def yatest_create_struct_in_stack_vars_with_renaming(self):
"""
test creation of struct from stack vars
used to find a bug (structure is correctly applied on var if renamed)
"""
# create structure
ident, sida = self.get_function_sid_without_del(
True, local_size=complex_struc3_size, count_from_first_var=True)
self.assertNotEqual(sida, -1)
sidb = idc.AddStrucEx(0, 'create_struct_in_stack_vars_with_renaming',
0)
self.assertNotEqual(sidb, -1)
size = self.create_complex2(sidb, complex_struc3)
self.assertEqual(complex_struc3_size, size)
# set first var prototype
offset = idc.GetFirstMember(sida)
member_id = idc.GetMemberId(sida, offset)
self.assertNotEqual(member_id, -1)
self.assertTrue(
idc.SetType(member_id,
"create_struct_in_stack_vars_with_renaming* x;"))
self.assertEqual("create_struct_in_stack_vars_with_renaming *",
idc.GetType(idc.GetMemberId(sida, offset)))
idc.SetMemberName(sida, offset, "var1")
yaunit.save("create_struct_in_stack_vars_with_renaming", sida)
yaunit.save("create_struct_in_stack_vars_with_renaming_offset", offset)
def fields(self, reload=False):
if reload or not self._fields:
self._fields = {}
m = 0
while True:
if m >= idc.GetStrucSize(self.id):
break
n = idc.GetMemberName(self.id, m)
if n == idc.BADADDR:
break
sz = idc.GetMemberSize(self.id, m)
mid = idc.GetMemberId(self.id, m)
tp = idc.GetType(mid)
fld = {
'offset': m,
'id': mid,
'name': n,
'size': sz,
'type': [tp, None]
}
if n != '':
fld['type'][1] = idc.GetMemberFlag(self.id, m)
self._fields[m] = fld
m = idc.GetStrucNextOff(self.id, m)
if m == idc.BADADDR:
break
return self._fields
def yacheck_apply_struct(self):
addrs = yaunit.load('apply_struct')
for k in range(-1, 4):
# retrieve struct id
addr = addrs[k + 1]
sid = idc.GetStrucIdByName('apply_struct_%x' % (k + 1))
self.assertNotEqual(sid, idaapi.BADADDR)
# begin to check if something is applied
flags = idaapi.get_flags_novalue(addr)
self.assertTrue(idaapi.isStroff(flags, 1))
ti = idaapi.opinfo_t()
flags = idc.GetFlags(addr)
self.assertTrue(idaapi.get_opinfo(addr, 1, flags, ti))
# apply struct only
if k == -1:
# check struct is applied
self.assertEqual(ti.path.ids[0], sid)
continue
# check union is selected & applied at target address
uid = idc.GetStrucIdByName('apply_union_%x' % (k + 1))
self.assertNotEqual(uid, idaapi.BADADDR)
fid = idc.GetMemberId(uid, k)
self.assertNotEqual(fid, -1)
# check union is applied
self.assertEqual([x for x in ti.path.ids if x], [sid, fid])
def get_struc_offset(ea, opn):
path = idaapi.tid_array(1)
delta = idaapi.sval_pointer()
idaapi.get_stroff_path(ea, opn, path.cast(), delta.cast())
struct = path[0]
if idaapi.decode_insn(ea) == 0:
print 'error in {0}'.format(GetDisasm(ea))
else:
op = idaapi.cmd.Operands[opn]
offset = op.value
result = []
idaapi.get_stroff_path(ea, opn, path.cast(), delta.cast())
struct = path[0]
while offset:
member_id = idc.GetMemberId(struct, offset)
member_name = idc.GetMemberName(member_id)
field_struct_id = idc.GetMemberStrId(struct, offset)
if field_struct_id != idc.BADADDR:
result.append(
[field_struct_id,
idc.GetStrucName(field_struct_id)])
else:
result.append([member_name, idc.GetMemberFlag(struct, offset)])
