
cfstring = Type.named_type_from_type('CFString', cfstring_type)
__cfstring = view.get_section_by_name('__cfstring')
if __cfstring is None:
return
buffer = cfstring_type.structure['buffer']
length = cfstring_type.structure['length']
for addr in range(__cfstring.start, __cfstring.end, cfstring_type.width):
view.define_user_data_var(addr, cfstring)
for xref in view.get_data_refs(addr):
view.define_user_data_var(xref, Type.pointer(view.arch, cfstring))
string_pointer = from_bytes(
view.read(addr + buffer.offset, buffer.type.width))
string_length = from_bytes(
view.read(addr + length.offset, length.type.width), ) + 1
string_section = view.get_sections_at(string_pointer)
if not string_section:
return
if string_section[0].name == '__ustring':
char_type = wchar_type
else:
char_type = Type.char()
view.define_user_data_var(string_pointer,
Type.array(char_type, string_length))
