當前位置: 首頁>>代碼示例>>Python>>正文


Python idc.get_func_attr方法代碼示例

本文整理匯總了Python中idc.get_func_attr方法的典型用法代碼示例。如果您正苦於以下問題:Python idc.get_func_attr方法的具體用法?Python idc.get_func_attr怎麽用?Python idc.get_func_attr使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在idc的用法示例。


在下文中一共展示了idc.get_func_attr方法的14個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: build_functions_tree

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def build_functions_tree(self, functions_list):
        '''
        Builds tree of functions.
        '''

        func_state = FunctionState()
        functions_tree = OrderedDict()

        for function_name in sorted(functions_list):
            func_state.args = ''
            func_state.addr = functions_list[function_name]
            func_state.flags = \
                idc.get_func_attr(func_state.addr, idc.FUNCATTR_FLAGS)
            demangled_name = self.maybe_demangle(function_name)
            chunks = self.get_chunks(demangled_name, func_state)
            self.maybe_push(chunks, functions_tree, func_state)

        return functions_tree 
開發者ID:ax330d,項目名稱:functions-plus,代碼行數:20,代碼來源:functions_plus.py

示例2: get_all_func

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def get_all_func():
    num = 0
    content = []
    for func in idautils.Functions():
        seg_perm = idc.get_segm_attr(func,SEGATTR_PERM)         # 段屬性
        if(5 !=seg_perm):
            continue
        seg_name = idc.get_segm_name(func)                      # 段名
        if(".plt" == seg_name):
            continue
        
        func_name = idc.get_func_name(func)                     # 函數名
        func_flags = hex(idc.get_func_attr(func,FUNCATTR_FLAGS))# 函數信息
        func_head = hex(idc.get_func_attr(func,FUNCATTR_START)) # 函數頭
        func_end = hex(idc.get_func_attr(func,FUNCATTR_END))    # 函數尾

        l = []
        l.append(num)
        l.append(seg_name)
        l.append(seg_perm)
        l.append(func_name)
        l.append(func_flags)
        l.append(func_head)
        l.append(func_end)
        content.append(l)
        
        num += 1
        #print(l)
    return content
        
# 程序入口 
開發者ID:acbocai,項目名稱:run_idat,代碼行數:33,代碼來源:exp.py

示例3: is_noreturn_function

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def is_noreturn_function(ea):
  """Returns `True` if the function at `ea` is a no-return function."""
  flags = idc.get_func_attr(ea, idc.FUNCATTR_FLAGS)
  return 0 < flags and \
         (flags & idaapi.FUNC_NORET) and \
         ea not in FUNC_LSDA_ENTRIES.keys() and \
         "cxa_throw" not in get_symbol_name(ea) 
開發者ID:lifting-bits,項目名稱:mcsema,代碼行數:9,代碼來源:util.py

示例4: is_thunk

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def is_thunk(ea):
  """Returns true if some address is a known to IDA to be a thunk."""
  flags = idc.get_func_attr(ea, idc.FUNCATTR_FLAGS)
  return (idc.BADADDR != flags) and 0 < flags and 0 != (flags & 0x00000080L) 
開發者ID:lifting-bits,項目名稱:mcsema,代碼行數:6,代碼來源:util.py

示例5: recover_variables

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def recover_variables(F, func_ea, blockset):
  """ Recover the stack variables from the function. It also collect
      the instructions referring to the stack variables.
  """
  # Checks for the stack frame; return if it is None
  if not is_code_by_flags(func_ea) or \
      not idc.get_func_attr(func_ea, idc.FUNCATTR_FRAME):
    return

  functions = list()
  f_name = get_symbol_name(func_ea)
  f_ea = idc.get_func_attr(func_ea, idc.FUNCATTR_START)
  f_vars = collect_function_vars(func_ea, blockset)
  functions.append({"ea":f_ea, "name":f_name, "stackArgs":f_vars})

  for offset in f_vars.keys():
    if f_vars[offset]["safe"] is False:
      continue

    var = F.stack_vars.add()
    var.sp_offset = offset
    var.name = f_vars[offset]["name"]
    var.size = f_vars[offset]["size"]
    for i in f_vars[offset]["writes"]:
      r = var.ref_eas.add()
      r.inst_ea = i["ea"]
      r.offset = i["offset"]

    for i in f_vars[offset]["reads"]:
      r = var.ref_eas.add()
      r.inst_ea = i["ea"]
      r.offset = i["offset"] 
開發者ID:lifting-bits,項目名稱:mcsema,代碼行數:34,代碼來源:collect_variable.py

