def get_inverted(func_ea):
# Returns set of relative virtual addresses which are tied to IF and swapped
internal_name = _ARRAY_STORAGE_PREFIX + hex(
int(func_ea - idaapi.get_imagebase()))
internal_id = idc.GetArrayId(internal_name)
array = idc.GetArrayElement(idc.AR_STR, internal_id, 0)
return set(map(int, array.split()))
def invert(func_ea, if_ea):
# Store information about swaps (affected through actions)
iv_rva = if_ea - idaapi.get_imagebase()
func_rva = func_ea - idaapi.get_imagebase()
internal_name = _ARRAY_STORAGE_PREFIX + hex(int(func_rva))
internal_id = idc.GetArrayId(internal_name)
if internal_id == -1:
internal_id = idc.CreateArray(internal_name)
idc.SetArrayString(internal_id, 0, str(iv_rva))
else:
inverted = get_inverted(func_ea)
try:
inverted.remove(iv_rva)
if not inverted:
idc.DeleteArray(internal_id)
except KeyError:
inverted.add(iv_rva)
idc.SetArrayString(internal_id, 0, " ".join(list(map(str, inverted))))
def has_inverted(func_ea):
# Find if function has any swapped THEN-ELSE branches
internal_name = _ARRAY_STORAGE_PREFIX + hex(
int(func_ea - idaapi.get_imagebase()))
internal_id = idc.GetArrayId(internal_name)
return internal_id != -1
def __init__(self, func_ea):
self.__name = InversionInfo.ARRAY_NAME + hex(int(func_ea))
self.__id = idc.GetArrayId(self.__name)