Пример #1
0
def struct(name):
    sid = ida_struct.get_struc_id(name)
    if sid == 0xffffffffffffffff:
        return None

    sptr = ida_struct.get_struc(sid)
    size = ida_struct.get_struc_size(sptr)
    _struct = Struct(name, size, {}, last_change=int(time()))
    for mptr in sptr.members:
        mid = mptr.id
        m_name = ida_struct.get_member_name(mid)
        m_off = mptr.soff
        m_type = ida_typeinf.idc_get_type(mptr.id) if mptr.has_ti() else ""
        m_size = ida_struct.get_member_size(mptr)
        _struct.add_struct_member(m_name, m_off, m_type, m_size)

    return _struct
Пример #2
0
 def __call__(self):
     mt = ida_nalt.opinfo_t()
     if ida_bytes.is_struct(self.flag):
         mt.tid = self.extra["id"]
     if ida_bytes.is_off0(self.flag) or ida_bytes.is_off1(self.flag):
         mt.ri = ida_nalt.refinfo_t(
             self.extra["flags"],
             self.extra["base"],
             self.extra["target"],
             self.extra["tdelta"],
         )
     if ida_bytes.is_strlit(self.flag):
         mt.strtype = self.extra["strtype"]
     struc = ida_struct.get_struc_id(self.sname)
     sptr = ida_struct.get_struc(struc)
     ida_struct.set_member_type(sptr, self.soff, self.flag, mt,
                                self.eoff - self.soff)
Пример #3
0
def rename_struct_field_as_func_name(idx, ctx):
    import idc
    import ida_bytes
    obj = ctx.get_memref('stroff')
    print "%x" % obj.ea
    ti = idaapi.opinfo_t()
    f = idc.GetFlags(obj.ea)
    if idaapi.get_opinfo(obj.ea, 0, f, ti):
        print("tid=%08x - %s" % (ti.tid, idaapi.get_struc_name(ti.tid)))
    print "Offset: {}".format(obj.offset)
    import ida_struct
    obj2 = ctx.get_obj('fcn')
    print "%x" % obj2.addr
    name_str = ida_name.get_name(obj2.addr)
    print "Name {}".format(name_str)
    ida_struct.set_member_name(ida_struct.get_struc(ti.tid), obj.offset,
                               name_str)
Пример #4
0
    def create_structs(self):
        self.struct_id = ida_struct.add_struc(BADADDR, self.name)
        self.struct_ptr = ida_struct.get_struc(self.struct_id)
        if self.struct_ptr is None:
            logging.exception("self.struct_ptr is None at %s", self.name)
        previous_parent_offset = 0
        previous_parent_size = 0
        previous_parent_struct_id = BADADDR
        for _, parent_name, parent_offset in self.parents:
            if (
                parent_offset - previous_parent_offset > previous_parent_size
                and previous_parent_struct_id != BADADDR
            ):
                utils.expand_struct(
                    previous_parent_struct_id, parent_offset - previous_parent_offset
                )
            baseclass_id = ida_struct.get_struc_id(parent_name)
            baseclass_size = ida_struct.get_struc_size(baseclass_id)
            if baseclass_id == BADADDR or baseclass_size == 0:
                logging.warning(
                    "bad struct id or size: %s(0x%x:%s) - %s, %d",
                    self.name,
                    parent_offset,
                    parent_name,
                    baseclass_id,
                    baseclass_size,
                )
            member_name = cpp_utils.get_base_member_name(parent_name, parent_offset)
            idc.add_struc_member(
                self.struct_id,
                member_name,
                parent_offset,
                idaapi.FF_STRUCT,
                baseclass_id,
                baseclass_size,
            )
            previous_parent_offset = parent_offset
            previous_parent_size = baseclass_size
            previous_parent_struct_id = baseclass_id

        for _, parent_name, parent_offset in self.parents:
            ida_struct.get_member(
                self.struct_ptr, parent_offset
            ).props |= ida_struct.MF_BASECLASS
Пример #5
0
    def load(infos):
        insn = ida_ua.insn_t()

        for info in infos:
            # Find or create struct.
            struct_id = ida_struct.get_struc_id(info['name'])
            if struct_id == BADADDR:
                print('[IDA-Sync] Creating new struct %s.' % info['name'])
                struct_id = ida_struct.add_struc(info['idx'], info['name'])
            struct = ida_struct.get_struc(struct_id)

            ida_struct.set_struc_idx(struct, info['idx'])

