def analyze_external_refs(ea_from, ea_to, increment, analysing_base, analysing_size):
# print >> sys.stderr, 'analyze_external_refs(%08X, %08X, %08X, %08X, %08X)' % \
# (ea_from, ea_to, increment, analysing_base, analysing_size)
rv = rpc.AnalyzeExternalRefsResult()
if ea_from > ea_to:
print >> sys.stderr, 'Invalid arguments passed'
return rv
mem = safe_read_chunked_memory_region_as_one(ea_from, ea_to - ea_from)
if not mem:
print >> sys.stderr, 'Unable to read specified memory (0x%08X - 0x%08X)' % (ea_from, ea_to)
return rv
mem = buffer(mem[1])
intptr_size = struct.calcsize("<I")
main_module_name = api.Findmodule(analysing_base)
if main_module_name is None:
main_module_name = ''
else:
main_module_name = path.splitext(path.basename(main_module_name.path))[0].lower()
th = api.Findthread(api.Getcputhreadid())
r = api.ulongArray.frompointer(th.reg.r)
rv.context.eax = r[api.REG_EAX]
rv.context.ecx = r[api.REG_ECX]
rv.context.edx = r[api.REG_EDX]
rv.context.ebx = r[api.REG_EBX]
rv.context.esp = r[api.REG_ESP]
rv.context.ebp = r[api.REG_EBP]
rv.context.esi = r[api.REG_ESI]
rv.context.edi = r[api.REG_EDI]
rv.context.rip = th.reg.ip
global modules_exports
scan_for_ref_api_calls(ea_from, ea_to, increment, rv=rv, mem=mem, base=analysing_base)
used_addrs = set([])
for ea in xrange(ea_from, ea_to, increment):
try:
if ea in used_addrs:
continue
l = ea_to - ea
off = ea - ea_from
if l < intptr_size:
break
addr = struct.unpack_from("<I", mem, off)[0]
if addr not in modules_exports:
continue
symb = modules_exports[addr]
module_name, proc_name = symb.split('.')
if module_name == main_module_name:
continue
v = rv.api_constants.add()
v.ea = ea
v.module = module_name
v.proc = proc_name
except Exception as exc:
print >> sys.stderr, 'Exception: %r\r\n%s' % (exc, traceback.format_exc().replace('\n', '\r\n'))
print 'AnalyzeExternalRefs: found %u' % len(rv.api_constants)
print rv
return rv
def get_ea(self):
th = oa.Findthread(oa.Getcputhreadid())
if th is None:
return
return th.reg.ip