def check_address(address):
# Checks if given address contains virtual table. Returns True if more than 2 function pointers found
# Also if table's addresses point to code in executable section, than tries to make functions at that addresses
if helper.is_code_ea(address):
return False
if not idaapi.get_name(address):
return False
functions_count = 0
while True:
func_address = helper.get_ptr(address)
# print "[INFO] Address 0x{0:08X}".format(func_address)
if helper.is_code_ea(func_address) or helper.is_imported_ea(
func_address):
functions_count += 1
address += const.EA_SIZE
else:
segment = idaapi.getseg(func_address)
if segment and segment.perm & idaapi.SEGPERM_EXEC:
idc.MakeUnknown(func_address, 1, idaapi.DOUNK_SIMPLE)
if idc.MakeFunction(func_address):
functions_count += 1
address += const.EA_SIZE
continue
break
idaapi.autoWait()
return functions_count
def scan_virtual_function(self, index):
if helper.is_imported_ea(self.virtual_functions[index].address):
print "[INFO] Ignoring import function at 0x{0:08X}".format(
self.address)
return
try:
function = idaapi.decompile(self.virtual_functions[index].address)
except idaapi.DecompilationFailure:
print "[ERROR] Failed to decompile function at 0x{0:08X}".format(
self.address)
return
if helper.FunctionTouchVisitor(function).process():
function = idaapi.decompile(self.virtual_functions[index].address)
if function.arguments and function.arguments[
0].is_arg_var and helper.is_legal_type(
function.arguments[0].tif):
print "[Info] Scanning virtual function at 0x{0:08X}".format(
function.entry_ea)
# TODO: Remove usage `temporary_structure' as global
obj = api.VariableObject(function.get_lvars()[0], 0)
scanner = variable_scanner.NewDeepSearchVisitor(
function, self.offset, obj, cache.temporary_structure)
scanner.process()
else:
print "[Warning] Bad type of first argument in virtual function at 0x{0:08X}".format(
function.entry_ea)
def populate(self):
address = self.address
while True:
ptr = helper.get_ptr(address)
if helper.is_code_ea(ptr):
self.virtual_functions.append(
VirtualFunction(ptr, address - self.address))
elif helper.is_imported_ea(ptr):
self.virtual_functions.append(
ImportedVirtualFunction(ptr, address - self.address))
else:
break
address += const.EA_SIZE
if idaapi.get_first_dref_to(address) != idaapi.BADADDR:
break
def populate(self):
address = self.address
while True:
if const.EA64:
func_address = idaapi.get_64bit(address)
else:
func_address = idaapi.get_32bit(address)
if helper.is_code_ea(func_address):
self.virtual_functions.append(
VirtualFunction(func_address, address - self.address))
elif helper.is_imported_ea(func_address):
self.virtual_functions.append(
ImportedVirtualFunction(func_address,
address - self.address))
else:
break
address += const.EA_SIZE
if idaapi.get_first_dref_to(address) != idaapi.BADADDR:
break