Python idc 模块,LocByName() 实例源码

我们从Python开源项目中,提取了以下12个代码示例,用于说明如何使用idc.LocByName()

项目:IBT    作者:pwnslinger    | 项目源码 | 文件源码
def main():
    ibt = IdaBackTracer()
    for ibt.api in ibt.send_api:
        adr = idc.LocByName(ibt.api)
        if ibt.api in ibt.xrefs:
            ibt.xrefs[ibt.api] = []
        ibt.xrefs[ibt.api] = CodeRefsTo(adr, 1)

    for ibt.api, ref in ibt.xrefs.iteritems():
        for  address in list(ref):
            if ibt.api == "WSASendTo":
                arg_adr = ibt.get_arg(address, 2)
                print idc.GetDisasm(address)
                print idc.GetDisasm(arg_adr)
                print GetOpnd(arg_adr, 0)

                # TODO: Add trace function for none reg arguments like push 0, push [eax], push [0x40000000]
                if GetOpnd(arg_adr, 0) in ibt.registers:
                    ibt.trace_reg(arg_adr, GetOpnd(arg_adr, 0))                
                    #print '%d st occurance of %s in %s : %s'%(count[ibt.api], ibt.api, hex(adr),idc.GetDisasm(adr))
                    #print 'send buffer is %d arg of %s : %s' % (2, format(buffer,'%x'), idc.GetDisasm(buffer))
                    #ibt.trace_reg(buffer,GetOpnd(buffer, 0))
项目:idascripts    作者:ctfhacker    | 项目源码 | 文件源码
def getMajorDispatchTableAddress():
    """find quicktime major dispatch table"""
    res = idc.LocByName('theQuickTimeDispatcher')
    res = nextMnemonic(res, 'lea', idc.GetFunctionAttr(res, idc.FUNCATTR_END))
    assert res != idc.BADADDR
    return idc.GetOperandValue(res, 1)
项目:HexRaysPyTools    作者:igogo-x86    | 项目源码 | 文件源码
def get_virtual_func_address(name, tinfo=None, offset=None):
    """
    :param name: method name
    :param tinfo: class tinfo
    :param offset: virtual table offset
    :return: address of the method
    """

    address = idc.LocByName(name)

    if address != idaapi.BADADDR:
        return address

    address = demangled_names.get(name, idaapi.BADADDR)
    if address != idaapi.BADADDR:
        return address + idaapi.get_imagebase()

    if tinfo is None or offset is None:
        return

    offset *= 8
    udt_member = idaapi.udt_member_t()
    while tinfo.is_struct():
        address = demangled_names.get(tinfo.dstr() + '::' + name, idaapi.BADADDR)
        if address != idaapi.BADADDR:
            return address + idaapi.get_imagebase()
        udt_member.offset = offset
        tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)
        tinfo = udt_member.type
        offset = offset - udt_member.offset
项目:HexRaysPyTools    作者:igogo-x86    | 项目源码 | 文件源码
def update(self, name, tinfo):
        self.name = name
        self.tinfo = tinfo
        self.name_modified = False
        self.tinfo_modified = False

        self.base_address = idc.LocByName(self.name)
        if self.base_address != idaapi.BADADDR:
            self.base_address -= idaapi.get_imagebase()
项目:IBT    作者:pwnslinger    | 项目源码 | 文件源码
def check_init(self, adr):
        call_list, heap_flag = self.traverseCalls(adr)
        if heap_flag:
            return True
        for funcName in call_list:
            funcAddr = LocByName(funcName)
            return self.check_init(funcAddr)
        return False
项目:idasec    作者:RobinDavid    | 项目源码 | 文件源码
def serialize(self):
        s = str(self.target_field.text())
        if self.radio_addr.isChecked():
            try:
                int(s, 16)
            except ValueError:
                print "Bad address given"
                return None
        elif self.radio_routine.isChecked():
            addr = idc.LocByName(s)
            if addr == idc.BADADDR:
                print "Bad function name given"
                return None
        return specific_parameters_t()
项目:idasec    作者:RobinDavid    | 项目源码 | 文件源码
def run(self):
        # -- GUI stuff
        self.result_widget.set_actions_visible_and_enabled(False)
        self.set_progress_visible(True)
        # -----------

