Python idc.get_name_ea_simple() Examples
The following are 17
code examples of idc.get_name_ea_simple().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: ptmalloc.py From heap-viewer with GNU General Public License v3.0 | 6 votes |
|
def find_malloc_par():
mp_ = idc.get_name_ea_simple("mp_")
if mp_ != idc.BADADDR:
return mp_
segm = idaapi.get_segm_by_name("[heap]")
if segm is None:
return None
offset = get_struct_offsets(malloc_par()).get('sbrk_base')
sbrk_base = segm.start_ea
ea = idc.get_segm_start(get_name_ea_simple("_IO_2_1_stdin_"))
end_ea = idc.get_segm_end(ea)
while ea < end_ea:
ptr = config.get_ptr(ea)
if idaapi.is_loaded(ptr) and ptr == sbrk_base:
return (ea-offset)
ea += config.ptr_size
return None
# --------------------------------------------------------------------------
Example #2
| Source File: klfdb.py From ActionScript3 with GNU General Public License v3.0 | 6 votes |
|
def resolve_functions(self):
self.addr = {
"verifyNative": idc.get_name_ea_simple("BaseExecMgr::verifyNative"),
"setJit": idc.get_name_ea_simple("BaseExecMgr::setJit"),
"setInterp": idc.get_name_ea_simple("BaseExecMgr::setInterp"),
"setInterpRet": prev_head(
idc.find_func_end(idc.get_name_ea_simple("BaseExecMgr::setInterp")),
idc.get_name_ea_simple("BaseExecMgr::setInterp")),
"getMethodName": idc.get_name_ea_simple("MethodInfo::getMethodName"),
"verifyJit": idc.get_name_ea_simple("BaseExecMgr::verifyJit"),
"writePrologue": idc.get_name_ea_simple("CodegenLIR::writePrologue"),
"hasReachableExceptionsRet": prev_head(
idc.find_func_end(idc.get_name_ea_simple("Verifier::hasReachableExceptions")),
idc.get_name_ea_simple("Verifier::hasReachableExceptions"))
}
Example #3
| Source File: ida_import.py From bnida with MIT License | 6 votes |
|
def import_names(names, sections):
"""
Import symbol names
:param names: Dict containing symbol info
:param sections: Dict containing section info
"""
for addr, name in names.items():
addr = adjust_addr(sections, int(addr))
if addr is None:
continue
name = sanitize_name(name)
if idc.get_name_ea_simple(name) == idaapi.BADADDR:
idc.set_name(addr, name)
Example #4
| Source File: LazyIDA.py From LazyIDA with MIT License | 6 votes |
|
def callback(self, event, *args):
if event == idaapi.hxe_populating_popup:
form, phandle, vu = args
if vu.item.citype == idaapi.VDI_FUNC or (vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr() and vu.item.e.type.is_funcptr()):
idaapi.attach_action_to_popup(form, phandle, ACTION_HX_REMOVERETTYPE, None)
elif event == idaapi.hxe_double_click:
vu, shift_state = args
# auto jump to target if clicked item is xxx->func();
if vu.item.citype == idaapi.VDI_EXPR and vu.item.e.is_expr():
expr = idaapi.tag_remove(vu.item.e.print1(None))
if "->" in expr:
# find target function
name = expr.split("->")[-1]
addr = idc.get_name_ea_simple(name)
if addr == idaapi.BADADDR:
# try class::function
e = vu.item.e
while e.x:
e = e.x
addr = idc.get_name_ea_simple("%s::%s" % (str(e.type).split()[0], name))
if addr != idaapi.BADADDR:
idc.jumpto(addr)
return 1
return 0
Example #5
| Source File: line.py From Sark with MIT License | 6 votes |
|
def __init__(self, ea=UseCurrentAddress, name=None):
if name is not None and ea != self.UseCurrentAddress:
raise ValueError(("Either supply a name or an address (ea). "
"Not both. (ea={!r}, name={!r})").format(ea, name))
elif name is not None:
ea = idc.get_name_ea_simple(name)
elif ea == self.UseCurrentAddress:
ea = idc.here()
elif ea is None:
raise ValueError("`None` is not a valid address. To use the current screen ea, "
"use `Line(ea=Line.UseCurrentAddress)` or supply no `ea`.")
self._ea = idaapi.get_item_head(ea)
self._comments = Comments(self._ea)
Example #6
| Source File: function.py From Sark with MIT License | 6 votes |
|
def __init__(self, ea=UseCurrentAddress, name=None):
if name is not None and ea != self.UseCurrentAddress:
raise ValueError(("Either supply a name or an address (ea). "
"Not both. (ea={!r}, name={!r})").format(ea, name))
elif name is not None:
ea = idc.get_name_ea_simple(name)
if ea == idc.BADADDR:
raise exceptions.SarkNoFunction(
"The supplied name does not belong to an existing function. "
"(name = {!r})".format(name))
elif ea == self.UseCurrentAddress:
ea = idc.here()
elif ea is None:
raise ValueError("`None` is not a valid address. To use the current screen ea, "
"use `Function(ea=Function.UseCurrentAddress)` or supply no `ea`.")
