def enum_segm(self):
i = 0
for ea in idautils.Segments():
seg = idaapi.getseg(ea)
SigmName = idc.SegName(ea)
startA = idc.SegStart(ea)
endA = idc.SegEnd(ea)
className = idaapi.get_segm_class(seg)
seg_radio = SegmRadio(SigmName, startA, endA, className)
self.segm.append((SigmName, startA, endA, className))
self.segm_vbox.addWidget(seg_radio)
self.segm_vbox.addStretch(1)
if i == 0:
i = 1
seg_radio.toggle()
return self.segm_vbox
python类getseg()的实例源码
def _Assemble(ea, line):
"""
Please refer to Assemble() - INTERNAL USE ONLY
"""
if type(line) == types.StringType:
lines = [line]
else:
lines = line
ret = []
for line in lines:
seg = idaapi.getseg(ea)
if not seg:
return (False, "No segment at ea")
ip = ea - (idaapi.ask_selector(seg.sel) << 4)
buf = idaapi.AssembleLine(ea, seg.sel, ip, seg.bitness, line)
if not buf:
return (False, "Assembler failed: " + line)
ea += len(buf)
ret.append(buf)
if len(ret) == 1:
ret = ret[0]
return (True, ret)
def DeleteAll():
"""
Delete all segments, instructions, comments, i.e. everything
except values of bytes.
"""
ea = idaapi.cvar.inf.minEA
# Brute-force nuke all info from all the heads
while ea != BADADDR and ea <= idaapi.cvar.inf.maxEA:
idaapi.del_local_name(ea)
idaapi.del_global_name(ea)
func = idaapi.get_func(ea)
if func:
idaapi.del_func_cmt(func, False)
idaapi.del_func_cmt(func, True)
idaapi.del_func(ea)
idaapi.del_hidden_area(ea)
seg = idaapi.getseg(ea)
if seg:
idaapi.del_segment_cmt(seg, False)
idaapi.del_segment_cmt(seg, True)
idaapi.del_segm(ea, idaapi.SEGDEL_KEEP | idaapi.SEGDEL_SILENT)
ea = idaapi.next_head(ea, idaapi.cvar.inf.maxEA)
def SegName(ea):
"""
Get name of a segment
@param ea: any address in the segment
@return: "" - no segment at the specified address
"""
seg = idaapi.getseg(ea)
if not seg:
return ""
else:
name = idaapi.get_true_segm_name(seg)
if not name:
return ""
else:
return name
def SetSegAddressing(ea, bitness):
"""
Change segment addressing
@param ea: any address in the segment
@param bitness: 0: 16bit, 1: 32bit, 2: 64bit
@return: success (boolean)
"""
seg = idaapi.getseg(ea)
if not seg:
return False
seg.bitness = bitness
return True
def SetSegDefReg(ea, reg, value):
"""
Set default segment register value for a segment
@param ea: any address in the segment
if no segment is present at the specified address
then all segments will be affected
@param reg: name of segment register
@param value: default value of the segment register. -1-undefined.
"""
seg = idaapi.getseg(ea)
reg = idaapi.str2reg(reg);
if seg and reg >= 0:
return idaapi.SetDefaultRegisterValue(seg, reg, value)
else:
return False
def SetSegmentType(segea, segtype):
"""
Set segment type
@param segea: any address within segment
@param segtype: new segment type:
@return: !=0 - ok
"""
seg = idaapi.getseg(segea)
if not seg:
return False
seg.type = segtype
return seg.update()
def MoveSegm(ea, to, flags):
"""
Move a segment to a new address
This function moves all information to the new address
It fixes up address sensitive information in the kernel
The total effect is equal to reloading the segment to the target address
@param ea: any address within the segment to move
@param to: new segment start address
@param flags: combination MFS_... constants
@returns: MOVE_SEGM_... error code
"""
seg = idaapi.getseg(ea)
if not seg:
return MOVE_SEGM_PARAM
return idaapi.move_segm(seg, to, flags)
def tables_from_heuristics(require_rtti=False):
''' Yields addresses of VTableGroups found via heuristic methods
'''
for s in idautils.Segments():
seg = idaapi.getseg(s)
if seg is None:
continue
if seg.type != idaapi.SEG_DATA:
continue
ea = seg.startEA
while ea < seg.endEA:
try:
table = VTableGroup(ea)
if require_rtti is True and ea.typeinfo is not None:
yield ea
elif require_rtti is False:
yield ea
ea += table.size
except ValueError:
# Assume vtables are aligned
ea += TARGET_ADDRESS_SIZE
def output_segments(out):
"""Dump binary segmentation."""
