本文整理汇总了Python中idaapi.FUNC_THUNK属性的典型用法代码示例。如果您正苦于以下问题:Python idaapi.FUNC_THUNK属性的具体用法?Python idaapi.FUNC_THUNK怎么用?Python idaapi.FUNC_THUNK使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类idaapi的用法示例。
在下文中一共展示了idaapi.FUNC_THUNK属性的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: is_import_or_lib_func
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def is_import_or_lib_func(ea):
"""
Is ea part of an imported function or a known library?
@param ea: any ea within the function scope
@return: True if function is either imported or a known library function.
"""
return Functions(ea).flags & (idaapi.FUNC_LIB | idaapi.FUNC_THUNK) 示例2: is_thunk
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def is_thunk(ea):
"""Returns true if some address is a known to IDA to be a thunk."""
flags = idc.GetFunctionFlags(ea)
return 0 < flags and 0 != (flags & idaapi.FUNC_THUNK) 示例3: is_import_or_lib_func
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def is_import_or_lib_func(ea):
"""
Is ea part of an imported function or a known library?
@param ea: any ea within the function scope
@return: True if function is either imported or a known library function.
"""
return sark.Function(ea).flags & (idaapi.FUNC_LIB | idaapi.FUNC_THUNK) 示例4: __init__
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def __init__(self, ea, iatEA=None, library_name=None):
"""
Ctor
"""
self.logger = logging.getLogger(__name__)
self.ea = ea # Effective Address of the function
self.iatEA = iatEA # If imported function, the address in the IAT
try:
function = sark.Function(ea)
except sark.exceptions.SarkNoFunction:
raise DIE.Lib.DIE_Exceptions.DieNoFunction("No Function at 0x%08X" % (ea, ))
self.funcName = get_function_name(function.ea)
self.func_start = function.startEA
self.func_end = function.endEA
self.proto_ea = self.getFuncProtoAdr() # Address of function prototype
self.typeInfo = idaapi.tinfo_t() # Function type info
self.funcInfo = idaapi.func_type_data_t() # Function info
self.argNum = 0 # Number of input arguments
self.args = [] # Function argument list
self.retArg = None # Return argument
self.library_name = library_name # If library function, name of containing library
self.isLibFunc = False
if self.iatEA:
self.isLibFunc = True # Is this a library function
elif sark.Function(ea).flags & (idaapi.FUNC_LIB | idaapi.FUNC_THUNK):
self.isLibFunc = True
try:
self.getArguments()
except Exception as ex:
self.logger.error("Failed to get function arguments for function %s: %s", self.funcName, ex) 示例5: is_thunk
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def is_thunk(self):
""" Thunk (jump) function. """
return bool(self.flags & idaapi.FUNC_THUNK) # 0x00000080 示例6: output_symbols
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def output_symbols(out):
"""Dump symbols."""
try:
from idaapi import get_func_name2 as get_func_name
# Since get_func_name is deprecated (at least from IDA 6.9)
except ImportError:
from idaapi import get_func_name
# Older versions of IDA don't have get_func_name2
# so we just use the older name get_func_name
def func_name_propagate_thunk(ea):
current_name = get_func_name(ea)
if current_name[0].isalpha():
return current_name
func = idaapi.get_func(ea)
temp_ptr = idaapi.ea_pointer()
ea_new = idaapi.BADADDR
if func.flags & idaapi.FUNC_THUNK == idaapi.FUNC_THUNK:
ea_new = idaapi.calc_thunk_func_target(func, temp_ptr.cast())
if ea_new != idaapi.BADADDR:
ea = ea_new
propagated_name = get_func_name(ea) or '' # Ensure it is not `None`
if len(current_name) > len(propagated_name) > 0:
return propagated_name
else:
return current_name
# Fallback to non-propagated name for weird times that IDA gives
# a 0 length name, or finds a longer import name
for ea in idautils.Segments():
fs = idautils.Functions(idc.SegStart(ea), idc.SegEnd(ea))
for f in fs:
out.write('("%s" 0x%x 0x%x)\n' % (
func_name_propagate_thunk(f),
idc.GetFunctionAttr(f, idc.FUNCATTR_START),
idc.GetFunctionAttr(f, idc.FUNCATTR_END))) 示例7: is_thunk
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def is_thunk(cls, func):
'''Return true if the function `func` is considered a code thunk.'''
fn = by(func)
return fn.flags & idaapi.FUNC_THUNK == idaapi.FUNC_THUNK 示例8: graph_down
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import FUNC_THUNK [as 别名]
def graph_down(ea, path=set()):
"""
Recursively collect all function calls.
Copied with minor modifications from
http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html
"""
path.add(ea)
#
# extract all the call instructions from the current function
#
call_instructions = []
instruction_info = idaapi.insn_t()
for address in idautils.FuncItems(ea):
# decode the instruction
if not idaapi.decode_insn(instruction_info, address):
continue
# check if this instruction is a call
if not idaapi.is_call_insn(instruction_info):
continue
# save this address as a call instruction
call_instructions.append(address)
#
# iterate through all the instructions in the target function (ea) and
# inspect all the call instructions
#
for x in call_instructions:
# TODO
for r in idautils.XrefsFrom(x, idaapi.XREF_FAR):
#print(0x%08X" % h, "--calls-->", "0x%08X" % r.to)
if not r.iscode:
continue
# get the function pointed at by this call
func = idaapi.get_func(r.to)
if not func:
continue
# ignore calls to imports / library calls / thunks
if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0:
continue
#
# if we have not traversed to the destination function that this
# call references, recurse down to it to continue our traversal
#
if r.to not in path:
graph_down(r.to, path)
return path