我们从Python开源项目中,提取了以下10个代码示例,用于说明如何使用idaapi.segment_t()。
def get_segment_functions(segment): '''Returns functions for a given segment. Args: segment (`segment_t`): The segment functions will be returned from. segment_t objects are returned from IDA's getseg API. Returns: list: Empty list or list of MetadataShim objects on success. None: None on failure. Fails if argument is not a segment_t or there are no functions in that segment. ''' if not isinstance(segment, idaapi.segment_t): return None segment_offset = segment.startEA - IDAW.get_imagebase() if segment_offset not in FIRST.function_list: return None return FIRST.function_list[segment_offset].values()
def add_segment(start, end, name, type_): segment = idaapi.segment_t() segment.startEA = start segment.endEA = end segment.bitness = 1 # 32-bit idaapi.add_segm_ex(segment, name, type_, idaapi.ADDSEG_SPARSE | idaapi.ADDSEG_OR_DIE)
def by(segment): '''Return a segment by it's segment_t.''' return segment
def repr(segment): '''Return a repr() of the segment identified by ``segment``.''' '''Given a segment_t/address, return a printable representation of it''' seg = by(segment) return "{:s} {:s} {:x}-{:x} (+{:x})".format(object.__repr__(seg),idaapi.get_true_segm_name(seg),seg.startEA,seg.endEA,seg.endEA-seg.startEA)
def remove(segment, remove=False): """Remove the segment identified by ``segment``. If the bool ``remove`` is specified, then remove the content of the segment from the database. """ if not isinstance(segment, idaapi.segment_t): raise TypeError("{:s}.remove({!r}) : segment is not of an idaapi.segment_t. : {!r}".format(__name__, segment, type(segment))) res = idaapi.del_selector(segment.sel) if res == 0: logging.warn("{:s}.remove({!r}):Unable to delete selector {:x}".format(__name__, segment, segment.sel)) res = idaapi.del_segm(segment.startEA, idaapi.SEGMOD_KILL if remove else idaapi.SEGMOD_KEEP) if res == 0: logging.warn("{:s}.remove({!r}):Unable to delete segment {:s} : {:s}".format(__name__, segment, segment.name, segment.sel)) return res
def save(filename, segment, offset=0): """Export the segment identified by ``segment`` to the file named ``filename``. If the int ``offset`` is specified, then begin writing into the file at the specified offset. """ if isinstance(segment, idaapi.segment_t): return _save_file(filename, segment.startEA, size(segment), offset) return save(filename, by(segment))
def AddSegEx(startea, endea, base, use32, align, comb, flags): """ Create a new segment @param startea: linear address of the start of the segment @param endea: linear address of the end of the segment this address will not belong to the segment 'endea' should be higher than 'startea' @param base: base paragraph or selector of the segment. a paragraph is 16byte memory chunk. If a selector value is specified, the selector should be already defined. @param use32: 0: 16bit segment, 1: 32bit segment, 2: 64bit segment @param align: segment alignment. see below for alignment values @param comb: segment combination. see below for combination values. @param flags: combination of ADDSEG_... bits @return: 0-failed, 1-ok """ s = idaapi.segment_t() s.startEA = startea s.endEA = endea s.sel = idaapi.setup_selector(base) s.bitness = use32 s.align = align s.comb = comb return idaapi.add_segm_ex(s, "", "", flags)
def load_file(li, neflags, format): # Select the PC processor module idaapi.set_processor_type("BPF", SETPROC_ALL|SETPROC_FATAL) buf = read_whole_file(li, 8) if not buf: return 0 # Load all shellcode into different segments start = 0x1000 seg = idaapi.segment_t() size = len(buf) end = start + size # Create the segment seg.startEA = start seg.endEA = end seg.bitness = 1 # 32-bit idaapi.add_segm_ex(seg, "bpf_c", "CODE", 0) # Copy the bytes idaapi.mem2base(buf, start, end) # add entry point idaapi.add_entry(start, start, "start", 1) # add comment to beginning of disassembly idaapi.describe(start, True, "BPF bytecode disassembly") # Mark for analysis AutoMark(start, AU_CODE) setup_enums() return 1
def get_segments_with_functions(): '''Returns a list of segments with defined functions in it. Returns: list: Empty list or list of segment_t objects ''' data = [] if not FIRST.function_list: return None for segment_offset in FIRST.function_list: data.append(IDAW.getseg(segment_offset + IDAW.get_imagebase())) return data
def new(offset, size, name, **kwds): """Create a segment at ``offset`` with ``size`` and name it according to ``name``. ``bits`` can be used to specify the bit size of the segment ``comb`` can be used to specify any flags (idaapi.sc*) ``align`` can be used to specify paragraph alignment (idaapi.sa*) ``org`` specifies the origin of the segment (must be paragraph aligned due to ida) """ s = idaapi.get_segm_by_name(name) if s is not None: logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : a segment with the specified name already exists : {:s}".format(__name__, offset, size, name, kwds, name)) return None bits = kwds.get( 'bits', 32 if idaapi.getseg(offset) is None else idaapi.getseg(offset).abits()) # FIXME: use disassembler default bit length instead of 32 if bits == 16: ## create a selector with the requested origin org = kwds.get('org',0) if org&0xf > 0: logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : origin (.org) is not aligned to the size of a paragraph (0x10) : {:x}".format(__name__, offset, size, name, kwds, org)) return None para = offset/16 sel = idaapi.allocate_selector(para) idaapi.set_selector(sel, (para-kwds.get('org',0)/16)&0xffffffff) else: ## auto-create a selector for everything else sel = idaapi.setup_selector(kwds['selector']) if 'selector' in kwds else idaapi.find_free_selector() # create segment. ripped from idc s = idaapi.segment_t() s.startEA = offset s.endEA = offset+size s.sel = sel s.bitness = {16:0,32:1,64:2}[bits] s.comb = kwds.get('comb', idaapi.scPub) # public s.align = kwds.get('align', idaapi.saRelByte) # paragraphs res = idaapi.add_segm_ex(s, name, "", idaapi.ADDSEG_NOSREG|idaapi.ADDSEG_SPARSE) if res == 0: logging.warn("{:s}.new({:x}, {:x}, {!r}, {!r}) : unable to add a new segment".format(__name__, offset, size, name, kwds)) res = idaapi.del_selector(sel) #assert res != 0 return None return s