示例6: get_xref_code_to_func

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def get_xref_code_to_func(func_addr):
    a = idautils.XrefsTo(func_addr, 1)
    addr = {}
    for xref in a:
        frm = xref.frm  # ea in func
        start = idc.get_func_attr(frm, idc.FUNCATTR_START)  # to_xref func addr
        func_name = idc.get_func_name(start)  # to_xref func name
        addr[func_name] = [xref.iscode, start]
    return addr 
開發者ID:0xgalz,項目名稱:Virtuailor,代碼行數:11,代碼來源:Main.py

示例7: getMinorDispatchTableAddress

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def getMinorDispatchTableAddress(ea):
    """find address of last lea in function"""
    start = idc.get_func_attr(ea, idc.FUNCATTR_START)
    end = idc.prev_head( idc.get_func_attr(ea, idc.FUNCATTR_END), start)
    res = prevMnemonic(end, 'lea', start)
    assert res != idc.BADADDR
    return idc.get_operand_value(res, 1) 
開發者ID:arizvisa,項目名稱:ida-minsc,代碼行數:9,代碼來源:quicktime.py

示例8: getMajorDispatchTableAddress

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def getMajorDispatchTableAddress():
    """find quicktime major dispatch table"""
    res = idc.get_name_ea_simple('theQuickTimeDispatcher')
    res = nextMnemonic(res, 'lea', idc.get_func_attr(res, idc.FUNCATTR_END))
    assert res != idc.BADADDR
    return idc.get_operand_value(res, 1) 
開發者ID:arizvisa,項目名稱:ida-minsc,代碼行數:8,代碼來源:quicktime.py

示例9: __init__

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def __init__(self, show_extra_fields):
        self.addr = None
        self.flags = None
        self.show_extra_fields = show_extra_fields
        self.names = [
            'Name', 'Address', 'Segment', 'Length', 'Locals', 'Arguments'
        ]

        self.handlers = {
            0: lambda: None,
            1: lambda: self.fmt(self.addr),
            2: lambda: '{}'.format(idc.get_segm_name(self.addr)),
            3: lambda: self.fmt(idc.get_func_attr(self.addr, idc.FUNCATTR_END) - self.addr),
            4: lambda: self.fmt(idc.get_func_attr(self.addr, idc.FUNCATTR_FRSIZE)),
            5: lambda: self.fmt(idc.get_func_attr(self.addr, idc.FUNCATTR_ARGSIZE))
        }

        if self.show_extra_fields:
            self.names.extend(['R', 'F', 'L', 'S', 'B', 'T', '='])
            # TODO: add Lumina column info
            self.handlers.update({
                6: lambda: self.is_true(not self.flags & idc.FUNC_NORET, 'R'),
                7: lambda: self.is_true(self.flags & idc.FUNC_FAR, 'F'),
                8: lambda: self.is_true(self.flags & idc.FUNC_LIB, 'L'),
                9: lambda: self.is_true(self.flags & idc.FUNC_STATIC, 'S'),
                10: lambda: self.is_true(self.flags & idc.FUNC_FRAME, 'B'),
                11: lambda: self.is_true(idc.get_type(self.addr), 'T'),
                12: lambda: self.is_true(self.flags & idc.FUNC_BOTTOMBP, '=')
            }) 
開發者ID:ax330d,項目名稱:functions-plus,代碼行數:31,代碼來源:functions_plus.py

示例10: getFuncRanges_ida7

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def getFuncRanges_ida7(ea, doAllFuncs):
    if doAllFuncs:
        funcs = []
        funcGen = idautils.Functions(idc.get_segm_start(ea), idc.get_segm_end(ea))
        for i in funcGen:
            funcs.append(i)
        funcRanges = []
        for i in range(len(funcs) - 1):
            funcRanges.append( (funcs[i], funcs[i+1]) )
        funcRanges.append( (funcs[-1], idc.get_segm_end(ea)) )
        return funcRanges
    else:
        #just get the range of the current function
        fakeRanges = [( idc.get_func_attr(idc.here(), idc.FUNCATTR_START), idc.get_func_attr(idc.here(), idc.FUNCATTR_END)), ]
        return fakeRanges 
開發者ID:fireeye,項目名稱:flare-ida,代碼行數:17,代碼來源:stackstrings.py

