Python ida_bytes.del_items() Examples

The following are 11 code examples of ida_bytes.del_items(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module ida_bytes , or try the search function .
Example #1
Source File: analyzer.py    From Karta with MIT License 6 votes vote down vote up 
def markCodePtr(self, src, dest, aggressive=True):
        """Mark a code pointer from src to dest.

        Args:
            src (int): effective address for the pointer's location
            dest (int): effective address for the pointed code address
            aggressive (bool, optional): True iff should redefine the src & dest (True by default)
        """
        clean_dest = self.cleanPtr(dest)
        if aggressive:
            ida_bytes.del_items(src, 0, self.addressSize())
        if self.makeAddress(src):
            idc.add_dref(src, clean_dest, idc.XREF_USER | idc.dr_O)
            idc.add_cref(src, clean_dest, idc.XREF_USER | idc.dr_O)
            ida_offset.op_offset(src, 0, idc.REF_OFF32)
            if aggressive:
                ida_bytes.del_items(dest, 0, self.addressSize())
                idc.create_insn(self.cleanPtr(dest))
Example #2
Source File: idaxml.py    From GhIDA with Apache License 2.0 6 votes vote down vote up 
def import_codeblock(self, code_block):
        """
        Processes a CODE_BLOCK element by disassembling the address range.

        Args:
            code_block: XML element containing codeblock start and end
                addresses.
        """
        if self.options.CodeBlocks.checked == False:
            return
        start = self.get_address(code_block, START)
        end = self.get_address(code_block, END)
        ida_bytes.del_items(start, 3, end - start + 1)
        addr = start
        while (addr <= end):
            length = ida_ua.create_insn(addr)
            addr += ida_bytes.get_item_size(addr) * self.get_cbsize()
        self.update_counter(CODE_BLOCK)
Example #3
Source File: switch_table.py    From Karta with MIT License 5 votes vote down vote up 
def markSwitchTables(self, sc, aggressive=True):
        """Help IDA by marking all of the needed information from the observed switch tables.

        Args:
            sc (segment): (sark) code segment in which we are interested right now
            aggressive (bool, optional): True iff the marking operation should be aggressive, see notes. (True by default)

        Notes
        -----
            1. Make sure the switch case jump instruction is indeed a code line
            2. Make sure the jump instruction has a code reference to all of the switch cases
            3. (Aggressive) Make sure each switch table entry is a proper code pointer to it's matching case
            4. (Aggressive) Enforce the correct code type over the entire gap between the minimal and maximal case
        """
        for switch_instr, table_start, table_end in filter(lambda x: sc.start_ea <= x[0] and x[1] < sc.end_ea, self._switch_case_entries):
            cases = []
            if not sark.Line(switch_instr).is_code:
                ida_bytes.del_items(switch_instr, 0, self._analyzer.addressSize())
                idc.create_insn(switch_instr)
            for ea in range(table_start, table_end, self._analyzer.addressSize()):
                entry = self._analyzer.parseAdderss(ea)
                if aggressive:
                    self._analyzer.markCodePtr(ea, entry)
                fixed_entry = self._analyzer.cleanPtr(entry)
                cases.append(fixed_entry)
                idc.add_cref(switch_instr, fixed_entry, idc.XREF_USER | idc.dr_O)
            if aggressive:
                self._analyzer.setCodeType(min(cases), max(cases), self._analyzer.ptrCodeType(entry))
Example #4
Source File: strings.py    From Karta with MIT License 5 votes vote down vote up 
def defineAsciiString(self, ea):
        r"""Define an ascii string at the given address.

        Args:
            ea (int): effective start address of the wanted ascii string

        Return Value:
            The length of the defined string + 1 for the '\0' terminator
        """
        content = idc.get_strlit_contents(ea, -1, -1)
        if not sark.Line(ea).is_string:
            self._analyzer.logger.debug("Defined a unique ascii string at: 0x%x (Length of %d)", ea, len(content) + 1)
        ida_bytes.del_items(ea, 0, len(content) + 1)
        idc.create_strlit(ea, ea + len(content) + 1)
        return len(content) + 1
Example #5
Source File: analyzer.py    From Karta with MIT License 5 votes vote down vote up 
def markDataPtr(self, src, dest, aggressive=True):
        """Mark a data pointer from src to dest.

        Args:
            src (int): effective address for the pointer's location
            dest (int): effective address for the pointed data address
            aggressive (bool, optional): True iff should redefine the src (True by default)
        """
        if aggressive:
            ida_bytes.del_items(src, 0, self.addressSize())
        if self.makeAddress(src):
            idc.add_dref(src, dest, idc.XREF_USER | idc.dr_O)
            ida_offset.op_offset(src, 0, idc.REF_OFF32)
Example #6
Source File: analyzer.py    From Karta with MIT License 5 votes vote down vote up 
def delCodePtr(self, src, dest):
        """Delete a code pointer (probably was found to be a False Positive).

