def parents_from_destructors(type):
''' Finds the direct parents of the Type associated with ``tablegroup`` by
examining function calls in its destructor.
'''
def get_type_having_destructor(func_ea):
for type in Types():
if func_ea in type.destructors():
return type
return None
class destructor_finder_t(idaapi.ctree_visitor_t):
def __init__(self, ea):
idaapi.ctree_visitor_t.__init__(self, idaapi.CV_FAST)
def visit_expr(self, e):
if e.op == idaapi.cot_call:
# Destructors only take 1 arg
if len(e.a) != 1:
return 0
elif e.a[0].v is None or e.a[0].v.idx != 0:
return 0
addr = e.x.obj_ea
type = get_type_having_destructor(addr)
if type is None:
return 0
parents.append(type)
return 0
elif e.op == idaapi.cot_asg:
pass
return 0
def leave_expr(self, e):
if e.op == idaapi.cot_call:
self.destructor_candidate = None
destructors = type.destructors()
if len(destructors) == 0:
return []
#TODO: consider other candidates
destructor = destructors[0]
parents = []
try:
cfunc = idaapi.decompile(destructor);
except idaapi.DecompilationFailure:
return []
iff = destructor_finder_t(destructor)
iff.apply_to(cfunc.body, None)
return parents
评论列表
文章目录