            # Create struct members.
            for member in info['members']:
                ida_struct.add_struc_member(
                    struct,
                    member['name'],
                    member['offset'],
                    # flag
                    0,
                    # opinfo_t instance... maybe it should sometimes be
                    # something?
                    None,
                    member['size'],
                )

            # Create xrefs to members of the struct as offsets.
            for xref in info['xrefs']:
                typ = xref['type']

                # Offset xref.
                if typ == 1:
                    # TODO figure out what second argument does.
                    idc.op_plain_offset(xref['from'], 1, xref['offset'])

                # Read/write xrefs.
                elif typ in [2, 3]:
                    ida_ua.create_insn(xref['from'], insn)
                    idc.op_stroff(insn, 1, struct.id, 0)

                # TODO do the other cases come up?
                else:
                    pass
Пример #6
0
def create_vtable_struct(sptr, name, vtable_offset, parent_name=None):
    log.debug("create_vtable_struct(%s, 0x%X)", name, vtable_offset)
    vtable_details = find_vtable_at_offset(sptr, vtable_offset)
    parent_vtable_member = None
    parent_vtable_struct = None
    parents_chain = None
    if vtable_details is not None:
        log.debug("Found parent vtable %s 0x%X", name, vtable_offset)
        (
            parent_vtable_member,
            parent_vtable_struct,
            parents_chain,
        ) = vtable_details
    else:
        log.debug("Couldn't found parent vtable %s 0x%X", name, vtable_offset)
    if parent_vtable_struct is not None and parent_vtable_member is not None:
        parent_name = ida_struct.get_struc_name(parent_vtable_struct.id)
    vtable_name = get_class_vtable_struct_name(name, vtable_offset)
    if vtable_offset == 0:
        this_type = utils.get_typeinf_ptr(name)
    else:
        this_type = utils.get_typeinf_ptr(parent_name)
    if vtable_name is None:
        log.exception(
            "create_vtable_struct(%s, 0x%X): vtable_name is" " None",
            name,
            vtable_offset,
        )
        return None, this_type
    vtable_id = ida_struct.get_struc_id(vtable_name)
    if vtable_id == BADADDR:
        vtable_id = ida_struct.add_struc(BADADDR, vtable_name, False)
    if vtable_id == BADADDR:
        log.exception("Couldn't create vtable struct %s", vtable_name)
        return None, this_type
    vtable_struct = ida_struct.get_struc(vtable_id)
    assert vtable_struct
    if parents_chain:
        for v_parent_name, offset in parents_chain:
            add_child_vtable(v_parent_name, name, vtable_id, offset)
    else:
        add_class_vtable(sptr, vtable_name, vtable_offset)

    return vtable_struct, this_type
Пример #7
0
 def implement(self):
     id_of_struct = ida_struct.get_struc_id(str(self._id))
     sturct_obj = ida_struct.get_struc(long(id_of_struct))
     flags = 0
     size = 0
     if self._value == "db":
         flags = ida_bytes.FF_BYTE
         size = 1
     elif self._value == "dw":
         flags = ida_bytes.FF_WORD
         size = 2
     elif self._value == "dd":
         flags = ida_bytes.FF_DWORD
         size = 4
     elif self._value == "dq":
         flags = ida_bytes.QWORD
         size = 8
     ida_struct.set_member_type(sturct_obj, int(self._offset), flags,
                                ida_nalt.opinfo_t(), size)
Пример #8
0
    def create_vtable_struct(self, vtable_offset):
        logging.debug("create_vtable_struct(%s, %d)", self.name, vtable_offset)
        vtable_details = cpp_utils.find_vtable_at_offset(self.struct_ptr, vtable_offset)

