def getImportTableData(self): """ Update rt_import_table with current import table data. """ def imp_cb(ea, name, ord): """ Import enumeration callback function. used by idaapi.enum_import_names . """ tmpImports.append([self.current_module_name, ea, name, ord]) return True tmpImports = [ ] # Contains static import table data (w\o real function addresses) imp_num = idaapi.get_import_module_qty() # Number of imported modules for i in xrange(0, imp_num): self.current_module_name = idaapi.get_import_module_name(i).lower() idaapi.enum_import_names(i, imp_cb) # Get runtime function addresses and store in self.rt_import_table if not idaapi.is_debugger_on(): raise RuntimeError("Debugger is not currently active.") for module_name, ea, name, ord in tmpImports: func_real_adrs = get_adrs_mem(ea) self.rt_import_table[func_real_adrs] = (module_name, ea, name, ord)
def getRawValue(self): """ Retrieve the native size raw value stored at the argument`s memory address @rtype : Returns the raw value at the given location or False if value was not retrieved. """ try: # If memory value read native size bytes from ea if self.storetype == MEM_VAL: return get_adrs_mem(self.loc) # native_size = self.instParser.get_native_size() # # if native_size is 16: # return DbgWord(self.loc) # if native_size is 32: # return DbgDword(self.loc) # if native_size is 64: # return DbgQword(self.loc) # If register value, read register`s value if self.storetype == REG_VAL: return GetRegValue(self.loc) self.logger.error("Internal Error - storetype %d not supported.", self.storetype) return False except: raise RuntimeError("Failed to retrieve raw value for arg %s", self.typeName()) return False
def getImportTableData(self): """ Update rt_import_table with current import table data. """ def imp_cb(ea, name, ord): """ Import enumeration callback function. used by idaapi.enum_import_names . """ tmpImports.append([self.current_module_name, ea, name, ord]) return True tmpImports = [] # Contains static import table data (w\o real function addresses) imp_num = idaapi.get_import_module_qty() # Number of imported modules for i in xrange(0, imp_num): self.current_module_name = idaapi.get_import_module_name(i).lower() idaapi.enum_import_names(i, imp_cb) # Get runtime function addresses and store in self.rt_import_table if not idaapi.is_debugger_on(): raise RuntimeError("Debugger is not currently active.") for module_name, ea, name, ord in tmpImports: func_real_adrs = get_adrs_mem(ea) self.rt_import_table[func_real_adrs] = (module_name, ea, name, ord)
def getRawValue(self): """ Retrieve the native size raw value stored at the argument`s memory address @rtype : Returns the raw value at the given location or False if value was not retrieved. """ try: # If memory value read native size bytes from ea if self.storetype == MEM_VAL: return get_adrs_mem(self.loc) # If register value, read register`s value if self.storetype == REG_VAL: return GetRegValue(self.loc) self.logger.error("Internal Error - storetype %d not supported.", self.storetype) return False except: raise RuntimeError("Failed to retrieve raw value for arg %s", self.typeName()) return False