Python idaapi.get_func_name() Examples
The following are 15
code examples of idaapi.get_func_name().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: golang_loader_assist.py From golang_loader_assist with GNU General Public License v3.0 | 6 votes |
|
def pointer_renamer():
renamed = 0
text_seg = get_text_seg()
if text_seg is None:
debug('Failed to get text segment')
return renamed
for addr in Functions(text_seg.start_ea, text_seg.end_ea):
name = idc.get_func_name(addr)
# Look at data xrefs to the function - find the pointer that is located in .rodata
data_ref = idaapi.get_first_dref_to(addr)
while data_ref != BADADDR:
if 'rodata' in get_segm_name(data_ref):
# Only rename things that are currently listed as an offset; eg. off_9120B0
if 'off_' in ida_name.get_ea_name(data_ref):
if idc.set_name(data_ref, ('%s_ptr' % name)):
renamed += 1
else:
error('error attempting to name pointer @ 0x%02x for %s' % (data_ref, name))
data_ref = idaapi.get_next_dref_to(addr, data_ref)
return renamed
Example #2
| Source File: byte_strings.py From idataco with GNU General Public License v3.0 | 6 votes |
|
def load(self):
self._bytestring_table.clear()
self._bytestring_table.setColumnCount(3)
self._bytestring_table.setHorizontalHeaderLabels(("Address", "Function", "String"))
self._bytestring_table.itemDoubleClicked.connect(self.click_row)
self.find_byte_strings()
self._bytestring_table.setRowCount(len(self.byte_strings.keys()))
row = 0
for addr, bstr in self.byte_strings.items():
self._bytestring_table.setItem(row, 0, qt.qtablewidgetitem()(addr))
self._bytestring_table.setItem(row, 1, qt.qtablewidgetitem()(idaapi.get_func_name(int(addr[2:], 16))))
self._bytestring_table.setItem(row, 2, qt.qtablewidgetitem()(bstr))
self._bytestring_table.resizeRowToContents(row)
row += 1
self._bytestring_table.setSortingEnabled(True)
self._bytestring_table.resizeRowsToContents()
self._bytestring_table.resizeColumnsToContents()
Example #3
| Source File: Analysis.py From grap with MIT License | 5 votes |
|
def search_relationships(self):
"""Searching relationships between patterns.
The goal of the method is to link pattern matches that are in the same
area (function). It fills the `_links` attribute of each `Match`.
"""
patterns = self._patterns.get_patterns()
# For all patterns
for p1 in patterns:
for p2 in patterns:
# For all matches
for m1 in p1.get_matches():
# Get the first node_t
n1 = list(m1.get_match().values())[0][0]
for m2 in p2.get_matches():
# Get the first node_t
n2 = list(m2.get_match().values())[0][0]
# If they are in the same area (function)
try:
b = get_func_name(n1.info.address) == get_func_name(n2.info.address)
except:
b = GetFunctionName(n1.info.address) == GetFunctionName(n2.info.address)
if b:
m1.add_link(m2)
Example #4
| Source File: golang_loader_assist.py From golang_loader_assist with GNU General Public License v3.0 | 5 votes |
|
def traverse_xrefs(func):
func_created = 0
if func is None:
return func_created
# First
func_xref = idaapi.get_first_cref_to(func.start_ea)
# Attempt to go through crefs
while func_xref != BADADDR:
# See if there is a function already here
if idaapi.get_func(func_xref) is None:
# Ensure instruction bit looks like a jump
func_end = ida_search.find_code(func_xref, SEARCH_DOWN)
if idc.print_insn_mnem(func_end) == "jmp":
# Ensure we're jumping back "up"
func_start = idc.get_operand_value(func_end, 0)
if func_start < func_xref:
if ida_funcs.add_func(func_start, func_end):
func_created += 1
else:
# If this fails, we should add it to a list of failed functions
# Then create small "wrapper" functions and backtrack through the xrefs of this
error('Error trying to create a function @ 0x%x - 0x%x' %(func_start, func_end))
else:
xref_func = idaapi.get_func(func_xref)
# Simple wrapper is often runtime_morestack_noctxt, sometimes it isn't though...
if is_simple_wrapper(xref_func.start_ea):
debug('Stepping into a simple wrapper')
func_created += traverse_xrefs(xref_func)
if idaapi.get_func_name(xref_func.start_ea) is not None and 'sub_' not in idaapi.get_func_name(xref_func.start_ea):
debug('Function @0x%x already has a name of %s; skipping...' % (func_xref, idaapi.get_func_name(xref_func.start_ea)))
else:
debug('Function @ 0x%x already has a name %s' % (xref_func.start_ea, idaapi.get_func_name(xref_func.start_ea)))
func_xref = idaapi.get_next_cref_to(func.start_ea, func_xref)
return func_created
Example #5
| Source File: golang_loader_assist.py From golang_loader_assist with GNU General Public License v3.0 | 5 votes |
|
def find_func_by_name(name):
text_seg = get_text_seg()
if text_seg is None:
return None
for addr in Functions(text_seg.start_ea, text_seg.end_ea):
if name == idaapi.get_func_name(addr):
return idaapi.get_func(addr)
return None
Example #6
| Source File: ida_prefix.py From prefix with MIT License | 5 votes |
|
def recursive_prefix(addr):
"""
Recursively prefix a function tree with a user defined string.
