Python idaapi.dt_qword() Examples
The following are 5
code examples of idaapi.dt_qword().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: _interface.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def by_indextype(self, index, dtype):
"""Lookup a register according to its `index` and `dtype`.
Some examples of dtypes: idaapi.dt_byte, idaapi.dt_word, idaapi.dt_dword, idaapi.dt_qword
"""
res = idaapi.ph.regnames[index]
name = self.__cache__[res, dtype]
return getattr(self.__register__, name)
Example #2
| Source File: processor.py From idawasm with Apache License 2.0 | 5 votes |
|
def dt_to_width(self, dt):
'''
returns OOFW_xxx flag given a dt_xxx
'''
return {
idaapi.dt_byte: idaapi.OOFW_8,
idaapi.dt_word: idaapi.OOFW_16,
idaapi.dt_dword: idaapi.OOFW_32,
idaapi.dt_qword: idaapi.OOFW_64,
}[dt]
Example #3
| Source File: collect_classes.py From ida_kernelcache with MIT License | 4 votes |
|
def _emulate_arm64(start, end, on_BL=None, on_RET=None):
"""A very basic partial Arm64 emulator that does just enough to find OSMetaClass
information."""
# Super basic emulation.
reg = _Regs()
def load(addr, dtyp):
if not addr:
return None
if dtyp == idaapi.dt_qword:
size = 8
elif dtyp == idaapi.dt_dword:
size = 4
else:
return None
return idau.read_word(addr, size)
def cleartemps():
for t in ['X{}'.format(i) for i in range(0, 19)]:
reg.clear(t)
for insn in idau.Instructions(start, end):
_log(11, 'Processing instruction {:#x}', insn.ea)
mnem = insn.get_canon_mnem()
if mnem == 'ADRP' or mnem == 'ADR':
reg[insn.Op1.reg] = insn.Op2.value
elif mnem == 'ADD' and insn.Op2.type == idc.o_reg and insn.Op3.type == idc.o_imm:
reg[insn.Op1.reg] = reg[insn.Op2.reg] + insn.Op3.value
elif mnem == 'NOP':
pass
elif mnem == 'MOV' and insn.Op2.type == idc.o_imm:
reg[insn.Op1.reg] = insn.Op2.value
elif mnem == 'MOV' and insn.Op2.type == idc.o_reg:
reg[insn.Op1.reg] = reg[insn.Op2.reg]
elif mnem == 'RET':
if on_RET:
on_RET(reg)
break
elif (mnem == 'STP' or mnem == 'LDP') and insn.Op3.type == idc.o_displ:
if insn.auxpref & _MEMOP_WBINDEX:
reg[insn.Op3.reg] = reg[insn.Op3.reg] + insn.Op3.addr
if mnem == 'LDP':
reg.clear(insn.Op1.reg)
reg.clear(insn.Op2.reg)
elif (mnem == 'STR' or mnem == 'LDR') and not insn.auxpref & _MEMOP_WBINDEX:
if mnem == 'LDR':
if insn.Op2.type == idc.o_displ:
reg[insn.Op1.reg] = load(reg[insn.Op2.reg] + insn.Op2.addr, insn.Op1.dtyp)
else:
reg.clear(insn.Op1.reg)
elif mnem == 'BL' and insn.Op1.type == idc.o_near:
if on_BL:
on_BL(insn.Op1.addr, reg)
cleartemps()
else:
_log(10, 'Unrecognized instruction at address {:#x}', insn.ea)
reg.clearall()
Example #4
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def __init__(self):
super(Intel, self).__init__()
getitem, setitem = self.__register__.__getattr__, self.__register__.__setattr__
i2s = "{:d}".format
[ setitem('r'+_, self.new('r'+_, 64, _)) for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip') ]
[ setitem('r'+_, self.new('r'+_, 64)) for _ in map(i2s, six.moves.range(8, 16)) ]
[ setitem('e'+_, self.child(self.by_name('r'+_), 'e'+_, 0, 32, _)) for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip') ]
[ setitem('r'+_+'d', self.child(self.by_name('r'+_), 'r'+_+'d', 0, 32, idaname='r'+_)) for _ in map(i2s, six.moves.range(8, 16)) ]
[ setitem('r'+_+'w', self.child(self.by_name('r'+_+'d'), 'r'+_+'w', 0, 16, idaname='r'+_)) for _ in map(i2s, six.moves.range(8, 16)) ]
[ setitem('r'+_+'b', self.child(self.by_name('r'+_+'w'), 'r'+_+'b', 0, 8, idaname='r'+_)) for _ in map(i2s, six.moves.range(8, 16)) ]
[ setitem( _, self.child(self.by_name('e'+_), _, 0, 16)) for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip') ]
[ setitem(_+'h', self.child(self.by_name(_+'x'), _+'h', 8, 8)) for _ in ('a', 'c', 'd', 'b') ]
[ setitem(_+'l', self.child(self.by_name(_+'x'), _+'l', 0, 8)) for _ in ('a', 'c', 'd', 'b') ]
[ setitem(_+'l', self.child(self.by_name(_), _+'l', 0, 8)) for _ in ('sp', 'bp', 'si', 'di') ]
[ setitem( _, self.new(_, 16)) for _ in ('es', 'cs', 'ss', 'ds', 'fs', 'gs') ]
setitem('fpstack', self.new('fptags', 80*8, dtype=None)) # FIXME: is this the right IDA register name??
