Python ida_bytes.get_full_flags() Examples
The following are 14
code examples of ida_bytes.get_full_flags().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ida_bytes
, or try the search function
.
.
Example #1
| Source File: mov.py From IDACyber with MIT License | 6 votes |
|
def _ins2color(self, addr):
col = _len = 0
acc = -1
head = get_item_head(addr)
if can_decode(head):
f = get_full_flags(head)
if is_code(f):
_len = decode_insn(self.insn, head)
if _len:
if self.insn.itype in [ida_allins.NN_mov]: # TODO: add more instructions
if self.insn.Op1.type in [o_mem, o_phrase, o_displ]:
acc = ACC_WRITE
col = self.insn_colors[acc]
elif self.insn.Op2.type in [o_mem, o_phrase, o_displ]:
acc = ACC_READ
col = self.insn_colors[acc]
else:
acc = -1
return (col, _len, acc)
Example #2
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def check_if_seg_contents(self, seg):
"""
Determines if any address in a segment contains a value.
Args:
seg: IDA segment object
Returns:
True if any address in a segment contains a value.
False if no address in a segment contains a value.
"""
for addr in idautils.Heads(seg.start_ea, seg.end_ea):
if idc.has_value(idc.get_full_flags(addr)) == True:
return True
return False
Example #3
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_comments(self):
"""
Exports all comments in the IDA database as <COMMENT> elements.
"""
addr = self.min_ea
if ida_bytes.has_cmt(idc.get_full_flags(addr)) == False:
addr = ida_bytes.next_that(addr, self.max_ea, ida_bytes.has_cmt)
if (addr == BADADDR):
return
self.update_status(COMMENTS)
timer = time.clock()
self.start_element(COMMENTS, True)
while (addr != BADADDR):
cmt = idc.get_cmt(addr, False)
if (cmt != None):
self.export_comment(addr, "end-of-line", cmt)
cmt = idc.get_cmt(addr, True)
if (cmt != None):
self.export_comment(addr, "repeatable", cmt)
addr = ida_bytes.next_that(addr, self.max_ea, ida_bytes.has_cmt)
addr = self.min_ea
if ida_bytes.has_extra_cmts(idc.get_full_flags(addr)) == False:
addr = ida_bytes.next_that(
addr, self.max_ea, ida_bytes.has_extra_cmts)
while (addr != BADADDR):
extra = idc.get_extra_cmt(addr, idc.E_PREV)
if (extra != None):
self.export_extra_comment(addr, "pre", idc.E_PREV)
extra = idc.get_extra_cmt(addr, idc.E_NEXT)
if (extra != None):
self.export_extra_comment(addr, "post", idc.E_NEXT)
addr = ida_bytes.next_that(
addr, self.max_ea, ida_bytes.has_extra_cmts)
self.export_c_comments()
self.end_element(COMMENTS)
self.display_cpu_time(timer)
Example #4
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_enum_references(self, addr):
"""
Finds and exports enum references at an address.
Args:
addr: Integer representing the instruction address.
"""
f = idc.get_full_flags(addr)
for op in range(2):
if ida_bytes.is_enum(f, op) == True:
self.export_enum_reference(addr, op)
Example #5
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_markup(self):
"""
Exports markup for instructions and data items including references
and manual instructions and operands.
"""
self.update_status(MARKUP)
timer = time.clock()
self.start_element(MARKUP, True)
addr = self.min_ea
while addr != BADADDR:
f = idc.get_full_flags(addr)
if self.options.MemoryReferences.checked == True:
if ida_bytes.has_xref(f) == True:
self.export_user_memory_reference(addr)
if ida_bytes.is_off(f, ida_bytes.OPND_ALL) == True:
self.export_memory_references(addr)
if (self.options.Functions.checked == True and
self.options.StackReferences.checked == True and
ida_bytes.is_stkvar(f, ida_bytes.OPND_ALL) == True):
self.export_stack_reference(addr)
if (self.options.DataTypes.checked == True and
ida_bytes.is_enum(f, ida_bytes.OPND_ALL) == True):
self.export_enum_references(addr)
if self.options.Manual.checked == True:
# TODO: Ask about OPND_ALL and retrieving additional manual operands
# if ida_bytes.is_forced_operand(addr, ida_bytes.OPND_ALL) ==
# True:
if (ida_bytes.is_forced_operand(addr, 0) == True or
ida_bytes.is_forced_operand(addr, 1) == True):
self.export_manual_operand(addr)
if ida_bytes.is_manual_insn(addr) == True:
self.export_manual_instruction(addr)
addr = idc.next_head(addr, self.max_ea)
self.end_element(MARKUP)
self.display_cpu_time(timer)
Example #6
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_memory_contents(self, binfilename, binfile, start, end):
"""
Exports the binary memory contents in the database.