return result
offset -= idc.GetMemberOffset(member_name)
def get_object_id_of_union_member_id(hash_provider, member_id):
try:
return union_member_object_ids[member_id]
except KeyError:
idx = idc.GetFirstStrucIdx()
while idx != idc.BADADDR:
struc_id = idc.GetStrucId(idx)
if idc.IsUnion(struc_id):
offset = idc.GetFirstMember(struc_id)
while offset != idc.BADADDR:
smember_id = idc.GetMemberId(struc_id, offset)
if smember_id == member_id:
name = idc.GetMemberName(struc_id, offset)
if name is not None:
struc_name = idc.GetStrucName(struc_id)
logger.debug("found member id 0x%016X in union %s/%s" % (member_id, struc_name, name))
return hash_provider.get_struc_member_id_for_name(struc_name, offset)
# next member
offset = idc.GetStrucNextOff(struc_id, offset)
idx = idc.GetNextStrucIdx(idx)
logger.error("Could not find member id 0x%016X in unions" % member_id)
return None
def fillStruct(self, sid, data):
for i in data:
new_type = None
#(i1, i2, i3) = self.stepper.parseField(i[1])
name = i[1]
if name[0] == "*":
name = name[1:]
if i[1] != "uintptr":
i1, i2, i3 = (idc.FF_BYTE | idc.FF_DATA, -1, 1)
else:
i1, i2, i3 = self.uintptr
if name == i[1]:
new_type = i[1]
else:
new_type = name + " *"
res = idc.AddStrucMember(sid, i[0], -1, i1, i2, i3)
use_name = i[0]
if res == -1: #Bad name
#print "Bad name %s for struct member" % i[0]
use_name = i[0] + "_autogen_" + id_generator()
idc.AddStrucMember(sid, use_name, -1, i1, i2, i3)
if new_type is not None:
offset = idc.GetMemberOffset(sid, use_name)
#print "Setting %s as %s" % (i[0], new_type)
idc.SetType(idc.GetMemberId(sid, offset), new_type)
def yacheck_set_field_prototype(self):
for field_type, name, prototype in set_field_prototype:
sid = idc.GetStrucIdByName(name)
self.assertNotEqual(sid, idaapi.BADADDR)
for k in range(0, get_size(field_type, -1) - 1):
self.assertEqual(field_type, idc.GetMemberFlag(sid, k) & idaapi.DT_TYPE)
mid = idc.GetMemberId(sid, k)
self.assertEqual(prototype, idc.GetType(mid))
def yacheck_reference_loop(self):
for k in range(0, 2):
sid = idc.GetStrucIdByName('refloop' + str(k))
self.assertNotEqual(sid, idaapi.BADADDR)
self.assertEqual(idc.GetMemberName(sid, 0), 'refloop_field' + str(k))
mid = idc.GetMemberId(sid, 0)
self.assertNotEqual(mid, -1)
self.assertEqual(idc.GetType(mid), 'refloop' + str(1 - k) + ' *')
def yacheck_create_struct_in_stack_vars_with_renaming(self):
sida = yaunit.load("create_struct_in_stack_vars_with_renaming")
offset = yaunit.load("create_struct_in_stack_vars_with_renaming_offset")
self.assertEqual("var1", idc.GetMemberName(sida, offset))
stype = fix_ptr_type(idc.GetType(idc.GetMemberId(sida, offset)))
self.assertEqual("create_struct_in_stack_vars_with_renaming*",
stype)
def yatest_set_field_prototype(self):
for field_type, name, prototype in set_field_prototype:
sid = idc.AddStrucEx(-1, name, 0)
self.assertNotEqual(sid, -1)
self.assertEqual(idc.AddStrucMember(sid, 'field', 0, field_type | idaapi.FF_DATA, -1, get_size(field_type, -1)), 0)
mid = idc.GetMemberId(sid, 0)
self.assertNotEqual(mid, -1)
self.assertTrue(idc.SetType(mid, prototype))
def build_struct(self):
''' Creates an IDA structure for this Type.