elif isinstance(ea, Line):
ea = ea.ea
self._func = get_func(ea)
self._comments = Comments(self)
Example #7
| Source File: LazyIDA.py From LazyIDA with MIT License | 5 votes |
|
def parse_location(loc):
try:
loc = int(loc, 16)
except ValueError:
try:
loc = idc.get_name_ea_simple(loc.encode().strip())
except:
return idaapi.BADADDR
return loc
Example #8
| Source File: get_cfg.py From mcsema with Apache License 2.0 | 5 votes |
|
def find_main_in_ELF_file():
"""Tries to automatically find the `main` function if we haven't found it
yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
ELF binaries, where one of the parameters is the `main` function. IDA will
helpfully comment it as such."""
start_ea = idc.get_name_ea_simple("_start")
if is_invalid_ea(start_ea):
start_ea = idc.get_name_ea_simple("start")
if is_invalid_ea(start_ea):
return idc.BADADDR
for begin_ea, end_ea in idautils.Chunks(start_ea):
for inst_ea in Heads(begin_ea, end_ea):
comment = idc.GetCommentEx(inst_ea, 0)
if comment and "main" in comment:
for main_ea in xrefs_from(inst_ea):
if not is_code(main_ea):
continue
# Sometimes the `main` function isn't identified as code. This comes
# up when there are some alignment bytes in front of `main`.
try_mark_as_code(main_ea)
if is_code_by_flags(main_ea):
try_mark_as_function(main_ea)
main = idaapi.get_func(main_ea)
if not main:
continue
if main and main.start_ea == main_ea:
set_symbol_name(main_ea, "main")
DEBUG("Found main at {:x}".format(main_ea))
return main_ea
return idc.BADADDR
Example #9
| Source File: quicktime.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def getMajorDispatchTableAddress():
"""find quicktime major dispatch table"""
res = idc.get_name_ea_simple('theQuickTimeDispatcher')
res = nextMnemonic(res, 'lea', idc.get_func_attr(res, idc.FUNCATTR_END))
assert res != idc.BADADDR
return idc.get_operand_value(res, 1)
Example #10
| Source File: get_cfg.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_start_of_function(ea):
"""Returns `True` if `ea` is the start of a function."""
if not is_code(ea):
return False
# originally name = idc.GetTrueName(ea) or idc.get_func_name(ea)
# removed since ida 7.4 not supported
name = idc.get_func_name(ea)
return ea == idc.get_name_ea_simple(name)
Example #11
| Source File: ptmalloc.py From heap-viewer with GNU General Public License v3.0 | 5 votes |
|
def find_main_arena():
main_arena = idc.get_name_ea_simple("main_arena") # from libc6-dbg
if main_arena != idc.BADADDR:
return main_arena
ea = idc.get_segm_start(idc.get_name_ea_simple("_IO_2_1_stdin_"))
end_ea = idc.get_segm_end(ea)
# &main_arena->next
offsets = {
4: [1088, 1096], # 32 bits
8: [2152, 2160] # 64 bits
}[config.ptr_size]
if ea == idc.BADADDR or end_ea == idc.BADADDR:
return None
while ea < end_ea:
ptr = config.get_ptr(ea) # ptr to main_arena
if idaapi.is_loaded(ptr) and ptr < ea:
if (ea-ptr) in offsets:
return ptr
ea += config.ptr_size
return None
# --------------------------------------------------------------------------
Example #12
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 5 votes |
|
def __init__(self):
self.magicMask64 = 0xabbadabbad000000
self.magicMask32 = 0xabba0000
self.magicMaskMask64 = 0xffffffffffff0000
self.magicMaskMask32 = 0xffff0000
self.callMnems = ["call", "jmp", "BL", "BLX", "BLEQ", "BLXEQ", "BLR", "BLREQ", "B"]
self.objcData = None
self.objcSelRefs = None
self.objcMsgRefs = None
self.objcConst = None
self.objcClassRefs = None
self.objcCatList = None
self.fixedSelXRefs = []
self.ivarSetters = {}
self.notIvarSetters = []
for segVA in idautils.Segments():
segName = idc.get_segm_name(segVA)
endVA = idc.get_segm_end(segVA)
if segName == "__objc_data":
