Python idc.get_wide_dword() Examples
The following are 14
code examples of idc.get_wide_dword().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: ptmalloc.py From heap-viewer with GNU General Public License v3.0 | 6 votes |
|
def find_fakefast(self, target_addr):
max_size = (0x80 if self.ptr_size == 8 else 0x40)
ea = target_addr - max_size - self.ptr_size
end_ea = target_addr - self.ptr_size
results = []
while ea < end_ea:
fake_size = idc.get_wide_dword(ea)
idx = self.fastbin_index(fake_size & ~SIZE_BITS)
if 0 <= idx <= 7:
if (fake_size & 2 == 2) and ((fake_size & 4 == 4) or (fake_size & 4 == 0)):
chunk_addr = ea-self.ptr_size
align_size = self.tidx2size(idx)
bytes_to = target_addr-ea-self.ptr_size
results.append({
'fast_id': idx,
'size': align_size,
'address': chunk_addr,
'bytes_to': bytes_to
})
ea += 1
return results
Example #2
| Source File: klfdb.py From ActionScript3 with GNU General Public License v3.0 | 6 votes |
|
def get_native_function(self):
ecx = idc.get_reg_value("ECX")
esp = idc.get_reg_value("ESP")
method_name = self.get_method_name(esp)
if (idc.get_wide_byte(idc.get_wide_dword(ecx + 8) + 0x38) != 0):
function = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x28)
else:
function = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x24)
print("Resolved native function: 0x%x - %s" % (function, method_name))
if ((method_name not in self.ignore and not self.ignore_all) or
(method_name in self.debug_if_equals) or
(any(x for x in self.debug_if_contains if method_name is not None and x in method_name))):
self.traced.append({"name": method_name, "ea": function, "type": "native", "hit": 0})
idc.add_bpt(function)
Example #3
| Source File: analyzer.py From Karta with MIT License | 5 votes |
|
def __init__(self, logger, num_bits, is_elf, data_fptr_alignment=4, mixed_code_and_data=False):
"""Create the analyzer's base class instance.
Args:
logger (logger): logger instance
num_bits (int): bitness of the CPU (32 bits by default)
data_fptr_alignment (int, optional): byte alignment needed for global fptrs (4 by default)
mixed_code_and_data (bool, optional): True iff the main code section includes RO data constants (False by default)
"""
self.logger = logger
self._num_bits = num_bits
self._is_elf = is_elf
self.data_fptr_alignment = data_fptr_alignment
self._mixed_code_and_data = mixed_code_and_data
if num_bits == 64:
self._address_parse_fn = idc.get_qword
self._address_make_fn = lambda x: ida_bytes.create_data(x, idc.FF_QWORD, 8, idc.BADADDR)
self.address_pack_format = "Q"
elif num_bits == 32:
self._address_parse_fn = idc.get_wide_dword
self._address_make_fn = lambda x: ida_bytes.create_data(x, idc.FF_DWORD, 4, idc.BADADDR)
self.address_pack_format = "L"
else:
self._address_parse_fn = idc.get_wide_word
self._address_make_fn = lambda x: ida_bytes.create_data(x, idc.FF_WORD, 2, idc.BADADDR)
self.address_pack_format = "H"
# fields to be linked later on
self.func_classifier = None
self.fptr_identifier = None
self.str_identifier = None
self.locals_identifier = None
self.switch_identifier = None
# code types
self._active_code_types = list(self.codeTypes())
Example #4
| Source File: ida_find_ptrs.py From idawilli with Apache License 2.0 | 5 votes |
|
def find_pointers(start, end):
for va in range(start, end-0x4):
ptr = idc.get_wide_dword(va)
if idc.get_segm_start(ptr) == idc.BADADDR:
continue
yield va, ptr
Example #5
| Source File: nxo64.py From loaders with ISC License | 5 votes |
|
def find_bl_targets(text_start, text_end):
targets = set()
for pc in range(text_start, text_end, 4):