A MEMORY_CONTENTS element is generated for each contiguous address
range where each address in the range contains a value.
The binary values are store in a separate file (not the XML file),
and the MEMORY_CONTENTS element identifies the file and the
offset in the file where the address range is located.
Args:
binfilename: String containing the absolute filepath
binfile: IDA file instance for binary file
start: Integer representing the starting address
end: Integer representing the ending address
"""
length = 0
startaddr = start
for addr in range(start, end):
# reset start address when length == 0
if (length == 0):
startaddr = addr
has_val = ida_bytes.has_value(idc.get_full_flags(addr))
if has_val == True:
length += self.cbsize
next_address = idc.next_addr(addr)
if ((has_val == False) or (next_address != addr + 1) or
(next_address == end)):
if length > 0:
offset = binfile.tell()
ida_loader.base2file(binfile.get_fp(), offset, startaddr,
startaddr + length)
self.start_element(MEMORY_CONTENTS)
self.write_address_attribute(START_ADDR, startaddr)
self.write_attribute(FILE_NAME, binfilename)
self.write_numeric_attribute(FILE_OFFSET, offset)
self.write_numeric_attribute(LENGTH, length)
self.close_tag(False)
length = 0
Example #7
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_memory_reference(self, addr, op):
"""
Exports the memory reference for operand at the address.
Args:
addr: Integer representing the instruction address.
op: Integer representing the operand index (0-based)
"""
f = idc.get_full_flags(addr)
ri = ida_nalt.refinfo_t()
if ida_nalt.get_refinfo(ri, addr, op) == 1:
if ri.target != BADADDR:
target = ri.target
elif idc.is_code(f) == True:
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
target = (insn.ops[op].value - ri.tdelta + ri.base) & ((1 << 64) - 1)
elif idc.is_data(f) == True:
target = (self.get_data_value(addr) - ri.tdelta + ri.base) & ((1 << 64) - 1)
else:
return
else:
return
if ida_bytes.is_mapped(target) == False:
return
self.start_element(MEMORY_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
self.write_address_attribute(TO_ADDRESS, target)
self.write_attribute(PRIMARY, "y")
self.close_tag()
Example #8
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_memory_references(self, addr):
"""
Exports the memory references for any operands at the address.
Args:
addr: Integer representing the instruction address.
"""
f = idc.get_full_flags(addr)
for op in range(ida_ida.UA_MAXOP):
if ida_bytes.is_off(f, op) == True and (idc.is_data(f) == True or
(idc.is_code(f) == True and
self.is_imm_op(addr, op) == True)):
self.export_memory_reference(addr, op)
Example #9
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_stack_reference(self, addr):
"""
Exports references to stack variables at the address.
Args:
addr: Integer containing instruction address.
"""
f = idc.get_full_flags(addr)
for op in range(ida_ida.UA_MAXOP):
if idc.is_code(f) == True and ida_bytes.is_stkvar(f, op) == True:
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
opnd = insn.ops[op]
# TODO:How to handle opnd.type for stack references
optype = opnd.type
if optype == idc.o_void:
continue
# TODO:How to handle op_t_get_addr for stack references
SV = ida_frame.get_stkvar(insn, opnd, opnd.value)
if SV == None:
continue
(sv, actval) = SV
function = ida_funcs.get_func(addr)
self.start_element(STACK_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
offset = opnd.addr
spoff = offset - function.frregs
if offset > 0x7FFFFFFF:
offset -= 0x100000000
if spoff > 0x7FFFFFFF:
spoff -= 0x100000000
self.write_numeric_attribute(STACK_PTR_OFFSET, spoff,
16, True)
if (function.flags & idc.FUNC_FRAME) != 0:
self.write_numeric_attribute(FRAME_PTR_OFFSET,
offset, 16, True)
self.close_tag()
Example #10
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def get_datatype(self, addr):
"""
Returns the datatype at an address.
The type could be a basic type (byte, word, dword, etc.),
a structure, an array, a pointer, or a string type.
Args:
addr: Integer representing a program address.
