我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用idaapi.BADADDR。
def find_unusual_xors(functions): # TODO find xors in tight loops candidate_functions = [] for fva in functions: cva = fva while cva != idaapi.BADADDR and cva < idc.FindFuncEnd(fva): if idc.GetMnem(cva) == "xor": if idc.GetOpnd(cva, 0) != idc.GetOpnd(cva, 1): g_logger.debug("suspicious XOR instruction at 0x%08X in function 0x%08X: %s", cva, fva, idc.GetDisasm(cva)) ph = idc.PrevHead(cva) nh = idc.NextHead(cva) ip = idc.GetDisasm(ph) ia = idc.GetDisasm(nh) if ip and ia: g_logger.debug("Instructions: %s; %s; %s", ip, idc.GetDisasm(cva), ia) if ph or nh: if is_security_cookie(cva, ph, nh): g_logger.debug("XOR related to security cookie: %s", idc.GetDisasm(cva)) else: g_logger.debug("unusual XOR: %s", idc.GetDisasm(cva)) candidate_functions.append(fva) break cva = idc.NextHead(cva) return candidate_functions
def extract_addresses(self): '''A set of addresses associated with the line''' anchor = idaapi.ctree_anchor_t() line = copy(self.widget.line) addresses = set() while len(line) > 0: skipcode_index = idaapi.tag_skipcode(line) if skipcode_index == 0: # No code found line = line[1:] # Skip one character ahead else: if tag_addrcode(line): addr_tag = int(line[2:skipcode_index], 16) anchor.value = addr_tag if anchor.is_citem_anchor() \ and not anchor.is_blkcmt_anchor(): address = self.parent.treeitems.at(addr_tag).ea if address != idaapi.BADADDR: addresses.add(address) line = line[skipcode_index:] # Skip the colorcodes return addresses
def notify_auto_empty_finally(self): """ Info: all analysis queues are empty definitively """ ss = strwinsetup_t() ss.minlen = 7 ss.strtypes = 9 ss.ignore_heads = 1 ss.ea1 = 0 SetLongPrm(INF_STRTYPE, ASCSTR_UNICODE) set_strlist_options(ss) refresh_strlist(0, BADADDR) si = string_info_t() for i in range(get_strlist_qty()): if get_strlist_item(i, si): if not isCode(GetFlags(si.ea)): ea = get_start(si.ea) s = make_str(ea) hd = ItemHead(si.ea) do_unknown(hd, 0) make_ascii_string(ea, len(s) + 1, ASCSTR_UNICODE) MakeRptCmt(ea, "\"%s\"" % s)
def find_shifts(functions): candidate_functions = {} # TODO better to compare number of shifts to overall instruction count? # TODO find shifts in tight loops shift_mnems = set(["shl", "shr", "sar", "sal", "rol", "ror"]) shift_mnems_len = len(shift_mnems) for fva in functions: found_shifts = set([]) cva = fva while cva != idaapi.BADADDR and cva < idc.FindFuncEnd(fva): i = idc.GetMnem(cva) if i in shift_mnems: found_shifts.add(i) g_logger.debug("shift instruction: %s va: 0x%x function: 0x%x", idc.GetDisasm(cva), cva, fva) cva = idc.NextHead(cva) candidate_functions[fva] = 1 - ((shift_mnems_len - len(found_shifts)) / float(shift_mnems_len)) return candidate_functions
def get_func_code_refs_from(func_ea, iaddrs): """Returns a set with the code references from this function""" code_refs = set() for addr in iaddrs: ref = idaapi.BADADDR for r in idautils.XrefsFrom(addr, idaapi.XREF_FAR): if r.iscode: to_func = idaapi.get_func(r.to) if not to_func or to_func.startEA != func_ea: ref = r.to else: ref = r.to if (ref != idaapi.BADADDR or idaapi.is_call_insn(addr) or idaapi.is_indirect_jump_insn(addr)): #print hex(i.addr), i, hex(ref) code_refs.add(ref) return code_refs
def __init__(self, start_ea, end_ea, node_id=idaapi.BADADDR): # node metadata self.size = end_ea - start_ea self.address = start_ea self.instruction_count = 0 # flowchart node_id self.id = node_id # parent function_metadata self.function = None # instruction addresses self.instructions = [] #---------------------------------------------------------------------- # collect metdata from the underlying database self._build_metadata() #-------------------------------------------------------------------------- # Metadata Population #--------------------------------------------------------------------------