# FIXME: rex-prefixed 32-bit registers are implicitly extended to the 64-bit regs which implies that 64-bit are children of 32-bit
for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip'):
r32, r64 = getitem('e'+_), getitem('r'+_)
r32.alias, r64.alias = { r64 }, { r32 }
for _ in map(i2s, six.moves.range(8, 16)):
r32, r64 = getitem('r'+_+'d'), getitem('r'+_)
r32.alias, r64.alias = { r64 }, { r32 }
# explicitly set the lookups for (word-register, idaapi.dt_byte) which exist due to ida's love for the inconsistent
[ self.__cache__.setdefault((_+'x', self.by_name(_+'l').dtype), self.by_name(_+'l').__name__) for _ in ('a', 'c', 'd', 'b') ]
fpstack = self.__register__.fpstack
# single precision
[ setitem("st{:d}f".format(_), self.child(fpstack, "st{:d}f".format(_), _*80, 80, "st{:d}".format(_), dtype=idaapi.dt_float)) for _ in six.moves.range(8) ]
# double precision
[ setitem("st{:d}d".format(_), self.child(fpstack, "st{:d}d".format(_), _*80, 80, "st{:d}".format(_), dtype=idaapi.dt_double)) for _ in six.moves.range(8) ]
# umm..80-bit precision? i've seen op_t's in ida for fsubp with the implied st(0) using idaapi.dt_tbyte
[ setitem("st{:d}".format(_), self.child(fpstack, "st{:d}".format(_), _*80, 80, "st{:d}".format(_), dtype=idaapi.dt_tbyte)) for _ in six.moves.range(8) ]
# not sure if the mmx registers trash the other 16 bits of an fp register
[ setitem("mm{:d}".format(_), self.child(fpstack, "mm{:d}".format(_), _*80, 64, dtype=idaapi.dt_qword)) for _ in six.moves.range(8) ]
# sse1/sse2 simd registers
[ setitem("xmm{:d}".format(_), self.new("xmm{:d}".format(_), 128, dtype=idaapi.dt_byte16)) for _ in six.moves.range(16) ]
[ setitem("ymm{:d}".format(_), self.new("ymm{:d}".format(_), 128, dtype=idaapi.dt_ldbl)) for _ in six.moves.range(16) ]
# control registers
[ setitem("cr{:d}".format(_), self.new("cr{:d}".format(_), database.config.bits())) for _ in six.moves.range(8) ]
##fpctrl, fpstat, fptags
##mxcsr
## 'cf', 'zf', 'sf', 'of', 'pf', 'af', 'tf', 'if', 'df', 'efl',
Example #5
| Source File: build_yara_string.py From writeups with GNU General Public License v3.0 | 4 votes |
|
def build_yara_string():
ea = GetFunctionAttr(ScreenEA(), FUNCATTR_START)
if ea == BADADDR:
print 'Failed to determine function start'
return
y = YaraBuffer()
is_64bit = idaapi.get_inf_structure().is_64bit()
nq = 0
for rip in Heads(*Chunks(ea).next()):
rip_next = NextHead(rip)
if rip_next - rip <= 4: # Anything smaller than DWord has no relation
y.ship(rip, rip_next)
continue
# both 32-bit and 64-bit mode have 32bit near jumps
# (far jumps & far calls are tacitly ignored here)
if GetMnem(rip) == 'call' and GetOpType(rip, 0) != o_reg:
y.ship(rip, rip_next - 4)
y.shipq(4)
continue
# 32bit and 64-bit cases are somewhat different
insn = DecodeInstruction(rip)
if is_64bit:
if insn.Op2.type == o_void:
# Single operand
if insn.Op1.type == o_mem:
y.ship(rip, rip_next - 4)
y.shipq(4)
else:
y.ship(rip, rip_next)
else:
# Two opearands
if insn.Op1.type == o_mem:
# rip relative Op1
y.ship(rip, rip + insn.Op1.offb)
y.shipq(rip_next - rip - insn.Op1.offb)
else:
if (insn.Op2.type == o_imm and insn.Op2.dtyp == idaapi.dt_qword
and rip_next - rip - insn.Op2.offb == 8
and insn.Op2.value >= MinEA()
and insn.Op2.value < MaxEA()):
y.ship(rip, rip_next - 8)
y.shipq(8)
else:
y.ship(rip, rip_next)
else:
# 32bit heuristic treatment
t = Dword(rip_next - 4)
if GetMnem(rip) == 'call' or (t >= MinEA() and t < MaxEA()):
y.ship(rip, rip_next - 4)
y.shipq(4)
nq += 4
else:
y.ship(rip, rip_next)
return y.get_string()
