def get_import_thunk(import_addr):
'''
find import thunk for the given import pointer.
this is a function that simply jumps to the external implementation of the routine.
Args:
import_addr (int): address of import table pointer.
Returns:
int: address of function thunk.
Raises:
ValueError: when the thunk does not exist.
'''
for xref in idautils.XrefsTo(import_addr):
if xref.type != 3: # XrefTypeName(3) == 'Data_Read'
continue
if idc.GetMnem(xref.frm) != 'jmp':
continue
return xref.frm
raise ValueError('thunk does not exist')
评论列表
文章目录