d = idc.get_wide_dword(pc)
if (d & 0xfc000000) == 0x94000000:
imm = d & 0x3ffffff
if imm & 0x2000000:
imm |= ~0x1ffffff
if 0 <= imm <= 2:
continue
target = pc + imm * 4
if target >= text_start and target < text_end:
targets.add(target)
return targets
Example #6
| Source File: utils.py From UEFI_RETool with MIT License | 5 votes |
|
def get_guid(address):
"""get GUID located by address"""
guid = []
guid.append(idc.get_wide_dword(address))
guid.append(idc.get_wide_word(address + 4))
guid.append(idc.get_wide_word(address + 6))
for addr in range(address + 8, address + 16, 1):
guid.append(idc.get_wide_byte(addr))
return guid
Example #7
| Source File: quicktime.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def resolveDispatcher(code):
major = (code & 0x00ff0000) >> 0x10
minor = code & 0xff00ffff
res = getMajorDispatchTableAddress() + major*8
majorFlag = idc.get_wide_dword(res)
majorAddress = idc.get_wide_dword(res+4)
if majorFlag != 0:
return majorAddress + (minor*0x10)
#print "%x"% getMinorDispatchTableAddress(majorAddress)
#print "resolved by 0x%x(%x)"% (majorAddress, minor)
return majorAddress
Example #8
| Source File: as3.py From ActionScript3 with GNU General Public License v3.0 | 5 votes |
|
def parse(self):
self.start = Reader.pos
tag_code_and_length = idc.get_wide_word(Reader.pos)
Reader.pos += 2
self.tag_code = tag_code_and_length >> 6
self.tag_length = tag_code_and_length & 0x3F
self.data_length = idc.get_wide_dword(Reader.pos)
Reader.pos += 4
if (self.tag_code != 0x48): # DoABC1
self.flags = idc.get_wide_dword(Reader.pos)
Reader.pos += 4
self.name = idc.get_strlit_contents(Reader.pos)
if (self.name is not None):
Reader.pos += len(self.name)
Reader.pos += 1
self.minor_version = idc.get_wide_word(Reader.pos)
Reader.pos += 2
self.major_version = idc.get_wide_word(Reader.pos)
Reader.pos += 2
Example #9
| Source File: klfdb.py From ActionScript3 with GNU General Public License v3.0 | 5 votes |
|
def get_method_name(self, esp): stringp = self.get_method_name_func(idc.get_wide_dword(esp + 4), 0) address = idc.get_wide_dword(stringp + 0x8) return idc.get_strlit_contents(address, -1, idc.STRTYPE_C)
Example #10
| Source File: klfdb.py From ActionScript3 with GNU General Public License v3.0 | 5 votes |
|
def get_jit_function(self):
esp = idc.get_reg_value("ESP")
method_name = self.get_method_name(esp)
function = idc.get_wide_dword(esp + 8)
method_id = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x20)
abc_info_pos = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x1C)
method_info = get_qword(abc_info_pos) + get_qword(abc_info_pos + 8)
if (self.as3dump != []):
method = next((x for x in self.as3dump if x["id"] == method_id), None)
if (method is not None and method["info"] == method_info):
method_name = method["name"]
self.set_jit_info(method_id, function)
print("Resolved jit function: 0x%x - %s" % (function, method_name))
self.rename_addr(function, method_name)
if ((method_name not in self.ignore and not self.ignore_all) or
(method_name in self.debug_if_equals) or
(any(x for x in self.debug_if_contains if method_name is not None and x in method_name))):
self.traced.append({"name": method_name, "ea": function, "type": "jit", "hit": 0})
idc.add_bpt(function)
Example #11
| Source File: dbg.py From deREferencing with GNU General Public License v3.0 | 5 votes |
|
def GetLastErrorEx():
tib_ea = get_thread_tib(idaapi.get_current_thread())
if tib_ea:
return idc.get_wide_dword(tib_ea+0x34)
return None
Example #12
| Source File: dbg.py From deREferencing with GNU General Public License v3.0 | 5 votes |
