def make_head(ea):
flags = idc.GetFlags(ea)
if not idc.isHead(flags):
idc.SetFlags(ea, flags | idc.FF_DATA)
idaapi.autoWait()
return is_head(ea)
return True
def make_head(ea):
flags = idc.GetFlags(ea)
if not idc.isHead(flags):
idc.SetFlags(ea, flags | idc.FF_DATA)
idaapi.autoWait()
return is_head(ea)
return True
def isDefined(ea):
flags = idaapi.getFlags(ea)
if not idc.isStruct(flags):
return False
if not idc.isHead(flags):
return False
# TODO: verify the actual struct type.
return True
def isDefined(ea):
flags = idaapi.getFlags(ea)
if not idc.isStruct(flags):
return False
if not idc.isHead(flags):
return False
# TODO: verify the actual struct type.
return True
def isDefined(ea):
flags = idaapi.getFlags(ea)
if not idc.isStruct(flags):
return False
if not idc.isHead(flags):
return False
if idaapi.get_name(idaapi.BADADDR, ea) != TypeDescriptor.makeName(ea):
return False
return True
def isDefined(ea):
flags = idaapi.getFlags(ea)
if not idc.isStruct(flags):
return False
if not idc.isHead(flags):
return False
if idaapi.get_name(idaapi.BADADDR, ea) != TypeDescriptor.makeName(ea):
return False
return True
def Heads(start=idaapi.cvar.inf.minEA, end=idaapi.cvar.inf.maxEA):
"""
Get a list of heads (instructions or data)
@param start: start address (default: inf.minEA)
@param end: end address (default: inf.maxEA)
@return: list of heads between start and end
"""
ea = start
if not idc.isHead(idc.GetFlags(ea)):
ea = idaapi.next_head(ea, end)
while ea != idaapi.BADADDR:
yield ea
ea = idaapi.next_head(ea, end)
def Heads(start=idaapi.cvar.inf.minEA, end=idaapi.cvar.inf.maxEA):
"""
Get a list of heads (instructions or data)
@param start: start address (default: inf.minEA)
@param end: end address (default: inf.maxEA)
@return: list of heads between start and end
"""
ea = start
if not idc.isHead(idc.GetFlags(ea)):
ea = idaapi.next_head(ea, end)
while ea != idaapi.BADADDR:
yield ea
ea = idaapi.next_head(ea, end)
def process_function(arch, func_ea):
func_end = idc.FindFuncEnd(func_ea)
packet = DismantlerDataPacket()
ida_chunks = get_chunks(func_ea)
chunks = set()
# Add to the chunks only the main block, containing the
# function entry point
#
chunk = get_flow_code_from_address(func_ea)
if chunk:
chunks.add(chunk)
# Make "ida_chunks" a set for faster searches within
ida_chunks = set(ida_chunks)
ida_chunks_idx = dict(zip([c[0] for c in ida_chunks], ida_chunks))
func = idaapi.get_func(func_ea)
comments = [idaapi.get_func_cmt(func, 0), idaapi.get_func_cmt(func, 1)]
# Copy the list of chunks into a queue to process
#
chunks_todo = [c for c in chunks]
while True:
# If no chunks left in the queue, exit
if not chunks_todo:
if ida_chunks:
chunks_todo.extend(ida_chunks)
else:
break
chunk_start, chunk_end = chunks_todo.pop()
if ida_chunks_idx.has_key(chunk_start):
ida_chunks.remove(ida_chunks_idx[chunk_start])
del ida_chunks_idx[chunk_start]
for head in idautils.Heads(chunk_start, chunk_end):
comments.extend((idaapi.get_cmt(head, 0), idaapi.get_cmt(head, 1)))
comment = '\n'.join([c for c in comments if c is not None])
comment = comment.strip()
if comment:
packet.add_comment(head, comment)
comments = list()
if idc.isCode(idc.GetFlags(head)):
instruction = arch.process_instruction(packet, head)
# if there are other references than
# flow add them all.
if list(idautils.CodeRefsFrom(head, 0)):
# for each reference, including flow ones
for ref_idx, ref in enumerate(
idautils.CodeRefsFrom(head, 1)):
if arch.is_call(instruction):
# This two conditions must remain separated, it's
# necessary to enter the enclosing "if" whenever
# the instruction is a call, otherwise it will be
# added as an uncoditional jump in the last else
#
if ref in list(idautils.CodeRefsFrom(head, 0)):
packet.add_direct_call(head, ref)
elif ref_idx > 0 and arch.is_conditional_branch(
instruction):
