本文整理汇总了Python中idc.SegName方法的典型用法代码示例。如果您正苦于以下问题:Python idc.SegName方法的具体用法?Python idc.SegName怎么用?Python idc.SegName使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idc
的用法示例。
在下文中一共展示了idc.SegName方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_call_map
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def create_call_map(self, ftype):
assert_ida_available()
import idc
import idautils
seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
imports = seg_mapping[".idata"] if ftype == PE else seg_mapping['.plt']
start, stop = seg_mapping[".text"]
current = start
while current <= stop:
inst = current
if idc.GetMnem(inst) in ["call", "jmp"]:
value = idc.GetOperandValue(inst, 0)
name = idc.GetOpnd(inst, 0)
if imports[0] <= value <= imports[1]:
entry = self.config.call_map.add()
entry.address = inst
entry.name = name
current = idc.NextHead(current, stop)
示例2: post_analysis_stuff
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def post_analysis_stuff(self, results):
if results.has_formula():
self.action_selector.addItem(self.parent.HIGHLIGHT_CODE)
self.action_selector.addItem(self.parent.GRAPH_DEPENDENCY)
self.formula_area.setText(self.parent.results.formula)
if results.has_values():
self.action_selector.addItem(self.parent.DISASS_UNKNOWN_TARGET)
self.action_selector.setEnabled(True)
self.action_button.setEnabled(True)
report = HTMLReport()
report.add_title("Results", size=3)
report.add_table_header(["address", "assertion", "status", "values"])
addr = make_cell("%x" % results.target)
status = make_cell(results.get_status(), color=results.color, bold=True)
vals = ""
for value in results.values:
flag = idc.GetFlags(value)
typ = self.type_to_string(flag)
vals += "%x type:%s seg:%s fun:%s<br/>" % (value, typ, idc.SegName(value), idc.GetFunctionName(value))
report.add_table_line([addr, make_cell(cgi.escape(results.query)), status, make_cell(vals)])
report.end_table()
data = report.generate()
self.result_area.setHtml(data)
示例3: is_ELF_got_pointer
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def is_ELF_got_pointer(ea):
"""Returns `True` if this is a pointer to a pointer stored in the
`.got` section of an ELF binary. For example, `__gmon_start___ptr` is
a pointer in the `.got` that will be fixed up to contain the address of
the external function `__gmon_start__`. We don't want to treat
`__gmon_start___ptr` as external because it is really a sort of local
variable that will will resolve with a data cross-reference."""
seg_name = idc.SegName(ea).lower()
if ".got" not in seg_name:
return False
name = get_symbol_name(ea)
target_ea = get_reference_target(ea)
target_name = get_true_external_name(get_symbol_name(target_ea))
if target_name not in name:
return False
return is_referenced_by(target_ea, ea)
示例4: initialize_data_offsets
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def initialize_data_offsets():
"""Convert offsets in data segments into offsets in IDA.
Segment names must be initialized with segments.initialize_segments() first.
"""
# Normally, for user-space programs, this operation would be dangerous because there's a good
# chance that a valid userspace address would happen to show up in regular program data that is
# not actually an address. However, since kernel addresses are numerically much larger, the
# chance of this happening is much less.
for seg in idautils.Segments():
name = idc.SegName(seg)
if not (name.endswith('__DATA_CONST.__const') or name.endswith('__got')
or name.endswith('__DATA.__data')):
continue
for word, ea in idau.ReadWords(seg, idc.SegEnd(seg), addresses=True):
if idau.is_mapped(word, value=False):
idc.OpOff(ea, 0, 0)
示例5: initialize_stub_symbols
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def initialize_stub_symbols(make_thunk=True):
"""Populate IDA with information about the stubs in an iOS kernelcache.
Search through the kernelcache for stubs (__stubs sections) and rename each stub function
according to the target function it calls.
Arm64 only.
Options:
make_thunk: Set the thunk attribute for each stub function. Default is True.
"""
next_stub = internal.make_name_generator(kernelcache_stub_suffix)
for ea in idautils.Segments():
segname = idc.SegName(ea)
if not segname.endswith('__stubs'):
continue
_log(3, 'Processing segment {}', segname)
_process_stubs_section(ea, make_thunk, next_stub)
示例6: initialize_segments
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def initialize_segments():
"""Rename the kernelcache segments in IDA according to the __PRELINK_INFO data.
Rename the kernelcache segments based on the contents of the __PRELINK_INFO dictionary.
Segments are renamed according to the scheme '[<kext>:]<segment>.<section>', where '<kext>' is
the bundle identifier if the segment is part of a kernel extension. The special region
containing the Mach-O header is renamed '[<kext>:]<segment>.HEADER'.
