def yatest_reference_views(self):
addr = yaunit.get_next_function()
f = idaapi.get_flags_novalue(addr)
while not idaapi.isNum1(f) and not idaapi.isOff(f, 1):
addr += idc.ItemSize(addr)
f = idaapi.get_flags_novalue(addr)
self.assertTrue(idaapi.set_offset(addr, self.operand, self.reference_addr))
yaunit.save('reference_view_addr', addr)
def yatest_reference_views(self):
eas = []
for (operand, is_num, reference) in tests:
ea = yaunit.get_next_function()
f = idaapi.get_flags_novalue(ea)
while not is_num(f) and not idaapi.isOff(f, operand):
ea += idc.ItemSize(ea)
f = idaapi.get_flags_novalue(ea)
self.assertTrue(idaapi.set_offset(ea, operand, reference))
eas.append(ea)
yaunit.save('reference_views', eas)
def get_ea():
while True:
ea = yaunit.get_next_function()
for eai in idautils.FuncItems(ea):
flags = idaapi.get_flags_novalue(eai)
if idaapi.isNum1(flags) and not idaapi.isEnum(flags, 1):
return eai
def yacheck_apply_struct(self):
addrs = yaunit.load('apply_struct')
for k in range(-1, 4):
# retrieve struct id
addr = addrs[k + 1]
sid = idc.GetStrucIdByName('apply_struct_%x' % (k + 1))
self.assertNotEqual(sid, idaapi.BADADDR)
# begin to check if something is applied
flags = idaapi.get_flags_novalue(addr)
self.assertTrue(idaapi.isStroff(flags, 1))
ti = idaapi.opinfo_t()
flags = idc.GetFlags(addr)
self.assertTrue(idaapi.get_opinfo(addr, 1, flags, ti))
# apply struct only
if k == -1:
# check struct is applied
self.assertEqual(ti.path.ids[0], sid)
continue
# check union is selected & applied at target address
uid = idc.GetStrucIdByName('apply_union_%x' % (k + 1))
self.assertNotEqual(uid, idaapi.BADADDR)
fid = idc.GetMemberId(uid, k)
self.assertNotEqual(fid, -1)
# check union is applied
self.assertEqual([x for x in ti.path.ids if x], [sid, fid])
def find_operand_addr(self):
while True:
addr = yaunit.get_next_function()
self.assertNotEqual(addr, idaapi.BADADDR)
for ea in idautils.FuncItems(addr):
flags = idaapi.get_flags_novalue(ea)
if idaapi.isNum1(flags):
return ea
def getInvariantsBytes(InstructionAddress, Size, ida_instruction_bytes_cache):
# while no instruction
currentEa = InstructionAddress
while not idaapi.isCode(idaapi.get_flags_novalue(currentEa)):
currentEa += idc.ItemSize(currentEa)
if currentEa >= (InstructionAddress + Size):
return (('', ''), currentEa - InstructionAddress)
FirstInstructionOffset = currentEa - InstructionAddress
(hashes, instruction_size) = decodeInstruction(InstructionAddress +
FirstInstructionOffset,
ida_instruction_bytes_cache[FirstInstructionOffset:])
# concac hash of code and instruction id
return (hashes, instruction_size + FirstInstructionOffset)
def getOperandView(ea):
operands = list()
fl = idaapi.get_flags_novalue(ea)
flags = [idaapi.get_optype_flags0(fl), idaapi.get_optype_flags1(fl) >> 4]
for i in xrange(0, len(flags)):
if flags[i] != 0:
if (flags[i] & idaapi.FF_0STRO) != idaapi.FF_0STRO:
# Offset property is independent : handle it first
if flags[i] == idaapi.FF_0OFF:
ti = idaapi.opinfo_t()
if idaapi.get_opinfo(ea, i, fl, ti):
try:
offset_name = "-" + OFFSET_TYPE_MAP_NAMES[ti.ri.flags]
except KeyError:
logger.error(
"OperandView at 0x%08X : no valid offset found for flags 0x%08X" % (ea, ti.ri.flags))
offset_name = ""
operands.append((i, "offset" + offset_name))
elif flags[i] == idaapi.FF_0NUMD:
value = ""
operand = i
if idaapi.is_invsign(ea, fl, i):
value = "signeddecimal"
else:
value = "unsigneddecimal"
operands.append((operand, value))
elif flags[i] == idaapi.FF_0NUMH:
if idaapi.is_invsign(ea, fl, i):
operands.append((i, "signedhexadecimal"))
else:
operands.append((i, "unsignedhexadecimal"))
elif flags[i] == idaapi.FF_0CHAR:
operands.append((i, "char"))
elif flags[i] == idaapi.FF_0NUMB:
operands.append((i, "binary"))
elif flags[i] == idaapi.FF_0NUMO:
operands.append((i, "octal"))
return operands