def _init(self): """ Initialize plugin members. """ # plugin color palette self.palette = LighthousePalette() # the coverage engine self.director = CoverageDirector(self.palette) # the coverage painter self.painter = CoveragePainter(self.director, self.palette) # the coverage overview widget self._ui_coverage_overview = None # menu entry icons self._icon_id_file = idaapi.BADADDR self._icon_id_batch = idaapi.BADADDR self._icon_id_overview = idaapi.BADADDR # the directory to start the coverage file dialog in self._last_directory = idautils.GetIdbDir()
def _uninstall_load_file(self): """ Remove the 'File->Load file->Code coverage file...' menu entry. """ # remove the entry from the File-> menu result = idaapi.detach_action_from_menu( "File/Load file/", self.ACTION_LOAD_FILE ) if not result: return False # unregister the action result = idaapi.unregister_action(self.ACTION_LOAD_FILE) if not result: return False # delete the entry's icon idaapi.free_custom_icon(self._icon_id_file) self._icon_id_file = idaapi.BADADDR logger.info("Uninstalled the 'Code coverage file' menu entry")
def _uninstall_load_batch(self): """ Remove the 'File->Load file->Code coverage batch...' menu entry. """ # remove the entry from the File-> menu result = idaapi.detach_action_from_menu( "File/Load file/", self.ACTION_LOAD_BATCH ) if not result: return False # unregister the action result = idaapi.unregister_action(self.ACTION_LOAD_BATCH) if not result: return False # delete the entry's icon idaapi.free_custom_icon(self._icon_id_batch) self._icon_id_batch = idaapi.BADADDR logger.info("Uninstalled the 'Code coverage batch' menu entry")
def list(cls, **type): """List all of the names in the database that match ``type``. Search can be constrained by the named argument ``type``. like = glob match against name ea, address = name is at address name = exact name match regex = regular-expression against name index = name at index pred = function predicate """ res = __builtin__.list(cls.__iterate__(**type)) maxindex = max(res or [1]) maxaddr = max(__builtin__.map(idaapi.get_nlist_ea, res) or [idaapi.BADADDR]) cindex = math.ceil(math.log(maxindex)/math.log(10)) caddr = math.floor(math.log(maxaddr)/math.log(16)) for index in res: print "[{:>{:d}d}] {:0{:d}x} {:s}".format(index, int(cindex), idaapi.get_nlist_ea(index), int(caddr), idaapi.get_nlist_name(index)) return
def list(cls, **type): """List all of the imports in the database that match ``type``. Search can be constrained by the named argument ``type``. like = glob match against import short name ea, address = import is at address fullname = glob match against import long name -> MODULE!function module = glob match against module ordinal = exact match against import ordinal number name = exact match against import name regex = regular-expression against import name index = import name at index pred = function predicate """ res = __builtin__.list(cls.iterate(**type)) maxaddr = max(__builtin__.map(utils.first, res) or [idaapi.BADADDR]) maxmodule = max(__builtin__.map(utils.compose(utils.second, utils.first, len), res) or ['']) caddr = math.floor(math.log(maxaddr)/math.log(16)) cordinal = max(__builtin__.map(utils.compose(utils.second, operator.itemgetter(2), "{:d}".format, len), res) or [1]) for ea,(module,name,ordinal) in res: print "{:0{:d}x} {:s}<{:<d}>{:s} {:s}".format(ea, int(caddr), module, ordinal, ' '*(cordinal-len("{:d}".format(ordinal)) + (maxmodule-len(module))), name) return
def dissolve(cls, flag, typeid, size): dt = flag & cls.FF_MASKSIZE sf = -1 if flag & idaapi.FF_SIGN == idaapi.FF_SIGN else +1 if dt == idaapi.FF_STRU and isinstance(typeid,six.integer_types): # FIXME: figure out how to fix this recursive module dependency t = sys.modules.get('structure', __import__('structure')).instance(typeid) sz = t.size return t if sz == size else [t,size // sz] if dt not in cls.inverted: logging.warn("{:s}.dissolve({!r}, {!r}, {!r}) : Unable to identify a pythonic type.".format('.'.join(('internal',__name__,cls.__name__)), dt, typeid, size)) t,sz = cls.inverted[dt] # if the type and size are the same, then it's a string or pointer type if not isinstance(sz,six.integer_types): count = size // idaapi.get_data_elsize(idaapi.BADADDR, dt, idaapi.opinfo_t()) return [t,count] if count > 1 else t # if the size matches, then we assume it's a single element elif sz == size: return t,(sz*sf) # otherwise it's an array return [(t,sz*sf),size // sz]
