Python idc.get_segm_start() Examples
The following are 17
code examples of idc.get_segm_start().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: ptmalloc.py From heap-viewer with GNU General Public License v3.0 | 6 votes |
|
def find_malloc_par():
mp_ = idc.get_name_ea_simple("mp_")
if mp_ != idc.BADADDR:
return mp_
segm = idaapi.get_segm_by_name("[heap]")
if segm is None:
return None
offset = get_struct_offsets(malloc_par()).get('sbrk_base')
sbrk_base = segm.start_ea
ea = idc.get_segm_start(get_name_ea_simple("_IO_2_1_stdin_"))
end_ea = idc.get_segm_end(ea)
while ea < end_ea:
ptr = config.get_ptr(ea)
if idaapi.is_loaded(ptr) and ptr == sbrk_base:
return (ea-offset)
ea += config.ptr_size
return None
# --------------------------------------------------------------------------
Example #2
| Source File: shellcode_hash_search.py From flare-ida with Apache License 2.0 | 6 votes |
|
def processCode(self):
if (self.params.startAddr==idc.BADADDR) and (self.params.endAddr==idc.BADADDR):
if using_ida7api:
self.params.startAddr = idc.get_segm_start(idc.here())
self.params.endAddr = idc.get_segm_end(idc.here())
else:
self.params.startAddr = idc.SegStart(idc.here())
self.params.endAddr = idc.SegEnd(idc.here())
logger.info('Processing current segment only: 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
else:
logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
if self.params.searchDwordArray:
self.lookForDwordArray(self.params.startAddr, self.params.endAddr)
if self.params.searchPushArgs:
self.lookForOpArgs(self.params.startAddr, self.params.endAddr)
Example #3
| Source File: analyser.py From UEFI_RETool with MIT License | 6 votes |
|
def get_boot_services(self):
"""found boot services in idb"""
code = list(idautils.Functions())[0]
start = idc.get_segm_start(code)
end = idc.get_segm_end(code)
ea = start
while (ea <= end):
if idc.print_insn_mnem(ea) != 'call':
ea = idc.next_head(ea)
continue
for service_name in self.BOOT_SERVICES_OFFSET:
# yapf: disable
if (idc.get_operand_value(ea, 0) == self.BOOT_SERVICES_OFFSET[service_name]):
if not self.gBServices[service_name].count(ea):
self.gBServices[service_name].append(ea)
ea = idc.next_head(ea)
Example #4
| Source File: ptmalloc.py From heap-viewer with GNU General Public License v3.0 | 5 votes |
|
def find_main_arena():
main_arena = idc.get_name_ea_simple("main_arena") # from libc6-dbg
if main_arena != idc.BADADDR:
return main_arena
ea = idc.get_segm_start(idc.get_name_ea_simple("_IO_2_1_stdin_"))
end_ea = idc.get_segm_end(ea)
# &main_arena->next
offsets = {
4: [1088, 1096], # 32 bits
8: [2152, 2160] # 64 bits
}[config.ptr_size]
if ea == idc.BADADDR or end_ea == idc.BADADDR:
return None
while ea < end_ea:
ptr = config.get_ptr(ea) # ptr to main_arena
if idaapi.is_loaded(ptr) and ptr < ea:
if (ea-ptr) in offsets:
return ptr
ea += config.ptr_size
return None
# --------------------------------------------------------------------------
Example #5
| Source File: shellcode_hash_search.py From flare-ida with Apache License 2.0 | 5 votes |
|
def promptForRange(self):
# Only run if QT not available, so not bothering with ida7 check
#check if a range has already been selected - if so skip prompt
if using_ida7api:
selstart = idc.read_selection_start()
selend = idc.read_selection_end()
segstart = idc.get_segm_start(idc.here())
segend = idc.get_segm_end(idc.here())
else:
selstart = idc.SelStart()
selend = idc.SelEnd()
seg = idc.SegStart(idc.here())
self.params.endAddr = idc.SegEnd(idc.here())
if selstart != idc.BADADDR:
self.params.startAddr = selstart
self.params.endAddr = selend
logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
else:
self.params.startAddr = segstart
self.params.endAddr = segend
logger.info('Processing current segment only')