'''
if self.struct is not None:
return
for p in self.parents:
p.build_struct()
self.struct = idc.AddStrucEx(-1, self.name, 0)
if as_signed(self.struct, TARGET_ADDRESS_SIZE) == -1:
raise RuntimeError("Unable to make struct `{}`".format(self.name))
else:
#TODO: either come up with another way of showing this, or
# sync it with the actual function names
cmt = "constructors: "
for c in self.constructors():
cmt += "{}(0x{:02x}), ".format(idc.Name(c), c)
cmt = cmt.strip(", ")
idaapi.set_struc_cmt(self.struct, cmt, False)
if TARGET_ADDRESS_SIZE == 8:
mask = idc.FF_QWRD
else:
mask = idc.FF_DWRD
# Only bases get the magic _vptr member
if len(self.parents) == 0:
idc.AddStrucMember(self.struct, "_vptr", 0, idc.FF_DATA | mask, -1,
TARGET_ADDRESS_SIZE)
idc.SetType(idc.GetMemberId(self.struct, 0), "_vfunc**")
for i, parent in enumerate(self.parents):
try:
#TODO: for non-itanium ABI, this may not be available
# when RTTI is disabled
offset = self.tablegroup.tables[i].offset_to_top
except:
break
idc.AddStrucMember(self.struct, "parent_{}".format(i),
-offset, idc.FF_DATA, -1,
idc.GetStrucSize(parent.struct))
idc.SetType(idc.GetMemberId(self.struct, -offset), parent.name)
def yacheck_create_struct_in_stack_vars(self):
sida = yaunit.load("create_struct_in_stack_vars")
offset = yaunit.load("create_struct_in_stack_vars_offset")
stype = idc.GetType(idc.GetMemberId(sida, offset))
self.assertNotEqual(None, stype)
stype = fix_ptr_type(stype)
self.assertEqual("create_struct_in_stack_vars*", stype)
def yatest_reference_loop(self):
mids = []
for k in range(0, 2):
sid = idc.AddStrucEx(-1, 'refloop' + str(k), 0)
self.assertNotEqual(sid, -1)
self.assertEqual(idc.AddStrucMember(sid, 'refloop_field' + str(k), 0, idaapi.FF_DWRD, -1, 4), 0)
mid = idc.GetMemberId(sid, 0)
self.assertNotEqual(mid, -1)
mids.append(mid)
for k in range(0, 2):
self.assertTrue(idc.SetType(mids[k], 'refloop' + str(1 - k) + ' *'))
def get_struct_mids(sid):
m_ids = []
m_offset = 0
while not (m_offset == -1 or m_offset == idaapi.BADADDR):
m_id = idc.GetMemberId(sid, m_offset)
if not m_id == -1:
m_ids.append(m_id)
m_offset = idc.GetStrucNextOff(sid, m_offset)
return m_ids
def yatest_create_struct_in_stack_vars(self):
"""
test creation of struct from stack vars
used to find a bug when creating struct for stack vars and naming vars
"""
# create structure
ident, sida = self.get_function_sid_without_del(True, local_size=complex_struc3_size, count_from_first_var=True)
self.assertNotEqual(sida, -1)
sidb = idc.AddStrucEx(0, 'create_struct_in_stack_vars', 0)
self.assertNotEqual(sidb, -1)
size = self.create_complex2(sidb, complex_struc3)
self.assertEqual(complex_struc3_size, size)
# set first var prototype
offset = idc.GetFirstMember(sida)
member_id = idc.GetMemberId(sida, offset)
self.assertNotEqual(member_id, -1)
self.assertTrue(idc.SetType(member_id, "create_struct_in_stack_vars* x;"))
self.assertEqual("create_struct_in_stack_vars *",
idc.GetType(idc.GetMemberId(sida, offset)))
yaunit.save("create_struct_in_stack_vars", sida)
yaunit.save("create_struct_in_stack_vars_offset", offset)
def yatest_apply_struct(self):
addrs = []
# -1: struct, n: union
for k in range(-1, 4):
# find an integer operand in any function
addr = self.find_operand_addr()
addrs.append(addr)
# create struct
sid = idc.AddStrucEx(-1, 'apply_struct_%x' % (k + 1), 0)
self.assertNotEqual(sid, -1)
ftype = idaapi.FF_BYTE | idaapi.FF_DATA
# apply struct only
if k == -1:
# add struct fields
for x in xrange(0, 0x60):
self.assertEqual(
idc.AddStrucMember(sid, 'field_%x' % x, -1, ftype, -1,
1), 0)
path = idaapi.tid_array(1)
path[0] = sid
self.assertNotEqual(
self.custom_op_stroff(addr, path.cast(), 1),
idaapi.BADADDR)
continue
# create union
uid = idc.AddStrucEx(-1, 'apply_union_%x' % (k + 1), 1)
self.assertNotEqual(uid, -1)
for x in xrange(1, 0x10):
self.assertEqual(
idc.AddStrucMember(uid, 'union_%x' % x, -1, ftype, -1, 1),
0)
# add struct fields
for x in xrange(0, 0x60):
self.assertEqual(
idc.AddStrucMember(sid, 'field_%x' % x, -1,
idaapi.struflag(), uid, 1), 0)
# apply selected union field
fid = idc.GetMemberId(uid, k)
self.assertNotEqual(fid, -1)
path = idaapi.tid_array(2)
path[0] = sid
path[1] = fid
self.assertNotEqual(self.custom_op_stroff(addr, path.cast(), 2),
idaapi.BADADDR)
yaunit.save('apply_struct', addrs)
def setStrucPntr(self, sid, ofs, name, tp=None):
vnm = idc.GetMemberName(sid, ofs)
if not vnm or vnm in (idc.BADADDR, -1):
idc.AddStrucMember(sid, name, ofs, idc.FF_QWRD, -1, 8)
vnm = name
if vnm != name:
idc.SetMemberName(sid, ofs, name)
sz = idc.GetMemberSize(sid, ofs)
if sz != 8:
idc.SetMemberType(sid, ofs, idc.FF_QWRD, -1, 1)
mid = idc.GetMemberId(sid, ofs)
t = idc.GetType(mid) or ''
if tp and t.replace(' ', '') != tp.replace(' ', ''):
idc.SetType(mid, tp + ';')
def struct_add_ptr(sid, name, offset, count=1, type=None):
"""Add a pointer to a structure.