def populate(self): address = self.address while True: if Const.EA64: func_address = idaapi.get_64bit(address) else: func_address = idaapi.get_32bit(address) if Helper.is_code_ea(func_address): self.virtual_functions.append(VirtualFunction(func_address, address - self.address)) elif Helper.is_imported_ea(func_address): self.virtual_functions.append(ImportedVirtualFunction(func_address, address - self.address)) else: break address += Const.EA_SIZE if idaapi.get_first_dref_to(address) != idaapi.BADADDR: break
def revise_syscall(rename=False): if not rename: print('Change the function name with `CGCHeler.revise_syscall(True)`.') # visit all instructions start_ea, end_ea = utils.get_seg_range('.text') eax = -1 ip = start_ea while ip < end_ea and ip != idaapi.BADADDR: if 'int' in idc.GetMnem(ip) and '80h' == idc.GetOpnd(ip, 0): if eax != -1: # fix comment and function name print('{}: {}'.format(hex(ip), syscall_table[eax])) idc.MakeComm(ip, 'CGC syscall: {}'.format(syscall_table[eax])) if rename: print('Change {} to {}'.format(idc.GetFunctionName(ip), syscall_table[eax])) idc.MakeName(idc.GetFunctionAttr(ip, idc.FUNCATTR_START), syscall_table[eax]) elif 'mov' in idc.GetMnem(ip) and 'eax' == idc.GetOpnd(ip, 0) and 5 == idc.GetOpType(ip, 1): value = idc.GetOpnd(ip, 1) if re.search('^[0-9]+$', value) != None: eax = int(value) if eax > 7 or eax < 1: eax = -1 ip = idc.NextHead(ip)
def Heads(start=None, end=None): """ Get a list of heads (instructions or data) @param start: start address (default: inf.minEA) @param end: end address (default: inf.maxEA) @return: list of heads between start and end """ if not start: start = idaapi.cvar.inf.minEA if not end: end = idaapi.cvar.inf.maxEA ea = start if not idc.isHead(idc.GetFlags(ea)): ea = idaapi.next_head(ea, end) while ea != idaapi.BADADDR: yield ea ea = idaapi.next_head(ea, end)
def StructMembers(sid): """ Get a list of structure members information (or stack vars if given a frame). @param sid: ID of the structure. @return: List of tuples (offset, name, size) @note: If 'sid' does not refer to a valid structure, an exception will be raised. @note: This will not return 'holes' in structures/stack frames; it only returns defined structure members. """ m = idc.GetFirstMember(sid) if m == -1: raise Exception("No structure with ID: 0x%x" % sid) while (m != idaapi.BADADDR): name = idc.GetMemberName(sid, m) if name: yield (m, name, idc.GetMemberSize(sid, m)) m = idc.GetStrucNextOff(sid, m)
def DeleteAll(): """ Delete all segments, instructions, comments, i.e. everything except values of bytes. """ ea = idaapi.cvar.inf.minEA # Brute-force nuke all info from all the heads while ea != BADADDR and ea <= idaapi.cvar.inf.maxEA: idaapi.del_local_name(ea) idaapi.del_global_name(ea) func = idaapi.get_func(ea) if func: idaapi.del_func_cmt(func, False) idaapi.del_func_cmt(func, True) idaapi.del_func(ea) idaapi.del_hidden_area(ea) seg = idaapi.getseg(ea) if seg: idaapi.del_segment_cmt(seg, False) idaapi.del_segment_cmt(seg, True) idaapi.del_segm(ea, idaapi.SEGDEL_KEEP | idaapi.SEGDEL_SILENT) ea = idaapi.next_head(ea, idaapi.cvar.inf.maxEA)
def MakeStr(ea, endea): """ Create a string. This function creates a string (the string type is determined by the value of GetLongPrm(INF_STRTYPE)) @param ea: linear address @param endea: ending address of the string (excluded) if endea == BADADDR, then length of string will be calculated by the kernel @return: 1-ok, 0-failure @note: The type of an existing string is returned by GetStringType() """ return idaapi.make_ascii_string(ea, 0 if endea == BADADDR else endea - ea, GetLongPrm(INF_STRTYPE))
