Python idc.GetLongPrm() Examples
The following are 13
code examples of idc.GetLongPrm().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: IDAConnector.py From DIE with MIT License | 6 votes |
|
def get_function_name(ea):
"""
Get the real function name
"""
# Try to demangle
function_name = idc.Demangle(idc.GetFunctionName(ea), idc.GetLongPrm(idc.INF_SHORT_DN))
if function_name:
function_name = function_name.split("(")[0]
# Function name is not mangled
if not function_name:
function_name = idc.GetFunctionName(ea)
if not function_name:
function_name = idc.Name(ea)
# If we still have no function name, make one up. Format is - 'UNKN_FNC_4120000'
if not function_name:
function_name = "UNKN_FNC_%s" % hex(ea)
return function_name
Example #2
| Source File: get_cfg.py From mcsema with Apache License 2.0 | 5 votes |
|
def demangled_name(name):
"""Tries to demangle a functin name."""
try:
dname = idc.Demangle(name, idc.GetLongPrm(INF_SHORT_DN))
if dname and len(dname) and "::" not in dname:
dname = dname.split("(")[0]
dname = dname.split(" ")[-1]
if re.match(r"^[a-zA-Z0-9_]+$", dname):
return dname
return name
except:
return name
Example #3
| Source File: get_cfg.py From mcsema with Apache License 2.0 | 5 votes |
|
def demangled_name(name):
"""Tries to demangle a functin name."""
try:
dname = idc.Demangle(name, idc.GetLongPrm(INF_SHORT_DN))
if dname and len(dname) and "::" not in dname:
dname = dname.split("(")[0]
dname = dname.split(" ")[-1]
if re.match(r"^[a-zA-Z0-9_]+$", dname):
return dname
return name
except:
return name
Example #4
| Source File: vtable.py From ida_kernelcache with MIT License | 5 votes |
|
def class_from_vtable_method_symbol(method_symbol):
"""Get the base class in a vtable method symbol.
Extract the name of the base class from a canonical method symbol.
"""
demangled = idc.Demangle(method_symbol, idc.GetLongPrm(idc.INF_SHORT_DN))
if not demangled:
return None
classname = demangled.split('::', 1)[0]
if classname == demangled:
return None
return classname
Example #5
| Source File: symbol.py From ida_kernelcache with MIT License | 5 votes |
|
def method_name(symbol):
"""Get the name of the C++ method from its symbol.
If the symbol demangles to 'Class::method(args)', this function returns 'method'.
"""
try:
demangled = idc.Demangle(symbol, idc.GetLongPrm(idc.INF_SHORT_DN))
func = demangled.split('::', 1)[1]
base = func.split('(', 1)[0]
return base or None
except:
return None
Example #6
| Source File: symbol.py From ida_kernelcache with MIT License | 5 votes |
|
def method_arguments_string(symbol):
"""Get the arguments string of the C++ method from its symbol.
If the symbol demangles to 'Class::method(arg1, arg2)', this function returns 'arg1, arg2'.
"""
try:
demangled = idc.Demangle(symbol, idc.GetLongPrm(idc.INF_LONG_DN))
func = demangled.split('::', 1)[1]
args = func.split('(', 1)[1]
args = args.rsplit(')', 1)[0].strip()
return args
except:
return None
Example #7
| Source File: symbol.py From ida_kernelcache with MIT License | 5 votes |
|
def vtable_symbol_get_class(symbol):
"""Get the class name for a vtable symbol."""
try:
demangled = idc.Demangle(symbol, idc.GetLongPrm(idc.INF_SHORT_DN))
pre, post = demangled.split("`vtable for'", 1)
assert pre == ''
return post
except:
return None
Example #8
| Source File: undname.py From ida_pdb_loader with MIT License | 5 votes |
|
def _demangle(name, short=True):
dtype = idc.INF_LONG_DN
if short:
dtype = idc.INF_SHORT_DN
tmp = idc.Demangle(name, idc.GetLongPrm(dtype))
if tmp:
name = tmp
name = name.replace('__', '::')
return name
Example #9
| Source File: __init__.py From hrdev with MIT License | 5 votes |
|
def _get_imported_names(self):
'''Create and return a list of imported function names.'''
tmp = []
for _, imp_entries in self._build_imports().items():
for imp_name in imp_entries:
tmp_name = idc.Demangle(imp_name, idc.GetLongPrm(idc.INF_SHORT_DN))
if tmp_name:
imp_name = tmp_name
tmp.append(imp_name)
return tmp
Example #10
| Source File: helper.py From hrdev with MIT License | 5 votes |
|
def demangle_name(cls, name):
'''Demangle name.'''