        parent_vtable_member = None
        parent_vtable_struct = None
        parent_name = None
        parents_chain = None
        if vtable_details is not None:
            logging.debug("Found parent vtable %s %d", self.name, vtable_offset)
            logging.debug("parents vtable chain: {}".format(vtable_details[2]))
            parent_vtable_member, parent_vtable_struct, parents_chain = vtable_details
        else:
            logging.debug(
                "Couldn't found parent vtable %s %d", self.name, vtable_offset
            )
            pass
        if parent_vtable_member is not None:
            parent_name = ida_struct.get_struc_name(parent_vtable_struct.id)
        vtable_name = cpp_utils.get_class_vtable_struct_name(self.name, vtable_offset)
        if vtable_offset == 0:
            this_type = utils.get_typeinf_ptr(self.name)
        else:
            this_type = utils.get_typeinf_ptr(parent_name)
        if vtable_name is None:
            logging.exception(
                "create_vtable_struct(%s, %d): vtable_name is" " None",
                self.name,
                vtable_offset,
            )
        vtable_id = ida_struct.add_struc(BADADDR, vtable_name, False)
        if vtable_id == BADADDR:
            logging.exception("Couldn't create struct %s", vtable_name)
        vtable_struct = ida_struct.get_struc(vtable_id)
        if parents_chain:
            for parent_name, offset in parents_chain:
                cpp_utils.add_child_vtable(parent_name, self.name, vtable_id, offset)
        else:
            cpp_utils.add_class_vtable(self.struct_ptr, vtable_name, vtable_offset)

        return vtable_struct, this_type
Пример #9
0
 def __init__(self, ea):
     name = ea + get_member_by_name(get_struc(self.tid), "name").soff
     strlen = u.get_strlen(name)
     if strlen is None:
         # not a real vtable
         return
     self.size = self.size + strlen
     mangled = get_ascii_contents(name, strlen, 0)
     if mangled is None:
         # not a real function name
         return
     print "Mangled: " + mangled
     demangled = demangle_name('??_R0' + mangled[1:], 0)
     if demangled:
         do_unknown_range(ea, self.size, DOUNK_DELNAMES)
         if doStruct(ea, self.size, self.tid):
             print "  Made td at 0x%x: %s" % (ea, demangled)
             self.class_name = demangled
             return
     print "  FAIL :("
     return
Пример #10
0
    def renamed(self, ea, new_name, local_name):
        # #print("renamed(ea = %x, new_name = %s, local_name = %d)" % (ea, new_name, local_name))
        if ida_struct.is_member_id(ea) or ida_struct.get_struc(
                ea) or ida_enum.get_enum_name(ea):
            return 0

        ida_func = idaapi.get_func(ea)
        # global var renaming
        if ida_func is None:
            size = idaapi.get_item_size(ea)
            self.binsync_state_change(self.controller.push_artifact,
                                      GlobalVariable(ea, new_name, size=size))

        # function name renaming
        elif ida_func.start_ea == ea:
            # grab the name instead from ida
            name = idc.get_func_name(ida_func.start_ea)
            self.binsync_state_change(self.controller.push_artifact,
                                      FunctionHeader(name, ida_func.start_ea))

        return 0
Пример #11
0
    def __process_structs(self):
        structs = []

        st_idx = ida_struct.get_first_struc_idx()
        while st_idx != ida_idaapi.BADADDR:

            st_id = ida_struct.get_struc_by_idx(st_idx)
            st_obj = ida_struct.get_struc(st_id)

            st_name = ida_struct.get_struc_name(st_id)

            structs.append({
                'type': self.__describe_struct_type(st_obj.props),
                'name': st_name,
                'size': int(ida_struct.get_struc_size(st_obj)),
                'members': self.__process_struct_members(st_obj)
            })

            st_idx = ida_struct.get_next_struc_idx(st_idx)

        return structs
Пример #12
0
def StructMembers(sid):
    """
    Get a list of structure members information (or stack vars if given a frame).

    @param sid: ID of the structure.

    @return: List of tuples (offset, name, size)