示例11: build_stack_variable

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def build_stack_variable(func_ea):
  stack_vars = dict()

  frame = idc.get_func_attr(func_ea, idc.FUNCATTR_FRAME)
  if not frame:
    return stack_vars

  f_name = get_symbol_name(func_ea)
  #grab the offset of the stored frame pointer, so that
  #we can correlate offsets correctly in referent code
  # e.g., EBP+(-0x4) will match up to the -0x4 offset
  delta = idc.GetMemberOffset(frame, " s")
  if delta == -1:
    delta = 0

  if f_name not in _FUNC_UNSAFE_LIST:
    offset = idc.get_first_member(frame)
    while -1 != _signed_from_unsigned(offset):
      member_name = idc.get_member_name(frame, offset)
      if member_name is None:
        offset = idc.get_next_offset(frame, offset)
        continue
      if (member_name == " r" or member_name == " s"):
        offset = idc.get_next_offset(frame, offset)
        continue

      member_size = idc.GetMemberSize(frame, offset)
      if offset >= delta:
        offset = idc.get_next_offset(frame, offset)
        continue

      member_flag = idc.GetMemberFlag(frame, offset)
      flag_str = _get_flags_from_bits(member_flag)
      member_offset = offset-delta
      stack_vars[member_offset] = {"name": member_name,
                                  "size": member_size,
                                  "flags": flag_str,
                                  "writes": list(),
                                  "referent": list(),
                                  "reads": list(),
                                  "safe": False }

      offset = idc.get_next_offset(frame, offset)
  else:
    offset = idc.get_first_member(frame)
    frame_size = idc.get_func_attr(func_ea, idc.FUNCATTR_FRSIZE)
    flag_str = ""
    member_offset = _signed_from_unsigned(offset) - delta
    stack_vars[member_offset] = {"name": f_name,
                                 "size": frame_size,
                                 "flags": flag_str,
                                 "writes": list(),
                                 "referent": list(),
                                 "reads": list(),
                                 "safe": False }

  return stack_vars 
開發者ID:lifting-bits,項目名稱:mcsema,代碼行數:59,代碼來源:collect_variable.py

示例12: get_con2_var_or_num

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def get_con2_var_or_num(i_cnt, cur_addr):
    """
    :param i_cnt: the register of the virtual call
    :param cur_addr: the current address in the memory
    :return: "success" string and the address of the vtable's location. if it fails it sends the reason and -1
    """
    start_addr = idc.get_func_attr(cur_addr, idc.FUNCATTR_START)
    virt_call_addr = cur_addr
    cur_addr = idc.prev_head(cur_addr)
    dct_arch = get_arch_dct()
    if dct_arch == -1:
        return 'Wrong Architechture', "-1", cur_addr

    while cur_addr >= start_addr:
        if idc.print_insn_mnem(cur_addr)[:3] == dct_arch["opcode"] and idc.print_operand(cur_addr, 0) == i_cnt:  # TODO lea ?
            opnd2 = idc.print_operand(cur_addr, 1)
            place = opnd2.find(dct_arch["separator"])
            if place != -1:  # if the function is not the first in the vtable
                register = opnd2[opnd2.find('[') + 1: place]
                if opnd2.find('*') == -1:
                    offset = opnd2[place + dct_arch["val_offset"]: opnd2.find(']')]
                else:
                    offset = "*"
                return register, offset, cur_addr
            else:
                offset = "0"
                if opnd2.find(']') != -1:
                    register = opnd2[opnd2.find('[') + 1: opnd2.find(']')]
                else:
                    register = opnd2
                return register, offset, cur_addr
        elif idc.print_insn_mnem(cur_addr)[:4] == "call":
            intr_func_name = idc.print_operand(cur_addr, 0)
            # In case the code has CFG -> ignores the function call before the virtual calls
            if "guard_check_icall_fptr" not in intr_func_name:
                if "nullsub" not in intr_func_name:
                    # intr_func_name = idc.Demangle(intr_func_name, idc.GetLongPrm(idc.INF_SHORT_DN))
                    print("Warning! At address 0x%08x: The vtable assignment might be in another function (Maybe %s),"
                          " could not place BP." % (virt_call_addr, intr_func_name))
                cur_addr = start_addr
        cur_addr = idc.prev_head(cur_addr)
    return "out of the function", "-1", cur_addr

    return '', 0, cur_addr 
開發者ID:0xgalz,項目名稱:Virtuailor,代碼行數:46,代碼來源:vtableAddress.py