# The ref_idx is > 0 in order to avoid processing the
# normal flow reference which would effectively imply
# that the conditional branch is processed twice.
# It's done this way instead of changing the loop's head
# from CodeRefsFrom(head, 1) to CodeRefsFrom(head, 0) in
# order to avoid altering the behavior of other conditions
# which rely on it being so.
# FIXME
# I don't seem to check for the reference here
# to point to valid, defined code. I suspect
# this could lead to a failure when exporting
# if such situation appears. I should test if
# it's a likely scenario and probably just add
# an isHead() or isCode() to address it.
packet.add_conditional_branch_true(head, ref)
packet.add_conditional_branch_false(
head, idaapi.next_head(head, chunk_end))
# If the target is not in our chunk list
if not address_in_chunks(ref, chunks):
new_chunk = get_flow_code_from_address(ref)
# Add the chunk to the chunks to process
# and to the set containing all visited
# chunks
if new_chunk is not None:
chunks_todo.append(new_chunk)
chunks.add(new_chunk)
elif arch.is_unconditional_branch(instruction):
packet.add_unconditional_branch(head, ref)
# If the target is not in our chunk list
if not address_in_chunks(ref, chunks):
new_chunk = get_flow_code_from_address(ref)
# Add the chunk to the chunks to process
# and to the set containing all visited
# chunks
if new_chunk is not None:
chunks_todo.append(new_chunk)
chunks.add(new_chunk)
#skip = False
for ref in idautils.DataRefsFrom(head):
packet.add_data_reference(head, ref)
# Get a data reference from the current reference's
# location. For instance, if 'ref' points to a valid
# address and such address contains a data reference
# to code.
target = list(idautils.DataRefsFrom(ref))
if target:
target = target[0]
else:
target = None
if target is None and arch.is_call(instruction):
imp_name = idc.Name(ref)
imp_module = get_import_module_name(ref)
imported_functions.add((ref, imp_name, imp_module))
packet.add_indirect_virtual_call(head, ref)
elif target is not None and idc.isHead(target):
# for calls "routed" through this reference
if arch.is_call(instruction):
packet.add_indirect_call(head, target)
# for unconditional jumps "routed" through this reference
elif arch.is_unconditional_branch(instruction):
packet.add_unconditional_branch(head, target)
# for conditional "routed" through this reference
elif arch.is_conditional_branch(instruction):
packet.add_conditional_branch_true(head, target)
packet.add_conditional_branch_false(
head, idaapi.next_head(head, chunk_end))
f = FunctionAnalyzer(arch, func_ea, packet)
instrumentation.new_packet(packet)
instrumentation.new_function(f)
def isHead(ea):
return idc.isHead(idc.GetFlags(ea))
def process_function(arch, func_ea):
func_end = idc.FindFuncEnd(func_ea)
packet = DismantlerDataPacket()
ida_chunks = get_chunks(func_ea)
chunks = set()
# Add to the chunks only the main block, containing the
# function entry point
#
chunk = get_flow_code_from_address(func_ea)
if chunk:
chunks.add( chunk )
# Make "ida_chunks" a set for faster searches within
ida_chunks = set(ida_chunks)
ida_chunks_idx = dict(zip([c[0] for c in ida_chunks], ida_chunks))
func = idaapi.get_func(func_ea)
comments = [idaapi.get_func_cmt(func, 0), idaapi.get_func_cmt(func, 1)]
# Copy the list of chunks into a queue to process
#
chunks_todo = [c for c in chunks]
while True:
# If no chunks left in the queue, exit
if not chunks_todo:
if ida_chunks:
chunks_todo.extend(ida_chunks)
else:
break
chunk_start, chunk_end = chunks_todo.pop()
if ida_chunks_idx.has_key(chunk_start):
ida_chunks.remove(ida_chunks_idx[chunk_start])
del ida_chunks_idx[chunk_start]
for head in idautils.Heads(chunk_start, chunk_end):
comments.extend( (idaapi.get_cmt(head, 0), idaapi.get_cmt(head, 1)) )
comment = '\n'.join([c for c in comments if c is not None])
comment = comment.strip()
if comment:
packet.add_comment(head, comment)
comments = list()
if idc.isCode(idc.GetFlags(head)):
instruction = arch.process_instruction(packet, head)
# if there are other references than
# flow add them all.
if list( idautils.CodeRefsFrom(head, 0) ):
# for each reference, including flow ones
for ref_idx, ref in enumerate(idautils.CodeRefsFrom(head, 1)):
if arch.is_call(instruction):
# This two conditions must remain separated, it's
# necessary to enter the enclosing "if" whenever
# the instruction is a call, otherwise it will be
# added as an uncoditional jump in the last else
#
if ref in list( idautils.CodeRefsFrom(head, 0) ):
packet.add_direct_call(head, ref)
elif ref_idx>0 and arch.is_conditional_branch(instruction):
