def mod_base(module): module = "lib" + module + ".so" modules = idautils.Modules() if modules: for m in modules: if m.name.endswith(module): return m.base return idc.get_first_seg()
def _get_segments(self, attr): segments = [] start = idc.BADADDR end = idc.BADADDR seg = idc.get_first_seg() while seg != idc.BADADDR: if idc.get_segm_attr(seg, idc.SEGATTR_TYPE) == attr: start = idc.get_segm_start(seg) end = idc.get_segm_end(seg) segments.append((start, end)) seg = idc.get_next_seg(seg) return segments
def get_segments_filtered(filter_func=None): segments = [] ea = idc.get_first_seg() while True: name = idc.get_segm_name(ea) if filter_func and filter_func(ea): ea = idc.get_next_seg(ea) if ea is idc.BADADDR: break continue if not name in segments: segments.append(name) ea = idc.get_next_seg(ea) if ea is idc.BADADDR: break return segments
def add_rodata_segment(self): last_seg_end = idc.get_first_seg() # print(hex(last_seg_end)) for s in idautils.Segments(): start = idc.get_segm_start(s) end = idc.get_segm_end(s) if int(start) != int(last_seg_end): # found idaapi.add_segm(0, last_seg_end, start, "roooodata", "CONST") print("Adding segment from 0x%x to 0x%x" % (last_seg_end, start)) print("OK") break else: last_seg_end = end idc.plan_and_wait(ida_ida.inf_get_min_ea(), ida_ida.inf_get_max_ea()) # idc.plan_and_wait(idc.MinEA(), idc.MaxEA()) self.start = last_seg_end self.end = start return last_seg_end, start
def apply_tdinfo_symbols(): # A heuristic, since get_imagebase returns wrong result image_base = idc.get_first_seg() parsed_exe_file = _parse_exe_file() applied_symbols_count = 0 already_existing_symbols_count = 0 for symbol in parsed_exe_file.symbol_records: try: _apply_tdinfo_symbol(image_base, parsed_exe_file.name_pool, symbol) applied_symbols_count += 1 except TdinfoParserSymbolAlreadyAppliedException: already_existing_symbols_count += 1 except TdinfoParserException: pass print('Detected {} global symbols.'.format( parsed_exe_file.tdinfo_header.globals_count)), print('{} identical symbols already existed, {} new symbols were applied.'. format(already_existing_symbols_count, applied_symbols_count))
currentMnem = '' prevMnem = '' nextMnem = '' currentOp = '' print("Running IDA setup script") print("Setting startup options") # set demangled names options to show names idc.set_inf_attr(INF_DEMNAMES, DEMNAM_NAME) # show the address next to each command idc.set_inf_attr(INF_OUTFLAGS, OFLG_SHOW_PREF) idc.set_inf_attr(INF_PREFFLAG, 0) print("Finished setting options") currentEA = idc.get_first_seg() currentEA = idc.next_head(currentEA, 0xFFFFFFFFFFFFFFFF) while (currentEA != BADADDR): currentMnem = idc.print_insn_mnem(currentEA) #Highlight call functions if (currentMnem == "call"): #check to see if it's a call pop nextMnem = idc.print_insn_mnem(idc.get_operand_value(currentEA, 0)) if nextMnem == "pop": idc.set_color(currentEA, CIC_ITEM, 0xff1d4a) idc.set_color(idc.get_operand_value(currentEA, 0), CIC_ITEM, 0x4a1dFF) else: idc.set_color(currentEA, CIC_ITEM, 0xc7c7ff)