    @note: If 'sid' does not refer to a valid structure,
           an exception will be raised.
    @note: This will not return 'holes' in structures/stack frames;
           it only returns defined structure members.
    """
    sptr = ida_struct.get_struc(sid)
    if sptr is None:
        raise Exception("No structure with ID: 0x%x" % sid)
    for m in sptr.members:
        name = idc.get_member_name(sid, m.soff)
        if name:
            size = ida_struct.get_member_size(m)
            yield (m.soff, name, size)
Пример #13
0
    def create_structs(self):
        self.struct_id = utils.add_struc_retry(self.name)
        if self.struct_id == BADADDR:
            return False
        self.name = idc.get_struc_name(self.struct_id)
        self.struct_ptr = ida_struct.get_struc(self.struct_id)
        if self.struct_ptr is None:
            log.exception("self.struct_ptr is None at %s", self.name)
        previous_parent_offset = 0
        previous_parent_size = 0
        previous_parent_struct_id = BADADDR
        for parent_name, parent_offset in self.updated_parents:
            if (
                parent_offset - previous_parent_offset > previous_parent_size
                and previous_parent_struct_id != BADADDR
            ):
                utils.expand_struct(
                    previous_parent_struct_id,
                    parent_offset - previous_parent_offset,
                )
            baseclass_id = ida_struct.get_struc_id(parent_name)
            baseclass_size = ida_struct.get_struc_size(baseclass_id)
            if baseclass_id == BADADDR or baseclass_size == 0:
                log.warning(
                    "bad struct id or size: %s(0x%X:%s) - 0x%X, %d",
                    self.name,
                    parent_offset,
                    parent_name,
                    baseclass_id,
                    baseclass_size,
                )

            cpp_utils.add_baseclass(self.name, parent_name, parent_offset)
            previous_parent_offset = parent_offset
            previous_parent_size = baseclass_size
            previous_parent_struct_id = baseclass_id
        if self.updated_parents:
            utils.refresh_struct(self.struct_ptr)

        return True
Пример #14
0
def add_child_vtable(parent_name, child_name, child_vtable_id, offset):
    log.debug(
        "add_child_vtable (%s, %s, %d)",
        parent_name,
        child_name,
        child_vtable_id,
    )
    parent_vtable_member = ida_struct.get_member(utils.get_sptr_by_name(parent_name), offset)
    vtable_member_tinfo = utils.get_member_tinfo(parent_vtable_member)
    parent_vtable_struct = utils.get_sptr_by_name(get_class_vtable_struct_name(parent_name, offset))
    if parent_vtable_struct is None:
        return
    pointed_struct = utils.extract_struct_from_tinfo(vtable_member_tinfo)
    log.debug("pointed_struct: %s", str(pointed_struct))
    if (
        (pointed_struct is None)
        or (not is_struct_vtable(pointed_struct))
        or (parent_vtable_struct.id != pointed_struct.id)
    ):
        parent_vtable_member = None
        log.debug("Not a struct vtable: %s", str(vtable_member_tinfo))

    # TODO: Check that struct is a valid vtable by name
    if not parent_vtable_struct.is_union():
        log.debug("%s vtable isn't union -> unionize it!", parent_name)
        parent_vtable_struct = install_vtables_union(
            parent_name, parent_vtable_member, vtable_member_tinfo, offset
        )

    child_vtable_name = ida_struct.get_struc_name(child_vtable_id)
    child_vtable = utils.get_typeinf(child_vtable_name)
    log.debug("add_to_struct %d %s", parent_vtable_struct.id, str(child_vtable))
    if ida_struct.get_struc_size(child_vtable_id) == 0:
        utils.add_to_struct(ida_struct.get_struc(child_vtable_id), "dummy", None)
    new_member = utils.add_to_struct(
        parent_vtable_struct,
        get_class_vtables_field_name(child_name),
        child_vtable,
    )
    ida_xref.add_dref(new_member.id, child_vtable_id, ida_xref.XREF_USER | ida_xref.dr_O)
Пример #15
0
def import_structures(structures):
    """
    Import structures

    :param structures: Dict containing structure information
    """

    curr_idx = ida_struct.get_last_struc_idx() + 1
    for struct_name, struct_info in structures.items():
        # Create structure
        tid = ida_struct.add_struc(curr_idx, struct_name)