If sid is a union, offset must be -1.
"""
ptr_flag = idc.FF_DATA | word_flag(WORD_SIZE) | idaapi.offflag()
ret = idc.AddStrucMember(sid, name, offset, ptr_flag, 0, WORD_SIZE)
if ret == 0 and type is not None:
if offset == -1:
offset = struct_member_offset(sid, name)
assert offset is not None
mid = idc.GetMemberId(sid, offset)
idc.SetType(mid, type)
return ret
def getTypeVtbl(self, descr):
if not descr.get('id'):
return descr
mid = idc.GetMemberId(descr['id'], 0)
if not mid or mid == idc.BADADDR:
return descr
t = idc.GetType(mid) or ''
t = t.replace('*', '').replace(' ', '')
if 'VTABLE' not in t:
return descr
svid = idc.GetStrucIdByName(t)
if not svid or svid == idc.BADADDR:
return descr
idc.SetStrucName(svid, descr['name'] + 'Vtbl')
descr['vtblid'] = svid
descr['vtblnm'] = descr['name'] + 'Vtbl'
return descr
def _propagate_virtual_method_type_for_method(classinfo, class_vindex, vmethod):
"""Propagate the type of a class's virtual method to the vtable struct."""
if not idau.is_function_start(vmethod):
_log(2, 'Not a function start: {:x}', vmethod)
return False
vmethod_type = idc.GuessType(vmethod)
if not vmethod_type:
_log(2, 'No guessed type: {:x}', vmethod)
return False
vmethod_ptr_type = symbol.convert_function_type_to_function_pointer_type(vmethod_type)
if not vmethod_ptr_type:
_log(2, 'Could not convert to function pointer type: {:x}', vmethod)
return False
vmethods_sid = idau.struct_open(classinfo.classname + '::vmethods')
vmethod_offset = class_vindex * idau.WORD_SIZE
vmethod_mid = idc.GetMemberId(vmethods_sid, vmethod_offset)
if not bool(idc.SetType(vmethod_mid, vmethod_ptr_type)):
_log(2, 'Could not set vmethod field type: {:x}, {}, {}', vmethod, classinfo.classname,
class_vindex)
return False
return True
def get_struc_id_from_member_if(member_id):
try:
return member_struc_ids[member_id]
except KeyError:
idx = idc.GetFirstStrucIdx()
while idx != idc.BADADDR:
struc_id = idc.GetStrucId(idx)
if idc.IsUnion(struc_id):
offset = idc.GetFirstMember(struc_id)
while offset != idc.BADADDR:
smember_id = idc.GetMemberId(struc_id, offset)
if smember_id == member_id:
member_struc_ids[member_id] = struc_id
return struc_id
offset = idc.GetStrucNextOff(struc_id, offset)
idx = idc.GetNextStrucIdx(idx)
logger.error("Could not find struc id from member id 0x%08X (name=%s)" %
(member_id, idaapi.get_struc_name(member_id)))
return None
def save_strucs(self, memory_exporter):
"""
Structures : export modified structures and delete those who have been deleted
"""
for struc_id in self.structures_to_process:
self.ida_model.clear_exported_struc_enum_id(struc_id)
sidx = idc.GetStrucIdx(struc_id)
if sidx is None or sidx == idc.BADADDR:
# it is a deleted structure or a stackframe
# in this last case we need to export the parent (function)
eaFunc = idaapi.get_func_by_frame(struc_id)
if eaFunc != idc.BADADDR:
# OK, it is a stackframe
self.ida_model.accept_struc(
memory_exporter, 0, struc_id, ya.OBJECT_TYPE_STACKFRAME, ya.OBJECT_TYPE_STACKFRAME_MEMBER,
stackframe_func_addr=eaFunc)
self.ida_model.accept_ea(memory_exporter, 0, eaFunc)
else:
# it is a deleted structure
self.ida_model.accept_deleted_struc(memory_exporter, struc_id)
else:
self.ida_model.accept_struc(memory_exporter, 0, struc_id)
logger.debug("Walking members")
"""
Structure members : update modified ones, and remove deleted ones
We iterate over members :
-if the parent struc has been deleted, delete the member
-otherwise, detect if the member has been updated or removed
-updated : accept struc_member + accept_struc if not already exported!