def AnalyzeRange( self, startEA, endEA ): CurrentAddress = startEA CurrentBlockAddress = CurrentAddress NewBlockStart = True last_op_code = '' while CurrentAddress < endEA: if idaapi.isCode( idaapi.get_flags_novalue( CurrentAddress ) ): idaapi.decode_insn( CurrentAddress ) op_code = idaapi.ua_mnem( CurrentAddress ) operands=[] disasm_line = op_code + ' ' for i in range(0, 6, 1): operand = idaapi.ua_outop2( CurrentAddress, i ) if not operand: break; operand = idaapi.tag_remove( operand ) operands.append( operand ) if i != 0: disasm_line += ',' disasm_line += operand #disasm_line = idaapi.tag_remove( idaapi.generate_disasm_line( CurrentAddress ) ) xref = idaapi.xrefblk_t() ret = xref.first_to( CurrentAddress, idaapi.XREF_FAR ) while ret: ret = xref.next_to() NewBlockStart = True if NewBlockStart and last_op_code[0:3] != 'ret' and last_op_code != 'new block': self.AddToMap( CurrentBlockAddress, CurrentAddress, None, 'link') if NewBlockStart: CurrentBlockAddress = CurrentAddress self.BlockData[CurrentBlockAddress]=[] if self.DebugLevel > 2: print '='*80 if self.DebugLevel > 2: print hex(CurrentAddress), disasm_line self.BlockData[CurrentBlockAddress].append( ( CurrentAddress, disasm_line ) ) NewBlockStart = False CallIsResolved = False ret = xref.first_from( CurrentAddress, idaapi.XREF_FAR ) while ret: if xref.iscode: if op_code == 'jmp' and xref.to == CurrentAddress + idaapi.cvar.cmd.size: NewBlockStart = True elif op_code == 'call': CallIsResolved = True self.AddToMap( CurrentBlockAddress,xref.to, operands[0], 'call') else: if len(operands) > 0 : self.AddToMap( CurrentBlockAddress,xref.to, operands[0], 'from') NewBlockStart = True ret = xref.next_from() if ( op_code == 'call' or op_code =='' ) and not CallIsResolved: self.AddToMap( CurrentBlockAddress, operands[0], operands[0], 'call') if NewBlockStart and op_code != 'jmp': self.AddToMap( CurrentBlockAddress, CurrentAddress + idaapi.cvar.cmd.size, '', 'link') if op_code[0:3] == 'ret': NewBlockStart = True last_op_code = op_code CurrentAddress += idaapi.cvar.cmd.size else: CurrentAddress += 1
def AnalyzeRange(self, startEA, endEA):
CurrentAddress = startEA
CurrentBlockAddress = CurrentAddress
NewBlockStart = True
last_op_code = ''
while CurrentAddress < endEA:
if idaapi.isCode(idaapi.get_flags_novalue(CurrentAddress)):
idaapi.decode_insn(CurrentAddress)
op_code = idaapi.ua_mnem(CurrentAddress)
operands = []
disasm_line = op_code + ' '
for i in range(0, 6, 1):
operand = idaapi.ua_outop2(CurrentAddress, i)
if not operand:
break
operand = idaapi.tag_remove(operand)
operands.append(operand)
if i != 0:
disasm_line += ','
disasm_line += operand
#disasm_line = idaapi.tag_remove( idaapi.generate_disasm_line( CurrentAddress ) )
xref = idaapi.xrefblk_t()
ret = xref.first_to(CurrentAddress, idaapi.XREF_FAR)
while ret:
ret = xref.next_to()
NewBlockStart = True
if NewBlockStart and last_op_code[
0:3] != 'ret' and last_op_code != 'new block':
self.AddToMap(CurrentBlockAddress, CurrentAddress, None,
'link')
if NewBlockStart:
CurrentBlockAddress = CurrentAddress
self.BlockData[CurrentBlockAddress] = []
if self.DebugLevel > 2:
print '=' * 80
if self.DebugLevel > 2:
print hex(CurrentAddress), disasm_line
self.BlockData[CurrentBlockAddress].append(
(CurrentAddress, disasm_line))
NewBlockStart = False
CallIsResolved = False
ret = xref.first_from(CurrentAddress, idaapi.XREF_FAR)
while ret:
if xref.iscode:
if op_code == 'jmp' and xref.to == CurrentAddress + idaapi.cvar.cmd.size:
NewBlockStart = True
elif op_code == 'call':
CallIsResolved = True
self.AddToMap(CurrentBlockAddress, xref.to,
operands[0], 'call')
else:
if len(operands) > 0:
self.AddToMap(CurrentBlockAddress, xref.to,
operands[0], 'from')
NewBlockStart = True
ret = xref.next_from()
if (op_code == 'call' or op_code == '') and not CallIsResolved:
self.AddToMap(CurrentBlockAddress, operands[0],
operands[0], 'call')
if NewBlockStart and op_code != 'jmp':
self.AddToMap(CurrentBlockAddress,
CurrentAddress + idaapi.cvar.cmd.size, '',
'link')
if op_code[0:3] == 'ret':
NewBlockStart = True
last_op_code = op_code
CurrentAddress += idaapi.cvar.cmd.size
else:
CurrentAddress += 1