def get_list_of_function_instr(addr):
f_start = addr
f_end = idc.FindFuncEnd(addr)
chunks = enumerate_function_chunks(f_start)
list_of_addr = list()
list_of_calls = list()
image_base = idaapi.get_imagebase(addr)
for chunk in chunks:
for head in idautils.Heads(chunk[0], chunk[1]):
# If the element is an instruction
if head == hex(0xffffffffL):
raise Exception("Invalid head for parsing")
if idc.isCode(idc.GetFlags(head)):
call_name = get_call_name(head)
if call_name != None:
list_of_calls.append(call_name)
head = head - image_base
head = str(hex(head))
head = head.replace("L", "")
head = head.replace("0x", "")
list_of_addr.append(head)
return list_of_addr, list_of_calls
python类get_imagebase()的实例源码
def enumerate_function_names():
func_name = dict()
for seg_ea in idautils.Segments():
# For each of the functions
function_ea = seg_ea
while function_ea != 0xffffffffL:
function_name = idc.GetFunctionName(function_ea)
# if already analyzed
if func_name.get(function_name, None) != None:
function_ea = idc.NextFunction(function_ea)
continue
image_base = idaapi.get_imagebase(function_ea)
addr = function_ea - image_base
addr = str(hex(addr))
addr = addr.replace("L", "")
addr = addr.replace("0x", "")
func_name[function_name] = get_list_of_function_instr(function_ea)
function_ea = idc.NextFunction(function_ea)
return func_name
def get_list_of_function_instr(addr):
'''
The function returns a list of instructions from a function
@addr - is function entry point
@return - list of instruction's addresses
'''
f_start = addr
f_end = idc.FindFuncEnd(addr)
chunks = enumerate_function_chunks(f_start)
list_of_addr = list()
image_base = idaapi.get_imagebase(addr)
for chunk in chunks:
for head in idautils.Heads(chunk[0], chunk[1]):
# If the element is an instruction
if head == hex(0xffffffffL):
raise Exception("Invalid head for parsing")
if idc.isCode(idc.GetFlags(head)):
head = head - image_base
head = str(hex(head))
head = head.replace("L", "")
head = head.replace("0x", "")
list_of_addr.append(head)
return list_of_addr
def enumerate_function_names():
'''
The function enumerates all functions in a dll.
@return - dictionary {function_name : list of corresponded instructions}
'''
func_name = dict()
for seg_ea in idautils.Segments():
# For each of the functions
function_ea = seg_ea
while function_ea != 0xffffffffL:
function_name = idc.GetFunctionName(function_ea)
# if already analyzed
if func_name.get(function_name, None) != None:
function_ea = idc.NextFunction(function_ea)
continue
image_base = idaapi.get_imagebase(function_ea)
addr = function_ea - image_base
addr = str(hex(addr))
addr = addr.replace("L", "")
addr = addr.replace("0x", "")
func_name[function_name] = get_list_of_function_instr(function_ea)
function_ea = idc.NextFunction(function_ea)
return func_name
def _normalize_coverage(self, coverage_data, metadata):
"""
Normalize loaded DrCov data to the database metadata.
"""
# extract the coverage relevant to this IDB (well, the root binary)
root_filename = idaapi.get_root_filename()
coverage_blocks = coverage_data.get_blocks_by_module(root_filename)
# rebase the basic blocks
base = idaapi.get_imagebase()
rebased_blocks = rebase_blocks(base, coverage_blocks)
# coalesce the blocks into larger contiguous blobs
condensed_blocks = coalesce_blocks(rebased_blocks)
# flatten the blobs into individual instructions or addresses
return metadata.flatten_blocks(condensed_blocks)
def init_demangled_names(*args):
"""
Creates dictionary of demangled names => address, that will be used further at double click on methods got from
symbols.
"""
demangled_names.clear()
for address, name in idautils.Names():
short_name = idc.Demangle(name, idc.GetLongPrm(idc.INF_SHORT_DN))
if short_name:
demangled_names[short_name.split('(')[0]] = address - idaapi.get_imagebase()
# Names can have templates and should be transformed before creating local type
name = re.sub(r'[<>]', '_t_', name)
# Thunk functions with name like "[thunk]:CWarmupHostProvider::Release`adjustor{8}'"
result = re.search(r"(\[thunk\]:)?([^`]*)(.*\{(\d+)}.*)?", short_name)
name, adjustor = result.group(2), result.group(4)
if adjustor:
demangled_names[name + "_adj_" + adjustor] = address - idaapi.get_imagebase()
print "[DEBUG] Demangled names have been initialized"
def find_functions():
'''
yields all functions in the form a 2-tuple:
(function_address, function_name)
function_address is a RELATIVE offset from the
image base.