info = idaapi.get_inf_structure()
size = "r32" if info.is_32bit else "r64"
out.writelines(('(', info.get_proc_name()[1], ' ', size, ' ('))
for seg in idautils.Segments():
out.write("\n({} {} {:d} ({:#x} {:d}))".format(
idaapi.get_segm_name(seg),
"code" if idaapi.segtype(seg) == idaapi.SEG_CODE else "data",
idaapi.get_fileregion_offset(seg),
seg, idaapi.getseg(seg).size()))
out.write("))\n")
def get_segment_buffer(segstart):
'''
fetch the bytes of the section that starts at the given address.
if the entire section cannot be accessed, try smaller regions until it works.
'''
segend = idaapi.getseg(segstart).endEA
buf = None
segsize = segend - segstart
while buf is None:
buf = idc.GetManyBytes(segstart, segsize)
if buf is None:
segsize -= 0x1000
return buf
def get_segments():
'''
fetch the segments in the current executable.
'''
for segstart in idautils.Segments():
segend = idaapi.getseg(segstart).endEA
segsize = segend - segstart
segname = str(idc.SegName(segstart)).rstrip('\x00')
segbuf = get_segment_buffer(segstart)
yield Segment(segstart, segend, segname, segbuf)
def segment(cls):
"""Current segment"""
ea = cls.address()
return idaapi.getseg(ea)
def by_address(ea):
'''Return the segment that contains the specified ``ea``.'''
s = idaapi.getseg(interface.address.within(ea))
if s is None:
raise LookupError("{:s}.by_address({:x}) : Unable to locate segment".format(__name__, ea))
return s
def check_address(address):
# Checks if given address contains virtual table. Returns True if more than 2 function pointers found
# Also if table's addresses point to code in executable section, than tries to make functions at that addresses
functions_count = 0
while True:
func_address = idaapi.get_64bit(address) if Const.EA64 else idaapi.get_32bit(address)
# print "[INFO] Address 0x{0:08X}".format(func_address)
if Helper.is_code_ea(func_address) or Helper.is_imported_ea(func_address):
functions_count += 1
address += Const.EA_SIZE
else:
segment = idaapi.getseg(func_address)
if segment and segment.perm & idaapi.SEGPERM_EXEC:
idc.MakeUnknown(func_address, 1, idaapi.DOUNK_SIMPLE)
if idc.MakeFunction(func_address):
functions_count += 1
address += Const.EA_SIZE
continue
break
idaapi.autoWait()
return functions_count
def setupUI(self):
ea = idc.ScreenEA()
seg = idaapi.getseg(ea)
SigmName = idc.SegName(ea)
startA = idc.SegStart(ea)
endA = idc.SegEnd(ea)
className = idaapi.get_segm_class(seg)
self.setWindowTitle("Jumper--%s %s %s" % (hex(ea - startA).upper(), SigmName, className))
self.groupBox.setLayout(self.enum_segm())
search_hbox = QHBoxLayout()
search_hbox.addWidget(QLabel("search"))
search_hbox.addWidget(self.search_edit)
offset_hbox = QHBoxLayout()
offset_hbox.addWidget(QLabel("offset"))
offset_hbox.addWidget(self.off_edit)
self.scroll = QScrollArea()
self.scroll.setWidgetResizable(True) # Set to make the inner widget resize with scroll area
self.scroll.setWidget(self.groupBox)
globle_vbox = QVBoxLayout(self)
globle_vbox.addWidget(self.scroll)
globle_vbox.addLayout(search_hbox)
globle_vbox.addLayout(offset_hbox)
btn_layout = QHBoxLayout()
jump = QPushButton("jump")
jump.clicked.connect(self.jump_click)
get_offset = QPushButton("offset")
get_offset.clicked.connect(self.get_cur_offset)
btn_layout.addWidget(jump)
btn_layout.addWidget(get_offset)
globle_vbox.addLayout(btn_layout)
