Python idaapi.o_displ() Examples
The following are 11
code examples of idaapi.o_displ().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: stub.py From ida_kernelcache with MIT License | 6 votes |
|
def _process_stub_template_1(stub):
"""A template to match the following stub pattern:
ADRP X<reg>, #<offset>@PAGE
LDR X<reg>, [X<reg>, #<offset>@PAGEOFF]
BR X<reg>
"""
adrp, ldr, br = idau.Instructions(stub, count=3)
if (adrp.itype == idaapi.ARM_adrp and adrp.Op1.type == idaapi.o_reg
and adrp.Op2.type == idaapi.o_imm
and ldr.itype == idaapi.ARM_ldr and ldr.Op1.type == idaapi.o_reg
and ldr.Op2.type == idaapi.o_displ and ldr.auxpref == 0
and br.itype == idaapi.ARM_br and br.Op1.type == idaapi.o_reg
and adrp.Op1.reg == ldr.Op1.reg == ldr.Op2.reg == br.Op1.reg):
offset = adrp.Op2.value + ldr.Op2.addr
target = idau.read_word(offset)
if target and idau.is_mapped(target):
return target
Example #2
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def memory(ea, op):
'''Operand type decoder for memory-type operands which return an address.'''
if op.type in {idaapi.o_mem, idaapi.o_far, idaapi.o_near, idaapi.o_displ}:
seg, sel = (op.specval & 0xffff0000) >> 16, (op.specval & 0x0000ffff) >> 0
return op.addr
optype = map(utils.funbox("{:s}({:d})".format), [('idaapi.o_far', idaapi.o_far), ('idaapi.o_near', idaapi.o_near)])
raise E.InvalidTypeOrValueError(u"{:s}.address({:#x}, {!r}) : Expected operand type `{:s}` or `{:s}` but operand type {:d} was received.".format('.'.join((__name__, 'operand_types')), ea, op, optype[0], optype[1], op.type))
Example #3
| Source File: collect_variable.py From mcsema with Apache License 2.0 | 5 votes |
|
def __init__(self, opnd, ea, insn, write, read):
self._operand = opnd
self._ea = ea
self._read = read
self._write= write
self._insn = insn
self._type = opnd.type
self._index_id = None
self._base_id = None
self._displ = None
self._scale = None
if self._type in (idaapi.o_displ, idaapi.o_phrase):
specflag1 = self.op_t.specflag1
specflag2 = self.op_t.specflag2
scale = 1 << ((specflag2 & 0xC0) >> 6)
offset = self.op_t.addr
if specflag1 == 0:
index_ = None
base_ = self.op_t.reg
elif specflag1 == 1:
index_ = (specflag2 & 0x38) >> 3
base_ = (specflag2 & 0x07) >> 0
if self.op_t.reg == 0xC:
base_ += 8
# HACK: Check if the index register is there in the operand
# It will fix the issue if `rsi` is getting used as index register
if (index_ & 4) and get_register_name(index_) not in idc.GetOpnd(self._ea, opnd.n):
index_ += 8
if (index_ == base_ == idautils.procregs.sp.reg) and (scale == 1):
index_ = None
self._scale = scale
self._index_id = index_
self._base_id = base_
self._displ = offset
Example #4
| Source File: collect_variable.py From mcsema with Apache License 2.0 | 5 votes |
|
def has_phrase(self):
return self._type in (idaapi.o_phrase, idaapi.o_displ)
Example #5
| Source File: collect_variable.py From mcsema with Apache License 2.0 | 5 votes |
|
def __init__(self, opnd, ea, insn, write, read):
self._operand = opnd
self._ea = ea
self._read = read
self._write= write
self._insn = insn
self._type = opnd.type
self._index_id = None
self._base_id = None
self._displ = None
self._scale = None
if self._type in (idaapi.o_displ, idaapi.o_phrase):
specflag1 = self.op_t.specflag1
specflag2 = self.op_t.specflag2
scale = 1 << ((specflag2 & 0xC0) >> 6)
