Python idaapi.enum_import_names() Examples

The following are 11 code examples of idaapi.enum_import_names(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module idaapi , or try the search function .
Example #1
Source File: device_type.py    From win_driver_plugin with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up 
def driver_type():

    implist = idaapi.get_import_module_qty()

    for i in range(0, implist):
        name = idaapi.get_import_module_name(i)
        idaapi.enum_import_names(i, cb)
    for name in names:
        if name == "FltRegisterFilter":
            return "Mini-Filter"
        elif name == "WdfVersionBind":
            return "WDF"
        elif name == "StreamClassRegisterMinidriver":
            return "Stream Minidriver"
        elif name == "KsCreateFilterFactory":
            return "AVStream"
        elif name == "PcRegisterSubdevice":
            return "PortCls"
    return "WDM"
Example #2
Source File: DbgImports.py    From DIE with MIT License 6 votes vote down vote up 
def get_iat_data(self):
        """
        Retrive data from IAT
        """
        imp_num = idaapi.get_import_module_qty()  # Number of imported modules

        for i in xrange(0,imp_num):
            name = idaapi.get_import_module_name(i).lower()
            if not name:
                #self.logger.error("Failed to get import module name for #%d", i)
                continue

            if not name in self.iat:
                self.iat[name]= []

            self.current_module = self.iat[name]
            idaapi.enum_import_names(i, self.imp_cb)
Example #3
Source File: __init__.py    From hrdev with MIT License 6 votes vote down vote up 
def _build_imports(self):
        '''Build imports table. (Was taken from examples.)'''

        tree = {}
        nimps = idaapi.get_import_module_qty()

        for i in xrange(0, nimps):
            name = idaapi.get_import_module_name(i)
            if not name:
                continue
            # Create a list for imported names
            self.tmp_items = []

            # Enum imported entries in this module
            idaapi.enum_import_names(i, self._imports_names_cb)

            if name not in tree:
                tree[name] = []
            tree[name].extend(self.tmp_items)

        return tree
Example #4
Source File: idasec_core.py    From idasec with GNU Lesser General Public License v2.1 5 votes vote down vote up 
def compute_imports():
        imports = {}
        current = ""

        def callback(ea, name, ordinal):
            imports[current].append((ea, name, ordinal))
            return True

        nimps = idaapi.get_import_module_qty()
        for i in xrange(0, nimps):
            current = idaapi.get_import_module_name(i)
            imports[current] = []
            idaapi.enum_import_names(i, callback)
        return imports
Example #5
Source File: ida_debugger.py    From IDAngr with BSD 2-Clause "Simplified" License 5 votes vote down vote up 
def get_idata(self): #return tuple(start_addr, end_addr)
        ida_seg = idaapi.get_segm_by_name(".idata")
        if ida_seg is None:
            addr = None
            def cb(ea, name, i):
                addr = ea
            idaapi.enum_import_names(0, cb)
            ida_seg = idaapi.seg_by_addr(addr)
        return (ida_seg.start_ea, ida_seg.end_ea)
    
    #-------------------------------------
Example #6
Source File: DbgImports.py    From DIE with MIT License 5 votes vote down vote up 
def getImportTableData(self):
        """
        Update rt_import_table with current import table data.
        """

        def imp_cb(ea, name, ord):
            """
            Import enumeration callback function. used by idaapi.enum_import_names .
            """
            tmpImports.append([self.current_module_name, ea, name, ord])
            return True

        tmpImports = []  # Contains static import table data (w\o real function addresses)
        imp_num = idaapi.get_import_module_qty()  # Number of imported modules

        for i in xrange(0, imp_num):
            self.current_module_name = idaapi.get_import_module_name(i).lower()
            idaapi.enum_import_names(i, imp_cb)

        #  Get runtime function addresses and store in self.rt_import_table
        if not idaapi.is_debugger_on():
            raise RuntimeError("Debugger is not currently active.")

        for module_name, ea, name, ord in tmpImports:
            func_real_adrs = get_adrs_mem(ea)
            self.rt_import_table[func_real_adrs] = (module_name, ea, name, ord)
Example #7
Source File: IdaInterface.py    From smda with BSD 2-Clause "Simplified" License 5 votes vote down vote up 
def getApiMap(self):
        self._api_map = {}
        num_imports = ida_nalt.get_import_module_qty()
        for i in range(0, num_imports):
            self._import_module_name = ida_nalt.get_import_module_name(i)
            ida_nalt.enum_import_names(i, self._cbEnumImports)
        return self._api_map
Example #8
Source File: IdaInterface.py    From smda with BSD 2-Clause "Simplified" License 5 votes vote down vote up 
def getApiMap(self):
        self._api_map = {}
        num_imports = idaapi.get_import_module_qty()
        for i in range(0, num_imports):
            self._import_module_name = idaapi.get_import_module_name(i)
            idaapi.enum_import_names(i, self._cbEnumImports)
        return self._api_map
Example #9
Source File: __init__.py    From flare-ida with Apache License 2.0 5 votes vote down vote up 
def make_import_names_callback(library_calls, library_addr):
    """ Return a callback function used by idaapi.enum_import_names(). """
    def callback(ea, name, ordinal):
        """ Callback function to retrieve code references to library calls. """
        library_calls[name] = []
        library_addr[name] = ea
        for ref in idautils.CodeRefsTo(ea, 0):
            library_calls[name].append(ref)
        return True  # True -> Continue enumeration
    return callback
Example #10
Source File: __init__.py    From flare-ida with Apache License 2.0 5 votes vote down vote up 
def get_imports(library_calls, library_addr):
    """ Populate dictionaries with import information. """
    import_names_callback = make_import_names_callback(library_calls,
                                                       library_addr)
    for i in xrange(0, idaapi.get_import_module_qty()):
        idaapi.enum_import_names(i, import_names_callback)
Example #11
Source File: dump_pool_tags.py    From win_driver_plugin with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up 
def find_pool_tags():
	""" Dirty hack around IDA's type information, find references to tag using functions then the comment marking the tag 
	then add the function caller/tag to output dictionary.
	"""
	
	funcs = [
		'ExAllocatePoolWithTag',
		'ExFreePoolWithTag',
		'ExAllocatePoolWithTagPriority'
	]

	tags = {}

	def imp_cb(ea, name, ord):
		if name in funcs:
			for xref in idautils.XrefsTo(ea):
				call_addr = xref.frm
				caller_name = idc.GetFunctionName(call_addr)
				prev = idc.PrevHead(call_addr)
				for _ in range(10):
					if idc.Comment(prev) == 'Tag' and idc.GetOpType(prev, 1) == 5:
						tag_raw = idc.GetOperandValue(prev, 1)
						tag = ''
						for i in range(3, -1, -1):
							tag += chr((tag_raw >> 8 * i) & 0xFF)
						if tag in tags.keys():
							tags[tag].add(caller_name)
						else:
							tags[tag] = set([caller_name])
						break
					prev = idc.PrevHead(prev)
		return True
	
	nimps = idaapi.get_import_module_qty()

	for i in xrange(0, nimps):
		name = idaapi.get_import_module_name(i)
		if not name:
			continue

		idaapi.enum_import_names(i, imp_cb)
	return tags