def LocByNameEx(fromaddr, name): """ Get linear address of a name @param fromaddr: the referring address. Allows to retrieve local label addresses in functions. If a local name is not found, then address of a global name is returned. @param name: name of program byte @return: address of the name (BADADDR - no such name) @note: Dummy names (like byte_xxxx where xxxx are hex digits) are parsed by this function to obtain the address. The database is not consulted for them. """ return idaapi.get_name_ea(fromaddr, name)
def SegByBase(base): """ Get segment by segment base @param base: segment base paragraph or selector @return: linear address of the start of the segment or BADADDR if no such segment """ sel = idaapi.find_selector(base) seg = idaapi.get_segm_by_sel(sel) if seg: return seg.startEA else: return BADADDR
def NameEx(fromaddr, ea): """ Get visible name of program byte This function returns name of byte as it is displayed on the screen. If a name contains illegal characters, IDA replaces them by the substitution character during displaying. See IDA.CFG for the definition of the substitution character. @param fromaddr: the referring address. May be BADADDR. Allows to retrieve local label addresses in functions. If a local name is not found, then a global name is returned. @param ea: linear address @return: "" - byte has no name """ name = idaapi.get_name(fromaddr, ea) if not name: return "" else: return name
def GetStringType(ea): """ Get string type @param ea: linear address @return: One of ASCSTR_... constants """ ti = idaapi.opinfo_t() if idaapi.get_opinfo(ea, 0, GetFlags(ea), ti): return ti.strtype else: return None # The following functions search for the specified byte # ea - address to start from # flag is combination of the following bits # returns BADADDR - not found
def FindBinary(ea, flag, searchstr, radix=16): """ @param ea: start address @param flag: combination of SEARCH_* flags @param searchstr: a string as a user enters it for Search Text in Core @param radix: radix of the numbers (default=16) @return: ea of result or BADADDR if not found @note: Example: "41 42" - find 2 bytes 41h,42h (radix is 16) """ endea = flag & 1 and idaapi.cvar.inf.maxEA or idaapi.cvar.inf.minEA return idaapi.find_binary(ea, endea, searchstr, radix, flag) #---------------------------------------------------------------------------- # G L O B A L S E T T I N G S M A N I P U L A T I O N #----------------------------------------------------------------------------
def MakeFunction(start, end = idaapi.BADADDR): """ Create a function @param start: function bounds @param end: function bounds If the function end address is BADADDR, then IDA will try to determine the function bounds automatically. IDA will define all necessary instructions to determine the function bounds. @return: !=0 - ok @note: an instruction should be present at the start address """ return idaapi.add_func(start, end)
def FindFuncEnd(ea): """ Determine a new function boundaries @param ea: starting address of a new function @return: if a function already exists, then return its end address. If a function end cannot be determined, the return BADADDR otherwise return the end address of the new function """ func = idaapi.func_t() res = idaapi.find_func_bounds(ea, func, idaapi.FIND_FUNC_DEFINE) if res == idaapi.FIND_FUNC_UNDEF: return BADADDR else: return func.endEA
def GetFirstStrucIdx(): """ Get index of first structure type @return: BADADDR if no structure type is defined index of first structure type. Each structure type has an index and ID. INDEX determines position of structure definition in the list of structure definitions. Index 1 is listed first, after index 2 and so on. The index of a structure type can be changed any time, leading to movement of the structure definition in the list of structure definitions. ID uniquely denotes a structure type. A structure gets a unique ID at the creation time and this ID can't be changed. Even when the structure type gets deleted, its ID won't be resued in the future. """ return idaapi.get_first_struc_idx()
