def match_functions(bv, flirt_path, action, keep_manually_renamed, prefix):
callback = partial(analysis_callback,
bv,
action=action,
keep_manually_renamed=keep_manually_renamed,
prefix=prefix)
ilog('opening "{}"'.format(flirt_path))
with open(flirt_path, 'rb') as f:
flirt = nampa.parse_flirt_file(f)
ilog('signature name: "{}"'.format(flirt.header.library_name))
ilog('processing...')
for funk in bv.functions:
f_start = funk.start
f_end = get_function_end(funk)
buff = bytes(
bv.read(f_start, f_end - f_start + FUNCTION_TAIL_LENGTH))
nampa.match_function(flirt, buff, f_start, callback)
# ff = [f.start for f in bv.functions] + [bv.end]
# for f_start, f_end in zip(ff[:-1], ff[1:]):
# buff = bytes(bv.read(f_start, f_end - f_start))
# nampa.match_function(flirt, buff, f_start, callback)
ilog('done :B')
def _match_all_against_one_signature(self, sig: FlirtSignature):
# match each function
self._suggestions = {}
with open(sig.sig_path, "rb") as sigfile:
flirt = nampa.parse_flirt_file(sigfile)
for func in self.project.kb.functions.values():
func: 'Function'
if func.is_simprocedure or func.is_plt:
continue
if not func.is_default_name:
# it already has a name. skip
continue
start = func.addr
if self._is_arm:
start = start & 0xffff_fffe
max_block_addr = max(func.block_addrs_set)
end_block = func.get_block(max_block_addr)
end = max_block_addr + end_block.size
if self._is_arm:
end = end & 0xffff_fffe
# load all bytes
func_bytes = self.project.loader.memory.load(
start, end - start + 0x100)
_callback = partial(self._on_func_matched, func)
nampa.match_function(flirt, func_bytes, start, _callback)
def run(self,arg):
identified_func={}
for func_ea in idautils.Functions():
#get the function name
function_name=idc.GetFunctionName(func_ea)
print function_name
if not function_name.startswith("sub_"):
continue
func_byteStr32=""
func_str=idc.GetManyBytes(func_ea, 32)
for fb in func_str:
byte_str=binascii.b2a_hex(fb)
func_byteStr32+=byte_str
print func_byteStr32
match_result=nampa.match_function(sig,func_byteStr32)
print match_result
if match_result[0]:
function_names=''
for function_name in match_result[1]:
if len(function_names)==0:
function_names=function_name
continue
function_names=function_names+"_"+function_name
#set the function name
num=0
print identified_func
if identified_func.has_key(function_names):
num=identified_func[function_names]
num+=1
identified_func[function_names]=num
else:
identified_func[function_names]=num
function_names=function_names+str(num)
idc.MakeName(func_ea,function_names)
warning("Ida plugin run(%d) called.\n"%arg)
def identify_lib_func(self):
self.ident_flag = False
func_buf = self.byteStr32
match_result = nampa.match_function(self._function_manager.sig,
func_buf)
if match_result[0]:
function_names = ''
for function_name in match_result[1]:
if len(function_names) == 0:
function_names = function_name
continue
function_names = function_names + " or " + function_name
self._name = function_names
return match_result
def get_funcs(filename, fm_fast, lib_sig):
total_func = 0
lib_func = 0
total_func_size = 0
lib_func_size = 0
for function_addr in fm_fast:
total_func = total_func + 1
function = fm_fast.function(function_addr)
function_size = function.size
func_buf = function.byteStr32
total_func_size = total_func_size + function_size
match_result = nampa.match_function(lib_sig, func_buf)
if match_result[0]:
lib_func = lib_func + 1
lib_func_size = lib_func_size + function_size
print filename, total_func, lib_func, total_func_size, lib_func_size
def main(fpath):
sig = nampa.parse_flirt_pat_file(open(fpath,'r'))
#for child in sig.root.children:
#recurse_err(child, level=0)
buf='23025001F991B5F82B02780BF5F3FB952000D001461646071D8CD0FB2D00BDF8'
print(nampa.match_function(sig,buf))
