def parse_function_tables(self):
count = 0
for pattern in self.search():
name2func = {}
ea = pattern.start
while ea < pattern.stop:
string_address = ida_shims.get_wide_dword(
ea + (pattern.name_element * pattern.element_size))
function_address = ida_shims.get_wide_dword(
ea + (pattern.function_element * pattern.element_size))
new_function_name = ida_shims.get_strlit_contents(
string_address).decode("utf8")
current_function_name = ida_shims.get_name(function_address)
if not self.valid_function_name(new_function_name):
print("ERROR: '%s' is not a valid function name. This is " \
"likely not a function table, or I have parsed it " \
"incorrectly!" % new_function_name)
print(" Ignoring all entries in the structures " \
"between 0x%X and 0x%X.\n" % (pattern.start,
pattern.stop))
name2func = {}
break
elif current_function_name.startswith("sub_"):
name2func[new_function_name] = function_address
ea += (pattern.num_elements * pattern.element_size)
for (name, address) in name2func.items():
print("0x%.8X => %s" % (address, name))
ida_shims.set_name(address, name)
count += 1
print("Renamed %d functions!" % count)
def __init__(self, ea):
self.ea = ea
self.dword = ida_shims.get_wide_dword(self.ea)
self.type = None
self.value = None
string = ida_shims.get_strlit_contents(self.dword)
name = ida_shims.get_func_name(self.dword)
if ida_shims.get_name_ea_simple(name) != self.dword:
name = ''
if name:
self.type = int
self.value = name
elif string:
self.type = str
self.value = string