-removed : accept struc_member_deleted
"""
for (struc_id, member_set) in self.strucmember_to_process.iteritems():
ida_struc = idaapi.get_struc(struc_id)
logger.debug("Walking struc 0x%08X" % struc_id)
sidx = idc.GetStrucIdx(struc_id)
is_stackframe = False
struc_deleted = False
if sidx is None or sidx == idc.BADADDR:
f = idaapi.get_func_by_frame(struc_id)
if f is not None and f != idc.BADADDR:
is_stackframe = True
else:
struc_deleted = True
if is_stackframe:
strucmember_type = ya.OBJECT_TYPE_STACKFRAME_MEMBER
struc_name = None
struc_type = ya.OBJECT_TYPE_STACKFRAME
eaFunc = idaapi.get_func_by_frame(struc_id)
stackframe_func_addr = eaFunc
func = idaapi.get_func(eaFunc)
self.ida_model.accept_function(memory_exporter, 0, eaFunc, func)
else:
strucmember_type = ya.OBJECT_TYPE_STRUCT_MEMBER
struc_type = ya.OBJECT_TYPE_STRUCT
stackframe_func_addr = None
if not struc_deleted:
struc_name = idc.GetStrucName(struc_id)
if struc_deleted:
# The structure has been deleted : we need to delete the members
# Note: at first sight, it is not a stackframe
# TODO: handle function->stackframe deletion here
for (member_id, offset) in member_set:
self.ida_model.accept_deleted_strucmember(memory_exporter, struc_id, None, offset)
else:
# The structure or stackframe has been modified
is_union = ida_struc.is_union()
for (member_id, offset) in member_set:
ida_member = idaapi.get_member(ida_struc, offset)
if ida_member is None:
new_member_id = -1
else:
new_member_id = ida_member.id
logger.debug("exporting member %s at offset 0x%02X (mid=0x%016X)" %
(strucmember_type, offset, member_id))
self.ida_model.clear_exported_struc_member_id(new_member_id)
if new_member_id == -1:
# the member has been deleted : delete it
self.ida_model.accept_deleted_strucmember(
memory_exporter, struc_id, struc_name, offset, struc_type, strucmember_type)
elif offset > 0 and idc.GetMemberId(struc_id, offset - 1) == new_member_id:
# the member was deleted, and replaced by a member starting above it
self.ida_model.accept_deleted_strucmember(
memory_exporter, struc_id, struc_name, offset, struc_type, strucmember_type)
elif new_member_id != member_id:
# the member has been deleted and later recreated
name = idaapi.get_member_name(new_member_id)
self.ida_model.accept_struc_member(
memory_exporter, 0, ida_struc, struc_id, is_union, offset, struc_name, name, struc_type,
strucmember_type, stackframe_func_addr=stackframe_func_addr)
else:
# the member has just been modified
name = idaapi.get_member_name(new_member_id)
logger.debug("exporting member %s (%s) at offset 0x%02X (mid=0x%016X)" %
(strucmember_type, name, offset, member_id))
self.ida_model.accept_struc_member(
memory_exporter, 0, ida_struc, struc_id, is_union, offset, struc_name, name, struc_type,
strucmember_type, stackframe_func_addr=stackframe_func_addr)
def make_struc_member(self,
object_version,
address,
member_type=ya.OBJECT_TYPE_STRUCT_MEMBER):
struc_object_id = object_version.get_parent_object_id()
struc_id = 0
try:
struc_id = self.struc_ids[struc_object_id]
except:
return
is_union = struc_id in self.union_ids
offset = address
if is_union:
last_offset = idc.GetLastMember(struc_id)
if last_offset == idc.BADADDR:
last_offset = -1
if last_offset < offset:
for i in xrange(last_offset + 1, offset + 1):