"""
func_addr = idaapi.get_name_ea(idaapi.BADADDR, idaapi.get_func_name(addr))
if func_addr == idaapi.BADADDR:
idaapi.msg("Prefix: 0x%08X does not belong to a defined function\n" % addr)
return
# prompt the user for a prefix to apply to the selected functions
tag = idaapi.ask_str(PREFIX_DEFAULT, 0, "Function Tag")
# the user closed the window... ignore
if tag == None:
return
# the user put a blank string and hit 'okay'... notify & ignore
elif tag == '':
idaapi.warning("[ERROR] Tag cannot be empty [ERROR]")
return
# recursively collect all the functions called by this function
nodes_xref_down = graph_down(func_addr, path=set([]))
# graph_down returns the int address needs to be converted
tmp = []
tmp1 = ''
for func_addr in nodes_xref_down:
tmp1 = idaapi.get_func_name(func_addr)
if tmp1:
tmp.append(tmp1)
nodes_xref_down = tmp
# prefix the tree of functions
for rename in nodes_xref_down:
func_addr = idaapi.get_name_ea(idaapi.BADADDR, rename)
if tag not in rename:
idaapi.set_name(func_addr,'%s%s%s' % (str(tag), PREFIX_SEPARATOR, rename), idaapi.SN_NOWARN)
# refresh the IDA views
refresh_views()
Example #7
| Source File: ida_prefix.py From prefix with MIT License | 5 votes |
|
def get_all_funcs():
"""
Enumerate all function names defined in the IDB.
"""
return set(idaapi.get_func_name(ea) for ea in idautils.Functions())
Example #8
| Source File: switch_jumps.py From idataco with GNU General Public License v3.0 | 5 votes |
|
def find_all_switch_jumps(self):
self._switch_dict = defaultdict(list)
next_switch = idc.FindBinary(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, "ff 24")
while next_switch != idc.BADADDR:
sw = idaapi.get_switch_info_ex(next_switch)
if idc.GetMnem(next_switch).startswith("jmp") and sw:
ic = self.get_jlocs(sw)
self._switch_dict[idaapi.get_func_name(next_switch)].append((next_switch, sw.ncases, ic))
next_switch = idc.FindBinary(idc.NextHead(next_switch), idc.SEARCH_DOWN|idc.SEARCH_NEXT, "ff 24")
Example #9
| Source File: ida.py From bap-ida-python with MIT License | 5 votes |
|
def output_symbols(out):
"""Dump symbols."""
try:
from idaapi import get_func_name2 as get_func_name
# Since get_func_name is deprecated (at least from IDA 6.9)
except ImportError:
from idaapi import get_func_name
# Older versions of IDA don't have get_func_name2
# so we just use the older name get_func_name
def func_name_propagate_thunk(ea):
current_name = get_func_name(ea)
if current_name[0].isalpha():
return current_name
func = idaapi.get_func(ea)
temp_ptr = idaapi.ea_pointer()
ea_new = idaapi.BADADDR
if func.flags & idaapi.FUNC_THUNK == idaapi.FUNC_THUNK:
ea_new = idaapi.calc_thunk_func_target(func, temp_ptr.cast())
if ea_new != idaapi.BADADDR:
ea = ea_new
propagated_name = get_func_name(ea) or '' # Ensure it is not `None`
if len(current_name) > len(propagated_name) > 0:
return propagated_name
else:
return current_name
# Fallback to non-propagated name for weird times that IDA gives
# a 0 length name, or finds a longer import name
for ea in idautils.Segments():
fs = idautils.Functions(idc.SegStart(ea), idc.SegEnd(ea))
for f in fs:
out.write('("%s" 0x%x 0x%x)\n' % (
func_name_propagate_thunk(f),
idc.GetFunctionAttr(f, idc.FUNCATTR_START),
idc.GetFunctionAttr(f, idc.FUNCATTR_END)))
Example #10
| Source File: function.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def name(func):
'''Return the name of the function `func`.'''