offset = self.op_t.addr
if specflag1 == 0:
index_ = None
base_ = self.op_t.reg
elif specflag1 == 1:
index_ = (specflag2 & 0x38) >> 3
base_ = (specflag2 & 0x07) >> 0
if self.op_t.reg == 0xC:
base_ += 8
# HACK: Check if the index register is there in the operand
# It will fix the issue if `rsi` is getting used as index register
if (index_ & 4) and get_register_name(index_) not in idc.GetOpnd(self._ea, opnd.n):
index_ += 8
if (index_ == base_ == idautils.procregs.sp.reg) and (scale == 1):
index_ = None
self._scale = scale
self._index_id = index_
self._base_id = base_
self._displ = offset
Example #6
| Source File: collect_variable.py From mcsema with Apache License 2.0 | 5 votes |
|
def has_phrase(self):
return self._type in (idaapi.o_phrase, idaapi.o_displ)
Example #7
| Source File: base.py From Sark with MIT License | 5 votes |
|
def operand_has_displacement(operand):
if operand.type in (idaapi.o_phrase, idaapi.o_displ):
return True
return False
Example #8
| Source File: instruction.py From Sark with MIT License | 5 votes |
|
def _initialize(self):
if self.op_t.type not in (idaapi.o_displ, idaapi.o_phrase):
raise exceptions.OperandNotPhrase('Operand is not of type o_phrase or o_displ.')
proc_name = idaapi.get_inf_structure().procName
if proc_name != 'metapc':
raise exceptions.PhraseProcessorNotSupported(
'Phrase analysis not supported for processor {}'.format(proc_name))
specflag1 = self.op_t.specflag1
specflag2 = self.op_t.specflag2
scale = 1 << ((specflag2 & 0xC0) >> 6)
offset = self.op_t.addr
if specflag1 == 0:
index = None
base_ = self.op_t.reg
elif specflag1 == 1:
index = (specflag2 & 0x38) >> 3
base_ = (specflag2 & 0x07) >> 0
if self.op_t.reg == 0xC:
if base_ & 4:
base_ += 8
if index & 4:
index += 8
else:
raise exceptions.PhraseNotSupported('o_displ, o_phrase : Not implemented yet : %x' % specflag1)
# HACK: This is a really ugly hack. For some reason, phrases of the form `[esp + ...]` (`sp`, `rsp` as well)
# set both the `index` and the `base` to `esp`. This is not significant, as `esp` cannot be used as an
# index, but it does cause issues with the parsing.
# This is only relevant to Intel architectures.
if (index == base_ == idautils.procregs.sp.reg) and (scale == 1):
index = None
self.scale = scale
self.index_id = index
self.base_id = base_
self.offset = offset
Example #9
| Source File: instruction.py From Sark with MIT License | 5 votes |
|
def has_reg(self):
return self._type in (idaapi.o_reg, idaapi.o_displ, idaapi.o_phrase)
Example #10
| Source File: instruction.py From Sark with MIT License | 5 votes |
|
def has_phrase(self):
return self._type in (idaapi.o_phrase, idaapi.o_displ)
Example #11
| Source File: class_struct.py From ida_kernelcache with MIT License | 5 votes |
|
def _convert_operands_to_struct_offsets(access_addresses):
"""Convert the operands that generated struct accesses into struct offsets."""
for classname, addresses_and_deltas in access_addresses.items():
sid = idau.struct_open(classname)
if sid is not None:
for ea, delta in addresses_and_deltas:
insn = idautils.DecodeInstruction(ea)
if insn:
for op in insn.Operands:
if op.type == idaapi.o_displ:
if not idau.insn_op_stroff(insn, op.n, sid, delta):
_log(1, 'Could not convert {:#x} to struct offset for class {} '
'delta {}', ea, classname, delta)