tmp = idc.Demangle(name, idc.GetLongPrm(idc.INF_SHORT_DN))
if tmp:
name = tmp
if not name:
return name
matches = re.match(r'^(.*?)\(.*?\)', name)
if matches:
name = matches.group(1)
return name
Example #11
| Source File: find.py From Sibyl with GNU General Public License v3.0 | 4 votes |
|
def architecture(self):
"""Return the IDA guessed processor
Ripped from Miasm2 / examples / ida / utils
"""
processor_name = idc.GetLongPrm(idc.INF_PROCNAME)
if processor_name in self.IDAarch2MiasmArch:
name = self.IDAarch2MiasmArch[processor_name]
elif processor_name == "metapc":
# HACK: check 32/64 using INF_START_SP
inf = idaapi.get_inf_structure()
if inf.is_32bit():
name = "x86_32"
elif inf.is_64bit():
name = "x86_64"
elif idc.GetLongPrm(idc.INF_START_SP) == 0x80:
name = "x86_16"
else:
raise ValueError('cannot guess 32/64 bit! (%x)' % max_size)
elif processor_name == "ARM":
# TODO ARM/thumb
# hack for thumb: set armt = True in globals :/
# set bigendiant = True is bigendian
is_armt = globals().get('armt', False)
is_bigendian = globals().get('bigendian', False)
if is_armt:
if is_bigendian:
name = "armtb"
else:
name = "armtl"
else:
if is_bigendian:
name = "armb"
else:
name = "arml"
else:
print repr(processor_name)
raise ValueError("Unknown corresponding architecture")
return name
Example #12
| Source File: vtableAddress.py From Virtuailor with GNU General Public License v3.0 | 4 votes |
|
def get_con2_var_or_num(i_cnt, cur_addr):
"""
:param i_cnt: the register of the virtual call
:param cur_addr: the current address in the memory
:return: "success" string and the address of the vtable's location. if it fails it sends the reason and -1
"""
start_addr = idc.get_func_attr(cur_addr, idc.FUNCATTR_START)
virt_call_addr = cur_addr
cur_addr = idc.prev_head(cur_addr)
dct_arch = get_arch_dct()
if dct_arch == -1:
return 'Wrong Architechture', "-1", cur_addr
while cur_addr >= start_addr:
if idc.print_insn_mnem(cur_addr)[:3] == dct_arch["opcode"] and idc.print_operand(cur_addr, 0) == i_cnt: # TODO lea ?
opnd2 = idc.print_operand(cur_addr, 1)
place = opnd2.find(dct_arch["separator"])
if place != -1: # if the function is not the first in the vtable
register = opnd2[opnd2.find('[') + 1: place]
if opnd2.find('*') == -1:
offset = opnd2[place + dct_arch["val_offset"]: opnd2.find(']')]
else:
offset = "*"
return register, offset, cur_addr
else:
offset = "0"
if opnd2.find(']') != -1:
register = opnd2[opnd2.find('[') + 1: opnd2.find(']')]
else:
register = opnd2
return register, offset, cur_addr
elif idc.print_insn_mnem(cur_addr)[:4] == "call":
intr_func_name = idc.print_operand(cur_addr, 0)
# In case the code has CFG -> ignores the function call before the virtual calls
if "guard_check_icall_fptr" not in intr_func_name:
if "nullsub" not in intr_func_name:
# intr_func_name = idc.Demangle(intr_func_name, idc.GetLongPrm(idc.INF_SHORT_DN))
print("Warning! At address 0x%08x: The vtable assignment might be in another function (Maybe %s),"
" could not place BP." % (virt_call_addr, intr_func_name))
cur_addr = start_addr
cur_addr = idc.prev_head(cur_addr)
return "out of the function", "-1", cur_addr
return '', 0, cur_addr
Example #13
| Source File: find_virtual_method_overrides.py From ida_kernelcache with MIT License | 4 votes |
|
def kernelcache_find_virtual_method_overrides(classname=None, method=None):
import idc
import idaapi
import ida_kernelcache as kc
# Define the form to ask for the arguments.
class MyForm(idaapi.Form):
def __init__(self):
swidth = 40
idaapi.Form.__init__(self, r"""STARTITEM 0
Find virtual method overrides
<#The class#Class :{classname}>
<#The virtual method#Method:{method}>""", {
'classname': idaapi.Form.StringInput(tp=idaapi.Form.FT_IDENT, swidth=swidth),
'method': idaapi.Form.StringInput(tp=idaapi.Form.FT_IDENT, swidth=swidth),
})
def OnFormChange(self, fid):
return 1
kc.collect_class_info()
if any(arg is None for arg in (classname, method)):
f = MyForm()
f.Compile()
f.classname.value = classname or ''
f.method.value = method or ''
ok = f.Execute()
if ok != 1:
print 'Cancelled'
return False
classname = f.classname.value
method = f.method.value
f.Free()
if classname not in kc.class_info:
print 'Not a valid class: {}'.format(classname)
return False
print 'Subclasses of {} that override {}:'.format(classname, method)
baseinfo = kc.class_info[classname]
found = False
for classinfo in baseinfo.descendants():
for _, override, _ in kc.vtable.class_vtable_overrides(classinfo, superinfo=baseinfo,
methods=True):
name = idc.NameEx(idc.BADADDR, override)
demangled = idc.Demangle(name, idc.GetLongPrm(idc.INF_SHORT_DN))
name = demangled if demangled else name
if method in name:
print '{:#x} {}'.format(override, classinfo.classname)
found = True
if not found:
print 'No subclass of {} overrides {}'.format(classname, method)
return found