示例13: getIvarTypeFromFunc

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def getIvarTypeFromFunc(self, eh, va):
        if va in self.ivarSetters:
            return self.ivarSetters[va]
        elif va in self.notIvarSetters:
            return UNKNOWN
        addr = va
        endVa = idc.get_func_attr(va, idc.FUNCATTR_END)
        if endVa - va < 0x20:
            ivarVa = None
            while addr <= endVa:
                srcOpnd = idc.print_operand(addr, 1)
                # if ivar is the src op for an instruction, assume this function will return it
                if eh.arch == unicorn.UC_ARCH_ARM and "_OBJC_IVAR_$_" in srcOpnd:
                    oploc = idc.get_name_ea_simple(
                        srcOpnd[srcOpnd.find("_OBJC_IVAR_$_"):srcOpnd.find(" ")])
                    if oploc != idc.BADADDR:
                        ivarVa = oploc
                        break
                elif eh.arch == unicorn.UC_ARCH_ARM64:
                    for x in idautils.XrefsFrom(addr):
                        if (idc.get_segm_name(x.to) == "__objc_ivar" and
                                idc.get_name(x.to, idc.ida_name.GN_VISIBLE)[:13] == "_OBJC_IVAR_$_"):
                            ivarVa = x.to
                            break
                elif eh.arch == unicorn.UC_ARCH_X86:
                    if "_OBJC_IVAR_$_" in srcOpnd:
                        ivarVa = idc.get_operand_value(addr, 1)
                        break

                addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))

            if ivarVa:
                for x in idautils.XrefsTo(ivarVa):
                    if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
                        typeStr = eh.getIDBString(
                            eh.derefPtr(x.frm + eh.size_pointer * 2))
                        self.ivarSetters[va] = typeStr[2:-1]
                        logging.debug("%s is an ivar getter function, returning type %s" % (
                            eh.hexString(va), typeStr[2:-1]))
                        return typeStr[2:-1]
            else:
                logging.debug(
                    "%s determined not to be an ivar getter function", eh.hexString(va))
                self.notIvarSetters.append(va)
        else:
            logging.debug(
                "%s determined not to be an ivar getter function", eh.hexString(va))
            self.notIvarSetters.append(va)
        return UNKNOWN


    # returns class or sel name from IDA name 
開發者ID:fireeye,項目名稱:flare-ida,代碼行數:54,代碼來源:objc2_analyzer.py

示例14: _emit_fnbytes

# 需要導入模塊: import idc [as 別名]
# 或者: from idc import get_func_attr [as 別名]
def _emit_fnbytes(emit_instr_cb, header, footer, indent, fva=None, warn=True):
    """Emit function bytes in a format defined by the callback and
    headers/footers provided.

    Warns if any instruction operands are not consistent with
    position-independent code, in which case the user may need to templatize
    the position-dependent portions.
    """
    fva = fva or idc.here()
    fva = idc.get_func_attr(fva, idc.FUNCATTR_START)
    va_end = idc.get_func_attr(fva, idc.FUNCATTR_END)

    # Operand types observed in position-independent code:
    optypes_position_independent = set([
        ida_ua.o_reg,       # 1: General Register (al,ax,es,ds...)
        ida_ua.o_phrase,    # 3: Base + Index
        ida_ua.o_displ,     # 4: Base + Index + Displacement
        ida_ua.o_imm,       # 5: Immediate
        ida_ua.o_near,      # 7: Immediate Near Address
    ])

    # Notably missing because I want to note and handle these if/as they are
    # encountered:
    # ida_ua.o_idpspec0 = 8: FPP register
    # ida_ua.o_idpspec1 = 9: 386 control register
    # ida_ua.o_idpspec2 = 10: 386 debug register
    # ida_ua.o_idpspec3 = 11: 386 trace register

    va = fva
    nm = idc.get_name(fva)
    optypes_found = set()
    s = header.format(name=nm)
    while va not in (va_end, idc.BADADDR):
        size = idc.get_item_size(va)
        the_bytes = idc.get_bytes(va, size)

        for i in range(0, 8):
            optype = idc.get_operand_type(va, i)
            if optype:
                optypes_found.add(optype)

        s += indent + emit_instr_cb(va, the_bytes, size)
        va = idc.next_head(va)
    s += footer

    position_dependent = optypes_found - optypes_position_independent
    if position_dependent:
        msg = ('This code may have position-dependent operands (optype %s)' %
               (', '.join([str(o) for o in position_dependent])))
        if warn:
            Warning(msg)
        else:
            logger.warn(msg)

    return s 
開發者ID:fireeye,項目名稱:flare-ida,代碼行數:57,代碼來源:mykutils.py


注:本文中的idc.get_func_attr方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。