"""
f = idc.get_full_flags(addr)
t = self.get_type(f)
if ida_bytes.is_struct(f) == True:
opndbuf = ida_nalt.opinfo_t()
opnd = ida_bytes.get_opinfo(opndbuf, addr, 0, f)
return idc.get_struc_name(opnd.tid)
if idc.is_strlit(f) == True:
str_type = idc.get_str_type(addr)
# print(ida_bytes.print_strlit_type(str_type))
if str_type == ida_nalt.STRTYPE_TERMCHR:
return "string"
if str_type == ida_nalt.STRTYPE_PASCAL:
return "string1"
if str_type == ida_nalt.STRTYPE_LEN2:
return "string2"
if str_type == ida_nalt.STRTYPE_LEN4:
return "string4"
if str_type == ida_nalt.STRTYPE_C_16:
return "unicode"
if str_type == ida_nalt.STRTYPE_C_16:
return "unicode2"
if str_type == ida_nalt.STRTYPE_C_32:
return "unicode4"
return "string"
if ida_bytes.is_off0(f) == True:
return "pointer"
return t
Example #11
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 4 votes |
|
def export_code(self):
"""
Exports the address ranges of code sequences as CODE_BLOCK(s)
with START and END address attributes.
"""
addr = self.min_ea
if idc.is_code(idc.get_full_flags(addr)) == False:
addr = ida_bytes.next_that(addr, self.max_ea, idc.is_code)
if (addr == BADADDR):
return
self.update_status(CODE)
timer = time.clock()
data = ida_bytes.next_that(addr, self.max_ea, idc.is_data)
unknown = ida_bytes.next_unknown(addr, self.max_ea)
self.start_element(CODE, True)
while (addr != BADADDR):
start = addr
end = min(data, unknown)
if (end == BADADDR):
if (ida_segment.getseg(start).end_ea < self.max_ea):
codeend = ida_segment.getseg(start).end_ea - 1
addr = ida_segment.getseg(idc.next_addr(codeend)).start_ea
if idc.is_code(idc.get_full_flags(addr)) == False:
addr = ida_bytes.next_that(addr, self.max_ea,
idc.is_code)
else:
codeend = self.max_ea - 1
addr = BADADDR
else:
if (ida_segment.getseg(start).end_ea < end):
codeend = ida_segment.getseg(start).end_ea - 1
addr = ida_segment.getseg(idc.next_addr(codeend)).start_ea
if idc.is_code(ida_bytes.get_full_flags(addr)) == False:
addr = ida_bytes.next_that(addr, self.max_ea,
idc.is_code)
else:
codeend = idc.get_item_end(ida_bytes.prev_that(end,
start, idc.is_code)) - 1
addr = ida_bytes.next_that(end, self.max_ea, idc.is_code)
if (data < addr):
data = ida_bytes.next_that(addr, self.max_ea,
idc.is_data)
if (unknown < addr):
unknown = ida_bytes.next_unknown(addr, self.max_ea)
self.start_element(CODE_BLOCK)
self.write_address_attribute(START, start)
self.write_address_attribute(END, codeend)
self.close_tag()
self.end_element(CODE)
self.display_cpu_time(timer)
Example #12
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 4 votes |
|
def export_data(self):
"""
Exports the data items in the database as <DEFINED_DATA> elements.
"""
addr = self.min_ea
if idc.is_data(idc.get_full_flags(addr)) == False:
addr = ida_bytes.next_that(addr, self.max_ea, idc.is_data)
if (addr == BADADDR):
return
timer = time.clock()
self.update_status(DATA)
self.start_element(DATA, True)
while (addr != BADADDR):
f = idc.get_full_flags(addr)
if ida_bytes.is_align(f) == True:
addr = ida_bytes.next_that(addr, self.max_ea, idc.is_data)
continue
dtype = self.get_datatype(addr)
size = idc.get_item_size(addr)
ti = ida_nalt.opinfo_t()
msize = ida_bytes.get_data_elsize(addr, f, ti)
if ida_bytes.is_struct(f) == True:
s = idc.get_struc_id(dtype)
msize = idc.get_struc_size(s)
if msize == 0:
msize = 1
if idc.is_strlit(f) == False and size != msize:
dtype = "%s[%d]" % (dtype, size / msize)
self.start_element(DEFINED_DATA)
self.write_address_attribute(ADDRESS, addr)
self.write_attribute(DATATYPE, dtype)
self.write_numeric_attribute(SIZE, size * self.cbsize)
# TODO consider using GetTrueNameEx and Demangle
demangled = ida_name.get_demangled_name(addr,
DEMANGLED_TYPEINFO, self.inf.demnames, idc.GN_STRICT)
outbuf = ''
