我们从Python开源项目中,提取了以下17个代码示例,用于说明如何使用idaapi.autoWait()。
def main(): # This should be run before the renamer, as it will find and help define more functions func_added = runtime_init() info('Found and successfully created %d functions!' % func_added) # This should prevent the script from locking up due to the auto initalizer idaapi.autoWait() # Should be run after the function initializer, renamed = renamer_init() info('Found and successfully renamed %d functions!' % renamed) # Attempt to rename all function pointers after we have all the functions and proper function names pointers_renamed = pointer_renamer() info('Found and successfully renamed %d function pointers!' % pointers_renamed) # Attempt to find all string loading idioms strings_added = strings_init() info('Found and successfully created %d strings!' % strings_added)
def PLUGIN_ENTRY(): """ IDAPython plugin wrapper """ idaapi.autoWait() return SkelenoxPlugin()
def add(start, **end): """Make a function at the address ``start``. If the address ``end`` is specified, then stop processing the function at it's address. """ start = interface.address.inside(start) end = end.get('end', idaapi.BADADDR) ok = idaapi.add_func(start, end) idaapi.autoWait() return ok
def wait(): return idaapi.autoWait()
def check_address(address): # Checks if given address contains virtual table. Returns True if more than 2 function pointers found # Also if table's addresses point to code in executable section, than tries to make functions at that addresses functions_count = 0 while True: func_address = idaapi.get_64bit(address) if Const.EA64 else idaapi.get_32bit(address) # print "[INFO] Address 0x{0:08X}".format(func_address) if Helper.is_code_ea(func_address) or Helper.is_imported_ea(func_address): functions_count += 1 address += Const.EA_SIZE else: segment = idaapi.getseg(func_address) if segment and segment.perm & idaapi.SEGPERM_EXEC: idc.MakeUnknown(func_address, 1, idaapi.DOUNK_SIMPLE) if idc.MakeFunction(func_address): functions_count += 1 address += Const.EA_SIZE continue break idaapi.autoWait() return functions_count
def wait_for_analysis_to_finish(self): logger.debug("[+] waiting for analysis to finish...") idaapi.autoWait() idc.Wait() logger.debug("[+] analysis finished.")
def main(): if os.getenv("DIAPHORA_AUTO") is not None: file_out = os.getenv("DIAPHORA_EXPORT_FILE") if file_out is None: raise Exception("No export file specified!") use_decompiler = os.getenv("DIAPHORA_USE_DECOMPILER") if use_decompiler is None: use_decompiler = False idaapi.autoWait() if os.path.exists(file_out): if g_bindiff is not None: g_bindiff = None remove_file(file_out) log("Database %s removed" % repr(file_out)) bd = CIDABinDiff(file_out) bd.use_decompiler_always = use_decompiler bd.export() idaapi.qexit(0) else: _diff_or_export(True)
def Wait(): """ Process all entries in the autoanalysis queue Wait for the end of autoanalysis @note: This function will suspend execution of the calling script till the autoanalysis queue is empty. """ return idaapi.autoWait()
def set_start_stop(self, ftype): assert_ida_available() import idc import idaapi import idautils fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1) for x in idautils.Functions()} start = idc.BeginEA() stop = 0 if ftype == PE: start, stop = fun_mapping["start"] else: if not idc.isCode(idc.GetFlags(start)): if idc.MakeCode(start) == 0: print "Fail to decode instr !" idaapi.autoWait() if idc.GetFunctionName(start) == "": if idc.MakeFunction(start) == 0: print "Fail to create function !" idaapi.autoWait() fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1) for x in idautils.Functions()} if "main" in fun_mapping: start, stop = fun_mapping["main"] elif "start" in fun_mapping: if "__libc_start_main" in fun_mapping: instrs = list(idautils.FuncItems(fun_mapping["start"][0])) instrs.reverse() for inst in instrs: arg1 = idc.GetOperandValue(inst, 0) if idc.GetMnem(inst) == "push": start, stop = arg1, fun_mapping["start"][1] break else: start, stop = fun_mapping["start"] self.config.start, self.config.stop = start, stop
def disassemble_from_trace(self): try: index = self.traces_tab.currentIndex() trace = self.core.traces[self.id_map[index]] self.disassemble_button.setFlat(True) found_match = False for k, inst in trace.instrs.items(): if k in trace.metas: for name, arg1, arg2 in trace.metas[k]: if name == "wave": self.parent.log("LOG", "Wave n°%d encountered at (%s,%x) stop.." % (arg1, k, inst.address)) prev_inst = trace.instrs[k-1] idc.MakeComm(prev_inst.address, "Jump into Wave %d" % arg1) self.disassemble_button.setFlat(False) return # TODO: Check that the address is in the address space of the program if not idc.isCode(idc.GetFlags(inst.address)): found_match = True # TODO: Add an xref with the previous instruction self.parent.log("LOG", "Addr:%x not decoded as an instruction" % inst.address) if idc.MakeCode(inst.address) == 0: self.parent.log("ERROR", "Fail to decode at:%x" % inst.address) else: idaapi.autoWait() self.parent.log("SUCCESS", "Instruction decoded at:%x" % inst.address) if not found_match: self.parent.log("LOG", "All instruction are already decoded") self.disassemble_button.setFlat(False) except KeyError: print "No trace found to use"
def main(): base_addr = 0 ea = 0 idc.MakeFunction(ea) # heuristic while(true): mnemonic = idc.GetMnem(ea) if "LDR" in mnemonic: base_str = idc.GetOpnd(ea, 1) base_addr = int(base_str.split("=")[1], 16) break ea += 4 print("[+] rebasing to address 0x%x" % (base_addr)) idc.rebase_program(base_addr, idc.MSF_FIXONCE) idaapi.autoWait() segment_start = base_addr segment_end = idc.GetSegmentAttr(segment_start, idc.SEGATTR_END) ea = segment_start print("[+] searching and defining functions") while ea != idc.BADADDR: ea = idc.FindBinary(ea, idc.SEARCH_DOWN, "BF A9", 16) if ea != idc.BADADDR: ea = ea - 2 if (ea % 4) == 0 and idc.GetFlags(ea) < 0x200: # print("[+] defining a function at 0x%x" % (ea)) idc.MakeFunction(ea) ea = ea + 4 idc.AnalyzeArea(segment_start, segment_end) idaapi.autoWait()
