Python is_function_start примеры использования

Пример #1

def jtool2_information():
    print("[-] Other method information construction")
    fd = open(kernelcache_path)
    data = fd.readlines()
    fd.close()

    for line in data:
        t = line[:-1].strip()
        addr = int(t.split("|")[0], 0)
        sym = t.split("|")[1]

        segName = idc.get_segm_name(addr)
        if segName != "__TEXT_EXEC:__text" or "." in sym:
            if "__DATA" in segName:
                idaapi.set_name(addr, sym, idaapi.SN_FORCE)
            continue

        if not idau.is_function_start(addr):
            print("[jtool2] Current '{}'' - [{}] is not defined as function".
                  format(sym, hex(addr)))
            if not idau.force_function(addr):
                print("[jtool2] Can't convert '{}' - [{}] to function".format(
                    sym, hex(addr)))
                continue

        curSym = idc.get_func_name(addr)
        if "sub_" in curSym:
            idaapi.set_name(addr, sym, idaapi.SN_FORCE)

    print("[-] Done")

Пример #2

 def virtual_methods():
     for classinfo in classes.class_info.values():
         for _, vmethod, _ in vtable.class_vtable_overrides(classinfo, new=True, methods=True):
             if not idau.is_function_start(vmethod):
                 _log(3, 'Non-function virtual method {:#x} in class {}', vmethod,
                         classinfo.classname)
                 continue
             yield vmethod, classinfo.classname, idautils.procregs.X0.reg

Пример #3

def iometa_information():
    print("[-] UserClient Method construction")
    fd = open(iometa_path)
    data = fd.readlines()
    fd.close()

    # Current
    className = ""

    for line in data:
        t = line[:-1].strip()
        if "vtab" in t and "meta" in t:
            className = t.split(" ")[5]
            #print(className)
            continue

        #offset = int(t.split(" ")[0])
        addr = int(t.split(" ")[1][5:], 0)
        sym = idc.get_func_name(addr)
        name = t.split(" ")[4].split("(")[0]

        if not idau.is_function_start(addr):
            print("[iometa] Current '{}'' - [{}] is not defined as function".
                  format(name, hex(addr)))
            if not idau.force_function(addr):
                print("[iometa] Can't convert '{}' - [{}] to function".format(
                    name, hex(addr)))

        if "sub_" in sym:
            idaapi.set_name(addr, name, idaapi.SN_FORCE)

        if "externalMethod" in name:
            sid = ida_struct.get_struc_id(className)

            if sid == 0xffffffffffffffff and className != "IOUserClient":
                print("[iometa] can't resolve class {}, create one".format(
                    className))
                construct_class(className)

            tu = (
                '\x0c0=\tIOReturn\x07\xffA\n=\rIOUserClient=\tuint32_t\n=\x1aIOExternalMethodArguments\n=\x19IOExternalMethodDispatch\n=\tOSObject\n\x01',
                '\x05this\tselector\narguments\tdispatch\x07target\nreference')
            if not idc.apply_type(addr, tu):
                print(
                    "[iometa] externalMethod type propagation failure '{}' - [{}]"
                    .format(name, hex(addr)))

    print("[-] Done")

Пример #4

def _propagate_virtual_method_type_for_method(classinfo, class_vindex, vmethod):
    """Propagate the type of a class's virtual method to the vtable struct."""
    if not idau.is_function_start(vmethod):
        _log(2, 'Not a function start: {:x}', vmethod)
        return False
    vmethod_type = idc.GuessType(vmethod)
    if not vmethod_type:
        _log(2, 'No guessed type: {:x}', vmethod)
        return False
    vmethod_ptr_type = symbol.convert_function_type_to_function_pointer_type(vmethod_type)
    if not vmethod_ptr_type:
        _log(2, 'Could not convert to function pointer type: {:x}', vmethod)
        return False
    vmethods_sid = idau.struct_open(classinfo.classname + '::vmethods')
    vmethod_offset = class_vindex * idau.WORD_SIZE
    vmethod_mid = idc.GetMemberId(vmethods_sid, vmethod_offset)
    if not bool(idc.SetType(vmethod_mid, vmethod_ptr_type)):
        _log(2, 'Could not set vmethod field type: {:x}, {}, {}', vmethod, classinfo.classname,
                class_vindex)
        return False
    return True