def get_node_name(self, ea): name = idc.Name(ea) if not name: name = idc.GetFuncOffset(ea) if not name: name = "0x%X" % ea return name
def _name(self, ea): name = idc.Name(ea) if not name: name = idc.GetFuncOffset(ea) if not name: name = '0x%X' % ea return name
def get_name(addr): ''' trys to get the named value by function and offset other wise return %segment%:addr ''' name = idc.GetFuncOffset(addr) if not name is None: return name
def get_name_by_ea(self, ea): ''' Get the name of the specified address. @ea - Address. Returns a name for the address, one of idc.Name, idc.GetFuncOffset or 0xXXXXXXXX. ''' name = idc.Name(ea) if not name: name = idc.GetFuncOffset(ea) if not name: name = "0x%X" % ea return name
def get_name_by_ea(ea): """ Get the name of the specified address. @ea - Address. Returns a name for the address, one of idc.Name, idc.GetFuncOffset or 0xXXXXXXXX. """ name = idc.Name(ea) if not name: name = idc.GetFuncOffset(ea) if not name: name = '0x%X' % ea return name
def add_auto_comment(self, ea, text): if ea is not None: prefix = "" if idaapi.get_struc(ea) is not None: if idc.GetStrucIdx(ea) == idc.BADADDR: prefix = "stackframe '%s'" % idc.GetFunctionName( idaapi.get_func_by_frame(ea)) else: prefix = "structure '%s'" % idc.GetStrucName(ea) elif idc.GetEnumIdx(ea) != idc.BADADDR: prefix = "enum '%s'" % idc.GetEnumName(ea) else: foffset = idc.GetFuncOffset(ea) if foffset is None: prefix = yatools.ea_to_hex(ea) else: prefix = "%s,%s" % (yatools.ea_to_hex(ea), foffset) self.auto_comments.add((prefix, text)) else: self.auto_comments.add(("", text))
def get_area_name(self, ea, val_type): name = None if val_type == T_CODE: fcn_name = idc.GetFuncOffset(ea) if fcn_name: name = fcn_name else: symbol_name = idaapi.get_name(ea) if symbol_name: name = symbol_name else: symbol_name = idaapi.get_name(ea) if symbol_name: name = symbol_name seg_name = idc.SegName(ea) if seg_name is not None: if name: name = "%s ! %s" % (seg_name, name) else: name = seg_name return name
def _profile_function(self): current_ea = idc.ScreenEA() current_function = idc.GetFunctionName(current_ea) current_function_ea = idc.LocByName(current_function) if current_function: self.function = current_function ea = start_ea = idc.GetFunctionAttr(current_function_ea, idc.FUNCATTR_START) end_ea = idc.GetFunctionAttr(current_function_ea, idc.FUNCATTR_END) self.highlighted = idaapi.get_highlighted_identifier() while ea < end_ea and ea != idc.BADADDR and self.highlighted: i = 0 match = False optype = self.READ comment = None idaapi.decode_insn(ea) mnem = idc.GetMnem(ea) if self.highlighted in mnem: match = True elif idaapi.is_call_insn(ea): for xref in idautils.XrefsFrom(ea): if xref.type != 21: name = idc.Name(xref.to) if name and self.highlighted in name: match = True break else: while True: opnd = idc.GetOpnd(ea, i) if opnd: if self.highlighted in opnd: try: canon_feature = idaapi.insn_t_get_canon_feature( idaapi.cmd.ityp) except AttributeError: insn_t = idaapi.insn_t() canon_feature = insn_t.get_canon_feature() match = True if canon_feature & self.OPND_WRITE_FLAGS[i]: optype = self.WRITE i += 1 else: break if not match: comment = idc.GetCommentEx(ea, 0) if comment and self.highlighted in comment: match = True else: comment = idc.GetCommentEx(ea, 1) if comment and self.highlighted in comment: match = True else: comment = None if match: if ea > current_ea: direction = self.DOWN elif ea < current_ea: direction = self.UP else: direction = self.THIS self.xrefs[ea] = { 'offset': idc.GetFuncOffset(ea), 'mnem': mnem, 'type': optype, 'direction': direction, 'text': idc.GetDisasm(ea), } ea += idaapi.cmd.size
def get_name(addr): ''' trys to get the named value by function and offset other wise return %segment%:addr ''' name = idc.GetFuncOffset(addr) if not name is None: return name name = idc.SegName(name) if not name is None: return name+"%08x"%addr return idc.BADADDR get_import_flow_information = lambda x: [ '%s ==> %s'%(idc.GetFuncOffset(xref.frm), idc.Name(xref.to), ) for xref in idautils.XrefsTo(LocByName(x)) if xref.iscode] get_name_flow_info = lambda x: [ '0x%08x ==> 0x%08x # %s ==> %s '%(xref.frm, xref.to, get_name(xref.frm), idc.Name(xref.to) ) for xref in idautils.XrefsTo(idc.LocByName(x)) if xref.iscode] get_addr_flow_info = lambda x: [ '0x%08x ==> 0x%08x # %s ==> %s '%(xref.frm, xref.to, get_name(xref.frm), idc.Name(xref.to) ) for xref in idautils.XrefsTo(x) if xref.iscode] idx = 0 def get_flow_to_name(name): global idx mflow_addrs = [] mflow_names = [] print "In call %x Name: %s"%(idx,name) idx+=1 for flow in get_name_flow_info(name): print flow a2a = get_addr_to_addr(flow) n2n = get_name_to_name(flow) src = a2a.split()[0].strip() # arrows at 1
def display(self, message): print "%-25s %s" % (idc.GetFuncOffset(self.idasim.cpu.ReturnAddress()), message)
import idaapi import sys import idautils hilight_color = 0x009900 prolog_sequence = "55 89 e5" ea = idc.ScreenEA() addr = idc.SegStart(ea) print "[!] Analyzing from %#x" % addr while True: res = idc.FindBinary(addr, idaapi.BIN_SEARCH_FORWARD, prolog_sequence, 16) if res == idaapi.BADADDR: break func = idc.GetFuncOffset(res) if func is not None: print "[*] %#x already matching function %s" % (res, func) else: print "[+] Matching at %#x" % res idc.Jump(res) col = idc.GetColor(res, idc.CIC_ITEM) idc.SetColor(res, idc.CIC_ITEM, hilight_color) idc.SetColor(res + 1, idc.CIC_ITEM, hilight_color) ret = idc.AskYN(0, "Would you like to create a function at %#x ?" % res) if ret == 1: idc.MakeFunction(res) print "[+] Creating function at %#x" % res