我们从Python开源项目中,提取了以下8个代码示例,用于说明如何使用idaapi.enum_import_names()。
def get_imports(): ''' enumerate the imports of the currently loaded module. Yields: Tuple[int, str, str, int]: - address of import table pointer - name of imported library - name of imported function - ordinal of import ''' for i in range(idaapi.get_import_module_qty()): dllname = idaapi.get_import_module_name(i) if not dllname: continue entries = [] def cb(ea, name, ordinal): entries.append((ea, name, ordinal)) return True # continue enumeration idaapi.enum_import_names(i, cb) for ea, name, ordinal in entries: yield ea, dllname, name, ordinal
def init_imported_ea(*args): def imp_cb(ea, name, ord): imported_ea.add(ea) # True -> Continue enumeration # False -> Stop enumeration return True print "[Info] Collecting information about imports" imported_ea.clear() nimps = idaapi.get_import_module_qty() for i in xrange(0, nimps): name = idaapi.get_import_module_name(i) if not name: print "[Warning] Failed to get import module name for #%d" % i continue # print "Walking-> %s" % name idaapi.enum_import_names(i, imp_cb) print "[Info] Done..."
def driver_type(): implist = idaapi.get_import_module_qty() for i in range(0, implist): name = idaapi.get_import_module_name(i) idaapi.enum_import_names(i, cb) for i in names: if name == "FltRegisterFilter": return "Mini-Filter" elif name == "WdfVersionBind": return "WDF" elif name == "StreamClassRegisterMinidriver": return "Stream Minidriver" elif name == "KsCreateFilterFactory": return "AVStream" elif name == "PcRegisterSubdevice": return "PortCls" return "WDM"
def get_imports(library_calls): """ Populate dictionaries with import information. Return imported modules. """ import_modules = [] import_names_callback = make_import_names_callback(library_calls) for i in xrange(0, idaapi.get_import_module_qty()): import_modules.append(idaapi.get_import_module_name(i)) idaapi.enum_import_names(i, import_names_callback) return import_modules
def make_import_names_callback(library_calls): """ Return a callback function used by idaapi.enum_import_names(). """ def callback(ea, name, ordinal): """ Callback function to retrieve code references to library calls. """ library_calls[name] = [] for ref in idautils.CodeRefsTo(ea, 0): library_calls[name].append(ref) return True # True -> Continue enumeration return callback
def get_typed_imports(): """Queries IDA for functions in the import table that do have a type. Returns a set of (func_ea, func_type) tuples.""" imp_funcs = set() def imp_cb(ea, name, ordn): ftype = idc.GetType(ea) if ftype: imp_funcs.add((ea, ftype)) return True for i in xrange(idaapi.get_import_module_qty()): idaapi.enum_import_names(i, imp_cb) return imp_funcs
def __iterate__(): """Iterate through all of the imports in the database. Yields (ea,(module,name,ordinal)) for each iteration. """ for idx in xrange(idaapi.get_import_module_qty()): module = idaapi.get_import_module_name(idx) result = [] idaapi.enum_import_names(idx, utils.compose(utils.box,result.append,utils.fdiscard(lambda:True))) for ea,name,ordinal in result: yield (ea,(module,name,ordinal)) continue return
def compute_imports(): imports = {} current = "" def callback(ea, name, ordinal): imports[current].append((ea, name, ordinal)) return True nimps = idaapi.get_import_module_qty() for i in xrange(0, nimps): current = idaapi.get_import_module_name(i) imports[current] = [] idaapi.enum_import_names(i, callback) return imports