        # Refill the configuration file
        if self.configuration.ksteps != 0 and self.config_widget.radio_path_routine.isChecked():
            self.k = self.configuration.ksteps  # Use the ksteps given if making the path on the whole routine

        self.result_widget.webview.append("### Opaque predicates Detection ###\n")

        self.configuration.analysis_name = "static opaque"
        self.configuration.additional_parameters.typeid = self.configuration.additional_parameters.STANDARD

        target_val = str(self.config_widget.target_field.text())
        start_tps = time.time()
        if self.config_widget.radio_addr.isChecked():
            addr = utils.to_addr(target_val)
            self.process_routine(idaapi.get_func(addr).startEA, pred_addr=addr)
        elif self.config_widget.radio_routine.isChecked():
            addr = idc.LocByName(target_val)
            if addr == idc.BADADDR:
                addr = utils.to_addr(target_val)
            self.process_routine(addr)
        elif self.config_widget.radio_program.isChecked():
            self.process_program()
        else:
            pass

        self.exec_time_total = time.time() - start_tps - self.exec_time_dep
        self.analyse_finished = True
        self.broker.terminate()

        # -- GUI stuff
        self.result_widget.set_actions_visible_and_enabled(True)
        self.set_progress_visible(False)
        # ------------
        self.analysis_terminated()
项目:ida_func_ptr    作者:HandsomeMatt    | 项目源码 | 文件源码
def copy_function(addr):

    func_addr = idc.LocByName(idaapi.get_func_name(addr))
    if func_addr == idaapi.BADADDR:
        idaapi.msg("0x%08X does not belong to a defined function\n" % addr)
        return

    callTypes = ["__cdecl", "__fastcall", "__stdcall", "__thiscall", "__usercall"]

    funcDef = str(idaapi.decompile(func_addr)).split('\n', 1)[0]

    hasCallType = any(call_type in funcDef for call_type in callTypes)
    parenthesesStart = funcDef.find('(')
    parenthesesEnd = funcDef.rfind(')')
    funcNameStart = funcDef[0 : parenthesesStart].rfind(' ')
    funcNameEnd = parenthesesStart
    returnTypeStart = 0
    returnTypeEnd = funcNameStart

    callType = ""
    if hasCallType:
        callTypeStart = funcDef[0 : funcNameStart].rfind(' ')
        callType = funcDef[callTypeStart + 1 : funcNameStart]
        returnTypeEnd = callTypeStart
        if callType == "__cdecl":
            callType = ""

    returnType = funcDef[returnTypeStart : returnTypeEnd]
    funcName = funcDef[funcNameStart + 1 : parenthesesStart]
    args = funcDef[parenthesesStart + 1 : parenthesesEnd]

    finalString = "{0} ({1}* {2})({3}) = ({0}({1}*)({3}))({4});".format(
        returnType, callType, funcName, args, "0x%08X" % func_addr
    )

    return finalString
项目:ida_func_ptr    作者:HandsomeMatt    | 项目源码 | 文件源码
def bulk_function():
    functionPtrs = ""
    for func_name in get_selected_funcs():
        functionPtrDef = copy_function(idc.LocByName(func_name))
        functionPtrs = functionPtrs + functionPtrDef + "\n"
    copy_to_clip(functionPtrs)
    idaapi.msg(functionPtrs)
项目:shannonRE    作者:Comsecuris    | 项目源码 | 文件源码
def name_handlers(ea_from, ea_to):

    global COUNT

    addr = ea_from
    print "from: 0x%08x to: 0x%08x" % (addr, ea_to)
    while (addr < ea_to):

        func_to_name_ea = idc.Dword(addr) & 0xFFFFFFFE
        log_msg_ptr = idc.Dword(addr + 12)
        log_msg = idc.GetString(log_msg_ptr)