def GetStrucNextOff(sid, offset): """ Get next offset in a structure @param sid: structure type ID @param offset: current offset @return: -1 if bad structure type ID is passed, idaapi.BADADDR if no (more) offsets in the structure, otherwise returns next offset in a structure. @note: IDA allows 'holes' between members of a structure. It treats these 'holes' as unnamed arrays of bytes. This function returns a member offset or a hole offset. It will return size of the structure if input 'offset' belongs to the last member of the structure. @note: Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc... """ s = idaapi.get_struc(sid) return -1 if not s else idaapi.get_struc_next_offset(s, offset)
def GetLastMember(sid): """ Get offset of the last member of a structure @param sid: structure type ID @return: -1 if bad structure type ID is passed, idaapi.BADADDR if structure has no members, otherwise returns offset of the last member. @note: IDA allows 'holes' between members of a structure. It treats these 'holes' as unnamed arrays of bytes. @note: Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc... """ s = idaapi.get_struc(sid) if not s: return -1 return idaapi.get_struc_last_offset(s)
def AddStrucEx(index, name, is_union): """ Define a new structure type @param index: index of new structure type If another structure has the specified index, then index of that structure and all other structures will be incremented, freeing the specifed index. If index is == -1, then the biggest index number will be used. See GetFirstStrucIdx() for the explanation of structure indices and IDs. @param name: name of the new structure type. @param is_union: 0: structure 1: union @return: -1 if can't define structure type because of bad structure name: the name is ill-formed or is already used in the program. otherwise returns ID of the new structure type """ if index == -1: index = BADADDR return idaapi.add_struc(index, name, is_union)
def NextFchunk(ea): """ Get next function chunk @param ea: any address @return: the starting address of the next function chunk or BADADDR @note: This function enumerates all chunks of all functions in the database """ func = idaapi.get_next_fchunk(ea) if func: return func.startEA else: return BADADDR
def PrevFchunk(ea): """ Get previous function chunk @param ea: any address @return: the starting address of the function chunk or BADADDR @note: This function enumerates all chunks of all functions in the database """ func = idaapi.get_prev_fchunk(ea) if func: return func.startEA else: return BADADDR
def GetConstEx(enum_id, value, serial, bmask): """ Get id of constant @param enum_id: id of enum @param value: value of constant @param serial: serial number of the constant in the enumeration. See OpEnumEx() for details. @param bmask: bitmask of the constant ordinary enums accept only -1 as a bitmask @return: id of constant or -1 if error """ if bmask < 0: bmask &= BADADDR return idaapi.get_enum_member(enum_id, value, serial, bmask)
def GetPrevConst(enum_id, value, bmask): """ Get prev constant in the enum @param enum_id: id of enum @param bmask : bitmask of the constant ordinary enums accept only -1 as a bitmask @param value: value of the current constant @return: value of a constant with value lower than the specified value. -1 no such constants exist. All constants are sorted by their values as unsigned longs. """ if bmask < 0: bmask &= BADADDR return idaapi.get_prev_enum_member(enum_id, value, bmask)
def AddEnum(idx, name, flag): """ Add a new enum type @param idx: serial number of the new enum. If another enum with the same serial number exists, then all enums with serial numbers >= the specified idx get their serial numbers incremented (in other words, the new enum is put in the middle of the list of enums). If idx >= GetEnumQty() or idx == -1 then the new enum is created at the end of the list of enums. @param name: name of the enum. @param flag: flags for representation of numeric constants in the definition of enum. @return: id of new enum or BADADDR """ if idx < 0: idx = idx & SIZE_MAX return idaapi.add_enum(idx, name, flag)
