def dump():
ret = []
for struct_idx, struct_id, struct_name in idautils.Structs():
struct = ida_struct.get_struc(struct_id)
members = [{'offset': offset, 'name': name, 'size': size}
for offset, name, size in idautils.StructMembers(struct_id)]
# Find all xrefs to any members of this struct.
xrefs = []
for offset, name, size in idautils.StructMembers(struct_id):
member = ida_struct.get_member_by_name(struct, name)
if member is not None:
for xref in idautils.XrefsTo(member.id):
d = {
'from': xref.frm,
'type': xref.type,
}
# Get offset base if it's an offset xref.
if xref.type == 1:
d['offset'] = ida_offset.get_offbase(xref.frm, 1)
xrefs.append(d)
ret.append({
'idx': struct_idx,
'name': struct_name,
'members': members,
'xrefs': xrefs,
})
return ret
def get_struct_members(struct, sid):
"""Get members belonging to a structure by structure ID
"""
members = {}
for offset, name, size in idautils.StructMembers(sid):
members[name] = {}
members[name]["type"] = get_member_type(struct, offset)
members[name]["offset"] = offset
members[name]["size"] = size
return members
def retrieve_stack_members(func_ea):
members = {}
base = None
frame = idc.GetFrame(func_ea)
for frame_member in idautils.StructMembers(frame):
member_offset, member_name, _ = frame_member
members[member_offset] = member_name
if member_name == ' r':
base = member_offset
if not base:
raise ValueError("Failed identifying the stack's base address using the return address hidden stack member")
return members, base
def find_stack_members(func_ea):
members = {}
base = None
frame = idc.GetFrame(func_ea)
try:
for frame_member in idautils.StructMembers(frame):
member_offset, member_name, size = frame_member
members[member_offset] = size
if member_name == ' s':
base = member_offset
if not base:
base = 3
except:
return 0, 0
return members, base
def read_struct(ea, struct=None, sid=None, members=None, asobject=False):
"""Read a structure from the given address.
This function reads the structure at the given address and converts it into a dictionary or
accessor object.
Arguments:
ea: The linear address of the start of the structure.
Options:
sid: The structure ID of the structure type to read.
struct: The name of the structure type to read.
members: A list of the names of the member fields to read. If members is None, then all
members are read. Default is None.
asobject: If True, then the struct is returned as a Python object rather than a dict.
One of sid and struct must be specified.
"""
# Handle sid/struct.
if struct is not None:
sid2 = idc.GetStrucIdByName(struct)
if sid2 == idc.BADADDR:
raise ValueError('Invalid struc name {}'.format(struct))
if sid is not None and sid2 != sid:
raise ValueError('Invalid arguments: sid={}, struct={}'.format(
sid, struct))
sid = sid2
else:
if sid is None:
raise ValueError('Invalid arguments: sid={}, struct={}'.format(
sid, struct))
if idc.GetStrucName(sid) is None:
raise ValueError('Invalid struc id {}'.format(sid))
# Iterate through the members and add them to the struct.
union = idc.IsUnion(sid)
struct = {}
for offset, name, size in idautils.StructMembers(sid):
if members is not None and name not in members:
continue
_read_struct_member(struct, sid, union, ea, offset, name, size,
asobject)
if asobject:
struct = objectview(struct, ea, idc.GetStrucSize(sid))
return struct
def do_struct(self, name):
s = ''
sid = idc.GetStrucIdByName(name)
s += 'class %s():\n' % (name, )
s += ' def __init__(self):\n'
for offset, name, size in idautils.StructMembers(sid):
flags = idc.GetMemberFlag(sid, offset)
if flags & idaapi.FF_STRU == idaapi.FF_STRU:
msid = idc.GetMemberStrId(sid, offset)
value = idc.GetStrucName(msid)
if value not in self.used_structs:
self.used_structs.append(value)
else:
value = '0'
s += ' self.%s = %s\n' % (name, value)
s += ' return'
return s
def get_struct_members(struct, sid):
"""
Get members belonging to a structure by structure ID
:param struct: Structure object
:param sid: Structure ID
:return: Dict containing structure member information
"""
members = {}
for offset, name, size in idautils.StructMembers(sid):
members[name] = {}
typ = get_member_type(struct, offset)
if typ:
members[name]['type'] = typ
else:
# Type isn't set so make it a byte array
members[name]['type'] = 'uint8_t [{}]'.format(size)
members[name]['offset'] = offset
members[name]['size'] = size
return members
def walk_struct_members():
for (idx, sid, name) in idautils.Structs():
s = idaapi.get_struc(sid)
for (offset, name, size) in idautils.StructMembers(sid):
m = idaapi.get_member(s, offset)
yield m.id
def all_struct_members():
for struct in idautils.Structs():
print struct
members = idautils.StructMembers(struct[1])
for member in members:
yield struct[2], member[0], member[1], member[2]
yield v, m
bmask = idc.GetNextBmask(eid, bmask)
# iterate on regular constants
for v, m in get_enums(-1):
yield v, m
for idx in range(0, idaapi.get_enum_qty()):
num_enums += 1
eid = idaapi.getn_enum(idx)
for (value, bmask) in walk_enum(eid):
num_enum_members += 1
for (idx, sid, name) in idautils.Structs():
num_structs += 1
for (offset, name, size) in idautils.StructMembers(sid):
num_struct_members += 1
print "blocks", num_blocks
print "binaries", num_binaries
print "codes", num_codes
print "datas", num_datas
print "enum_members", num_enum_members
print "enums", num_enums
print "functions", num_functions
print "segment_chunks", num_segment_chunks
print "segments", num_segments
print "stackframe_members", num_stackframe_members
print "stackframes", num_stackframes
print "struct_members", num_struct_members
print "structs", num_structs
return opnds
def get_stkvar_map(ea):
'''ea_t -> {int : (str, tinfo_t)}'''
# NOTE mutates d
frame = idaapi.get_frame(ea)
def make_map(d, (off, name, _)):
mem = idaapi.get_member(frame, off)
ti = idaapi.tinfo_t()
idaapi.get_or_guess_member_tinfo2(mem, ti)
d[off] = (name, ti)
return d
return reduce(make_map, idautils.StructMembers(frame.id), {})
def get_mnem(ea):
'''ea -> str'''
mnem = re.search(r'^([a-zA-Z0-9.]+)', idc.GetDisasm(ea))
if mnem is None:
raise NoInsnError("can't get insn at %s" % ida.atoa(ea))
else:
return mnem.groups()[0]
def array_details(ti):
if ti.is_array() is False:
raise NotArrayError('ti is not an array')
ai = idaapi.array_type_data_t()
