Python idc.next_head() Examples
The following are 10
code examples of idc.next_head().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: analyser.py From UEFI_RETool with MIT License | 6 votes |
|
def _find_est(self, gvar, start, end):
RAX = 0
BS_OFFSET = 0x60
EFI_SYSTEM_TABLE = 'EFI_SYSTEM_TABLE *'
if self.arch == 'x86':
BS_OFFSET = 0x3c
ea = start
while (ea < end):
if ((idc.print_insn_mnem(ea) == 'mov')
and (idc.get_operand_value(ea, 0) == RAX)
and (idc.get_operand_value(ea, 1) == BS_OFFSET)):
if idc.SetType(gvar, EFI_SYSTEM_TABLE):
idc.set_name(gvar, 'gSt_{addr:#x}'.format(addr=gvar))
return True
ea = idc.next_head(ea)
return False
Example #2
| Source File: analyser.py From UEFI_RETool with MIT License | 6 votes |
|
def get_boot_services(self):
"""found boot services in idb"""
code = list(idautils.Functions())[0]
start = idc.get_segm_start(code)
end = idc.get_segm_end(code)
ea = start
while (ea <= end):
if idc.print_insn_mnem(ea) != 'call':
ea = idc.next_head(ea)
continue
for service_name in self.BOOT_SERVICES_OFFSET:
# yapf: disable
if (idc.get_operand_value(ea, 0) == self.BOOT_SERVICES_OFFSET[service_name]):
if not self.gBServices[service_name].count(ea):
self.gBServices[service_name].append(ea)
ea = idc.next_head(ea)
Example #3
| Source File: disassembler.py From vt-ida-plugin with Apache License 2.0 | 5 votes |
|
def next_address(addr):
return idc.next_head(addr)
Example #4
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_markup(self):
"""
Exports markup for instructions and data items including references
and manual instructions and operands.
"""
self.update_status(MARKUP)
timer = time.clock()
self.start_element(MARKUP, True)
addr = self.min_ea
while addr != BADADDR:
f = idc.get_full_flags(addr)
if self.options.MemoryReferences.checked == True:
if ida_bytes.has_xref(f) == True:
self.export_user_memory_reference(addr)
if ida_bytes.is_off(f, ida_bytes.OPND_ALL) == True:
self.export_memory_references(addr)
if (self.options.Functions.checked == True and
self.options.StackReferences.checked == True and
ida_bytes.is_stkvar(f, ida_bytes.OPND_ALL) == True):
self.export_stack_reference(addr)
if (self.options.DataTypes.checked == True and
ida_bytes.is_enum(f, ida_bytes.OPND_ALL) == True):
self.export_enum_references(addr)
if self.options.Manual.checked == True:
# TODO: Ask about OPND_ALL and retrieving additional manual operands
# if ida_bytes.is_forced_operand(addr, ida_bytes.OPND_ALL) ==
# True:
if (ida_bytes.is_forced_operand(addr, 0) == True or
ida_bytes.is_forced_operand(addr, 1) == True):
self.export_manual_operand(addr)
if ida_bytes.is_manual_insn(addr) == True:
self.export_manual_instruction(addr)
addr = idc.next_head(addr, self.max_ea)
self.end_element(MARKUP)
self.display_cpu_time(timer)
Example #5
| Source File: symbol_exec.py From miasm with GNU General Public License v2.0 | 5 votes |
|
def symbolic_exec():
from miasm.ir.symbexec import SymbolicExecutionEngine
from miasm.core.bin_stream_ida import bin_stream_ida
from utils import guess_machine
start, end = idc.read_selection_start(), idc.read_selection_end()
bs = bin_stream_ida()
machine = guess_machine(addr=start)
mdis = machine.dis_engine(bs)
if start == idc.BADADDR and end == idc.BADADDR:
start = idc.get_screen_ea()
end = idc.next_head(start) # Get next instruction address
mdis.dont_dis = [end]
asmcfg = mdis.dis_multiblock(start)
ira = machine.ira(loc_db=mdis.loc_db)
ircfg = ira.new_ircfg_from_asmcfg(asmcfg)
print("Run symbolic execution...")
sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init)
sb.run_at(ircfg, start)
modified = {}
for dst, src in sb.modified(init_state=machine.mn.regs.regs_init):
modified[dst] = src
view = symbolicexec_t()
all_views.append(view)
if not view.Create(modified, machine, mdis.loc_db,
"Symbolic Execution - 0x%x to 0x%x"
% (start, idc.prev_head(end))):
return
view.Show()
# Support ida 6.9 and ida 7
Example #6
| Source File: Main.py From Virtuailor with GNU General Public License v3.0 | 5 votes |
|
def add_bp_to_virtual_calls(cur_addr, end):
while cur_addr < end:
if cur_addr == idc.BADADDR:
break
elif idc.print_insn_mnem(cur_addr) == 'call' or idc.print_insn_mnem(cur_addr) == 'BLR':
if True in [idc.print_operand(cur_addr, 0).find(reg) != -1 for reg in REGISTERS]: # idc.GetOpnd(cur_addr, 0) in REGISTERS:
cond, bp_address = vtableAddress.write_vtable2file(cur_addr)
if cond != '':
bp_vtable = AddBP.add(bp_address, cond)
cur_addr = idc.next_head(cur_addr)
Example #7
| Source File: quicktime.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def nextMnemonic(ea, mnem, maxaddr=0xc0*0x1000000):
res = idc.print_insn_mnem(ea)
if res == "": return idc.BADADDR
if res == mnem: return ea
return nextMnemonic( idc.next_head(ea, maxaddr), mnem, maxaddr )
Example #8
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 5 votes |
|
def selRefLocByName(self, name):
if name[:6] == "selRef":
addr = self.objcSelRefs[0]
endAddr = self.objcSelRefs[1]
else:
addr = self.objcMsgRefs[0]
endAddr = self.objcMsgRefs[1]
while addr < endAddr:
if idc.get_name(addr, idc.ida_name.GN_VISIBLE) == name:
return addr
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
Example #9
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 4 votes |
|
def getIvarTypeFromFunc(self, eh, va):
if va in self.ivarSetters:
return self.ivarSetters[va]
elif va in self.notIvarSetters:
return UNKNOWN
addr = va
endVa = idc.get_func_attr(va, idc.FUNCATTR_END)
if endVa - va < 0x20:
ivarVa = None
while addr <= endVa:
srcOpnd = idc.print_operand(addr, 1)
# if ivar is the src op for an instruction, assume this function will return it
if eh.arch == unicorn.UC_ARCH_ARM and "_OBJC_IVAR_$_" in srcOpnd:
oploc = idc.get_name_ea_simple(
srcOpnd[srcOpnd.find("_OBJC_IVAR_$_"):srcOpnd.find(" ")])
if oploc != idc.BADADDR:
ivarVa = oploc
break
elif eh.arch == unicorn.UC_ARCH_ARM64:
for x in idautils.XrefsFrom(addr):
if (idc.get_segm_name(x.to) == "__objc_ivar" and
idc.get_name(x.to, idc.ida_name.GN_VISIBLE)[:13] == "_OBJC_IVAR_$_"):
ivarVa = x.to
break
elif eh.arch == unicorn.UC_ARCH_X86:
if "_OBJC_IVAR_$_" in srcOpnd:
ivarVa = idc.get_operand_value(addr, 1)
break
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
if ivarVa:
for x in idautils.XrefsTo(ivarVa):
if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
typeStr = eh.getIDBString(
eh.derefPtr(x.frm + eh.size_pointer * 2))
self.ivarSetters[va] = typeStr[2:-1]
logging.debug("%s is an ivar getter function, returning type %s" % (
eh.hexString(va), typeStr[2:-1]))
return typeStr[2:-1]
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
return UNKNOWN
# returns class or sel name from IDA name
Example #10
| Source File: mykutils.py From flare-ida with Apache License 2.0 | 4 votes |
|
def _emit_fnbytes(emit_instr_cb, header, footer, indent, fva=None, warn=True):
"""Emit function bytes in a format defined by the callback and
headers/footers provided.
Warns if any instruction operands are not consistent with
position-independent code, in which case the user may need to templatize
the position-dependent portions.
"""
fva = fva or idc.here()
fva = idc.get_func_attr(fva, idc.FUNCATTR_START)
va_end = idc.get_func_attr(fva, idc.FUNCATTR_END)
# Operand types observed in position-independent code:
optypes_position_independent = set([
ida_ua.o_reg, # 1: General Register (al,ax,es,ds...)
ida_ua.o_phrase, # 3: Base + Index
ida_ua.o_displ, # 4: Base + Index + Displacement
ida_ua.o_imm, # 5: Immediate
ida_ua.o_near, # 7: Immediate Near Address
])
# Notably missing because I want to note and handle these if/as they are
# encountered:
# ida_ua.o_idpspec0 = 8: FPP register
# ida_ua.o_idpspec1 = 9: 386 control register
# ida_ua.o_idpspec2 = 10: 386 debug register
# ida_ua.o_idpspec3 = 11: 386 trace register
va = fva
nm = idc.get_name(fva)
optypes_found = set()
s = header.format(name=nm)
while va not in (va_end, idc.BADADDR):
size = idc.get_item_size(va)
the_bytes = idc.get_bytes(va, size)
for i in range(0, 8):
optype = idc.get_operand_type(va, i)
if optype:
optypes_found.add(optype)
s += indent + emit_instr_cb(va, the_bytes, size)
va = idc.next_head(va)
s += footer
position_dependent = optypes_found - optypes_position_independent
if position_dependent:
msg = ('This code may have position-dependent operands (optype %s)' %
(', '.join([str(o) for o in position_dependent])))
if warn:
Warning(msg)
else:
logger.warn(msg)
return s