|
def initialize():
if m.initialized:
return
info = idaapi.get_inf_structure()
if info.is_64bit():
m.ptr_size = 8
m.get_ptr = idc.get_qword
m.mem_fmt = "%016X"
m.pack_fmt = "<Q"
elif info.is_32bit():
m.ptr_size = 4
m.get_ptr = idc.get_wide_dword
m.mem_fmt = "%08X"
m.pack_fmt = "<L"
m.cpu_name = info.procname.lower()
m.is_be = idaapi.cvar.inf.is_be()
m.filetype = info.filetype
m.is_pefile = (m.filetype == idaapi.f_PE)
m.thread_id = idaapi.get_current_thread()
if m.cpu_name == "metapc":
m.registers = {
4: regs.x86,
8: regs.x64
}[m.ptr_size]
elif m.cpu_name.startswith("arm"):
m.registers = {
4: regs.arm,
8: regs.aarch64
}[m.ptr_size]
elif m.cpu_name.startswith("mips"):
m.registers = regs.mips
m.initialized = True
# -----------------------------------------------------------------------
Example #13
| Source File: config.py From heap-viewer with GNU General Public License v3.0 | 4 votes |
|
def load():
config = None
m.ptr_size = get_arch_ptrsize()
m.libc_version = get_libc_version()
m.libc_base = get_libc_base()
if m.ptr_size == 4:
m.get_ptr = idc.get_wide_dword
elif m.ptr_size == 8:
m.get_ptr = idc.get_qword
m.ptr_mask = (1 << 8*m.ptr_size)-1
m.program_module = get_program_module()
try:
with open(CONFIG_PATH, 'rb') as f:
config = json.loads(f.read())
except Exception as e:
# default config
config = {}
m.stop_during_tracing = config.get('stop_during_tracing', True)
m.start_tracing_at_startup = config.get('start_tracing_at_startup', False)
m.detect_double_frees_and_overlaps = config.get('detect_double_frees_and_overlaps', True)
m.filter_library_calls = config.get('filter_library_calls', False)
m.hexdump_limit = config.get('hexdump_limit', 1024)
m.libc_offsets = config.get('libc_offsets')
main_arena = None
malloc_par = None
if type(m.libc_offsets) is dict:
main_arena = m.libc_offsets.get("main_arena")
malloc_par = m.libc_offsets.get("mp_")
global_max_fast = m.libc_offsets.get("global_max_fast")
if main_arena is not None:
main_arena += m.libc_base
if malloc_par is not None:
malloc_par += m.libc_base
m.main_arena = main_arena
m.malloc_par = malloc_par
Example #14
| Source File: analyser.py From UEFI_RETool with MIT License | 4 votes |
|
def get_data_guids(self):
"""rename GUIDs in idb"""
EFI_GUID = 'EFI_GUID *'
EFI_GUID_ID = idc.get_struc_id('EFI_GUID')
segments = ['.text', '.data']
for segment in segments:
seg_start, seg_end = 0, 0
for seg in idautils.Segments():
if idc.get_segm_name(seg) == segment:
seg_start = idc.get_segm_start(seg)
seg_end = idc.get_segm_end(seg)
break
ea = seg_start
while (ea <= seg_end - 15):
prot_name = ''
if idc.get_name(ea, ida_name.GN_VISIBLE).find('unk_') != -1:
find = False
cur_guid = []
cur_guid.append(idc.get_wide_dword(ea))
cur_guid.append(idc.get_wide_word(ea + 4))
cur_guid.append(idc.get_wide_word(ea + 6))
for addr in range(ea + 8, ea + 16, 1):
cur_guid.append(idc.get_wide_byte(addr))
if cur_guid == [0] * 11:
ea += 1
continue
for guid_place in [
'ami_guids', 'asrock_guids', 'dell_guids',
'edk_guids', 'edk2_guids', 'lenovo_guids'
]:
for name in self.Protocols[guid_place]:
if self.Protocols[guid_place][name] == cur_guid:
prot_name = '{}_{:#x}'.format(name, ea)
record = {
'address': ea,
'service': 'unknown',
'guid': cur_guid,
'protocol_name': name,
'protocol_place': guid_place
}
find = True
break
if find:
break
if find and (idc.get_name(ea, ida_name.GN_VISIBLE) !=
prot_name):
idc.SetType(ea, EFI_GUID)
self.apply_struct(ea, 16, EFI_GUID_ID)
idc.set_name(ea, prot_name)
self.Protocols['data'].append(record)
ea += 1
