def find_calls():
"""find function calls
example function to be passed to hr_toolbox.display()
"""
query = lambda cf, e: (e.op is cot_call and e.x.op is cot_obj)
return tb.query_db(query)
def find_memcpy():
"""find calls to memcpy() where the 'n' argument is signed
example function to be passed to hr_toolbox.display()
"""
query = lambda cf, e: (e.op is cot_call and e.x.op is cot_obj and 'memcpy'
in get_name(e.x.obj_ea) and len(e.a) == 3 and e.a[
2].op is cot_var and cf.lvars[e.a[2].v.idx
].tif.is_signed())
return tb.query_db(query)
def run_query_02():
logging.info("-" * 80)
logging.info("Query start: 0x3300")
q = lambda func, item: (item.op is cot_num and item.numval() == 0x3300)
matches = tb.query_db(q)
if len(matches):
for m in matches:
logging.info("Match: %s" % m)
else:
logging.info("Nothing found")
logging.info("Query end: 0x3300")
logging.info("-" * 80)
return True