Пример #1
0
 def items(self, start=0, stop=None):
     if stop is None:
         stop = find_func_end(self.__start)
     for item_ea in dropwhile(lambda x: x < start, FuncItems(self.__start)):
         if item_ea >= stop:
             break
         yield Instruction(item_ea)
Пример #2
0
 def disasm_func(cls, fn):
     rv = list()
     items = list(FuncItems(fn.startEA))
     for item_ea in items:
         obj = {'ea': item_ea, 'fn_ea': fn.startEA, 'dis': None}
         if idaapi.decode_insn(item_ea) > 0:
             obj['dis'] = idaapi.cmd.copy()
         rv.append(obj)
     return rv
Пример #3
0
 def disasm_func(cls, fn):
     rv = list()
     items = list(FuncItems(fn.startEA))
     for item_ea in items:
         obj = {'ea': item_ea, 'fn_ea': fn.startEA, 'dis': None}
         insn = decode_insn(item_ea)
         if insn is not None:
             obj['dis'] = insn
         rv.append(obj)
     return rv
Пример #4
0
    def _get_xref_from_calls(self, ea):
        """Return a generator to iterate over all function address that are
        called in the given function address.

        :param int ea: Start address of the function.
        """
        # Code has been taken from here: https://github.com/darx0r/Reef
        for item in FuncItems(ea):
            for ref in XrefsFrom(item):
                if ref.type not in CALL_JUMP_FLAGS:
                    continue

                if ref.to in FuncItems(ea):
                    continue

                # call loc_<label name> and other stuff we don't want
                if ref.to not in self.database.functions:
                    continue

                yield ref.to
Пример #5
0
    def _preprocess_api_wrappers(self, fnqty):
        rv = defaultdict(dict)

        for i in xrange(fnqty):
            fn = idaapi.getn_func(i)
            items = list(FuncItems(self.start_ea_of(fn)))
            if len(items) not in (1, 2):
                continue

            dis0 = decode_insn(items[0])
            if dis0 is None:
                continue
            addr = self._check_is_jmp_wrapper(dis0)

            if not addr and len(items) > 1:
                dis1 = decode_insn(items[1])
                if dis1 is not None:
                    addr = self._check_is_push_retn_wrapper(dis0, dis1)

            if not addr:
                continue

            name = idaapi.get_ea_name(addr)
            name = name.replace(idaapi.FUNC_IMPORT_PREFIX, '')
            if not name:
                continue

            imp_stripped_name = name.lstrip('_')

            for tag, names in TAGS.items():
                for tag_api in names:
                    if tag in STRICT_TAG_NAME_CHECKING:
                        match = tag_api in (name, imp_stripped_name)
                    else:
                        match = tag_api in name
                    if not match:
                        continue

                    refs = list(CodeRefsTo(self.start_ea_of(fn), 1))

                    for ref in refs:
                        ref_fn = idaapi.get_func(ref)
                        if not ref_fn:
                            # idaapi.msg('AutoRE: there is no func for ref: %08x for api: %s' % (ref, name))
                            continue
                        if tag not in rv[self.start_ea_of(ref_fn)]:
                            rv[self.start_ea_of(ref_fn)][tag] = list()
                        if name not in rv[self.start_ea_of(ref_fn)][tag]:
                            rv[self.start_ea_of(ref_fn)][tag].append(name)
        return dict(rv)