self.search_edit.textChanged.connect(self.search_changed)
def get_cur_offset(self):
ea = idc.ScreenEA()
seg = idaapi.getseg(ea)
SigmName = idc.SegName(ea)
startA = idc.SegStart(ea)
self.off_edit.setText(hex(ea - startA).upper())
self.search_edit.setText(SigmName)
def SegStart(ea):
"""
Get start address of a segment
@param ea: any address in the segment
@return: start of segment
BADADDR - the specified address doesn't belong to any segment
"""
seg = idaapi.getseg(ea)
if not seg:
return BADADDR
else:
return seg.startEA
def SegEnd(ea):
"""
Get end address of a segment
@param ea: any address in the segment
@return: end of segment (an address past end of the segment)
BADADDR - the specified address doesn't belong to any segment
"""
seg = idaapi.getseg(ea)
if not seg:
return BADADDR
else:
return seg.endEA
def SetSegClass(ea, segclass):
"""
Change class of the segment
@param ea: any address in the segment
@param segclass: new class of the segment
@return: success (boolean)
"""
seg = idaapi.getseg(ea)
if not seg:
return False
return idaapi.set_segm_class(seg, segclass)
def GetSegmentAttr(segea, attr):
"""
Get segment attribute
@param segea: any address within segment
@param attr: one of SEGATTR_... constants
"""
seg = idaapi.getseg(segea)
assert seg, "could not find segment at 0x%x" % segea
if attr in [ SEGATTR_ES, SEGATTR_CS, SEGATTR_SS, SEGATTR_DS, SEGATTR_FS, SEGATTR_GS ]:
return idaapi.get_defsr(seg, _SEGATTRMAP[attr])
else:
return _IDC_GetAttr(seg, _SEGATTRMAP, attr)
def GetColor(ea, what):
"""
Get item color
@param ea: address of the item
@param what: type of the item (one of CIC_* constants)
@return: color code in RGB (hex 0xBBGGRR)
"""
if what not in [ CIC_ITEM, CIC_FUNC, CIC_SEGM ]:
raise ValueError, "'what' must be one of CIC_ITEM, CIC_FUNC and CIC_SEGM"
if what == CIC_ITEM:
return idaapi.get_item_color(ea)
if what == CIC_FUNC:
func = idaapi.get_func(ea)
if func:
return func.color
else:
return DEFCOLOR
if what == CIC_SEGM:
seg = idaapi.getseg(ea)
if seg:
return seg.color
else:
return DEFCOLOR
# color item codes:
def SetColor(ea, what, color):
"""
Set item color
@param ea: address of the item
@param what: type of the item (one of CIC_* constants)
@param color: new color code in RGB (hex 0xBBGGRR)
@return: success (True or False)
"""
if what not in [ CIC_ITEM, CIC_FUNC, CIC_SEGM ]:
raise ValueError, "'what' must be one of CIC_ITEM, CIC_FUNC and CIC_SEGM"
if what == CIC_ITEM:
return idaapi.set_item_color(ea, color)
if what == CIC_FUNC:
func = idaapi.get_func(ea)
if func:
func.color = color
return bool(idaapi.update_func(func))
else:
return False
if what == CIC_SEGM:
seg = idaapi.getseg(ea)
if seg:
seg.color = color
return bool(seg.update())
else:
return False
#--------------------------------------------------------------------------
# X M L
#--------------------------------------------------------------------------
def SanityChecks():
seg = FirstSeg()
if SegName(seg) != GetInputFile().replace(' ', '_'):
dlg = AskYN(0, "Name of the first segment for main module ('" + SegName(seg) + "') doesn't\nmatch main module's name ('" + GetInputFile() + "').\n\n" +
"In order for the FridaLink to function correctly (i.e. resolve\nsymbols and load additional modules) this segment name\nshould be updated.\n\n" +
"Update first segment name to '" + GetInputFile() + "'?")
