本文整理汇总了Python中idautils.FuncItems方法的典型用法代码示例。如果您正苦于以下问题:Python idautils.FuncItems方法的具体用法?Python idautils.FuncItems怎么用?Python idautils.FuncItems使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idautils的用法示例。
在下文中一共展示了idautils.FuncItems方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: detect_start_and_stop
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def detect_start_and_stop(self): # FIXME:Duplicate code with core (or something similar)
start, stop = 0, 0
if self.core.ftype == "PE":
start, stop = self.core.fun_mapping["start"]
else:
if "main" in self.core.fun_mapping:
start, stop = self.core.fun_mapping["main"]
elif "start" in self.core.fun_mapping:
if "__libc_start_main" in self.core.fun_mapping:
instrs = list(idautils.FuncItems(self.core.fun_mapping["start"][0]))
instrs.reverse()
for inst in instrs:
arg1 = idc.GetOperandValue(inst, 0)
if idc.GetMnem(inst) == "push":
start, stop = arg1, self.core.fun_mapping["start"][1]
break
else:
start, stop = self.core.fun_mapping["start"]
else:
start, stop = idc.BeginEA(), 0
self.start, self.stop = start, stop 示例2: save_mnemonics_functions_ida
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def save_mnemonics_functions_ida(f1):
filename= f1
mnemonics = {}
flag= 0
for segAddress in Segments():
segName = SegName(segAddress)
if segName == ".text":
funcs = Functions(SegStart(segAddress), SegEnd(segAddress))
for address in funcs:
t1= GetFunctionName(address)
f1= idautils.FuncItems(address)
t2=''
for i in f1:
t2+= GetMnem(i)
t2+= '^^^'
mnemonics[filename+'>'+t1]= t2+'<'+str(address)
return mnemonics 示例3: find_xrefs_from
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def find_xrefs_from( self, func_ea ):
xrefs = []
for item in idautils.FuncItems( func_ea ):
ALL_XREFS = 0
for ref in idautils.XrefsFrom( item, ALL_XREFS ):
if ref.type not in XrefsFromFinder.XREF_TYPE2STR:
continue
if ref.to in idautils.FuncItems( func_ea ):
continue
disas = idc.GetDisasm( item )
curr_xref = XrefFrom( item, ref.to, ref.type, disas )
xrefs.append( curr_xref )
return xrefs 示例4: set_start_stop
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def set_start_stop(self, ftype):
assert_ida_available()
import idc
import idaapi
import idautils
fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
for x in idautils.Functions()}
start = idc.BeginEA()
stop = 0
if ftype == PE:
start, stop = fun_mapping["start"]
else:
if not idc.isCode(idc.GetFlags(start)):
if idc.MakeCode(start) == 0:
print "Fail to decode instr !"
idaapi.autoWait()
if idc.GetFunctionName(start) == "":
if idc.MakeFunction(start) == 0:
print "Fail to create function !"
idaapi.autoWait()
fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
for x in idautils.Functions()}
if "main" in fun_mapping:
start, stop = fun_mapping["main"]
elif "start" in fun_mapping:
if "__libc_start_main" in fun_mapping:
instrs = list(idautils.FuncItems(fun_mapping["start"][0]))
instrs.reverse()
for inst in instrs:
arg1 = idc.GetOperandValue(inst, 0)
if idc.GetMnem(inst) == "push":
start, stop = arg1, fun_mapping["start"][1]
break
else:
start, stop = fun_mapping["start"]
self.config.start, self.config.stop = start, stop 示例5: process_routine
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def process_routine(self, rtn_addr, pred_addr=None, rtn_i=1, total_rtn=1):
if rtn_addr not in self.functions_cfg:
self.functions_cfg[rtn_addr] = MyFlowGraph(rtn_addr)
cfg = self.functions_cfg[rtn_addr]
path_to = self.config_to_path_function(cfg)
if pred_addr is None:
candidates = {x for x in idautils.FuncItems(rtn_addr) if idc.GetMnem(x) in cond_jump}
else:
candidates = {pred_addr}
nb_candidates = len(candidates)
self.functions_candidates[rtn_addr] = set()
self.functions_spurious_instrs[rtn_addr] = set()
self.progressbar_loading.reset()
self.progressbar_loading.setMaximum(len(candidates))
name = idc.GetFunctionName(rtn_addr)
self.result_widget.webview.append("\n=> Function:%s\n" % name)
self.log("[result]", "Start processing function: 0x%x" % rtn_addr)
for i, addr in zip(xrange(len(candidates)), candidates):
path = path_to(addr)
res = self.process_addr(rtn_addr, addr, path)
if self.STOP:
return
elif res is None:
continue
dead_br = "/" if res.dead_branch is None else "%x" % res.dead_branch
self.result_widget.webview.append("%x:\t%s\t\tK:%d\tDead:%s" % (addr, to_status_name(res.status), res.k, dead_br))
self.result_widget.webview.verticalScrollBar().setValue(self.result_widget.webview.verticalScrollBar().maximum())
self.loading_stat.setText("Fun: %d/%d Addr: %d/%d" % (rtn_i, total_rtn, i+1, nb_candidates))
self.progressbar_loading.setValue(self.progressbar_loading.value()+1)
self.functions_candidates[rtn_addr].add(addr) 示例6: iter_function_lines
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def iter_function_lines(func_ea) -> Iterable[Line]:
"""Iterate the lines of a function.