        Args:
            src (int) effective address for the pointer's location
            dest (int): effective address for the (assumed) pointed code address
        """
        idc.del_dref(src, dest)
        idc.del_cref(src, dest, 0)
        ida_bytes.del_items(src, 0, self.addressSize())
Example #7
Source File: analyzer_utils.py    From Karta with MIT License 5 votes vote down vote up 
def resizeRegion(analyzer, start_ea, end_ea, new_start_ea, new_end_ea):
    """Resize a given code region, according to the new dimensions.

    Args:
        analyzer (instance): analyzer instance to be used
        start_ea (int): effective start address of the original region
        end_ea (int): effective end address of the original region
        new_start_ea (int): effective start address for the new region
        new_end_ea (int): effective end address for the new region
    """
    analyzer.logger.info("Resizing code region of type %d: 0x%x (0x%x) - 0x%x (0x%x)", analyzer.codeType(start_ea), new_start_ea, start_ea, end_ea, new_end_ea)
    code_type_before = analyzer.codeType(min(start_ea, new_start_ea) - 1)
    code_type_middle = analyzer.codeType(start_ea)
    code_type_after  = analyzer.codeType(max(end_ea, new_end_ea))
    # Make sure it will be treated as code
    fix_regions = []
    if new_start_ea < start_ea:
        fix_regions.append((new_start_ea, start_ea))
    elif new_start_ea != start_ea:
        fix_regions.append((start_ea, new_start_ea))
    if end_ea < new_end_ea:
        fix_regions.append((end_ea, new_end_ea))
    elif end_ea != new_end_ea:
        fix_regions.append((new_end_ea, end_ea))
    # Make the changed parts unknown, before re-analyzing them
    for region_start, region_end in fix_regions:
        ida_bytes.del_items(region_start, 0, region_end - region_start)
    # manually set the wanted value over the entire region
    if start_ea < new_start_ea:
        analyzer.setCodeType(start_ea, new_start_ea, code_type_before)
    elif start_ea != new_start_ea:
        analyzer.setCodeType(new_start_ea, start_ea, code_type_middle)
    if end_ea < new_end_ea:
        analyzer.setCodeType(end_ea, new_end_ea, code_type_middle)
    elif end_ea != new_end_ea:
        analyzer.setCodeType(new_end_ea, end_ea, code_type_after)
    # now reanalyze the new section
    for region_start, region_end in fix_regions:
        idc.plan_and_wait(region_start, region_end)
Example #8
Source File: resolve_ptrs.py    From idawilli with Apache License 2.0 5 votes vote down vote up 
def make_ptr(ea):
    # TODO: arch
    ida_bytes.del_items(ea, 0, psize)
    return ida_bytes.create_dword(ea, psize)
Example #9
Source File: analyser.py    From UEFI_RETool with MIT License 5 votes vote down vote up 
def apply_struct(ea, size, sid):
        ida_bytes.del_items(ea, size, idc.DELIT_DELNAMES)
        ida_bytes.create_struct(ea, size, sid)
        return size
Example #10
Source File: events.py    From IDArling with GNU General Public License v3.0 5 votes vote down vote up 
def __call__(self):
        ida_bytes.del_items(self.ea)
Example #11
Source File: util.py    From mcsema with Apache License 2.0 4 votes vote down vote up 
def make_xref(from_ea, to_ea, data_type, xref_size):
  """Force the data at `from_ea` to reference the data at `to_ea`."""
  if not idc.get_full_flags(to_ea) or is_invalid_ea(to_ea):
    DEBUG("  Not making reference (A) from {:x} to {:x}".format(from_ea, to_ea))
    return False

  make_head(from_ea)

  if is_code(from_ea):
    _CREFS_FROM[from_ea].add(to_ea)
    _CREFS_TO[to_ea].add(from_ea)
  else:
    _DREFS_FROM[from_ea].add(to_ea)
    _DREFS_TO[to_ea].add(from_ea)

  # If we can't make a head, then it probably means that we're at the
  # end of the binary, e.g. the last thing in the `.extern` segment.
  # or in the middle of structure. Return False in such case
  #
  # NOTE(artem): Commenting out since this breaks recovery of C++ applications
  # with IDA7. The failure occurs when processign references in .init_array
  # when the below code is enabled, those references are not treated as
  # references because make_head fails.
  #
  #if not make_head(from_ea + xref_size):
  #  return False

  ida_bytes.del_items(from_ea, idc.DELIT_EXPAND, xref_size)

  if data_type == idc.FF_QWORD:
    data_size = 8
  elif data_type == idc.FF_DWORD:
    data_size = 4
  else:
    raise ValueError("Invalid data type")

  idc.create_data(from_ea, data_type, data_size, idaapi.BADADDR)
  if not is_code_by_flags(from_ea):
    idc.add_dref(from_ea, to_ea, idc.XREF_USER|idc.dr_O)
  else: 
    DEBUG("  Not making reference (B) from {:x} to {:x}".format(from_ea, to_ea))

  return True