Python idc.GetFunctionFlags() Examples
The following are 9
code examples of idc.GetFunctionFlags().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: neo4ida.py From ida-scripts with The Unlicense | 6 votes |
|
def get_flags(f):
out = []
flags = idc.GetFunctionFlags(f)
if flags & FUNC_NORET:
out.append("FUNC_NORET")
if flags & FUNC_FAR:
out.append("FUNC_FAR")
if flags & FUNC_LIB:
out.append("FUNC_LIB")
if flags & FUNC_STATIC:
out.append("FUNC_STATIC")
if flags & FUNC_FRAME:
out.append("FUNC_FRAME")
if flags & FUNC_USERFAR:
out.append("FUNC_USERFAR")
if flags & FUNC_HIDDEN:
out.append("FUNC_HIDDEN")
if flags & FUNC_THUNK:
out.append("FUNC_THUNK")
if flags & FUNC_LIB:
out.append("FUNC_BOTTOMBP")
return out
Example #2
| Source File: hook_lib_funcs.py From IDAngr with BSD 2-Clause "Simplified" License | 5 votes |
|
def hook_lib_funcs():
from angrdbg import load_project
project = load_project()
for func in idautils.Functions():
flags = idc.GetFunctionFlags(func)
if flags & idc.FUNC_LIB:
name = idc.GetFunctionName(func)
simproc = search_simproc(name)
if simproc is not None:
print name, simproc
project.hook_symbol(func, simproc())
Example #3
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_noreturn_function(ea):
"""Returns `True` if the function at `ea` is a no-return function."""
flags = idc.GetFunctionFlags(ea)
return 0 < flags and \
(flags & idaapi.FUNC_NORET) and \
ea not in FUNC_LSDA_ENTRIES.keys() and \
"cxa_throw" not in get_symbol_name(ea)
Example #4
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_thunk(ea): """Returns true if some address is a known to IDA to be a thunk.""" flags = idc.GetFunctionFlags(ea) return 0 < flags and 0 != (flags & idaapi.FUNC_THUNK)
Example #5
| Source File: collect_variable.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_function_unsafe(func_ea, blockset):
""" Returns `True` if the function uses bp and it might access the stack variable
indirectly using the base pointer.
"""
if not (idc.GetFunctionFlags(func_ea) & idc.FUNC_FRAME):
return False
for block_ea in blockset:
inst_eas, succ_eas = analyse_block(func_ea, block_ea, True)
for inst_ea in inst_eas:
if is_instruction_unsafe(inst_ea, func_ea):
return True
return False
Example #6
| Source File: collect_variable.py From mcsema with Apache License 2.0 | 5 votes |
|
def is_function_unsafe(func_ea, blockset):
""" Returns `True` if the function uses bp and it might access the stack variable
indirectly using the base pointer.
"""
if not (idc.GetFunctionFlags(func_ea) & idc.FUNC_FRAME):
return False
for block_ea in blockset:
inst_eas, succ_eas = analyse_block(func_ea, block_ea, True)
for inst_ea in inst_eas:
if is_instruction_unsafe(inst_ea, func_ea):
return True
return False
Example #7
| Source File: stub.py From ida_kernelcache with MIT License | 5 votes |
|
def _process_possible_stub(stub, make_thunk, next_stub):
"""Try to process a stub function."""
# First, make sure this is a stub format we recognize.
target = stub_target(stub)
if not target:
_log(0, 'Unrecognized stub format at {:#x}', stub)
return False
# Next, check if IDA sees this as a function chunk rather than a function, and correct it if
# reasonable.
if not idau.force_function(stub):
_log(1, 'Could not convert stub to function at {:#x}', stub)
return False
# Next, set the appropriate flags on the stub. Make the stub a thunk if that was requested.
flags = idc.GetFunctionFlags(stub)
if flags == -1:
_log(1, 'Could not get function flags for stub at {:#x}', stub)
return False
target_flags = idc.GetFunctionFlags(target)
if target_flags != -1 and target_flags & idc.FUNC_NORET:
flags |= idc.FUNC_NORET
if make_thunk:
flags |= idc.FUNC_THUNK
if idc.SetFunctionFlags(stub, flags | idc.FUNC_THUNK) == 0:
_log(1, 'Could not set function flags for stub at {:#x}', stub)
return False
# Next, ensure that IDA sees the target as a function, but continue anyway if that fails.
if not idau.force_function(target):
_log(1, 'Stub {:#x} has target {:#x} that is not a function', stub, target)
# Finally symbolicate the stub.
if not _symbolicate_stub(stub, target, next_stub):
return False
return True
Example #8
| Source File: dsc_fix.py From dsc_fix with GNU General Public License v3.0 | 5 votes |
|
def make_islands_xrefs_force_bl_call(ea, verbose=True):
""" makes all BL references to a branch islands as call """
segname = idc.SegName(ea)
if verbose:
print "[+] forcing bl call on: %s [0x%X]" % (segname, ea)
if "branch_islands" in segname:
idc.SetFunctionFlags(ea, idc.GetFunctionFlags(ea) & (0xffffffff - 1))
for x in idautils.XrefsTo(ea):
make_islands_xrefs_force_bl_call(x.frm)
return
idc.ArmForceBLCall(ea)
Example #9
| Source File: 13_注释和重命名.py From IDAPython_Note with MIT License | 4 votes |
|
def check_for_wrapper(func):
flags = idc.GetFunctionFlags(func)
#跳过库函数和简单的跳转函数
if flags & FUNC_LIB or flags & FUNC_THUNK:
return
dism_addr = list(idautils.FuncItems(func))
#获取函数的长度
func_length = len(dism_addr)
#如果函数的超过32条指令则返回
if func_length > 0x20:
return
func_call = 0
instr_cmp = 0
op = None
op_addr = None
op_type = None
#遍历函数中的每条指令
for ea in dism_addr:
m = idc.GetMnem(ea)
if m == 'call' or m == 'jmp':
if m == 'jmp':
temp = idc.GetOperandValue(ea, 0)
# 忽略函数边界内的跳转
if temp in dism_addr:
continue
func_call += 1
#封装函数内不会包含多个函数调用
if func_call == 2:
return
op_addr = idc.GetOperandValue(ea, 0)
op_type = idc.GetOpType(ea, 0)
elif m == 'cmp' or m == 'test':
# 封装函数内不应该包含太多的逻辑运算
instr_cmp += 1
if instr_cmp == 3:
return
else:
continue
# 所有函数内的指令都被分析过了
if op_addr == None:
return
name = idc.Name(op_addr)
#跳过名称粉碎的函数名称
if "[" in name or "$" in name or "?" in name or "@" in name or name == "":
return
name = "w_" + name
if op_type == o_near:
if idc.GetFunctionFlags(op_addr) & FUNC_THUNK:
rename_wrapper(name, func)
return
if op_type == o_mem or op_type == o_far:
rename_wrapper(name, func)
return
