def __init__(self, ea, iatEA=None, is_new_func=False, library_name=None):
"""
Ctor
@param ea: Effective address of the function
@param iatEA: Effective address of IAT element (For library functions)
@param is_indirect: Was this function called indirectly?
@param is_new_func: Is this function missing from initial function analysis?
"""
self.logger = logging.getLogger(__name__)
self.config = DieConfig.get_config()
################################################################################
### Context Stuff
# Arguments
self.callValues = [] # Argument values at function call
self.retValues = [] # Argument values at function return
self.retArgValue = None # Return argument value
# Registers
self.callRegState = None # Register state at function call
self.retRegState = None # Register state at function return
self.total_proc_time = 0 # Total processing time in seconds.
try:
### Function Data
self.function = Function(
ea, iatEA,
library_name=library_name) # This (The Callee) function
self.callingEA = get_ret_adr() # The ea of the CALL instruction
self.calling_function_name = get_function_name(
self.callingEA) # Calling function name
### Flags
self.empty = True # empty flag is dropped when first call context is retrieved.
self.is_indirect = self.check_if_indirect(
) # Flag indicating whether this function was called indirectly
self.is_new_func = is_new_func # Flag indicating whether this function did not exist in initial analysis
# TODO: if this is a new function, try to define it.
# Get a function parser for this function
# (currently only GenericFunctionParser exist, and this is used to enable future extensions)
self.function_parser = GenericFunctionParser(self.function)
except Exception as ex:
logging.critical("Error while initializing function context: %s",
ex)
return None
def __init__(self, ea, iatEA=None, library_name=None):
"""
Ctor
"""
self.logger = logging.getLogger(__name__)
self.ea = ea # Effective Address of the function
self.iatEA = iatEA # If imported function, the address in the IAT
try:
function = sark.Function(ea)
except sark.exceptions.SarkNoFunction:
raise DIE.Lib.DIE_Exceptions.DieNoFunction(
"No Function at 0x%08X" % (ea, ))
self.funcName = get_function_name(function.ea)
self.func_start = function.startEA
self.func_end = function.endEA
self.proto_ea = self.getFuncProtoAdr() # Address of function prototype
self.typeInfo = idaapi.tinfo_t() # Function type info
self.funcInfo = idaapi.func_type_data_t() # Function info
self.argNum = 0 # Number of input arguments
self.args = [] # Function argument list
self.retArg = None # Return argument
self.library_name = library_name # If library function, name of containing library
self.isLibFunc = False
if self.iatEA:
self.isLibFunc = True # Is this a library function
elif sark.Function(ea).flags & (idaapi.FUNC_LIB | idaapi.FUNC_THUNK):
self.isLibFunc = True
try:
self.getArguments()
except Exception as ex:
self.logger.error(
"Failed to get function arguments for function %s: %s",
self.funcName, ex)
def __init__(self, ea, iatEA=None, library_name=None):
"""
Ctor
"""
self.logger = logging.getLogger(__name__)
self.ea = ea # Effective Address of the function
self.iatEA = iatEA # If imported function, the address in the IAT
try:
function = sark.Function(ea)
except sark.exceptions.SarkNoFunction:
raise DIE.Lib.DIE_Exceptions.DieNoFunction("No Function at 0x%08X" % (ea, ))
self.funcName = get_function_name(function.ea)
self.func_start = function.startEA
self.func_end = function.endEA
self.proto_ea = self.getFuncProtoAdr() # Address of function prototype
self.typeInfo = idaapi.tinfo_t() # Function type info
self.funcInfo = idaapi.func_type_data_t() # Function info
self.argNum = 0 # Number of input arguments
self.args = [] # Function argument list
self.retArg = None # Return argument
self.library_name = library_name # If library function, name of containing library
self.isLibFunc = False
if self.iatEA:
self.isLibFunc = True # Is this a library function
elif sark.Function(ea).flags & (idaapi.FUNC_LIB | idaapi.FUNC_THUNK):
self.isLibFunc = True
try:
self.getArguments()
except Exception as ex:
self.logger.error("Failed to get function arguments for function %s: %s", self.funcName, ex)
def __init__(self, ea, iatEA=None, is_new_func=False, library_name=None, parent_func_context=None, calling_ea=None):
"""
Ctor
@param ea: Effective address of the function
@param iatEA: Effective address of IAT element (For library functions)
@param is_indirect: Was this function called indirectly?
@param is_new_func: Is this function missing from initial function analysis?
@param parent_func_context: FunctionContext object of the calling function
@param calling_ea: The ea of the call instruction used to call this function
"""
self.logger = logging.getLogger(__name__)
self.config = DieConfig.get_config()
# Get a unique function context ID
self.id = FunctionContext.ID
FunctionContext.ID += 1
################################################################################
### Context Stuff
# Arguments
self.callValues = [] # Argument values at function call
self.retValues = [] # Argument values at function return
self.retArgValue = None # Return argument value
# Registers
self.callRegState = None # Register state at function call
self.retRegState = None # Register state at function return
self.total_proc_time = 0 # Total processing time in seconds.
self.callingEA = calling_ea # The ea of the CALL instruction
self.parent_func_context = parent_func_context # Function context of the calling function
self.child_func_context = [] # Array of function contexts called bu this function
self.calling_function_name = get_function_name(self.callingEA) # Calling function name
### Flags
self.no_ret_context = True # empty flag is dropped when first call context is retrieved.
self.is_indirect = self.check_if_indirect() # Flag indicating whether this function was called indirectly
self.is_new_func = is_new_func # Flag indicating whether this function did not exist in initial analysis
if self.config.function_context.add_xref:
self.add_call_xrefs(ea, iatEA)
try:
# Get this function (The Callee)
if self.config.function_context.new_func_analysis:
self.function = self._getFunctionHelper(ea, iatEA, library_name=library_name)
else:
self.function = Function(ea, iatEA, library_name=library_name)
# Get a function parser for this function
# (currently only GenericFunctionParser exist, and this is used to enable future extensions)
self.function_parser = GenericFunctionParser(self.function)
except DIE.Lib.DIE_Exceptions.DieNoFunction:
if self.config.function_context.new_func_analysis:
self.logger.info("Could not retrieve function information at address: %s", hex(ea))
else:
self.logger.debug("Could not retrieve function information at address: %s", hex(ea))
self.function = None