# The ref_idx is > 0 in order to avoid processing the
# normal flow reference which would effectively imply
# that the conditional branch is processed twice.
# It's done this way instead of changing the loop's head
# from CodeRefsFrom(head, 1) to CodeRefsFrom(head, 0) in
# order to avoid altering the behavior of other conditions
# which rely on it being so.
# FIXME
# I don't seem to check for the reference here
# to point to valid, defined code. I suspect
# this could lead to a failure when exporting
# if such situation appears. I should test if
# it's a likely scenario and probably just add
# an isHead() or isCode() to address it.
packet.add_conditional_branch_true(head, ref)
packet.add_conditional_branch_false(
head, idaapi.next_head(head, chunk_end))
# If the target is not in our chunk list
if not address_in_chunks(ref, chunks):
new_chunk = get_flow_code_from_address(ref)
# Add the chunk to the chunks to process
# and to the set containing all visited
# chunks
if new_chunk is not None:
chunks_todo.append(new_chunk)
chunks.add(new_chunk)
elif arch.is_unconditional_branch(instruction):
packet.add_unconditional_branch(head, ref)
# If the target is not in our chunk list
if not address_in_chunks(ref, chunks):
new_chunk = get_flow_code_from_address(ref)
# Add the chunk to the chunks to process
# and to the set containing all visited
# chunks
if new_chunk is not None:
chunks_todo.append(new_chunk)
chunks.add(new_chunk)
#skip = False
for ref in idautils.DataRefsFrom(head):
packet.add_data_reference(head, ref)
# Get a data reference from the current reference's
# location. For instance, if 'ref' points to a valid
# address and such address contains a data reference
# to code.
target = list( idautils.DataRefsFrom(ref) )
if target:
target = target[0]
else:
target = None
if target is None and arch.is_call(instruction):
imp_name = idc.Name(ref)
imp_module = get_import_module_name(ref)
imported_functions.add((ref, imp_name, imp_module))
packet.add_indirect_virtual_call(head, ref)
elif target is not None and idc.isHead(target):
# for calls "routed" through this reference
if arch.is_call(instruction):
packet.add_indirect_call(head, target)
# for unconditional jumps "routed" through this reference
elif arch.is_unconditional_branch(instruction):
packet.add_unconditional_branch(head, target)
# for conditional "routed" through this reference
elif arch.is_conditional_branch(instruction):
packet.add_conditional_branch_true(head, target)
packet.add_conditional_branch_false(
head, idaapi.next_head(head, chunk_end))
f = FunctionAnalyzer(arch, func_ea, packet)
instrumentation.new_packet(packet)
instrumentation.new_function(f)
def is_head(ea): return idc.isHead(idc.GetFlags(ea))
def is_head(va):
return idc.isHead(idc.GetFlags(va))
#F这个参数需要先通过idc.GetFlags(ea)获取地址的内部标志表示形式,然后再传给idc.is*系列函数当参数
#判断IDA是否将其判定为代码
idc.isCode(F)
#判断IDA是否将其判定为数据
idc.isData(F)
#判断IDA是否将其判定为尾部
idc.isTail(F)
#判断IDA是否将其判定为未知(既不是数据,也不是代码)
idc.isUnknown(F)
#判断IDA是否将其判定为头部
idc.isHead(F)
#0x100001f77L mov rbx, rsi
#True
ea = here()
print hex(ea), idc.GetDisasm(ea)
print idc.isCode(idc.GetFlags(ea))
# idc.FindCode(ea, flag) 该函数用于寻找被标记为代码的下一个地址. 对于想要查找数据块的尾部很有帮助
#0x1000013c0L text "UTF-16LE", '{00000000-0000-0000-0000-000000000000}',0
#0x1000014f8L xor r11d, r11d
ea = here()
print hex(ea), idc.GetDisasm(ea)
addr = idc.FindCode(ea, SEARCH_DOWN | SEARCH_NEXT)
print hex(addr), idc.GetDisasm(addr)
def is_head(self):
"""True if object is an Head of the IDB
(The beginning of a line)
"""
return idc.isHead(self.flags)