idc.AddStrucMember(struc_id, "yaco_filler_%d" % i, 0,
idc.FF_BYTE | idc.FF_DATA, -1, 1)
# ensure that 'offset' fields are present
member_size = object_version.get_size()
member_name = object_version.get_name()
flags = object_version.get_object_flags()
if idc.isStruct(flags):
# if the sub field is a struct, it must have a single Xref field with the struct object id
try:
sub_struc_object_id = object_version.getXRefIdsAt(0, 0)[0]
sub_struc_id = self.struc_ids[sub_struc_object_id]
# logger.debug("%20s: adding sub member at offset 0x%08X,
# size=0x%08X (sub=0x%.016X, size=0x%08X) with name %s" %
# (
# idc.GetStrucName(struc_id), offset, member_size, sub_struc_id,
# idc.GetStrucSize(sub_struc_id), object_version.get_name()
# ))
sub_struc_size = idc.GetStrucSize(sub_struc_id)
if sub_struc_size == 0:
logger.error(
"%20s: adding sub member at offset 0x%08X, size=0x%08X "
"(sub=0x%.016X, size=0x%08X) with name %s : sub struc size is ZERO"
% (idc.GetStrucName(struc_id), offset, member_size,
sub_struc_id, idc.GetStrucSize(sub_struc_id),
object_version.get_name()))
else:
nitems = member_size / sub_struc_size
YaToolIDATools.SetStrucmember(struc_id, member_name,
offset, flags, sub_struc_id,
nitems)
except KeyError:
logger.error(
"Error while looking for sub struc in struc %s, offset 0x%08X (field name='%s')"
% (self.hash_provider.hash_to_string(struc_object_id),
offset, object_version.get_name()))
traceback.print_exc()
elif idc.isEnum0(flags):
# an enum is applied here
try:
sub_enum_object_id = object_version.getXRefIdsAt(0, 0)[0]
sub_enum_id = self.enum_ids[sub_enum_object_id]
name_ok = idc.SetMemberName(struc_id, offset, member_name)
if name_ok is not True:
logger.debug(
"Error while setting member name (enum) : "
"(struc=%s, member=%s, offset=0x%08X, mflags=%d, msize=%d, tid=0x%016X"
% (name_ok, idc.GetStrucName(struc_id), member_name,
offset, flags, member_size, sub_struc_id))
else:
sub_enum_size = idc.GetEnumWidth(sub_enum_id)
if sub_enum_size == 0:
sub_enum_size = member_size
nitems = member_size / sub_enum_size
ret = idc.SetMemberType(struc_id, offset, flags,
sub_enum_id, nitems)
if ret == 0:
logger.debug(
"Error while setting member type (enum) : "
"(struc=%s, member=%s, offset=0x%08X, mflags=%d, msize=%d, tid=0x%016X"
% (ret, idc.GetStrucName(struc_id), member_name,
offset, flags, member_size, sub_struc_id))
except KeyError:
logger.error(
"Error while looking for sub enum in struc %s, offset 0x%08X (field name='%s')"
% (struc_object_id, offset, member_name))
traceback.print_exc()
else:
# logger.debug("%20s: adding member at offset 0x%08X, size=0x%08X with name %s" %
# (
# idc.GetStrucName(struc_id), offset, member_size, object_version.get_name()
# ))
tid = -1
if idc.isASCII(flags):
logger.debug(
"object: %s : %s" % (self.hash_provider.hash_to_string(
object_version.get_id()), object_version.get_name()))
try:
tid = object_version.get_string_type()
except KeyError:
tid = idc.ASCSTR_C
name_ok = idc.SetMemberName(struc_id, offset, member_name)
if name_ok is not True:
logger.debug(
"Error while setting member name :" +
" (struc_id=0x%08X, struc=%s, member=%s, offset=0x%08X, mflags=%d, msize=%d)"
% (struc_id, idc.GetStrucName(struc_id), member_name,
offset, flags, member_size))
else:
item_size = YaToolIDATools.get_field_size(flags, tid)