def DelConstEx(enum_id, value, serial, bmask): """ Delete a member of enum - a symbolic constant @param enum_id: id of enum @param value: value of symbolic constant. @param serial: serial number of the constant in the enumeration. See OpEnumEx() for for details. @param bmask: bitmask of the constant ordinary enums accept only -1 as a bitmask @return: 1-ok, 0-failed """ if bmask < 0: bmask &= BADADDR return idaapi.del_enum_member(enum_id, value, serial, bmask)
def SetRegValue(value, name): """ Set register value @param name: the register name @param value: new register value @note: The debugger should be running It is not necessary to use this function to set register values. A register name in the left side of an assignment will do too. """ rv = idaapi.regval_t() if type(value) == types.StringType: value = int(value, 16) elif type(value) != types.IntType and type(value) != types.LongType: print "SetRegValue: value must be integer!" return BADADDR if value < 0: #ival_set cannot handle negative numbers value &= 0xFFFFFFFF rv.ival = value return idaapi.set_reg_val(name, rv)
def finish_populating_tform_popup(self, form, popup): # disassembly window if idaapi.get_tform_type(form) == idaapi.BWN_DISASMS: if get_cursor_func_ref() == idaapi.BADADDR: return idaapi.attach_action_to_popup( form, popup, funcref_t.ACTION_COPY ) # functions window elif idaapi.get_tform_type(form) == idaapi.BWN_FUNCS: idaapi.attach_action_to_popup(form, popup, funcref_t.ACTION_BULK, "Copy All", idaapi.SETMENU_INS) return 0
def hxe_callback(self, event, *args): if event == idaapi.hxe_populating_popup: form, popup, vu = args if get_cursor_func_ref() == idaapi.BADADDR: return 0 idaapi.attach_action_to_popup( form, popup, funcref_t.ACTION_COPY, "Rename global item", idaapi.SETMENU_APP ) return 0
def createenum(self, symbols): """ Given full symbols and addresses create an enum name with the library name (the string before !) Some constants will fail due to weird characters in symbols used by MS. eg( `$) symbols: (dict) A set of symbols and addresses that have been cleaned. """ enum_name = symbols.keys()[0].split('!')[0] enum = idc.AddEnum(0, enum_name, idaapi.hexflag()) if enum == idaapi.BADADDR: print "[!] Failed to create enum: %s\n" % enum_name return for symbol, address in symbols.iteritems(): # "ADVAPI32!RegCreateKeyExWStub": "0xffff8007be2f89f0" org_symb = symbol symbol = str(symbol.split('!')[1].encode('utf-8')) symbol = symbol.strip() symbol = 's_'+symbol address = int(address,16) ret = idc.AddConstEx(enum, symbol, address, -1) if ret !=0: print "[!] Failed to create constant for symbol %s - (%s). %s" % (org_symb,symbol,ENUM_ERRORS[ret]) continue self.enums[address] = enum print "[+] Finished adding enum %s\n" % enum_name
def output_symbols(out): """Dump symbols.""" try: from idaapi import get_func_name2 as get_func_name # Since get_func_name is deprecated (at least from IDA 6.9) except ImportError: from idaapi import get_func_name # Older versions of IDA don't have get_func_name2 # so we just use the older name get_func_name def func_name_propagate_thunk(ea): current_name = get_func_name(ea) if current_name[0].isalpha(): return current_name func = idaapi.get_func(ea) temp_ptr = idaapi.ea_pointer() ea_new = idaapi.BADADDR if func.flags & idaapi.FUNC_THUNK == idaapi.FUNC_THUNK: ea_new = idaapi.calc_thunk_func_target(func, temp_ptr.cast()) if ea_new != idaapi.BADADDR: ea = ea_new propagated_name = get_func_name(ea) or '' # Ensure it is not `None` if len(current_name) > len(propagated_name) > 0: return propagated_name else: return current_name # Fallback to non-propagated name for weird times that IDA gives # a 0 length name, or finds a longer import name for ea in idautils.Segments(): fs = idautils.Functions(idc.SegStart(ea), idc.SegEnd(ea)) for f in fs: out.write('("%s" 0x%x 0x%x)\n' % ( func_name_propagate_thunk(f), idc.GetFunctionAttr(f, idc.FUNCATTR_START), idc.GetFunctionAttr(f, idc.FUNCATTR_END)))