        #is that a function already?
        #There were 0 cases of this for our case
        if not idaapi.get_func(func_to_name_ea):
            print "There is no function at 0x%08x!" % func_to_name_ea
            idc.MakeFunction(func_to_name_ea)

        if "sms_Decode" in idc.GetFunctionName(func_to_name_ea) or "mm_Decode" in idc.GetFunctionName(func_to_name_ea) or "cc_Decode" in idc.GetFunctionName(func_to_name_ea) or "gmm_Decode" in idc.GetFunctionName(func_to_name_ea):
            print "Already named appropriately, don't overwrite"

        else:
            print "Naming %s based on %s as %s" % (idc.GetFunctionName(func_to_name_ea), log_msg, create_name(log_msg))
            COUNT += 1

            name = create_name(log_msg)

            # TODO: enable below naming
            ret = idc.LocByName(name)
            count = 1
            while (ret != 0xffffffff):
                count += 1
                ret = idc.LocByName(name + "__" + "%d" % count)
            idc.MakeName(func_to_name_ea, name + ("__%d" % count)*(count > 1))

        addr += 16
项目:shannonRE    作者:Comsecuris    | 项目源码 | 文件源码
def apply_labels(fun_names):
    new_sub = 0
    new_som = 0
    new_oth = 0

    named_overwrittens = []

    for f_ea, name in fun_names.iteritems():
        name = re.sub('[^a-zA-Z0-9_]+', '', name)
        curr_name = idaapi.get_func_name(f_ea)
        if curr_name.startswith("sub_"):
            new_sub += 1
        elif "_something" in curr_name:
            new_som += 1
        else:
            new_oth += 1
            named_overwrittens.append(curr_name)
            #so we don't overwrite these
            continue

        # stats counting aside, make sure we don't overwrite non-sub
        # functions from e.g. our IDC assignments
        if not curr_name.startswith("sub_") and not "_something" in curr_name:
            continue

        ret = idc.LocByName(name)
        count = 1
        while (ret != 0xffffffff):
            count += 1
            ret = idc.LocByName(name + "__" + "%d" % count)
        idc.MakeName(f_ea, name + ("__%d" % count)*(count > 1))
项目:shannonRE    作者:Comsecuris    | 项目源码 | 文件源码
def parse_mpu():
    """
    NOTE: to find this symbol, run find_mcr.py and look for the MPU config instructions.
    Backtrace that function to a wrapper; backtrace that one to the MPU initialization function,
    which calls the wrapper in a loop using values from an array. That array is MPU_region_configs.
    """
    mpu_struct_addr = idc.LocByName("MPU_region_configs")

    if mpu_struct_addr == 0xFFFFFFFF:
        print "NOTE: to find this symbol, run find_mcr.py and look for the MPU config instructions.\nBacktrace that function to a wrapper; backtrace that one to the MPU initialization function,\nwhich calls the wrapper in a loop using values from an array. That array is MPU_region_configs."
        return

    while(1):
        r = Region(mpu_struct_addr)
        if r.num == 0xFF:
            print "Delimiter found!"
            break
        else:
            r.pprint()          

        mpu_struct_addr += 40

    new_region = Region()
    new_region.set_DRNR(14)
    new_region.set_DRBAR(0x404E6000)    # mo_call_establishment_trace_setup_msg
    new_region.set_size(0b01011)        # 256*(2**4) aka 0x1000 aka 4096 bytes
    new_region.set_en(1)                # enabled
    new_region.set_TEX_C_B(0b001,0,0)   # non-cacheble
    new_region.set_XN(0)                # no XN bit
    new_region.set_AP(0b011)            # RW
    new_region.set_S(1)                 # shareable

    new_region.pprint()