        # Get struct object and add members
        struct = ida_struct.get_struc(tid)
        for member_name, member_info in struct_info['members'].items():
            flag = get_flag_from_type(member_info['type'])
            ida_struct.add_struc_member(
                struct, member_name, member_info['offset'],
                flag, None, member_info['size']
            )

        curr_idx += 1
Пример #16
0
 def view_dblclick(self, viewer, point):
     widget_type = ida_kernwin.get_widget_type(viewer)
     if not (widget_type == 48 or widget_type == 28):
         return
     # Decompiler or Structures window
     func_cand_name = None
     place, x, y = ida_kernwin.get_custom_viewer_place(viewer, False)
     if place.name() == "structplace_t":  # Structure window:
         structplace = ida_kernwin.place_t_as_structplace_t(place)
         if structplace is not None:
             s = ida_struct.get_struc(ida_struct.get_struc_by_idx(structplace.idx))
             if s:
                 member = ida_struct.get_member(s, structplace.offset)
                 if member:
                     func_cand_name = ida_struct.get_member_name(member.id)
     if func_cand_name is None:
         line = utils.get_curline_striped_from_viewer(viewer)
         func_cand_name = cpp_utils.find_valid_cppname_in_line(line, x)
     if func_cand_name is not None:
         func_cand_ea = ida_name.get_name_ea(BADADDR, func_cand_name)
         if func_cand_ea is not None and utils.is_func_start(func_cand_ea):
             idc.jumpto(func_cand_ea)
Пример #17
0
 def implement(self):
     id_of_struct = ida_struct.get_struc_id(self._id)
     sturct_obj = ida_struct.get_struc(long(id_of_struct))
     val_type = ""
     size = 0
     if self._variable_type == "db":
         val_type = ida_bytes.FF_BYTE
         size = 1
     elif self._variable_type == "dw":
         val_type = ida_bytes.FF_WORD
         size = 2
     elif self._variable_type == "dd":
         val_type = ida_bytes.FF_DWORD
         size = 4
     elif self._variable_type == "dq":
         val_type = ida_bytes.FF_QWORD
         size = 8
     else:
         val_type = ida_bytes.FF_STRUCT
         size = 0
     ida_struct.add_struc_member(sturct_obj, self._value, int(self._offset),
                                 val_type, None, size)
Пример #18
0
    def renamed(self, ea, new_name, local_name):
        print("renamed(ea = %x, new_name = %s, local_name = %d)" %
              (ea, new_name, local_name))
        if ida_struct.is_member_id(ea) or ida_struct.get_struc(
                ea) or ida_enum.get_enum_name(ea):
            # Drop hook to avoid duplicate since already handled by the following hooks:
            # - renaming_struc_member() -> sends 'StrucMemberRenamedEvent'
            # - renaming_struc() -> sends 'StrucRenamedEvent'
            # - renaming_enum() -> sends 'EnumRenamedEvent'
            return 0

        # confirm we are renaming a function
        ida_func = idaapi.get_func(ea)
        if ida_func is None:
            return 0

        # grab the name instead from ida
        name = idc.get_func_name(ida_func.start_ea)
        self.controller.make_controller_cmd(self.controller.push_function_name,
                                            ida_func.start_ea, name)

        return 0
Пример #19
0
def set_ida_struct_member_types(struct: Struct, controller) -> bool:
    # find the specific struct
    sid = ida_struct.get_struc_id(struct.name)
    sptr = ida_struct.get_struc(sid)
    data_changed = False

    for idx, member in enumerate(struct.struct_members.values()):
        # set the new member type if it has one
        if member.type == "":
            continue

        # assure its convertible
        tif = convert_type_str_to_ida_type(member.type)
        if tif is None:
            continue

        # set the type
        mptr = sptr.get_member(idx)
        was_set = ida_struct.set_member_tinfo(sptr, mptr, 0, tif, mptr.flag)
        data_changed |= was_set == 1

    return data_changed
Пример #20
0
    def renamed(self, ea, new_name, local_name):
        if CONFIGURATION[DEBUG]:
            print 'DEBUG - Hooks - IDBHook.renamed(ea = 0x%x, new_name = %s, local_name = %r)' % (
                ea, new_name, local_name)

        if ida_struct.is_member_id(ea) or ida_struct.get_struc(ea):
            # Change is either a built-in struct of a frame pointer, or some address
            # starting with 0xFF00 that happens to be a member address.

