def _process_possible_stub(stub, make_thunk, next_stub): """Try to process a stub function.""" # First, make sure this is a stub format we recognize. target = stub_target(stub) if not target: _log(0, 'Unrecognized stub format at {:#x}', stub) return False # Next, check if IDA sees this as a function chunk rather than a function, and correct it if # reasonable. if not idau.force_function(stub): _log(1, 'Could not convert stub to function at {:#x}', stub) return False # Next, set the appropriate flags on the stub. Make the stub a thunk if that was requested. flags = idc.GetFunctionFlags(stub) if flags == -1: _log(1, 'Could not get function flags for stub at {:#x}', stub) return False target_flags = idc.GetFunctionFlags(target) if target_flags != -1 and target_flags & idc.FUNC_NORET: flags |= idc.FUNC_NORET if make_thunk: flags |= idc.FUNC_THUNK if idc.SetFunctionFlags(stub, flags | idc.FUNC_THUNK) == 0: _log(1, 'Could not set function flags for stub at {:#x}', stub) return False # Next, ensure that IDA sees the target as a function, but continue anyway if that fails. if not idau.force_function(target): _log(1, 'Stub {:#x} has target {:#x} that is not a function', stub, target) # Finally symbolicate the stub. if not _symbolicate_stub(stub, target, next_stub): return False return True
def cb_imp(self, imp, func, nid): name = self.func_get_name("imp", imp.library_name, nid) make_func(func, name) idc.SetFunctionFlags(func, idc.GetFunctionFlags(func) | idaapi.FUNC_THUNK | idaapi.FUNC_LIB) self.apply_proto(func, nid) self.add_nid_cmt(func, "[Import LIB: 0x{:08X} ({}), NID: 0x{:08X}]".format(imp.library_nid, imp.library_name, nid))
def yatest_function_flags(self): addrs = [] for i, k in enumerate(flag_types): addr = yaunit.get_next_function() flags = idc.GetFunctionFlags(addr) self.assertNotEqual(flags, -1) self.assertEqual(idc.SetFunctionFlags(addr, flags | k), 1) addrs.append(addr) yaunit.save('function_flags', addrs)
def make_function(self, object_version, address): # # call the architecture dependent plugin ########### # self.arch_plugin.make_function_prehook(object_version, address) flags = object_version.get_object_flags() size = object_version.get_size() # create function if not already exist current_flags = idc.GetFlags(address) # if ea is func func = idaapi.get_func(address) if not idaapi.isFunc(current_flags) or (func is not None and (func.startEA != address)): logger.debug( "MakeFunction at 0x%08X : flags=0x%08X, current_flags=0x%08X" % (address, flags, current_flags)) if func is not None: logger.debug( " " "func.startEA[0x%08X]!=address func.endEA[0x%08X]!=(address+size[0x%08X]) " % (func.startEA, func.endEA, size)) if not idc.MakeFunction(address): if not idc.isLoaded(address): logger.error( "Failed at idc.MakeFunction at 0x%08X : data not loaded" % address) else: logger.error("Failed at idc.MakeFunction at 0x%08X" % address) self.clear_function(object_version, address) if not idc.MakeFunction(address): logger.error("Failed at idc.MakeFunction at 0x%08X" % address) # idc.MakeUnknown(address, size, DOUNK_SIMPLE) if idc.AnalyzeArea(address, address + 1) != 1: logger.error("[0x%08X] idc.AnalyzeArea failed" % address) # if(idc.AnalyzeArea(address, address+size) != 1): # logger.error("[0x%08X] idc.AnalyzeArea failed" % address) # if(address == 0x0000000000411558): # raise Exception() if flags is not None: idc.SetFunctionFlags(address, flags) self.set_type(object_version, address) # # call the architecture dependent plugin ########### # self.arch_plugin.make_function_posthook(object_version, address)
def make_islands_xrefs_force_bl_call(ea, verbose=True): """ makes all BL references to a branch islands as call """ segname = idc.SegName(ea) if verbose: print "[+] forcing bl call on: %s [0x%X]" % (segname, ea) if "branch_islands" in segname: idc.SetFunctionFlags(ea, idc.GetFunctionFlags(ea) & (0xffffffff - 1)) for x in idautils.XrefsTo(ea): make_islands_xrefs_force_bl_call(x.frm) return idc.ArmForceBLCall(ea)
def rename(self, ea, name): # Don't rely on the name in curfunc, as it could have already been renamed curname = idc.Name(ea) # Don't rename if the name is a special identifier, or if the ea has already been named # TODO: What's a better way to check for reserved name prefixes? if curname.startswith('sub_') and name.split('_')[0] not in set(['sub', 'loc', 'unk', 'dword', 'word', 'byte']): # Don't rename if the name already exists in the IDB if idc.LocByName(name) == idc.BADADDR: if idc.MakeName(ea, name): idc.SetFunctionFlags(ea, (idc.GetFunctionFlags(ea) | idc.FUNC_LIB)) #print "%s => %s" % (curname, name) return 1 #else: # print "WARNING: Attempted to rename '%s' => '%s', but '%s' already exists!" % (curname, name, name) return 0
def cb_noret(self, _, func, nid): if nid in NORETURN_NIDS: make_func(func, None) idc.SetFunctionFlags( func, idc.GetFunctionFlags(func) | idaapi.FUNC_NORET)
def SetFuncFlags(ea): func_flags = idc.GetFunctionFlags(ea) func_flags |= 0x84 # FUNC_THUNK|FUNC_LIB idc.SetFunctionFlags(ea, func_flags)
def make_fn_non_library_fn(fn): ea = idc.LocByName(fn) idc.SetFunctionFlags(ea, idc.GetFunctionFlags(ea) & ~(idc.FUNC_LIB))
def setFunctionFlags(ea, flags): return False if warnBad(ea) else idc.SetFunctionFlags(ea, flags) != 0