Args:
func_ea (idaapi.func_t, int): The function to iterate.
Returns:
Iterator over all the lines of the function.
"""
for line in idautils.FuncItems(get_ea(func_ea)):
yield Line(line) 示例7: count
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def count(self):
"""return the number of instructions contained in function"""
return len(list(idautils.FuncItems(self.offset))) 示例8: data
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def data(self):
md5 = hashlib.md5()
for ea in idautils.FuncItems(self.offset):
asm_line = idc.GetDisasmEx(ea, idc.GENDSM_MULTI_LINE)
if ';' in asm_line:
asm_line = asm_line[:asm_line.find(';')]
asm_line = asm_line.strip()
asm_line = " ".join(asm_line.split())
asm_line = asm_line.lower()
md5.update(asm_line)
return md5.hexdigest() 示例9: data
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def data(self):
h = self.keleven
for ea in idautils.FuncItems(self.offset):
h = self._cycle(h, idc.Byte(ea))
# go over all additional bytes of any instruction
for i in range(ea + 1, ea + idc.ItemSize(ea)):
h = self._cycle(h, idc.Byte(i))
return h 示例10: data
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def data(self):
h = self.keleven
for ea in idautils.FuncItems(self.offset):
h = self._cycle(h, idc.Byte(ea))
# skip additional bytes of any instruction that contains an offset in it
if idautils.CodeRefsFrom(ea, False) or idautils.DataRefsFrom(ea):
continue
for i in range(ea + 1, ea + idc.ItemSize(ea)):
h = self._cycle(h, idc.Byte(i))
return h 示例11: data
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def data(self):
md5 = hashlib.md5()
for ea in idautils.FuncItems(self.offset):
mnem_line = idc.GetMnem(ea)
mnem_line = mnem_line.strip()
mnem_line = mnem_line.lower()
md5.update(mnem_line)
return md5.hexdigest() 示例12: check_for_wrapper
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def check_for_wrapper(func):
flags = idc.GetFunctionFlags(func)
#跳过库函数和简单的跳转函数
if flags & FUNC_LIB or flags & FUNC_THUNK:
return
dism_addr = list(idautils.FuncItems(func))
#获取函数的长度
func_length = len(dism_addr)
#如果函数的超过32条指令则返回
if func_length > 0x20:
return
func_call = 0
instr_cmp = 0
op = None
op_addr = None
op_type = None
#遍历函数中的每条指令
for ea in dism_addr:
m = idc.GetMnem(ea)
if m == 'call' or m == 'jmp':
if m == 'jmp':
temp = idc.GetOperandValue(ea, 0)
# 忽略函数边界内的跳转
if temp in dism_addr:
continue
func_call += 1
#封装函数内不会包含多个函数调用
if func_call == 2:
return
op_addr = idc.GetOperandValue(ea, 0)
op_type = idc.GetOpType(ea, 0)
elif m == 'cmp' or m == 'test':
# 封装函数内不应该包含太多的逻辑运算
instr_cmp += 1
if instr_cmp == 3:
return
else:
continue
# 所有函数内的指令都被分析过了
if op_addr == None:
return
name = idc.Name(op_addr)
#跳过名称粉碎的函数名称
if "[" in name or "$" in name or "?" in name or "@" in name or name == "":
return
name = "w_" + name
if op_type == o_near:
if idc.GetFunctionFlags(op_addr) & FUNC_THUNK:
rename_wrapper(name, func)
return
if op_type == o_mem or op_type == o_far:
rename_wrapper(name, func)
return 示例13: graph_down
# 需要导入模块: import idautils [as 别名]
# 或者: from idautils import FuncItems [as 别名]
def graph_down(ea, path=set()):
"""
Recursively collect all function calls.
Copied with minor modifications from
http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html
"""
path.add(ea)
#
# extract all the call instructions from the current function
#
call_instructions = []
instruction_info = idaapi.insn_t()
for address in idautils.FuncItems(ea):
# decode the instruction
if not idaapi.decode_insn(instruction_info, address):
continue
# check if this instruction is a call
if not idaapi.is_call_insn(instruction_info):
continue
# save this address as a call instruction
call_instructions.append(address)
#
# iterate through all the instructions in the target function (ea) and
# inspect all the call instructions
#
for x in call_instructions:
# TODO
for r in idautils.XrefsFrom(x, idaapi.XREF_FAR):
#print(0x%08X" % h, "--calls-->", "0x%08X" % r.to)
if not r.iscode:
continue
# get the function pointed at by this call
func = idaapi.get_func(r.to)
if not func:
continue
# ignore calls to imports / library calls / thunks
if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0:
continue
#
# if we have not traversed to the destination function that this
# call references, recurse down to it to continue our traversal
#
if r.to not in path:
graph_down(r.to, path)
return path