Python idc.LocByName方法代碼示例

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def main_lina(dbname):
    symbols = {
        "clock_interval":idc.LocByName, 
        "mempool_array":idc.LocByName, 
        "mempool_list_":idc.LocByName, 
        "socks_proxy_server_start":idc.LocByName,
        "aaa_admin_authenticate":idc.LocByName,
        "mempool_list_":idc.LocByName,
    }
    symbols32 = {}
    symbols64 = {}
    if ida_helper.ARCHITECTURE == 32:
        symbols.update(symbols32)
    elif ida_helper.ARCHITECTURE == 64:
        symbols.update(symbols64)
    else:
        logmsg("Invalid architecture")
        sys.exit()

    hunt(symbols, dbname, bin_name="lina") 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def serialize(self):
        s = str(self.target_field.text())
        if self.radio_addr.isChecked():
            try:
                int(s, 16)
            except ValueError:
                print "Bad address given"
                return None
        elif self.radio_routine.isChecked():
            addr = idc.LocByName(s)
            if addr == idc.BADADDR:
                print "Bad function name given"
                return None
        return specific_parameters_t() 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def run(self):
        # -- GUI stuff
        self.result_widget.set_actions_visible_and_enabled(False)
        self.set_progress_visible(True)
        # -----------

        # Refill the configuration file
        if self.configuration.ksteps != 0 and self.config_widget.radio_path_routine.isChecked():
            self.k = self.configuration.ksteps  # Use the ksteps given if making the path on the whole routine

        self.result_widget.webview.append("### Opaque predicates Detection ###\n")

        self.configuration.analysis_name = "static opaque"
        self.configuration.additional_parameters.typeid = self.configuration.additional_parameters.STANDARD

        target_val = str(self.config_widget.target_field.text())
        start_tps = time.time()
        if self.config_widget.radio_addr.isChecked():
            addr = utils.to_addr(target_val)
            self.process_routine(idaapi.get_func(addr).startEA, pred_addr=addr)
        elif self.config_widget.radio_routine.isChecked():
            addr = idc.LocByName(target_val)
            if addr == idc.BADADDR:
                addr = utils.to_addr(target_val)
            self.process_routine(addr)
        elif self.config_widget.radio_program.isChecked():
            self.process_program()
        else:
            pass

        self.exec_time_total = time.time() - start_tps - self.exec_time_dep
        self.analyse_finished = True
        self.broker.terminate()

        # -- GUI stuff
        self.result_widget.set_actions_visible_and_enabled(True)
        self.set_progress_visible(False)
        # ------------
        self.analysis_terminated() 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def is_start_of_function(ea):
  """Returns `True` if `ea` is the start of a function."""
  if not is_code(ea):
    return False

  name = idc.GetTrueName(ea) or idc.GetFunctionName(ea)
  return ea == idc.LocByName(name) 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def find_main_in_ELF_file():
  """Tries to automatically find the `main` function if we haven't found it
  yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
  ELF binaries, where one of the parameters is the `main` function. IDA will
  helpfully comment it as such."""

  start_ea = idc.LocByName("_start")
  if is_invalid_ea(start_ea):
    start_ea = idc.LocByName("start")
    if is_invalid_ea(start_ea):
      return idc.BADADDR

  for begin_ea, end_ea in idautils.Chunks(start_ea):
    for inst_ea in Heads(begin_ea, end_ea):
      comment = idc.GetCommentEx(inst_ea, 0)
      if comment and "main" in comment:
        for main_ea in xrefs_from(inst_ea):
          if not is_code(main_ea):
            continue

          # Sometimes the `main` function isn't identified as code. This comes
          # up when there are some alignment bytes in front of `main`.
          try_mark_as_code(main_ea)
          if is_code_by_flags(main_ea):
            try_mark_as_function(main_ea)

          main = idaapi.get_func(main_ea)
          if not main:
            continue

          if main and main.startEA == main_ea:
            set_symbol_name(main_ea, "main")
            DEBUG("Found main at {:x}".format(main_ea))
            return main_ea

  return idc.BADADDR 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def get_jlocs(self, sw):
        jlocs = []
        ncases = sw.ncases if sw.jcases == 0 else sw.jcases
        for i in range(ncases):
            addr = idc.Dword(sw.jumps+i*4)
            name = idaapi.get_name(idc.BADADDR, addr)
            comm = idc.GetCommentEx(idc.LocByName(name), 1)
            comm = comm[comm.find('case'):] if comm is not None and comm.startswith('jumptable') else comm
            jlocs.append((name, idc.LocByName(name), comm))
        return jlocs 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def main_lina_monitor(dbname):
    symbols = {
        "jz_after_code_sign_verify_signature_image":idc.LocByName,
    }
    if ida_helper.ARCHITECTURE == 32:
        logmsg("WARNING: not supported/tested yet")
    elif ida_helper.ARCHITECTURE == 64:
        pass
    else:
        logmsg("Invalid architecture")
        sys.exit()

    hunt(symbols, dbname, bin_name="lina_monitor") 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def main():
    beginThreadExLoc = idc.LocByName('_beginthreadex')
    if beginThreadExLoc == idc.BADADDR:
        print 'Function "_beginthreadex" not found. Returning'
        return
    for xref in idautils.CodeRefsTo(beginThreadExLoc, 1):
        if getFunctionArgumentCount(xref) == 7:
            print 'Found likely MyCreateThread: 0x%08x' % xref
            handleCreateThread(idc.GetFunctionAttr(xref, idc.FUNCATTR_START)) 

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import LocByName [as 別名]
def main():
    #jayutils.configLogger(__name__, logging.DEBUG)
    jayutils.configLogger(__name__, logging.INFO)
    logger = jayutils.getLogger('')
    logger.debug('Starting up in main')
    #name = idc.AskStr('CreateThread', 'Enter function to find args for')
    #argNum = idc.AskLong(6)

    filePath = jayutils.getInputFilepath()
    if filePath is None:
        self.logger.info('No input file provided. Stopping')
        return
    vw = jayutils.loadWorkspace(filePath)
    logger.debug('Loaded workspace')
    tracker = ArgTracker(vw)

    import idautils
    funcEa = idc.LocByName('CreateThread')
    if funcEa == idc.BADADDR:
        logger.info('CreateThread not found. Returning now')
        return
    for xref in idautils.XrefsTo(funcEa):
        argsList = tracker.getPushArgs(xref.frm, 6)
        for argDict in argsList:
            print '-'*60
            pc, value = argDict[3]
            print '0x%08x: 0x%08x: 0x%08x' % (xref.frm, pc, value)