def findMetadataCacheInitialize(): def checkTarget(func): #check write to global values' count. hitcount = 0 for xref in func.xrefs_from: segment = idaapi.getseg(xref.to) if idaapi.get_visible_segm_name(segment) == '.bss' and repr( xref.type) == "Data_Write": hitcount += 1 if hitcount >= 8 and hitcount < 12: return 1 return 0 # find addr of "global-metadata.dat" global_metadata = None s = idaapi.string_info_t() for i in range(0, idaapi.get_strlist_qty()): idaapi.get_strlist_item(s, i) if idaapi.get_ascii_contents(s.ea, s.length, s.type) == "global-metadata.dat": global_metadata = s.ea break # xref of "global-metadata.dat" for xref in sark.Line(global_metadata).xrefs_to: if sark.Function.is_function(xref.frm): target_func = sark.Function(xref.frm) if checkTarget(target_func): # print "find MetadataCache::Initialize at", hex(int(target_func.startEA)) idc.set_name(target_func.startEA, "MetadataCache_Initialize", SN_NOWARN | SN_NOCHECK) return else: for txref in target_func.xrefs_to: if sark.Function.is_function(txref.frm): caller = sark.Function(txref.frm) if checkTarget(caller): # print "find MetadataCache::Initialize at", hex(int(caller.startEA)) idc.set_name(caller.startEA, "MetadataCache_Initialize", SN_NOWARN | SN_NOCHECK) return print "can't find MetadataCache_Initialize"
def __init__(self, ea): name = ea + get_member_by_name(self.struc, "name").soff strlen = u.get_strlen(name) if strlen is None: # not a real vtable return self.size = self.size + strlen mangled = get_ascii_contents(name, strlen, 0) if mangled is None: # not a real function name return print "Mangled: " + mangled demangled = demangle_name('??_R0' + mangled[1:], 0) if demangled: do_unknown_range(ea, self.size, DOUNK_DELNAMES) if doStruct(ea, self.size, self.tid): print " Made td at 0x%x: %s" % (ea, demangled) self.class_name = demangled return print " FAIL :(" return
def iterate(cls): '''Iterate through all of the address and strings in the strings list.''' for index in six.moves.range(cls.size()): si = cls.at(index) yield si.ea, idaapi.get_ascii_contents(si.ea, si.length, si.type) return
def get(cls, index): '''Return the address and the string at the specified `index`.''' si = cls.at(index) return si.ea, idaapi.get_ascii_contents(si.ea, si.length, si.type)
def getName(address): op = getOperandText(address).replace("offset ", "") dAddr = LocByName(op) bytesToRead = idc.NextHead(dAddr) - dAddr return idaapi.get_ascii_contents(dAddr, bytesToRead, 0)
def iterate(cls): for index in xrange(cls.size()): si = cls.at(index) yield si.ea, idaapi.get_ascii_contents(si.ea, si.length, si.type) return
def get(cls, index): si = cls.at(index) return si.ea, idaapi.get_ascii_contents(si.ea, si.length, si.type)
def get(cls, index): '''Return the address and the string at the specified `index`.''' si = cls.at(index) res = idaapi.get_ascii_contents(si.ea, si.length, si.type) return si.ea, internal.utils.string.of(res)