nitems = member_size / item_size
# IDA BUG : 4-byte chars are stored as 2 double words, thus me must
# multiply nitem by 2!
ret = idc.SetMemberType(struc_id, offset, flags, tid, nitems)
if ret == 0:
logger.debug(
"Error while setting member type :" +
" (struc=%s, member=%s, offset=0x%08X, mflags=%d, msize=%d)"
% (idc.GetStrucName(struc_id), member_name, offset,
flags, member_size))
try:
repeatable_headercomment = self.sanitize_comment_to_ascii(
object_version.get_header_comment(True))
idc.SetMemberComment(struc_id, offset, repeatable_headercomment, 1)
except KeyError:
pass
try:
nonrepeatable_headercomment = self.sanitize_comment_to_ascii(
object_version.get_header_comment(False))
idc.SetMemberComment(struc_id, offset, nonrepeatable_headercomment,
0)
except KeyError:
pass
member_id = idc.GetMemberId(struc_id, offset)
self.set_struct_member_type(object_version, member_id)
if object_version.get_type() == ya.OBJECT_TYPE_STRUCT_MEMBER:
self.strucmember_ids[object_version.get_id()] = member_id
def clear_struc_fields(self,
struc_id,
struc_size,
xref_keys,
is_union=False,
member_type=ya.OBJECT_TYPE_STRUCT_MEMBER,
name_offset=0):
idc.BeginTypeUpdating(idc.UTP_STRUCT)
last_offset = idc.GetLastMember(struc_id)
# get existing member offsets
field_offsets = set()
for (xref_offset, xref_operand) in xref_keys:
field_offsets.add(xref_offset)
new_offsets = set()
struc = idaapi.get_struc(struc_id)
# create missing members first (prevent from deleting all members)
for offset in field_offsets:
member = idaapi.get_member(struc, offset)
if member is not None and member.soff < offset:
# we have a member above this member that is too big and contain this member
# clear it!
if DEBUG_EXPORTER:
logger.debug(
"reduce field : set_member_type(0x%08X, 0x%08X), overlapping 0x%08X",
struc_id, member.soff, offset)
idaapi.set_member_type(struc, member.soff, idc.FF_BYTE, None,
1)
member = idaapi.get_member(struc, offset)
if member is None or idaapi.get_member_name(member.id) is None:
new_offsets.add(offset)
member_name = YaToolIDATools.get_default_struc_member_name(
member_type, offset, name_offset)
if offset == last_offset and offset == struc_size:
field_size = 0
else:
field_size = 1
if DEBUG_EXPORTER:
logger.debug(
"AddStrucMember(0x%08X, '%s', 0x%08X, idc.FF_BYTE, -1, 0x%08X), name_offset=%d",
struc_id, member_name, offset, field_size, name_offset)
retval = idc.AddStrucMember(struc_id, member_name, offset,
idc.FF_BYTE, -1, field_size)
if retval != 0:
logger.error(
"Error %d with idc.AddStrucMember(0x%08X, '%s', 0x%08X,"
"idc.FF_BYTE, -1, 0x%08X), name_offset=%d", retval,
struc_id, member_name, offset, field_size, name_offset)
elif DEBUG_EXPORTER:
logger.debug("Member exists : (0x%08X, '%s', 0x%08X, 0x%08X)",
struc_id, idc.GetMemberName(struc_id,
offset), offset,
idc.GetMemberSize(struc_id, offset))
kept_offsets = field_offsets - new_offsets
# clear kept members
# split the loop since we will modify the structure while iterating
offsets = set()
for (offset, member_name) in YaToolIDATools.struc_member_list(
struc_id, is_union):
offsets.add(offset)
for offset in offsets:
if offset in kept_offsets:
# This member already existed and is kept
if offset == last_offset and offset == struc_size:
# this is the last field, and it is a variable sized structure
field_size = 0
else:
field_size = 1
if member_type == ya.OBJECT_TYPE_STRUCT_MEMBER:
strucmember_id = self.hash_provider.get_struc_member_id(
struc_id, offset)
elif member_type == ya.OBJECT_TYPE_STACKFRAME_MEMBER:
strucmember_id = self.hash_provider.get_stackframe_member_object_id(
struc_id, offset)
else:
logger.error("Bad member_type : %d" % member_type)