"""
# First rename the kernel segments.
_log(1, 'Renaming kernel segments')
kernel_skip = ['__PRELINK_TEXT', '__PLK_TEXT_EXEC', '__PRELINK_DATA', '__PLK_DATA_CONST']
_initialize_segments_in_kext(None, kernel.base, skip=kernel_skip)
# Process each kext identified by the __PRELINK_INFO. In the new kernelcache format 12-merged,
# the _PrelinkExecutableLoadAddr key is missing for all kexts, so no extra segment renaming
# takes place.
prelink_info_dicts = kernel.prelink_info['_PrelinkInfoDictionary']
for kext_prelink_info in prelink_info_dicts:
kext = kext_prelink_info.get('CFBundleIdentifier', None)
mach_header = kext_prelink_info.get('_PrelinkExecutableLoadAddr', None)
if kext is not None and mach_header is not None:
orig_kext = idc.SegName(mach_header).split(':', 1)[0]
if '.kpi.' not in kext and orig_kext != kext:
_log(0, 'Renaming kext {} -> {}', orig_kext, kext)
_log(1, 'Renaming segments in {}', kext)
_initialize_segments_in_kext(kext, mach_header)
示例7: kernelcache_kext
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def kernelcache_kext(ea):
"""Return the name of the kext to which the given linear address belongs.
Only works if segments have been renamed using initialize_segments().
NOTE: Kexts are not well distinguished on the new iOS 12 merged kernelcache format. Do not rely
on this function.
"""
# TODO: This doesn't work on 12-merged kernelcaches!
name = idc.SegName(ea) or ''
if ':' in name:
return idc.SegName(ea).split(':', 1)[0]
if _kext_regions:
for start, end, kext in _kext_regions:
if start <= ea < end:
return kext
return None
示例8: print_section_list
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def print_section_list():
for s in idautils.Segments():
seg = idaapi.getseg(s)
print("%s" % idc.SegName(s))
print(" - start address: 0x%x" % seg.startEA)
print(" - sclass: 0x%x" % seg.sclass)
print(" - orgbase: 0x%x" % seg.orgbase)
print(" - flags: 0x%x" % seg.flags)
print(" - align: 0x%x" % seg.align)
print(" - comb: 0x%x" % seg.comb)
print(" - perm: 0x%x" % seg.perm)
print(" - bitness: 0x%x" % seg.bitness)
print(" - sel: 0x%x" % seg.sel)
# print(' - defsr: 0x%x' % seg.defsr)
print(" - type: 0x%x" % seg.type)
print(" - color: 0x%x" % seg.color)
示例9: init_seginfo
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def init_seginfo(self):
#print("seg len:%d\n" % len(list(idautils.Segments())))
for seg in idautils.Segments():
segname = idc.SegName(seg)
if segname.startswith('func_'):
self.segstarts[idc.SegStart(seg)] = segname
self.segends[idc.SegEnd(seg)] = segname
#print("segname:%s\n" % segname)
#print("add_func() called ret:%d" % add_func(idc.SegStart(seg), idc.SegEnd(seg)))
示例10: update_mapping
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def update_mapping(self):
pass
self.fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1) for x in
idautils.Functions()}
self.seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
示例11: get_segments
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def get_segments():
'''
fetch the segments in the current executable.
'''
for segstart in idautils.Segments():
segend = idaapi.getseg(segstart).end_ea
segsize = segend - segstart
segname = str(idc.SegName(segstart)).rstrip('\x00')
segbuf = get_segment_buffer(segstart)
yield Segment(segstart, segend, segname, segbuf)
示例12: is_tls_segment
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def is_tls_segment(ea):
try:
seg_name = idc.SegName(ea)
return seg_name in (".tbss", ".tdata", ".tls")
except:
return False
# Returns `True` if `ea` looks like a thread-local thing.
示例13: segment_contains_external_function_pointers
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def segment_contains_external_function_pointers(seg_ea):
"""Returns `True` if a segment contains pointers to external functions."""
try:
seg_name = idc.SegName(seg_ea)
return seg_name.lower() in (".idata", ".plt.got")
except:
return False
示例14: is_external_segment
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def is_external_segment(ea):
"""Returns `True` if the segment containing `ea` looks to be solely containing
external references."""
global _NOT_EXTERNAL_SEGMENTS
seg_ea = idc.SegStart(ea)
if seg_ea in _NOT_EXTERNAL_SEGMENTS:
return False
if seg_ea in _EXTERNAL_SEGMENTS:
return True
if is_external_segment_by_flags(ea):
_EXTERNAL_SEGMENTS.add(seg_ea)
return True
ext_types = []
seg_name = idc.SegName(seg_ea).lower()
if IS_ELF:
if ".got" in seg_name or ".plt" in seg_name:
_EXTERNAL_SEGMENTS.add(seg_ea)
return True
elif IS_PE:
if ".idata" == seg_name: # Import table.
_EXTERNAL_SEGMENTS.add(seg_ea)
return True
_NOT_EXTERNAL_SEGMENTS.add(seg_ea)
return False
示例15: is_constructor_segment
# 需要导入模块: import idc [as 别名]
# 或者: from idc import SegName [as 别名]
def is_constructor_segment(ea):
"""Returns `True` if the segment containing `ea` belongs to global constructor section"""
seg_ea = idc.SegStart(ea)
seg_name = idc.SegName(seg_ea).lower()
if seg_name in [".init_array", ".ctor"]:
return True
return False