get_name = functools.partial(idaapi.get_name, idaapi.BADADDR) if idaapi.__version__ < 7.0 else idaapi.get_name
# check to see if it's a runtime-linked function
rt, ea = interface.addressOfRuntimeOrStatic(func)
if rt:
name = get_name(ea)
# decode the string from IDA's UTF-8
# XXX: how does demangling work with unicode? this would be implementation specific, no?
res = utils.string.of(name)
# demangle it if necessary
return internal.declaration.demangle(res) if internal.declaration.mangledQ(res) else res
#return internal.declaration.extract.fullname(internal.declaration.demangle(res)) if internal.declaration.mangledQ(res) else res
# otherwise it's a regular function, so try and get its name in a couple of ways
name = idaapi.get_func_name(ea)
if not name: name = get_name(ea)
if not name: name = idaapi.get_true_name(ea, ea) if idaapi.__version__ < 6.8 else idaapi.get_ea_name(ea, idaapi.GN_VISIBLE)
# decode the string from IDA's UTF-8
# XXX: how does demangling work with unicode? this would be implementation specific, no?
res = utils.string.of(name)
# demangle it if we need to
return internal.declaration.demangle(res) if internal.declaration.mangledQ(res) else res
#return internal.declaration.extract.fullname(internal.declaration.demangle(res)) if internal.declaration.mangledQ(res) else res
#return internal.declaration.extract.name(internal.declaration.demangle(res)) if internal.declaration.mangledQ(res) else res
Example #11
| Source File: gui.py From DROP-IDA-plugin with GNU General Public License v3.0 | 5 votes |
|
def btn_pick_clicked(self):
ida_f = idaapi.choose_func("Pick a function to hook", idaapi.BADADDR)
func_addr = ida_f.startEA
func_name = idaapi.get_func_name(func_addr)
self.picked_function = func_addr
self.edit_picked_fun.setText("0x{:X} ({})".format(func_addr, func_name))
Example #12
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 5 votes |
|
def preEmuCallback(self, eh, userData, funcStart):
userData["magicVals"] = []
userData["magicValsCount"] = 0
if eh.size_pointer == 4:
magicMask = self.magicMask32
else:
magicMask = self.magicMask64
# get "self" id if in objc function
clsName = None
funcName = idaapi.get_func_name(funcStart)
if funcName[0] in ["-", "+"] and "[" in funcName and "]" in funcName and " " in funcName:
shortClsName = clsName = funcName[2:funcName.find(" ")]
if "(" in clsName:
clsName = "_OBJC_CATEGORY_" + \
clsName[:clsName.find(
"(")] + "_$_" + clsName[clsName.find("(") + 1:clsName.find(")")]
shortClsName = shortClsName[:shortClsName.find(
"(")] + "_" + shortClsName[shortClsName.find("(") + 1:shortClsName.find(")")]
else:
clsName = "_OBJC_CLASS_$_" + clsName
if clsName:
if funcName[0] == "+":
# this is a class method, use classRef
self_ = idc.get_name_ea_simple(clsName)
# assume rdx will hold an instance of the class
userData["magicVals"].append(
("(%s *)instance" % shortClsName, shortClsName))
inst = magicMask | userData["magicValsCount"]
userData["magicValsCount"] += 1
eh.uc.reg_write(eh.regs["arg3"], inst)
elif funcName[0] == "-":
# this is an instance method, use magic value to store "self"
userData["magicVals"].append(
("(%s *)self" % shortClsName, shortClsName))
self_ = magicMask | userData["magicValsCount"]
userData["magicValsCount"] += 1
eh.uc.reg_write(eh.regs["arg1"], self_)
Example #13
| Source File: golang_loader_assist.py From golang_loader_assist with GNU General Public License v3.0 | 4 votes |
|
def strings_init():
strings_added = 0
retry = []
text_seg = get_text_seg()
if text_seg is None:
debug('Failed to get text segment')
return strings_added
# This may be inherently flawed as it will only search for defined functions
# and as of IDA Pro 6.95 it fails to autoanalyze many GO functions, currently
# this works well since we redefine/find (almost) all the functions prior to
# this being used. Could be worth a strategy rethink later one or on diff archs
for addr in Functions(text_seg.start_ea, text_seg.end_ea):
name = idc.get_func_name(addr)
end_addr = next(Chunks(addr))[1]
if(end_addr < addr):
error('Unable to find good end for the function %s' % name)
pass
debug('Found function %s starting/ending @ 0x%x 0x%x' % (name, addr, end_addr))
while addr <= end_addr:
if is_string_load(addr):
if 'rodata' not in get_segm_name(addr) and 'text' not in get_segm_name(addr):
debug('Should a string be in the %s section?' % get_segm_name(addr))
string_addr = idc.get_operand_value(addr, 1)
addr_3 = ida_search.find_code(ida_search.find_code(addr, SEARCH_DOWN), SEARCH_DOWN)
string_len = idc.get_operand_value(addr_3, 1)
if create_string(string_addr, string_len):
if create_offset(addr):
strings_added += 1
else:
# There appears to be something odd that goes on with IDA making some strings, always works
# the second time, so lets just force a retry...
retry.append((addr, string_addr, string_len))
# Skip the extra mov lines since we know it won't be a load on any of them
addr = ida_search.find_code(addr_3, SEARCH_DOWN)
else:
addr = ida_search.find_code(addr, SEARCH_DOWN)
for instr_addr, string_addr, string_len in retry:
if create_string(string_addr, string_len):
if create_offset(instr_addr):
strings_added += 1
else:
error('FAILED-RETRY : Unable to make a string @ 0x%x with length of %d for usage in function @ 0x%x' % (string_addr, string_len, instr_addr))
return strings_added
#
# Function defining methods
#
Example #14
| Source File: golang_loader_assist.py From golang_loader_assist with GNU General Public License v3.0 | 4 votes |
|
def renamer_init():
renamed = 0
gopclntab = get_gopclntab_seg()
if gopclntab is not None:
info('type : %s' % type(gopclntab))
start_ea = 0
if isinstance(gopclntab, int):
start_ea = gopclntab
else:
start_ea = gopclntab.start_ea
# Skip unimportant header and goto section size
addr = start_ea + 8
size, addr_size = create_pointer(addr)
addr += addr_size
# Unsure if this end is correct
early_end = addr + (size * addr_size * 2)
while addr < early_end:
func_offset, addr_size = create_pointer(addr)
name_offset, addr_size = create_pointer(addr + addr_size)
addr += addr_size * 2
func_name_addr = idc.get_wide_dword(name_offset + start_ea + addr_size) + start_ea
func_name = ida_bytes.get_strlit_contents(func_name_addr, -1, STRTYPE_C)
ida_bytes.create_strlit(func_name_addr, len(func_name), STRTYPE_C)
appended = clean_func_name = clean_function_name(func_name)
debug('Going to remap function at 0x%x with %s - cleaned up as %s' % (func_offset, func_name, clean_func_name))
if idaapi.get_func_name(func_offset) is not None:
if idc.set_name(func_offset, clean_func_name):
renamed += 1
else:
error('clean_func_name error %s' % clean_func_name)
return renamed
# Function pointers are often used instead of passing a direct address to the
# function -- this function names them based off what they're currently named
# to ease reading
#
# lea rax, main_GetExternIP_ptr <-- pointer to actual function
# mov [rsp+1C0h+var_1B8], rax <-- loaded as arg for next function
# call runtime_newproc <-- function is used inside a new process
Example #15
| Source File: __init__.py From hrdev with MIT License | 4 votes |
|
def run(self):
'''Start the plugin.'''
if not idaapi.init_hexrays_plugin():
print "HRDEV Error: Failed to initialise Hex-Rays plugin."
return
function_name = idaapi.get_func_name(idaapi.get_screen_ea())
demangled_name = self.tools.demangle_name(function_name)
src = idaapi.decompile(idaapi.get_screen_ea())
file_name = '{}.cpp'.format(self.tools.to_file_name(demangled_name))
cache_path = os.path.sep.join([tempfile.gettempdir(),
'hrdev_cache',
self._bin_name])
# Create required directories if they dont exist
tmp_dir_path = os.path.sep.join([tempfile.gettempdir(), 'hrdev_cache'])
if not os.path.isdir(tmp_dir_path):
os.mkdir(tmp_dir_path)
if not os.path.isdir(cache_path):
os.mkdir(cache_path)
complete_path = os.path.sep.join([cache_path, file_name])
idaapi.msg("HRDEV cache path: {}\n".format(complete_path))
# Check if file is already in cache
if not os.path.isfile(complete_path) or \
self.config_main.getboolean('etc', 'disable_cache'):
self.tools.save_file(complete_path, str(src))
self.tools.set_file_path(complete_path)
lvars = {}
for v in src.lvars:
_type = idaapi.print_tinfo('', 0, 0, idaapi.PRTYPE_1LINE, v.tif, '', '')
lvars[str(v.name)] = "{} {} {}".\
format(_type, str(v.name), str(v.cmt))
max_title = self.config_main.getint('etc', 'max_title')
self.gui = hrdev_plugin.include.gui.Canvas(self.config_main,
self.config_theme,
self.tools,
lvars,
demangled_name[:max_title])
self.gui.Show('HRDEV')
self.parser = hrdev_plugin.include.syntax.Parser(self, lvars)
self.parser.run(complete_path)
return