            print 'INFO - Hooks - IDBHook.Renamed - Skipping a possible stack variable/built-in struct change'
            return idaapi.IDB_Hooks.renamed(self, ea, new_name, local_name)

        if (g_hooks_enabled and (new_name is not None) and (len(new_name) > 0)
                and (not psida_common.is_default_name(new_name))):
            name_update = idb_push_ops.NameUpdate(
                update_type=idb_push_ops.UpdateTypes.Name,
                address=ea,
                data=new_name,
                is_local=local_name)
            send_push_update(name_update)

        return idaapi.IDB_Hooks.renamed(self, ea, new_name, local_name)
Пример #21
0
class RTTIBaseClassDescriptor(RTTIStruc):
    msid = get_struc_id("RTTIBaseClassDescriptor")
    if msid != BADADDR:
        del_struc(get_struc(msid))
    msid = add_struc(0xFFFFFFFF, "RTTIBaseClassDescriptor", False)
    add_struc_member(get_struc(msid), "pTypeDescriptor", BADADDR,
                     FF_DATA | FF_DWRD | FF_0OFF, u.mt_rva(), 4)
    add_struc_member(get_struc(msid), "numContainerBases", BADADDR,
                     FF_DWRD | FF_DATA, None, 4)
    add_struc_member(get_struc(msid), "PMD", BADADDR,
                     FF_DATA | FF_DWRD | FF_0OFF, u.mt_rva(), 4)
    add_struc_member(get_struc(msid), "attributes", BADADDR, FF_DWRD | FF_DATA,
                     None, 4)
    tid = msid
    struc = get_struc(tid)
    size = get_struc_size(tid)
    print "Completed Registering RTTIBaseClassDescriptor"
Пример #22
0
 def __call__(self):
     mt = ida_nalt.opinfo_t()
     if ida_bytes.is_struct(self.flag):
         mt.tid = self.extra["id"]
     if ida_bytes.is_off0(self.flag) or ida_bytes.is_off1(self.flag):
         mt.ri = ida_nalt.refinfo_t(
             self.extra["flags"],
             self.extra["base"],
             self.extra["target"],
             self.extra["tdelta"],
         )
     if ida_bytes.is_strlit(self.flag):
         mt.strtype = self.extra["strtype"]
     struc = ida_struct.get_struc_id(Event.encode(self.sname))
     sptr = ida_struct.get_struc(struc)
     ida_struct.add_struc_member(
         sptr,
         Event.encode(self.fieldname),
         self.offset,
         self.flag,
         mt,
         self.nbytes,
     )
Пример #23
0
    def dump():
        ret = []

        for struct_idx, struct_id, struct_name in idautils.Structs():
            struct = ida_struct.get_struc(struct_id)

            members = [{
                'offset': offset,
                'name': name,
                'size': size
            } for offset, name, size in idautils.StructMembers(struct_id)]

            # Find all xrefs to any members of this struct.
            xrefs = []
            for offset, name, size in idautils.StructMembers(struct_id):
                member = ida_struct.get_member_by_name(struct, name)
                for xref in idautils.XrefsTo(member.id):
                    d = {
                        'from': xref.frm,
                        'type': xref.type,
                    }

                    # Get offset base if it's an offset xref.
                    if xref.type == 1:
                        d['offset'] = ida_offset.get_offbase(xref.frm, 1)

                    xrefs.append(d)

            ret.append({
                'idx': struct_idx,
                'name': struct_name,
                'members': members,
                'xrefs': xrefs,
            })

        return ret
Пример #24
0
class RTTIClassHierarchyDescriptor(RTTIStruc):
    bases = None

    msid = get_struc_id("RTTIClassHierarchyDescriptor")
    if msid != BADADDR:
        del_struc(get_struc(msid))
    msid = add_struc(0xFFFFFFFF, "RTTIClassHierarchyDescriptor", False)
    add_struc_member(get_struc(msid), "signature", BADADDR, FF_DWRD | FF_DATA,
                     None, 4)
    add_struc_member(get_struc(msid), "attribute", BADADDR, FF_DWRD | FF_DATA,
                     None, 4)
    add_struc_member(get_struc(msid), "numBaseClasses", BADADDR,
                     FF_DWRD | FF_DATA, None, 4)
    add_struc_member(get_struc(msid), "pBaseClassArray", BADADDR,
                     FF_DATA | FF_DWRD | FF_0OFF, u.mt_rva(), 4)
    tid = msid
    struc = get_struc(tid)
    print "Completed Registering RTTIClassHierarchyDescriptor"

