本文整理匯總了Python中idaapi.is_call_insn方法的典型用法代碼示例。如果您正苦於以下問題:Python idaapi.is_call_insn方法的具體用法?Python idaapi.is_call_insn怎麽用?Python idaapi.is_call_insn使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類idaapi的用法示例。
在下文中一共展示了idaapi.is_call_insn方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: enum_calls_in_function
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import is_call_insn [as 別名]
def enum_calls_in_function(fva):
'''
yield the call instructions in the given function.
Args:
fva (int): the starting address of a function
Returns:
sequence[tuple[int, str]]: the address of a call instruction, and the disassembly line at that address
'''
for ea in enum_function_addrs(fva):
if idaapi.is_call_insn(ea):
disasm = ida_lines.generate_disassembly(ea, 16, True, False)[1][0]
# replace consequent whitespaces by a single whitespaces
disasm = re.sub("\s\s+", " ", disasm)
yield ea, disasm 示例2: IsPrevInsnCall
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import is_call_insn [as 別名]
def IsPrevInsnCall(ea):
"""
Given a return address, this function tries to check if previous instruction
is a CALL instruction
"""
global CallPattern
if ea == idaapi.BADADDR or ea < 10:
return None
for delta, opcodes in CallPattern:
# assume caller's ea
caller = ea + delta
# get the bytes
bytes = [x for x in GetDataList(caller, len(opcodes), 1)]
# do we have a match? is it a call instruction?
if bytes == opcodes and idaapi.is_call_insn(caller):
return caller
return None
# ----------------------------------------------------------------------- 示例3: is_call
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import is_call_insn [as 別名]
def is_call(self):
"""Is the instruction a call instruction."""
return idaapi.is_call_insn(self._insn) 示例4: is_call
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import is_call_insn [as 別名]
def is_call(cls, ea):
'''Returns true if the instruction at `ea` is a call.'''
ea = interface.address.inside(ea)
if idaapi.__version__ < 7.0 and hasattr(idaapi, 'is_call_insn'):
idaapi.decode_insn(ea)
return idaapi.is_call_insn(ea)
F = feature(ea)
return database.is_code(ea) and (feature(ea) & idaapi.CF_CALL == idaapi.CF_CALL) 示例5: graph_down
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import is_call_insn [as 別名]
def graph_down(ea, path=set()):
"""
Recursively collect all function calls.
Copied with minor modifications from
http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html
"""
path.add(ea)
#
# extract all the call instructions from the current function
#
call_instructions = []
instruction_info = idaapi.insn_t()
for address in idautils.FuncItems(ea):
# decode the instruction
if not idaapi.decode_insn(instruction_info, address):
continue
# check if this instruction is a call
if not idaapi.is_call_insn(instruction_info):
continue
# save this address as a call instruction
call_instructions.append(address)
#
# iterate through all the instructions in the target function (ea) and
# inspect all the call instructions
#
for x in call_instructions:
# TODO
for r in idautils.XrefsFrom(x, idaapi.XREF_FAR):
#print(0x%08X" % h, "--calls-->", "0x%08X" % r.to)
if not r.iscode:
continue
# get the function pointed at by this call
func = idaapi.get_func(r.to)
if not func:
continue
# ignore calls to imports / library calls / thunks
if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0:
continue
#
# if we have not traversed to the destination function that this
# call references, recurse down to it to continue our traversal
#
if r.to not in path:
graph_down(r.to, path)
return path