Python ida_ua.decode_insn() Examples
The following are 8
code examples of ida_ua.decode_insn().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ida_ua
, or try the search function
.
.
Example #1
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 6 votes |
|
def is_imm_op(self, addr, op):
"""
Returns true if instruction operand at address is an immediate value.
Args:
addr: Integer representing instruction address.
op: Integer representing operand index (0-based).
Returns:
True if instruction operand at address is an immediate value.
False otherwise.
"""
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
if (insn.ops[op].type == idc.o_imm):
return True
return False
Example #2
| Source File: mov.py From IDACyber with MIT License | 6 votes |
|
def _ins2color(self, addr):
col = _len = 0
acc = -1
head = get_item_head(addr)
if can_decode(head):
f = get_full_flags(head)
if is_code(f):
_len = decode_insn(self.insn, head)
if _len:
if self.insn.itype in [ida_allins.NN_mov]: # TODO: add more instructions
if self.insn.Op1.type in [o_mem, o_phrase, o_displ]:
acc = ACC_WRITE
col = self.insn_colors[acc]
elif self.insn.Op2.type in [o_mem, o_phrase, o_displ]:
acc = ACC_READ
col = self.insn_colors[acc]
else:
acc = -1
return (col, _len, acc)
Example #3
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_enum_reference(self, addr, op):
"""
Exports the enum reference for an operand at an address.
Args:
addr: Integer representing the instruction address.
op: Integer representing the operand index (0-based)
"""
(eid, serial) = ida_bytes.get_enum_id(addr, op)
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
value = insn.ops[op].value
cid = BADNODE
last = idc.get_last_bmask(eid)
if idc.is_bf(eid) == True:
last = idc.get_last_bmask(eid)
mask = idc.get_first_bmask(eid)
while cid == BADNODE:
cid = ida_enum.get_enum_member(eid, (value & mask), 0, mask)
if cid != BADNODE or mask == last:
break
mask = idc.get_next_bmask(eid, mask)
else:
cid = ida_enum.get_enum_member(eid, value, 0, last)
if cid == BADNODE:
return
self.start_element(EQUATE_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
self.write_numeric_attribute(
VALUE, ida_enum.get_enum_member_value(cid))
cname = ida_enum.get_enum_member_name(cid)
if cname != None and len(cname) > 0:
self.write_attribute(NAME, cname)
if idc.is_bf(eid) == True:
self.write_numeric_attribute("BIT_MASK", mask)
self.close_tag()
Example #4
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_memory_reference(self, addr, op):
"""
Exports the memory reference for operand at the address.
Args:
addr: Integer representing the instruction address.
op: Integer representing the operand index (0-based)
"""
f = idc.get_full_flags(addr)
ri = ida_nalt.refinfo_t()
if ida_nalt.get_refinfo(ri, addr, op) == 1:
if ri.target != BADADDR:
target = ri.target
elif idc.is_code(f) == True:
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
target = (insn.ops[op].value - ri.tdelta + ri.base) & ((1 << 64) - 1)
elif idc.is_data(f) == True:
target = (self.get_data_value(addr) - ri.tdelta + ri.base) & ((1 << 64) - 1)
else:
return
else:
return
if ida_bytes.is_mapped(target) == False:
return
self.start_element(MEMORY_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
self.write_address_attribute(TO_ADDRESS, target)
self.write_attribute(PRIMARY, "y")
self.close_tag()
Example #5
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_stack_reference(self, addr):
"""
Exports references to stack variables at the address.
Args:
addr: Integer containing instruction address.
"""
f = idc.get_full_flags(addr)
for op in range(ida_ida.UA_MAXOP):
if idc.is_code(f) == True and ida_bytes.is_stkvar(f, op) == True:
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
opnd = insn.ops[op]
# TODO:How to handle opnd.type for stack references
optype = opnd.type
if optype == idc.o_void:
continue
# TODO:How to handle op_t_get_addr for stack references
SV = ida_frame.get_stkvar(insn, opnd, opnd.value)
if SV == None:
continue
(sv, actval) = SV
function = ida_funcs.get_func(addr)
self.start_element(STACK_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
offset = opnd.addr
spoff = offset - function.frregs
if offset > 0x7FFFFFFF:
offset -= 0x100000000
if spoff > 0x7FFFFFFF:
spoff -= 0x100000000
self.write_numeric_attribute(STACK_PTR_OFFSET, spoff,
16, True)
if (function.flags & idc.FUNC_FRAME) != 0:
self.write_numeric_attribute(FRAME_PTR_OFFSET,
offset, 16, True)
self.close_tag()
Example #6
| Source File: util.py From mcsema with Apache License 2.0 | 5 votes |
|
def decode_instruction(ea):
"""Read the bytes of an x86/amd64 instruction. This handles things like
combining the bytes of an instruction with its prefix. IDA Pro sometimes
treats these as separate."""
global _NOT_INST_EAS, _BAD_INSTRUCTION, PREFIX_ITYPES
if ea in _NOT_INST_EAS:
return _BAD_INSTRUCTION
decoded_inst = ida_ua.insn_t()
inslen = ida_ua.decode_insn(decoded_inst, ea)
if inslen <= 0:
_NOT_INST_EAS.add(ea)
return _BAD_INSTRUCTION
assert decoded_inst.ea == ea
end_ea = ea + decoded_inst.size
decoded_bytes = read_bytes_slowly(ea, end_ea)
# We've got an instruction with a prefix, but the prefix is treated as
# independent.
if 1 == decoded_inst.size and decoded_inst.itype in PREFIX_ITYPES:
decoded_inst, extra_bytes = decode_instruction(end_ea)
decoded_bytes += extra_bytes
return decoded_inst, decoded_bytes
Example #7
| Source File: events.py From IDArling with GNU General Public License v3.0 | 5 votes |
|
def __call__(self):
if self.op == "hex":
ida_bytes.op_hex(self.ea, self.n)
if self.op == "bin":
ida_bytes.op_bin(self.ea, self.n)
if self.op == "dec":
ida_bytes.op_dec(self.ea, self.n)
if self.op == "chr":
ida_bytes.op_chr(self.ea, self.n)
if self.op == "oct":
ida_bytes.op_oct(self.ea, self.n)
if self.op == "offset":
ida_idc.op_plain_offset(self.ea, self.n, 0)
if self.op == "enum":
id = ida_enum.get_enum(Event.encode(self.extra["ename"]))
ida_bytes.op_enum(self.ea, self.n, id, self.extra["serial"])
if self.op == "struct":
path_len = len(self.extra["spath"])
path = ida_pro.tid_array(path_len)
for i in range(path_len):
sname = Event.encode(self.extra["spath"][i])
path[i] = ida_struct.get_struc_id(sname)
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, self.ea)
ida_bytes.op_stroff(
insn, self.n, path.cast(), path_len, self.extra["delta"]
)
if self.op == "stkvar":
ida_bytes.op_stkvar(self.ea, self.n)
# FIXME: No hooks are called when inverting sign
# if self.op == 'invert_sign':
# idc.toggle_sign(ea, n)
Example #8
| Source File: vrop.py From IDACyber with MIT License | 5 votes |
|
def _is_ret(self, x):
if can_decode(x):
insn = insn_t()
inslen = decode_insn(insn, x)
if inslen > 0 and is_ret_insn(insn):
return True
return False
