def OnCommand(self, n, cmd): if cmd == self.show_all_toggle_cmd: if self.min_xrefs == self.MIN_XREFS: self.min_xrefs = 0 if self.min_xrefs != self.MIN_XREFS: self.min_xrefs = self.MIN_XREFS if self.must_have_loop == self.MUST_HAVE_LOOP: self.must_have_loop = False else: self.must_have_loop = self.MUST_HAVE_LOOP elif cmd == self.rename_cmd: response = ida_shims.ask_yn( 0, "Are you sure you want to rename all 'sub_XXXXXX' functions " "to 'leaf_XXXXXX'?") if response: for item in self.items: # Is this a leaf function? if item[-1] is True: current_name = item[0] if current_name.startswith('sub_'): new_name = current_name.replace('sub_', 'leaf_') ida_shims.set_name( ida_shims.get_name_ea_simple(current_name), new_name) self.populate_items() return 0
def rename_functions(self, debug=True, dry_run=False): ''' Renames functions starting with "sub_" based on unique string xrefs. @debug - Set to False to suppress debug output. @dry_run - Set to True to perform a dry run (functions will not actually be renamed). Returns the number of renamed functions. ''' count = 0 for (function_address, function_name) in self.func2str_mappings().items(): if ida_shims.get_name(function_address).startswith("sub_"): if dry_run or ida_shims.set_name(function_address, function_name): if debug: print("0x%.8X => %s" % (function_address, function_name)) count += 1 if debug: print("Renamed %d functions based on unique string xrefs!" % count) return count
def rename_regex(self, n, regex_str="", dryrun=False): count = 0 if not regex_str: regex_str = idc.AskStr("", "Regex rename rule") if regex_str: if dryrun: print "Testing regex rename rule: '%s'" % regex_str regex = re.compile(regex_str) # Look at all the profiled functions for (function, xrefs) in self.profile.functions.iteritems(): new_function_name = "" # Don't rename functions that have already been renamed if not idc.Name(function).startswith("sub_"): continue # Look through all the strings referenced by this function for string in [x.string for x in xrefs if x.type == str]: # Does the string match the given regex? m = regex.search(string) if m: # Take the last group from the regex match potential_function_name = m.groups()[-1].split(" ")[0] # Replace common bad chars with underscores for c in ['-', '>']: potential_function_name = \ potential_function_name.replace(c, '_') if idaapi.isident(potential_function_name) and \ '%' not in potential_function_name: if len(potential_function_name) > len( new_function_name): new_function_name = potential_function_name if new_function_name: # Append _n to the function name, if it already exists n = 1 orig_new_function_name = new_function_name while idc.LocByName(new_function_name) != idc.BADADDR: new_function_name = "%s_%d" % (orig_new_function_name, n) n += 1 if dryrun: print "%s => %s" % (idc.Name(function), new_function_name) count += 1 else: if ida_shims.set_name(function, new_function_name): count += 1 print "Renamed %d functions" % count
def parse_function_tables(self): count = 0 for pattern in self.search(): name2func = {} ea = pattern.start while ea < pattern.stop: string_address = ida_shims.get_wide_dword( ea + (pattern.name_element * pattern.element_size)) function_address = ida_shims.get_wide_dword( ea + (pattern.function_element * pattern.element_size)) new_function_name = ida_shims.get_strlit_contents( string_address).decode("utf8") current_function_name = ida_shims.get_name(function_address) if not self.valid_function_name(new_function_name): print("ERROR: '%s' is not a valid function name. This is " \ "likely not a function table, or I have parsed it " \ "incorrectly!" % new_function_name) print(" Ignoring all entries in the structures " \ "between 0x%X and 0x%X.\n" % (pattern.start, pattern.stop)) name2func = {} break elif current_function_name.startswith("sub_"): name2func[new_function_name] = function_address ea += (pattern.num_elements * pattern.element_size) for (name, address) in name2func.items(): print("0x%.8X => %s" % (address, name)) ida_shims.set_name(address, name) count += 1 print("Renamed %d functions!" % count)
def rename(self, ea, name): # Don't rely on the name in curfunc, it could have already been renamed curname = ida_shims.get_name(ea) # Don't rename if the name is a special identifier, or if the ea has # already been named if curname.startswith('sub_') and \ name.split('_')[0] not in \ ['sub', 'loc', 'unk', 'dword', 'word', 'byte']: # Don't rename if the name already exists in the IDB if ida_shims.get_name_ea_simple(name) == idc.BADADDR: if ida_shims.set_name(ea, name): ida_shims.set_func_flags( ea, (ida_shims.get_func_flags(ea) | idc.FUNC_LIB)) return 1 return 0
def rename_regex(self, n, regex_str="", dryrun=False): count = 0 if not regex_str: regex_str = idc.AskStr("", "Regex rename rule") if regex_str: if dryrun: print "Testing regex rename rule: '%s'" % regex_str regex = re.compile(regex_str) for (function, xrefs) in self.profile.functions.iteritems(): new_function_name = "" if not idc.Name(function).startswith("sub_"): continue for string in [x.string for x in xrefs if x.type == str]: m = regex.search(string) if m: potential_function_name = m.groups()[-1].split(" ")[0] for c in ['-', '>']: potential_function_name = \ potential_function_name.replace(c, '_') if idaapi.isident(potential_function_name) and \ '%' not in potential_function_name: if len(potential_function_name) > len(new_function_name): new_function_name = potential_function_name if new_function_name: # Append _n to the function name, if it already exists n = 1 orig_new_function_name = new_function_name while idc.LocByName(new_function_name) != idc.BADADDR: new_function_name = "%s_%d" % (orig_new_function_name, n) n += 1 if dryrun: print "%s => %s" % (idc.Name(function), new_function_name) count += 1 else: if ida_shims.set_name(function, new_function_name): count += 1 print "Renamed %d functions" % count
def pointify(self): counter = 0 print("Renaming pointers...", end=' ') for (name_ea, name) in idautils.Names(): for xref in idautils.XrefsTo(name_ea): xref_name = ida_shims.get_name(xref.frm) if xref_name and xref_name.startswith("off_"): i = 0 new_name = name + "_ptr" while ida_shims.get_name_ea_simple( new_name) != idc.BADADDR: new_name = name + "_ptr%d" % i i += 1 if ida_shims.set_name(xref.frm, new_name): counter += 1 #else: # print "Failed to create name '%s'!" % new_name print("renamed %d pointers" % counter)
def rename_function(self, n): new_name = ida_shims.ask_ident(self.items[n][0], "New function name") if new_name: ida_shims.set_name(self.items[n][3], new_name)