if strucmember_id not in self.strucmember_ids:
# It is not necessary to clear the member if it is presnet in the resolved_objects
if DEBUG_EXPORTER:
logger.debug(
"SetStrucmember(0x%08X, None, 0x%08X, idc.FF_BYTE, -1, 0x%08X, name_offset=%s)",
struc_id, offset, field_size, name_offset)
YaToolIDATools.SetStrucmember(struc_id,
None,
offset,
idc.FF_BYTE,
-1,
field_size,
member_type=member_type,
name_offset=name_offset)
idc.SetMemberComment(struc_id, offset, "", 0)
idc.SetMemberComment(struc_id, offset, "", 1)
elif offset not in new_offsets:
if (member_type != ya.OBJECT_TYPE_STACKFRAME_MEMBER
or not idaapi.is_special_member(
idc.GetMemberId(struc_id, offset))):
if DEBUG_EXPORTER:
logger.debug(
"DelStrucMember(0x%08X, 0x%08X) (=%s:%s)",
struc_id, offset, idc.GetStrucName(struc_id),
idc.GetMemberName(struc_id, offset))
idc.DelStrucMember(struc_id, offset)
else:
# in new_offsets : just created
pass
idc.EndTypeUpdating(idc.UTP_STRUCT)
def save_strucs(self, ida_model, memory_exporter):
"""
Structures : export modified structures and delete those who have been deleted
"""
for struc_id in self.structures_to_process:
sidx = idc.GetStrucIdx(struc_id)
if sidx is None or sidx == idc.BADADDR:
# it is a deleted structure or a stackframe
# in this last case we need to export the parent (function)
eaFunc = idaapi.get_func_by_frame(struc_id)
if eaFunc != idc.BADADDR:
# OK, it is a stackframe
ida_model.accept_struct(memory_exporter, eaFunc, struc_id)
ida_model.accept_ea(memory_exporter, eaFunc)
else:
# it is a deleted structure
ida_model.delete_struct(memory_exporter, struc_id)
else:
ida_model.accept_struct(memory_exporter, idc.BADADDR, struc_id)
logger.debug("Walking members")
"""
Structure members : update modified ones, and remove deleted ones
We iterate over members :
-if the parent struc has been deleted, delete the member
-otherwise, detect if the member has been updated or removed
-updated : accept struc_member + accept_struct if not already exported!
-removed : accept struc_member_deleted
"""
for (struc_id, member_set) in self.strucmember_to_process.iteritems():
ida_struc = idaapi.get_struc(struc_id)
logger.debug("Walking struc 0x%08X" % struc_id)
sidx = idc.GetStrucIdx(struc_id)
is_stackframe = False
struc_deleted = False
if sidx is None or sidx == idc.BADADDR:
f = idaapi.get_func_by_frame(struc_id)
if f is not None and f != idc.BADADDR:
is_stackframe = True
else:
struc_deleted = True
stackframe_func_addr = idc.BADADDR
if is_stackframe:
eaFunc = idaapi.get_func_by_frame(struc_id)
stackframe_func_addr = eaFunc
ida_model.accept_function(memory_exporter, eaFunc)
if struc_deleted:
# The structure has been deleted : we need to delete the members
# Note: at first sight, it is not a stackframe
# TODO: handle function->stackframe deletion here
for (member_id, offset) in member_set:
ida_model.delete_struct_member(memory_exporter,
idc.BADADDR, struc_id,
offset)
else:
# The structure or stackframe has been modified
for (member_id, offset) in member_set:
ida_member = idaapi.get_member(ida_struc, offset)
if ida_member is None:
new_member_id = -1
else:
new_member_id = ida_member.id
if new_member_id == -1:
# the member has been deleted : delete it
ida_model.delete_struct_member(memory_exporter,
stackframe_func_addr,
struc_id, offset)
elif offset > 0 and idc.GetMemberId(
struc_id, offset - 1) == new_member_id:
# the member was deleted, and replaced by a member starting above it
ida_model.delete_struct_member(memory_exporter,
stackframe_func_addr,
struc_id, offset)
else:
# the member has just been modified
ida_model.accept_struct_member(memory_exporter,
stackframe_func_addr,
ida_member.id)