    def __init__(self, ea):
        print "Processing Class Hierarchy Descriptor at 0x%x" % ea
        do_unknown_range(ea, get_struc_size(self.tid), DOUNK_DELNAMES)
        if doStruct(ea, get_struc_size(self.tid), self.tid):
            baseClasses = get_32bit(
                ea + get_member_by_name(get_struc(
                    self.tid), "pBaseClassArray").soff) + u.x64_imagebase()
            nb_classes = get_32bit(
                ea +
                get_member_by_name(get_struc(self.tid), "numBaseClasses").soff)
            print "Baseclasses array at 0x%x" % baseClasses
            # Skip the first base class as it is itself (could check)
            self.bases = []
            for i in range(1, nb_classes):
                baseClass = get_32bit(baseClasses + i * 4) + u.x64_imagebase()
                print "base class 0x%x" % baseClass
                doDwrd(baseClasses + i * 4, 4)
                op_offset(baseClasses + i * 4, -1, u.REF_OFF | REFINFO_RVA, -1,
                          0, 0)
                doStruct(baseClass, RTTIBaseClassDescriptor.size,
                         RTTIBaseClassDescriptor.tid)
                typeDescriptor = get_32bit(baseClass) + u.x64_imagebase()
                self.bases.append(
                    RTTITypeDescriptor(typeDescriptor).class_name)
Пример #25
0
    def _validate_ida_type(self):
        # type ID
        if self.tid is None or self.tid is BADADDR:
            self.log.warn("validate_ida_type: tid=%s is invalid",
                          str(self.tid))
            return False

        # struc_t pointer
        ida_sptr = ida_struct.get_struc(self.tid)
        if ida_sptr.id != self.sptr.id:
            self.log.warn(
                "validate_ida_type: sptr.id mismatch. Got %s but expected %s",
                str(ida_sptr.id), str(self.sptr.id))
            return False

        # Size
        ida_size = ida_struct.get_struc_size(ida_sptr)
        if ida_size != self.size:
            self.log.warn(
                "validate_ida_type: size mismatch. Got %s but expected %s",
                str(ida_size), str(self.size))
            return False

        # members
        count = 0
        ida_memb = self.sptr.members  # first member
        while True:
            found = False
            ida_name = ida_struct.get_member_name(ida_memb.id)

            for memb in self.members_array:
                if memb.name != ida_name:
                    continue

                found = True

                memb._set_mptr(ida_memb)
                if not memb._validate_ida_type():
                    self.log.warn(
                        "validate_ida_type: field '%s' failed validation",
                        memb.name)
                    return False

            if not found:
                self.log.warn(
                    "validate_ida_type: found unexpected member '%s'",
                    str(ida_name))
                return False

            count += 1

            next_idx = ida_struct.get_next_member_idx(
                self.sptr, ida_memb.soff)  # next member index
            if next_idx == -1:
                break

            ida_memb = self.sptr.get_member(next_idx)  # next member

        # member count
        if count != len(self.members_array):
            self.log.warn(
                "validate_ida_type: incorrect number of members. Got %d, expected %d",
                count, len(self.members_array))
            return False

        self.log.debug("validate_ida_type: found match for '%s'",
                       self.hierarchy)
        return True
Пример #26
0
 def _get_sptr(self):
     self.sptr = ida_struct.get_struc(self.tid)
     if self.sptr is None or self.sptr == BADADDR:
         raise RuntimeError("Could not obtain '{}' sptr (tid={})".format(
             self.name, self.tid))
Пример #27
0
 def __call__(self):
     struc = ida_struct.get_struc_id(Event.encode(self.sname))
     sptr = ida_struct.get_struc(struc)
     ida_struct.expand_struc(sptr, self.offset, self.delta)
Пример #28
0
 def __call__(self):
     struc = ida_struct.get_struc_id(Event.encode(self.sname))
     sptr = ida_struct.get_struc(struc)
     ida_struct.set_member_name(sptr, self.offset,
                                Event.encode(self.newname))
Пример #29
0
 def __call__(self):
     struc = ida_struct.get_struc_id(Event.encode(self.sname))
     sptr = ida_struct.get_struc(struc)
     ida_struct.del_struc_member(sptr, self.offset)
Пример #30
0
 def __call__(self):
     struc = ida_struct.get_struc_id(self.sname)
     ida_struct.del_struc(ida_struct.get_struc(struc))