本文整理汇总了Python中idc.GetFunctionFlags方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetFunctionFlags方法的具体用法?Python idc.GetFunctionFlags怎么用?Python idc.GetFunctionFlags使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idc
的用法示例。
在下文中一共展示了idc.GetFunctionFlags方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_flags
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def get_flags(f):
out = []
flags = idc.GetFunctionFlags(f)
if flags & FUNC_NORET:
out.append("FUNC_NORET")
if flags & FUNC_FAR:
out.append("FUNC_FAR")
if flags & FUNC_LIB:
out.append("FUNC_LIB")
if flags & FUNC_STATIC:
out.append("FUNC_STATIC")
if flags & FUNC_FRAME:
out.append("FUNC_FRAME")
if flags & FUNC_USERFAR:
out.append("FUNC_USERFAR")
if flags & FUNC_HIDDEN:
out.append("FUNC_HIDDEN")
if flags & FUNC_THUNK:
out.append("FUNC_THUNK")
if flags & FUNC_LIB:
out.append("FUNC_BOTTOMBP")
return out
示例2: hook_lib_funcs
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def hook_lib_funcs():
from angrdbg import load_project
project = load_project()
for func in idautils.Functions():
flags = idc.GetFunctionFlags(func)
if flags & idc.FUNC_LIB:
name = idc.GetFunctionName(func)
simproc = search_simproc(name)
if simproc is not None:
print name, simproc
project.hook_symbol(func, simproc())
示例3: is_noreturn_function
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def is_noreturn_function(ea):
"""Returns `True` if the function at `ea` is a no-return function."""
flags = idc.GetFunctionFlags(ea)
return 0 < flags and \
(flags & idaapi.FUNC_NORET) and \
ea not in FUNC_LSDA_ENTRIES.keys() and \
"cxa_throw" not in get_symbol_name(ea)
示例4: is_thunk
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def is_thunk(ea):
"""Returns true if some address is a known to IDA to be a thunk."""
flags = idc.GetFunctionFlags(ea)
return 0 < flags and 0 != (flags & idaapi.FUNC_THUNK)
示例5: is_function_unsafe
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def is_function_unsafe(func_ea, blockset):
""" Returns `True` if the function uses bp and it might access the stack variable
indirectly using the base pointer.
"""
if not (idc.GetFunctionFlags(func_ea) & idc.FUNC_FRAME):
return False
for block_ea in blockset:
inst_eas, succ_eas = analyse_block(func_ea, block_ea, True)
for inst_ea in inst_eas:
if is_instruction_unsafe(inst_ea, func_ea):
return True
return False
示例6: _process_possible_stub
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def _process_possible_stub(stub, make_thunk, next_stub):
"""Try to process a stub function."""
# First, make sure this is a stub format we recognize.
target = stub_target(stub)
if not target:
_log(0, 'Unrecognized stub format at {:#x}', stub)
return False
# Next, check if IDA sees this as a function chunk rather than a function, and correct it if
# reasonable.
if not idau.force_function(stub):
_log(1, 'Could not convert stub to function at {:#x}', stub)
return False
# Next, set the appropriate flags on the stub. Make the stub a thunk if that was requested.
flags = idc.GetFunctionFlags(stub)
if flags == -1:
_log(1, 'Could not get function flags for stub at {:#x}', stub)
return False
target_flags = idc.GetFunctionFlags(target)
if target_flags != -1 and target_flags & idc.FUNC_NORET:
flags |= idc.FUNC_NORET
if make_thunk:
flags |= idc.FUNC_THUNK
if idc.SetFunctionFlags(stub, flags | idc.FUNC_THUNK) == 0:
_log(1, 'Could not set function flags for stub at {:#x}', stub)
return False
# Next, ensure that IDA sees the target as a function, but continue anyway if that fails.
if not idau.force_function(target):
_log(1, 'Stub {:#x} has target {:#x} that is not a function', stub, target)
# Finally symbolicate the stub.
if not _symbolicate_stub(stub, target, next_stub):
return False
return True
示例7: make_islands_xrefs_force_bl_call
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def make_islands_xrefs_force_bl_call(ea, verbose=True):
""" makes all BL references to a branch islands as call """
segname = idc.SegName(ea)
if verbose:
print "[+] forcing bl call on: %s [0x%X]" % (segname, ea)
if "branch_islands" in segname:
idc.SetFunctionFlags(ea, idc.GetFunctionFlags(ea) & (0xffffffff - 1))
for x in idautils.XrefsTo(ea):
make_islands_xrefs_force_bl_call(x.frm)
return
idc.ArmForceBLCall(ea)
示例8: check_for_wrapper
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetFunctionFlags [as 别名]
def check_for_wrapper(func):
flags = idc.GetFunctionFlags(func)
#跳过库函数和简单的跳转函数
if flags & FUNC_LIB or flags & FUNC_THUNK:
return
dism_addr = list(idautils.FuncItems(func))
#获取函数的长度
func_length = len(dism_addr)
#如果函数的超过32条指令则返回
if func_length > 0x20:
return
func_call = 0
instr_cmp = 0
op = None
op_addr = None
op_type = None
#遍历函数中的每条指令
for ea in dism_addr:
m = idc.GetMnem(ea)
if m == 'call' or m == 'jmp':
if m == 'jmp':
temp = idc.GetOperandValue(ea, 0)
# 忽略函数边界内的跳转
if temp in dism_addr:
continue
func_call += 1
#封装函数内不会包含多个函数调用
if func_call == 2:
return
op_addr = idc.GetOperandValue(ea, 0)
op_type = idc.GetOpType(ea, 0)
elif m == 'cmp' or m == 'test':
# 封装函数内不应该包含太多的逻辑运算
instr_cmp += 1
if instr_cmp == 3:
return
else:
continue
# 所有函数内的指令都被分析过了
if op_addr == None:
return
name = idc.Name(op_addr)
#跳过名称粉碎的函数名称
if "[" in name or "$" in name or "?" in name or "@" in name or name == "":
return
name = "w_" + name
if op_type == o_near:
if idc.GetFunctionFlags(op_addr) & FUNC_THUNK:
rename_wrapper(name, func)
return
if op_type == o_mem or op_type == o_far:
rename_wrapper(name, func)
return