def find_imm_compares(self):
"""
Find all immediate compares in the current function.
Very useful when debugging parsers, for example.
@return: list of tuples [(address, disassembly),...]
"""
cmp_addr = []
for addr, dis in misc.iter_disasm():
if "cmp" in dis:
if GetOpType(addr, 1) == o_imm: # 5: immediate value
cmp_addr.append((addr, dis))
return cmp_addr
def calls_in_function(self, unique = True):
"""
Find calls within current function
Execution transfer like jmp sub_xxx included
@return: a list of tuples [(addr, dis)]
"""
callees = []
for addr, dis in misc.iter_disasm():
if is_call_insn(addr) or misc.is_external_jmp(addr):
if dis not in callees:
callees.append((addr, dis))
return callees
def comments_in_function(self):
"""
Searches the current function for IDA generated annotations
Useful when dealing with large functions doing lots of logging
@return: a list of tuples [(addr, comment)]
"""
comments = []
for addr, dis in misc.iter_disasm():
comm = Comment(addr)
# Comment returns None if no comment
if comm:
comments.append((addr, comm))
return comments
def find_imm_compares(self):
"""
Find all immediate compares in the current function.
Very useful when debugging parsers, for example.
@return: list of tuples [(address, disassembly),...]
"""
cmp_addr = []
for addr, dis in misc.iter_disasm():
if "cmp" in dis:
if GetOpType(addr, 1) == o_imm: # 5: immediate value
# If this is ASCII, display for convenience
v = GetOperandValue(addr, 1)
if v > 0x20 and v <0x7F:
msg = "{0} ({1})".format(addr, chr(v))
else:
msg = dis
cmp_addr.append((addr, msg))
return cmp_addr