self.objcData = (segVA, endVA)
elif segName == "__objc_selrefs":
self.objcSelRefs = (segVA, endVA)
elif segName == "__objc_msgrefs":
self.objcMsgRefs = (segVA, endVA)
elif segName == "__objc_const":
self.objcConst = (segVA, endVA)
elif segName == "__objc_classrefs":
self.objcClassRefs = (segVA, endVA)
elif segName == "__objc_catlist":
self.objcCatList = (segVA, endVA)
if self.objcSelRefs or self.objcMsgRefs:
self.processObjc()
else:
logging.debug("this Mach-O does not implement any Objective-C classes")
# it appears idc.get_name_ea_simple does not work for selector reference names that end in "_"
Example #13
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 5 votes |
|
def preEmuCallback(self, eh, userData, funcStart):
userData["magicVals"] = []
userData["magicValsCount"] = 0
if eh.size_pointer == 4:
magicMask = self.magicMask32
else:
magicMask = self.magicMask64
# get "self" id if in objc function
clsName = None
funcName = idaapi.get_func_name(funcStart)
if funcName[0] in ["-", "+"] and "[" in funcName and "]" in funcName and " " in funcName:
shortClsName = clsName = funcName[2:funcName.find(" ")]
if "(" in clsName:
clsName = "_OBJC_CATEGORY_" + \
clsName[:clsName.find(
"(")] + "_$_" + clsName[clsName.find("(") + 1:clsName.find(")")]
shortClsName = shortClsName[:shortClsName.find(
"(")] + "_" + shortClsName[shortClsName.find("(") + 1:shortClsName.find(")")]
else:
clsName = "_OBJC_CLASS_$_" + clsName
if clsName:
if funcName[0] == "+":
# this is a class method, use classRef
self_ = idc.get_name_ea_simple(clsName)
# assume rdx will hold an instance of the class
userData["magicVals"].append(
("(%s *)instance" % shortClsName, shortClsName))
inst = magicMask | userData["magicValsCount"]
userData["magicValsCount"] += 1
eh.uc.reg_write(eh.regs["arg3"], inst)
elif funcName[0] == "-":
# this is an instance method, use magic value to store "self"
userData["magicVals"].append(
("(%s *)self" % shortClsName, shortClsName))
self_ = magicMask | userData["magicValsCount"]
userData["magicValsCount"] += 1
eh.uc.reg_write(eh.regs["arg1"], self_)
Example #14
| Source File: mykutils.py From flare-ida with Apache License 2.0 | 5 votes |
|
def for_each_call_to(callback, va=None):
"""For each xref to va that is a call, pass xref va to callback.
Falls back to highlighted identifier or current location if va is
unspecified.
"""
if not va:
v = ida_kernwin.get_current_viewer()
hi = ida_kernwin.get_highlight(v)
if hi and hi[1]:
nm = hi[0]
va = idc.get_name_ea_simple(nm)
if va >= idaapi.cvar.inf.maxEA:
va = None
va = va or idc.here()
# Obtain and de-duplicate addresses of xrefs that are calls
callsites = set([x.frm for x in idautils.XrefsTo(va)
if idc.print_insn_mnem(x.frm) == 'call'])
for va in callsites:
callback(va)
# Instruction operand specification.
#
# Operand types are from ida_ua.o_* e.g. o_reg, o_mem.
# >>> {x: getattr(ida_ua, x) for x in dir(ida_ua) if x.startswith('o_')}
#
# Quick ref:
# ida_ua.o_reg == 1: "General Register (al,ax,es,ds...)",
# ida_ua.o_mem == 2: "Memory Reference",
# ida_ua.o_phrase == 3: "Base + Index",
# ida_ua.o_displ == 4: "Base + Index + Displacement",
# ida_ua.o_imm == 5: "Immediate",
# ida_ua.o_far == 6: "Immediate Far Address",
# ida_ua.o_near == 7: "Immediate Near Address",
# ida_ua.o_idpspec0 == 8: "FPP register",
# ida_ua.o_idpspec1 == 9: "386 control register",
# ida_ua.o_idpspec2 == 10: "386 debug register",
# ida_ua.o_idpspec3 == 11: "386 trace register",
Example #15
| Source File: DBGHider.py From DBGHider with Apache License 2.0 | 4 votes |
|
def hook(self, hook_addr = 0):
"""
Args:
hook_addr(int): address for inline hook code, 0 indicates bpt hook.
Returns:
memory size in bytes used for inline hook.