'''
# get image base from IDA
image_base = idaapi.get_imagebase()
# iterate through all functions in the executable.
for func_ea in Functions(MinEA(), MaxEA()):
# craft the routine record
func_name = GetFunctionName(func_ea)
funcaddr = func_ea - image_base
yield funcaddr, func_name
def baseaddress():
'''Returns the baseaddress of the database.'''
return idaapi.get_imagebase()
def get_virtual_func_address(name, tinfo=None, offset=None):
"""
:param name: method name
:param tinfo: class tinfo
:param offset: virtual table offset
:return: address of the method
"""
address = idc.LocByName(name)
if address != idaapi.BADADDR:
return address
address = demangled_names.get(name, idaapi.BADADDR)
if address != idaapi.BADADDR:
return address + idaapi.get_imagebase()
if tinfo is None or offset is None:
return
offset *= 8
udt_member = idaapi.udt_member_t()
while tinfo.is_struct():
address = demangled_names.get(tinfo.dstr() + '::' + name, idaapi.BADADDR)
if address != idaapi.BADADDR:
return address + idaapi.get_imagebase()
udt_member.offset = offset
tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member)
tinfo = udt_member.type
offset = offset - udt_member.offset
def __init__(self, tinfo, name, parent):
self.tinfo = tinfo
self.tinfo_modified = False
self.name = name
self.class_name = None
self.name_modified = False
self.parents = [parent]
self.base_address = Helper.get_virtual_func_address(name)
if self.base_address:
self.base_address -= idaapi.get_imagebase()
self.rowcount = 0
self.children = []
def update(self, name, tinfo):
self.name = name
self.tinfo = tinfo
self.name_modified = False
self.tinfo_modified = False
self.base_address = idc.LocByName(self.name)
if self.base_address != idaapi.BADADDR:
self.base_address -= idaapi.get_imagebase()
def address(self):
return self.base_address + idaapi.get_imagebase() if self.base_address else None
def find_bbls(function_ea):
'''
yields all basic blocks that belong to the
given function. The blocks are returned in
a 2-tuple like:
(start_address, end_address)
Both start and end address are RELATIVE offsets
from the image base.
'''
# get image base from IDA
image_base = idaapi.get_imagebase()
function_ea += image_base
# get flow chart from IDA
flow_chart = idaapi.FlowChart(
idaapi.get_func(function_ea),
flags=idaapi.FC_PREDS
)
# iterate through all basic blocks in
# the current routine
for block in flow_chart:
start_addr = block.startEA - image_base
end_addr = block.endEA - image_base
if start_addr != end_addr:
yield start_addr, end_addr
def get_image():
name = idc.GetInputFile()
base = idaapi.get_imagebase()
return base, name
def get_base_address(self):
return idaapi.get_imagebase()
def run(self):
'''Public function.'''
self.symbol_path = idc.AskFile(0, '*.pdb', 'Choose PDB file...')
self.image_base = idaapi.get_imagebase()
print "IPL: Loading PDB data, might take a while..."
self.PDBLookup = pdbparse.symlookup.Lookup([(self.symbol_path, self.image_base)])
if not self.PDBLookup:
print "IPL: PDBLookup failed to initialize, exiting."
return
self._rename_functions()
return
def do_export():
db = {}
module = idaapi.get_root_filename().lower()
base = idaapi.get_imagebase()
file = AskFile(1, "x64dbg database|%s" % get_file_mask(),
"Export database")
if not file:
return
print "Exporting database %s" % file
db["labels"] = [{
"text": name,
"manual": False,
"module": module,
"address": "0x%X" % (ea - base)
} for (ea, name) in Names()]
print "%d label(s) exported" % len(db["labels"])
db["comments"] = [{
"text": comment.replace("{", "{{").replace("}", "}}"),
"manual": False,
"module": module,
"address": "0x%X" % (ea - base)
} for (ea, comment) in Comments()]
print "%d comment(s) exported" % len(db["comments"])
db["breakpoints"] = [{
"address": "0x%X" % (ea - base),
"enabled": True,
"type": bptype,
"titantype": "0x%X" % titantype,
"oldbytes": "0x%X" % oldbytes,
"module": module,
} for (ea, bptype, titantype, oldbytes) in Breakpoints()]
print "%d breakpoint(s) exported" % len(db["breakpoints"])
with open(file, "w") as outfile:
json.dump(db, outfile, indent=1)
print "Exported database. Done!"
# 1) Create the handler class