# TODO: How to handle print_type for data mangled names?
#outbuf = idaapi.print_type(addr, False)
if demangled == "'string'":
demangled == None
has_typeinfo = ((demangled != None and len(demangled) > 0) or
(outbuf != None and len(outbuf) > 0))
# TODO export_data: add DISPLAY_SETTINGS
self.close_tag(has_typeinfo)
if has_typeinfo == True:
if demangled != None and len(demangled) > 0:
self.export_typeinfo_cmt(demangled)
elif len(outbuf) > 0:
self.export_typeinfo_cmt(outbuf)
self.end_element(DEFINED_DATA)
addr = ida_bytes.next_that(addr, self.max_ea, idc.is_data)
self.end_element(DATA)
self.display_cpu_time(timer)
Example #13
| Source File: refs.py From mcsema with Apache License 2.0 | 4 votes |
|
def _is_address_of_struct_field(ea):
prev_head_ea = idc.prev_head(ea)
if is_invalid_ea(prev_head_ea):
return False
prev_item_size = idc.get_item_size(prev_head_ea)
if ea >= (prev_head_ea + prev_item_size):
return False
# Try to get a type for the last item head.
flags = ida_bytes.get_full_flags(ea)
ti = ida_nalt.opinfo_t()
oi = ida_bytes.get_opinfo(ti, ea, 0, flags)
if not oi:
return False
# Get the size of the struct, and keep going if the suze of the previous
# item is a multiple of the struct's size (e.g. one struct or an array
# of that struct).
struct_size = idc.get_struc_size(oi.tid)
if not struct_size or 0 != (prev_item_size % struct_size):
return False
# Figure out the offset of `ea` within its structure, which may belong to
# an array of structures, and then check if that offset is associated with
# a named field.
arr_index = int((ea - prev_head_ea) / struct_size)
struct_begin_ea = (arr_index & struct_size) + prev_head_ea
off_in_struct = ea - struct_begin_ea
if not idc.get_member_name(oi.tid, off_in_struct):
return False
field_begin_ea = struct_begin_ea + off_in_struct
if field_begin_ea != ea:
return False
field_size = idc.GetMemberSize(oi.tid, off_in_struct)
if not field_size:
return False
return True
Example #14
| Source File: hooks.py From IDArling with GNU General Public License v3.0 | 4 votes |
|
def op_type_changed(self, ea, n):
def gather_enum_info(ea, n):
id = ida_bytes.get_enum_id(ea, n)[0]
serial = ida_enum.get_enum_idx(id)
return id, serial
extra = {}
mask = ida_bytes.MS_0TYPE if not n else ida_bytes.MS_1TYPE
flags = ida_bytes.get_full_flags(ea) & mask
def is_flag(type):
return flags == mask & type
if is_flag(ida_bytes.hex_flag()):
op = "hex"
elif is_flag(ida_bytes.dec_flag()):
op = "dec"
elif is_flag(ida_bytes.char_flag()):
op = "chr"
elif is_flag(ida_bytes.bin_flag()):
op = "bin"
elif is_flag(ida_bytes.oct_flag()):
op = "oct"
elif is_flag(ida_bytes.offflag()):
op = "offset"
elif is_flag(ida_bytes.enum_flag()):
op = "enum"
id, serial = gather_enum_info(ea, n)
ename = ida_enum.get_enum_name(id)
extra["ename"] = Event.decode(ename)
extra["serial"] = serial
elif is_flag(flags & ida_bytes.stroff_flag()):
op = "struct"
path = ida_pro.tid_array(1)
delta = ida_pro.sval_pointer()
path_len = ida_bytes.get_stroff_path(
path.cast(), delta.cast(), ea, n
)
spath = []
for i in range(path_len):
sname = ida_struct.get_struc_name(path[i])
spath.append(Event.decode(sname))
extra["delta"] = delta.value()
extra["spath"] = spath
elif is_flag(ida_bytes.stkvar_flag()):
op = "stkvar"
# FIXME: No hooks are called when inverting sign
# elif ida_bytes.is_invsign(ea, flags, n):
# op = 'invert_sign'
else:
return 0 # FIXME: Find a better way to do this
self._send_packet(evt.OpTypeChangedEvent(ea, n, op, extra))
return 0
