def find_shifts(functions):
candidate_functions = {}
# TODO better to compare number of shifts to overall instruction count?
# TODO find shifts in tight loops
shift_mnems = set(["shl", "shr", "sar", "sal", "rol", "ror"])
shift_mnems_len = len(shift_mnems)
for fva in functions:
found_shifts = set([])
cva = fva
while cva != idaapi.BADADDR and cva < idc.FindFuncEnd(fva):
i = idc.GetMnem(cva)
if i in shift_mnems:
found_shifts.add(i)
g_logger.debug("shift instruction: %s va: 0x%x function: 0x%x", idc.GetDisasm(cva), cva, fva)
cva = idc.NextHead(cva)
candidate_functions[fva] = 1 - ((shift_mnems_len - len(found_shifts)) / float(shift_mnems_len))
return candidate_functions
评论列表
文章目录
