def traverseCalls(adr):
print 'entering into %s' % GetFunctionName(adr)
print 'searching for heap_alloc calls inside'
flags=GetFunctionFlags(adr)
start=GetFunctionAttr(adr,FUNCATTR_START)
end=GetFunctionAttr(adr,FUNCATTR_END)
call_list=[]
heap_found=False
#ignore library functions
if flags & idaapi.FUNC_THUNK or flags & idaapi.FUNC_LIB:
return
#get list all ea's of current function routine
disasm_addr = list(idautils.FuncItems(adr))
for ea in disasm_addr:
if idaapi.is_call_insn(ea):
op_addr = GetOperandValue(ea,0)
op_type = GetOpType(ea,0)
name=GetFunctionName(op_addr)
op_flags = GetFunctionFlags(op_addr)
if op_flags & idaapi.FUNC_LIB:
name = Name(op_addr)
if name in ('GetProcessHeap','HeapAlloc','LocalHeap'):
print 'Heap allocation routine found at %s' % GetFunctionName(ea)
heap_found=True
call_list.append(name)
break
call_list.append(name)
return call_list, heap_found
评论列表
文章目录
