def parse_function_args(ea: int) -> str:
local_variables = []
arguments = []
current = local_variables
frame = idc.get_func_attr(ea, FUNCATTR_FRAME)
arg_string = ""
if frame is None:
return ""
start = idc.get_first_member(frame)
end = idc.get_last_member(frame)
count = 0
max_count = 10000
args_str = ""
while start <= end and count <= max_count:
size = idc.get_member_size(frame, start)
count = count + 1
if size is None:
start = start + 1
continue
name = idc.get_member_name(frame, start)
start += size
if name in [" r", " s"]:
# Skip return address and base pointer
current = arguments
continue
arg_string += f" {name}"
current.append(name)
args_str = ", ".join(arguments)
if len(args_str) == 0:
args_str = "void"
return f"({args_str})"
def set_struct_offsets(offsets, sid):
for offset in offsets:
try:
add_struct_member(sid, offset_name(offset), offset.offset,
offset.size)
except exceptions.SarkErrorStructMemberName:
# Get the offset of the member with the same name
existing_offset = idc.get_member_offset(sid, offset_name(offset))
if offset.offset == existing_offset:
pass
else:
raise
except exceptions.SarkErrorStructMemberOffset:
# Get the size of the member at the same offset
if offset.size == idc.get_member_size(sid, offset.offset):
# If they are the same, all is well.
pass
def get_stack_arg(func_addr):
print func_addr
args = []
stack = idc.get_frame_id(func_addr)
if not stack:
return []
firstM = idc.get_first_member(stack)
lastM = idc.get_last_member(stack)
i = firstM
while i <= lastM:
mName = idc.get_member_name(stack, i)
mSize = idc.get_member_size(stack, i)
if mSize:
i = i + mSize
else:
i = i + 4
if mName not in args and mName and ' s' not in mName and ' r' not in mName:
args.append(mName)
return args
def get_stackVariables(func_addr):
#print func_addr
args = []
stack = idc.get_frame_id(func_addr)
if not stack:
return 0
firstM = idc.get_first_member(stack)
lastM = idc.get_last_member(stack)
i = firstM
while i <=lastM:
mName = idc.get_member_name(stack,i)
mSize = idc.get_member_size(stack,i)
if mSize:
i = i + mSize
else:
i = i+4
if mName not in args and mName and 'var_' in mName:
args.append(mName)
return len(args)
def StructMembers(sid):
"""
Get a list of structure members information (or stack vars if given a frame).
@param sid: ID of the structure.
@return: List of tuples (offset, name, size)
@note: If 'sid' does not refer to a valid structure,
an exception will be raised.
@note: This will not return 'holes' in structures/stack frames;
it only returns defined structure members.
"""
m = idc.get_first_member(sid)
if m == -1:
raise Exception("No structure with ID: 0x%x" % sid)
while (m != ida_idaapi.BADADDR):
name = idc.get_member_name(sid, m)
if name:
yield (m, name, idc.get_member_size(sid, m))
m = idc.get_next_offset(sid, m)
def size(self):
if self.is_stack:
return idc.get_member_size(self.frame_id, self.stack_offset)
else:
return idc.get_item_size(self.addr)
def build_stack_variable(func_ea):
stack_vars = dict()
frame = idc.get_func_attr(func_ea, idc.FUNCATTR_FRAME)
if not frame:
return stack_vars
f_name = get_symbol_name(func_ea)
#grab the offset of the stored frame pointer, so that
#we can correlate offsets correctly in referent code
# e.g., EBP+(-0x4) will match up to the -0x4 offset
delta = idc.get_member_offset(frame, " s")
if delta == -1:
delta = 0
if f_name not in _FUNC_UNSAFE_LIST:
offset = idc.get_first_member(frame)
while -1 != _signed_from_unsigned(offset):
member_name = idc.get_member_name(frame, offset)
if member_name is None:
offset = idc.get_next_offset(frame, offset)
continue
if (member_name == " r" or member_name == " s"):
offset = idc.get_next_offset(frame, offset)
continue
member_size = idc.get_member_size(frame, offset)
if offset >= delta:
offset = idc.get_next_offset(frame, offset)
continue
member_flag = idc.get_member_flag(frame, offset)
flag_str = _get_flags_from_bits(member_flag)
member_offset = offset - delta
stack_vars[member_offset] = {
"name": member_name,
"size": member_size,
"flags": flag_str,
"writes": list(),
"referent": list(),
"reads": list(),
"safe": False
}
offset = idc.get_next_offset(frame, offset)
else:
offset = idc.get_first_member(frame)
frame_size = idc.get_func_attr(func_ea, idc.FUNCATTR_FRSIZE)
flag_str = ""
member_offset = _signed_from_unsigned(offset) - delta
stack_vars[member_offset] = {
"name": f_name,
"size": frame_size,
"flags": flag_str,
"writes": list(),
"referent": list(),
"reads": list(),
"safe": False
}
return stack_vars