###################################################################
#
###################################################################
Example #6
| Source File: shellcode_hash_search.py From flare-ida with Apache License 2.0 | 5 votes |
|
def processAllSegments(self):
for seg in idautils.Segments():
if using_ida7api:
segStart = idc.get_segm_start(seg)
segEnd = idc.get_segm_end(seg)
else:
segStart = idc.SegStart(seg)
segEnd = idc.SegEnd(seg)
if self.params.searchPushArgs:
self.lookForOpArgs(segStart, segEnd)
if self.params.searchDwordArray:
self.lookForDwordArray(segStart, segEnd)
Example #7
| Source File: stackstrings.py From flare-ida with Apache License 2.0 | 5 votes |
|
def getFuncRanges_ida7(ea, doAllFuncs):
if doAllFuncs:
funcs = []
funcGen = idautils.Functions(idc.get_segm_start(ea), idc.get_segm_end(ea))
for i in funcGen:
funcs.append(i)
funcRanges = []
for i in range(len(funcs) - 1):
funcRanges.append( (funcs[i], funcs[i+1]) )
funcRanges.append( (funcs[-1], idc.get_segm_end(ea)) )
return funcRanges
else:
#just get the range of the current function
fakeRanges = [( idc.get_func_attr(idc.here(), idc.FUNCATTR_START), idc.get_func_attr(idc.here(), idc.FUNCATTR_END)), ]
return fakeRanges
Example #8
| Source File: functions_plus.py From functions-plus with MIT License | 5 votes |
|
def get_list_of_functions(self):
'''
Gets all functions list.
'''
functions_list = {}
seg_ea = idc.get_segm_by_sel(idc.SEG_NORM)
for func_ea in idautils.Functions(idc.get_segm_start(seg_ea),
idc.get_segm_end(seg_ea)):
function_name = idc.get_func_name(func_ea)
functions_list[function_name] = func_ea
return functions_list
Example #9
| Source File: exception.py From mcsema with Apache License 2.0 | 5 votes |
|
def recover_frame_entries(seg_ea):
if seg_ea == idc.BADADDR:
return
DEBUG("Recover entries from section : {}".format(idc.get_segm_name(seg_ea)))
ea = idc.get_segm_start(seg_ea)
end_ea = idc.get_segm_end(seg_ea)
while ea != idc.BADADDR and ea < end_ea:
ea = format_entries(ea)
Example #10
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_constructor_segment(ea):
"""Returns `True` if the segment containing `ea` belongs to global constructor section"""
seg_ea = idc.get_segm_start(ea)
seg_name = idc.get_segm_name(seg_ea).lower()
if seg_name in [".init_array", ".ctor"]:
return True
return False
Example #11
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_external_segment(ea):
"""Returns `True` if the segment containing `ea` looks to be solely containing
external references."""
global _NOT_EXTERNAL_SEGMENTS
seg_ea = idc.get_segm_start(ea)
if seg_ea in _NOT_EXTERNAL_SEGMENTS:
return False
if seg_ea in _EXTERNAL_SEGMENTS:
return True
if is_external_segment_by_flags(ea):
_EXTERNAL_SEGMENTS.add(seg_ea)
return True
ext_types = []
seg_name = idc.get_segm_name(seg_ea).lower()
if IS_ELF:
if ".got" in seg_name or ".plt" in seg_name:
_EXTERNAL_SEGMENTS.add(seg_ea)
return True
elif IS_PE:
if ".idata" == seg_name: # Import table.
_EXTERNAL_SEGMENTS.add(seg_ea)
return True
_NOT_EXTERNAL_SEGMENTS.add(seg_ea)
return False
Example #12
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_external_segment_by_flags(ea):
"""Returns `True` if IDA believes that `ea` belongs to an external segment."""
try:
seg_ea = idc.get_segm_start(ea)
seg_type = idc.get_segm_attr(seg_ea, idc.SEGATTR_TYPE)
if seg_type == idc.SEG_XTRN:
_EXTERNAL_SEGMENTS.add(seg_ea)
return True
else:
return False
except:
return False
Example #13
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_invalid_ea(ea):
"""Returns `True` if `ea` is not valid, i.e. it doesn't point into any
valid segment."""
if (idc.BADADDR == ea) or \
(idc.get_segm_name(ea) == "LOAD"):
return True
try:
idc.get_segm_attr(idc.get_segm_start(ea), idc.SEGATTR_TYPE)
return False # If we get here, then it must be a valid ea!