def add_starts(self, bap): syms = [] for line in bap.syms: heappush(syms, int(line, 16)) for i in range(len(syms)): idaapi.add_func(heappop(syms), idaapi.BADADDR) idc.Refresh() idaapi.refresh_idaview_anyway()
def _del_action_recursive(self): """ Delete the recursive rename action from IDA. """ idaapi.unregister_action(self.ACTION_RECURSIVE) idaapi.free_custom_icon(self._recursive_icon_id) self._recursive_icon_id = idaapi.BADADDR #------------------------------------------------------------------------------ # Plugin Hooks #------------------------------------------------------------------------------
def recursive_prefix_cursor(): """ Recursive prefix under the user cursor. """ # get the function reference under the user cursor (if there is one) target = get_cursor_func_ref() if target == idaapi.BADADDR: return # execute the recursive prefix recursive_prefix(target)
def bulk_prefix(): """ Prefix the Functions window selection with a user defined string. """ # NOTE / COMPAT: # prompt the user for a prefix to apply to the selected functions if using_ida7api: tag = idaapi.ask_str(PREFIX_DEFAULT, 0, "Function Tag") else: tag = idaapi.askstr(0, PREFIX_DEFAULT, "Function Tag") # the user closed the window... ignore if tag == None: return # the user put a blank string and hit 'okay'... notify & ignore elif tag == '': idaapi.warning("[ERROR] Tag cannot be empty [ERROR]") return # # loop through all the functions selected in the 'Functions window' and # apply the user defined prefix tag to each one. # for func_name in get_selected_funcs(): # ignore functions that already have the specified prefix applied if func_name.startswith(tag): continue # apply the user defined prefix to the function (rename it) new_name = '%s%s%s' % (str(tag), PREFIX_SEPARATOR, func_name) func_addr = idaapi.get_name_ea(idaapi.BADADDR, func_name) idaapi.set_name(func_addr, new_name, idaapi.SN_NOWARN) # refresh the IDA views refresh_views()
def notify_calc_step_over(self, ip): """ Calculate the address of the instruction which will be executed after "step over". The kernel will put a breakpoint there. If the step over is equal to step into or we can not calculate the address, return BADADDR. args: ip - instruction address returns: target or BADADDR """ return idaapi.BADADDR
def highlight_instructions(highlighters): ea = idc.NextHead(0) while ea != idaapi.BADADDR: for h in highlighters: h.highlight(ea) ea = idc.NextHead(ea)
def code_search(ea, val): """Search forward for the next occurance of val. Return None if no match.""" res = idc.FindBinary(ea, idc.SEARCH_DOWN, val) if res == idaapi.BADADDR: return None else: return res
def _uninstall_open_coverage_overview(self): """ Remove the 'View->Open subviews->Coverage Overview' menu entry. """ # remove the entry from the View-> menu result = idaapi.detach_action_from_menu( "View/Open subviews/Hex dump", self.ACTION_COVERAGE_OVERVIEW ) if not result: return False # unregister the action result = idaapi.unregister_action(self.ACTION_COVERAGE_OVERVIEW) if not result: return False # delete the entry's icon idaapi.free_custom_icon(self._icon_id_overview) self._icon_id_overview = idaapi.BADADDR logger.info("Uninstalled the 'Coverage Overview' menu entry") #-------------------------------------------------------------------------- # UI - Actions #--------------------------------------------------------------------------
def by_name(name): '''Return the function with the name ``name``.''' ea = idaapi.get_name_ea(-1, name) if ea == idaapi.BADADDR: raise LookupError("{:s}.by_name({!r}) : Unable to locate function".format(__name__, name)) return idaapi.get_func(ea)
def add(start, **end): """Make a function at the address ``start``. If the address ``end`` is specified, then stop processing the function at it's address. """ start = interface.address.inside(start) end = end.get('end', idaapi.BADADDR) ok = idaapi.add_func(start, end) idaapi.autoWait() return ok
