def __process_exports(self):
exports = list()
for i in range(0, ida_entry.get_entry_qty()):
ordinal = ida_entry.get_entry_ordinal(i)
ea = ida_entry.get_entry(ordinal)
flags = ida_bytes.get_full_flags(ea)
type = 'unknown'
if ida_bytes.is_func(flags):
type = 'function'
elif ida_bytes.is_data(flags):
type = 'data'
export = {
'ordinal': ordinal,
'rva': ea - self._base,
'name': ida_entry.get_entry_name(ordinal),
'type': type
}
exports.append(export)
return exports
def get_conflict(self):
"""
:return: None if there's no conflict, empty string if there's no change, data if there's a change.
"""
# TODO: Fill docstring, plus, make the function return 0,1,2 and save the current data by itself.
code_address = self._has_code()
if code_address:
return 'Code: 0x%x' % code_address
num_of_elements = self._get_num_of_elements()
data_undefined = True
for i in xrange(self.data):
ea_flags = ida_bytes.get_full_flags(self.address + i)
if ea_flags & 0x400: # Data defined
data_undefined = False
if data_undefined:
return None # No conflict
# Iterate over all local data, and check if there's any conflict with the type
conflict = ''
for i in xrange(num_of_elements):
current_address = self.address + (
i * self.TYPE_TO_SIZE[self.data_type])
current_address = ida_bytes.get_item_head(current_address)
ea_flags = ida_bytes.get_full_flags(current_address)
if not ida_bytes.is_data(ea_flags):
conflict += 'unknown at 0x%x\n' % current_address
continue
current_data_type = ea_flags & ida_bytes.DT_TYPE
if self.data_type != current_data_type: # Different data
conflict += '%s at 0x%x\n' % (
self.TYPE_TO_NAME[current_data_type], current_address)
if conflict:
return conflict
# TODO: Deal with the case it's just multiple type definitions in the area?
return '' # No difference
def dump():
ret = []
for addr, name in idautils.Names():
flags = ida_bytes.get_flags(addr)
if ida_bytes.has_dummy_name(flags) or ida_bytes.has_auto_name(
flags) or not ida_bytes.is_data(flags):
print('skip auto:', name)
continue
# Sometimes the auto-generated names don't actually usually have the
# right flags set, so skip these auto-looking names.
if any(
name.startswith(s)
for s in ['byte_', 'word_', 'dword_', 'unk_', 'jpt_']):
continue
# print('%08x' % addr, '%08x' % flags, name,
# ida_bytes.is_data(flags))
sz = ida_bytes.get_item_size(addr)
if ida_bytes.is_struct(flags):
ti = ida_nalt.opinfo_t()
ida_bytes.get_opinfo(ti, addr, 0, flags)
# itemsize = ida_bytes.get_data_elsize(addr, flags, ti)
typ = ida_struct.get_struc_name(ti.tid)
else:
# itemsize = ida_bytes.get_item_size(addr)
typ = None
ret.append({
'address': addr,
'name': name,
'type': typ,
'sz': sz,
'flags': flags,
})
return ret
def get_conflict(self):
"""
:return: None if there's no conflict, empty string if there's no change, data if there's a change.
"""
# TODO: Fill docstring, plus, make the function return 0,1,2 and save the current data by itself.
conflicts = ""
conflict_flag = False
for i in xrange(self.data):
current_address = self.address + i
head_address = ida_bytes.get_item_head(current_address)
if ida_bytes.is_code(ida_bytes.get_full_flags(head_address)):
conflict_flag = True
ea_flags = ida_bytes.get_full_flags(head_address)
if not ida_bytes.is_data(ea_flags):
continue
conflict_flag = True
conflicts += '%s at 0x%x\n' % (
self.TYPE_TO_NAME[ea_flags & ida_bytes.DT_TYPE], head_address)
if conflict_flag:
return conflicts
return None
def is_data_start(ea):
flags = ida_bytes.get_full_flags(ea)
data = ida_bytes.is_data(flags)
head = ida_bytes.is_head(flags)
return data and head
def dump():
ret = []
for addr, name in idautils.Names():
flags = ida_bytes.get_flags(addr)
# The 'a' heuristic is fairly bad but we need to filter out IDA's default
# naming for strings
if ida_bytes.has_dummy_name(flags) or ida_bytes.has_auto_name(flags) or not ida_bytes.is_data(flags) or name[0] == 'a':
continue
# Sometimes the auto-generated names don't actually usually have the
# right flags set, so skip these auto-looking names.
if any(name.startswith(s) for s in ['byte_', 'word_', 'dword_', 'unk_', 'jpt_']):
continue
sz = ida_bytes.get_item_size(addr)
if ida_bytes.is_struct(flags):
ti = ida_nalt.opinfo_t()
ida_bytes.get_opinfo(ti, addr, 0, flags)
typ = ida_struct.get_struc_name(ti.tid)
else:
typ = None
ret.append(filter_none({
'address': addr,
'name': name,
'type': typ,
'sz': sz,
'flags': flags,
}))
return ret
def dump_heads(out):
# out is a file like object, sys.stdout or an acual file object
# There doesn't seem to a good way to determine what function a
# particular address is in. Almost everyone recommends iterating
# of the functions, and then getting the bytes out of each, but
# that's not really what we want because it skips non function
# bytes and reports them in the wrong order. It appears that the
# best we can do is to build a map in advance. :-(
a2fmap = build_a2fmap()
min_ea = idaapi.cvar.inf.minEA
max_ea = idaapi.cvar.inf.maxEA
ea = min_ea
while ea != ida_idaapi.BADADDR:
ida_auto.show_addr(ea)
isize = ida_bytes.get_item_size(ea)
ibytes = ida_bytes.get_bytes(ea, isize)
ihexbytes = binascii.b2a_hex(ibytes).upper()
iflags = ida_bytes.get_flags(ea)
# Skip the PE header?
if not ida_bytes.is_head(iflags):
ea = ida_bytes.next_head(ea, max_ea)
continue
# Loop up this address in the address-to-function map.
if ea in a2fmap:
faddrs = a2fmap[ea]
else:
faddrs = [ea]
tcode = "ERROR"
imnem = "???"
iops = "???"
if ida_bytes.is_code(iflags):
tcode = "INSN"
imnem = "???"
iops = "???"
insn = idautils.DecodeInstruction(ea)
if insn == None:
imnem = "BAD"
iops = ""
elif not insn.is_canon_insn():
imnem = "NCAN"
iops = ""
else:
imnem = insn.get_canon_mnem()
sops = []
for n in range(8):
ostr = ida_ua.print_operand(ea, n)
if ostr is not None:
ostrnt = ida_lines.tag_remove(ostr)
if ostrnt != '':
sops.append(ostrnt)
iops = ', '.join(sops)
elif ida_bytes.is_data(iflags):
tcode = "DATA"
imnem = "db"
iops = "???"
if ida_bytes.is_align(iflags):
tcode += "_ALIGN"
#elif ida_bytes.is_struct(iflags):
# tcode += "_STRUCT"
#elif ida_bytes.is_char(iflags):
# tcode += "_STR"
# There are other types that IDA recognizes.
elif ida_bytes.is_unknown(iflags):
tcode = "UNK-%08X" % iflags
imnem = "???"
iops = "???"
for faddr in sorted(faddrs):
out.write('"PART",0x%08X,"%s",0x%08X,"%s","%s","%s"\n' %
(ea, tcode, faddr, ihexbytes, imnem, iops))
ea = ida_bytes.next_head(ea, max_ea)
print "Analysis complete!"