except:
return True
Example #14
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_code(ea):
if is_invalid_ea(ea):
return False
seg_ea = idc.get_segm_start(ea)
seg_type = idc.get_segm_attr(seg_ea, idc.SEGATTR_TYPE)
return (seg_type == idc.SEG_CODE)
# A stricter form of `is_code`, where we also check whether IDA thinks something
# is code. IDA is able to identify some things like embedded exception tables
# in the code section as not truly being code.
Example #15
| Source File: ida_find_ptrs.py From idawilli with Apache License 2.0 | 5 votes |
|
def find_pointers(start, end):
for va in range(start, end-0x4):
ptr = idc.get_wide_dword(va)
if idc.get_segm_start(ptr) == idc.BADADDR:
continue
yield va, ptr
Example #16
| Source File: util.py From mcsema with Apache License 2.0 | 4 votes |
|
def get_function_bounds(ea):
"""Get the bounds of the function containing `ea`. We want to discover jump
table targets that are missed by IDA, and it's possible that they aren't
marked as being part of the current function, and perhaps are after the
assumed range of the current function. Ideally they will fall before the
beginning of the next function, though.
We need to be pretty careful with the case that one function tail-calls
another. IDA will sometimes treat the end of the tail-called function
(e.g. a thunk) as if it is the end of the caller. For this reason, we start
with loose bounds using the prev/next functions, then try to narrow with
the bounds of the function containing `ea`.
TODO(pag): Handle discontinuous regions (e.g. because of function chunks).
It may be worth to return an object here that can we queried
for membership using the `__in__` method.
"""
seg_start, seg_end = idc.get_segm_start(ea), idc.get_segm_end(ea)
min_ea = seg_start
max_ea = seg_end
if is_invalid_ea(min_ea) or not is_code(ea):
return ea, ea
# Get an upper bound using the next function.
next_func_ea = idc.get_next_func(ea)
if not is_invalid_ea(next_func_ea):
max_ea = min(next_func_ea, max_ea)
# Get a lower bound using the previous function.
prev_func_ea = idc.get_prev_func(ea)
if not is_invalid_ea(prev_func_ea):
min_ea = max(min_ea, prev_func_ea)
prev_func = idaapi.get_func(prev_func_ea)
if prev_func and prev_func.end_ea < ea:
min_ea = max(min_ea, prev_func.end_ea)
# Try to tighten the bounds using the function containing `ea`.
func = idaapi.get_func(ea)
if func:
min_ea = max(min_ea, func.start_ea)
max_ea = min(max_ea, func.end_ea)
return min_ea, max_ea
Example #17
| Source File: analyser.py From UEFI_RETool with MIT License | 4 votes |
|
def get_data_guids(self):
"""rename GUIDs in idb"""
EFI_GUID = 'EFI_GUID *'
EFI_GUID_ID = idc.get_struc_id('EFI_GUID')
segments = ['.text', '.data']
for segment in segments:
seg_start, seg_end = 0, 0
for seg in idautils.Segments():
if idc.get_segm_name(seg) == segment:
seg_start = idc.get_segm_start(seg)
seg_end = idc.get_segm_end(seg)
break
ea = seg_start
while (ea <= seg_end - 15):
prot_name = ''
if idc.get_name(ea, ida_name.GN_VISIBLE).find('unk_') != -1:
find = False
cur_guid = []
cur_guid.append(idc.get_wide_dword(ea))
cur_guid.append(idc.get_wide_word(ea + 4))
cur_guid.append(idc.get_wide_word(ea + 6))
for addr in range(ea + 8, ea + 16, 1):
cur_guid.append(idc.get_wide_byte(addr))
if cur_guid == [0] * 11:
ea += 1
continue
for guid_place in [
'ami_guids', 'asrock_guids', 'dell_guids',
'edk_guids', 'edk2_guids', 'lenovo_guids'
]:
for name in self.Protocols[guid_place]:
if self.Protocols[guid_place][name] == cur_guid:
prot_name = '{}_{:#x}'.format(name, ea)
record = {
'address': ea,
'service': 'unknown',
'guid': cur_guid,
'protocol_name': name,
'protocol_place': guid_place
}
find = True
break
if find:
break
if find and (idc.get_name(ea, ida_name.GN_VISIBLE) !=
prot_name):
idc.SetType(ea, EFI_GUID)
self.apply_struct(ea, 16, EFI_GUID_ID)
idc.set_name(ea, prot_name)
self.Protocols['data'].append(record)
ea += 1