"""
self.hook_addr = hook_addr
self.func_addr = idc.get_name_ea_simple(self.name)
if self.func_addr == 0:
return 0
print("Hooking %s at 0x%x" % (self.name, self.func_addr))
if self.hook_addr == 0:
idc.add_bpt(self.func_addr)
idc.set_bpt_cond(self.func_addr, self.bpt_cond_hook_code)
return 0
else:
# assemble jmp code
jmp_code = "jmp 0x%x" % self.hook_addr
jmp_buf, _ = assemble(jmp_code, self.func_addr)
# read function prologue according to jmp code length
# NOTE: instructions like 'call $+5' in prologue will
# cause problems.
insn = idaapi.insn_t()
move_length = 0
while move_length < len(jmp_buf):
idaapi.decode_insn(insn, self.func_addr + move_length)
move_length += insn.size
prologue = idaapi.get_bytes(self.func_addr, move_length)
# write jmp code
idaapi.patch_bytes(self.func_addr, jmp_buf)
# assmble hook code
hook_buf, _ = assemble(self.inline_hook_code, self.hook_addr)
hook_buf += prologue
jmp_back_code = 'jmp 0x%x' % (self.func_addr + move_length)
jmp_back_buf, _ = assemble(jmp_back_code, self.hook_addr + len(hook_buf))
hook_buf += jmp_back_buf
# wirte hook code
idaapi.patch_bytes(self.hook_addr, hook_buf)
return len(hook_buf)
Example #16
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 4 votes |
|
def getIvarTypeFromFunc(self, eh, va):
if va in self.ivarSetters:
return self.ivarSetters[va]
elif va in self.notIvarSetters:
return UNKNOWN
addr = va
endVa = idc.get_func_attr(va, idc.FUNCATTR_END)
if endVa - va < 0x20:
ivarVa = None
while addr <= endVa:
srcOpnd = idc.print_operand(addr, 1)
# if ivar is the src op for an instruction, assume this function will return it
if eh.arch == unicorn.UC_ARCH_ARM and "_OBJC_IVAR_$_" in srcOpnd:
oploc = idc.get_name_ea_simple(
srcOpnd[srcOpnd.find("_OBJC_IVAR_$_"):srcOpnd.find(" ")])
if oploc != idc.BADADDR:
ivarVa = oploc
break
elif eh.arch == unicorn.UC_ARCH_ARM64:
for x in idautils.XrefsFrom(addr):
if (idc.get_segm_name(x.to) == "__objc_ivar" and
idc.get_name(x.to, idc.ida_name.GN_VISIBLE)[:13] == "_OBJC_IVAR_$_"):
ivarVa = x.to
break
elif eh.arch == unicorn.UC_ARCH_X86:
if "_OBJC_IVAR_$_" in srcOpnd:
ivarVa = idc.get_operand_value(addr, 1)
break
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
if ivarVa:
for x in idautils.XrefsTo(ivarVa):
if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
typeStr = eh.getIDBString(
eh.derefPtr(x.frm + eh.size_pointer * 2))
self.ivarSetters[va] = typeStr[2:-1]
logging.debug("%s is an ivar getter function, returning type %s" % (
eh.hexString(va), typeStr[2:-1]))
return typeStr[2:-1]
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
return UNKNOWN
# returns class or sel name from IDA name
Example #17
| Source File: code_grafter.py From flare-ida with Apache License 2.0 | 4 votes |
|
def _patchCalls(self):
def do_patch_call(va):
retval = False
stub_loc = idc.get_name_ea_simple(self._stubname(nm))
# Preserve original disassembly and format new comment
old_target = idc.print_operand(va, 0)
orig_cmt = idc.get_cmt(va, 0) or ''
new_cmt = '%s\n\t%s' % (g_patched_call_cmt, idc.GetDisasm(va))
if idc.get_operand_type(va, 0) == ida_ua.o_mem:
retval = patch_import(va, self._stubname(nm))
new_cmt += '\n%s %s to %s)' % (g_cmt_pointed, old_target,
self._stubname(nm))
elif idc.get_operand_type(va, 0) == ida_ua.o_reg:
va_imp = self._get_imp_for_register_call(va, nm)
if va_imp:
patch_pointer_width(va_imp, stub_loc)
retval = True
else:
logger.warn('Could not find import to patch call at %s' %
(phex(va)))
else: # Usually optype 7 otherwise
# Won't work if displacement exceeds 32-bit operand size
call_offset_loc = va + idc.get_item_size(va)
if abs(call_offset_loc - stub_loc) > 0x100000000:
msg = ('Call site at %s too far from %s (%s)' %
(phex(va), self._stubname(nm), phex(stub_loc)))
raise CodeGraftingDisplacementError(msg)
retval = patch_call(va, self._stubname(nm))
if retval:
if orig_cmt:
new_cmt += '\n%s' % (orig_cmt)
idc.set_cmt(va, new_cmt, 0)
ida_xref.add_cref(va, stub_loc, ida_xref.fl_CN)
return retval
for names in self._emu_stubs.keys():
for nm in names:
va = idc.get_name_ea_simple(nm)
mykutils.for_each_call_to(do_patch_call, va)
for nm, aliases in g_allocators_aliases.items():
for alias in aliases:
# do_patch_call closure will turn <nm> into stub_<nm>
mykutils.for_each_call_to(do_patch_call,
idc.get_name_ea_simple(alias))