if dlg == 1:
set_segm_name(getseg(seg), GetInputFile())
Wait()
fl_log("FridaLink: set first sector name for main binary to '" + GetInputFile() + "'\n")
def tables_from_names():
''' Yields addresses of VtableGroups if binary is not stripped
'''
for n in idautils.Names():
seg = idaapi.getseg(n[0])
if seg is None or seg.type != idaapi.SEG_DATA:
continue
if is_vtable_name(n[1]) is True:
yield n[0]
def is_in_executable_segment(ea):
if idaapi.getseg(ea) is None:
return False
return idaapi.getseg(ea).perm & idaapi.SEGPERM_EXEC
def in_same_segment(addr1, addr2):
return (idaapi.getseg(addr1) is not None and
idaapi.getseg(addr2) is not None and
idaapi.getseg(addr1).startEA ==
idaapi.getseg(addr2).startEA)
def new(offset, size, name, **kwds):
"""Create a segment at ``offset`` with ``size`` and name it according to ``name``.
``bits`` can be used to specify the bit size of the segment
``comb`` can be used to specify any flags (idaapi.sc*)
``align`` can be used to specify paragraph alignment (idaapi.sa*)
``org`` specifies the origin of the segment (must be paragraph aligned due to ida)
"""
s = idaapi.get_segm_by_name(name)
if s is not None:
logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : a segment with the specified name already exists : {:s}".format(__name__, offset, size, name, kwds, name))
return None
bits = kwds.get( 'bits', 32 if idaapi.getseg(offset) is None else idaapi.getseg(offset).abits()) # FIXME: use disassembler default bit length instead of 32
if bits == 16:
## create a selector with the requested origin
org = kwds.get('org',0)
if org&0xf > 0:
logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : origin (.org) is not aligned to the size of a paragraph (0x10) : {:x}".format(__name__, offset, size, name, kwds, org))
return None
para = offset/16
sel = idaapi.allocate_selector(para)
idaapi.set_selector(sel, (para-kwds.get('org',0)/16)&0xffffffff)
else:
## auto-create a selector for everything else
sel = idaapi.setup_selector(kwds['selector']) if 'selector' in kwds else idaapi.find_free_selector()
# create segment. ripped from idc
s = idaapi.segment_t()
s.startEA = offset
s.endEA = offset+size
s.sel = sel
s.bitness = {16:0,32:1,64:2}[bits]
s.comb = kwds.get('comb', idaapi.scPub) # public
s.align = kwds.get('align', idaapi.saRelByte) # paragraphs
res = idaapi.add_segm_ex(s, name, "", idaapi.ADDSEG_NOSREG|idaapi.ADDSEG_SPARSE)
if res == 0:
logging.warn("{:s}.new({:x}, {:x}, {!r}, {!r}) : unable to add a new segment".format(__name__, offset, size, name, kwds))
res = idaapi.del_selector(sel)
#assert res != 0
return None
return s
def LoadModule(platform, name, path):
global g_NextLibBase
if platform is not None:
os_type = platform[:3]
if os_type == "iOS":
# check if it is custom or system framework
app_idx = path.find(".app")
if app_idx >=0:
# custom framework
local_path = path[app_idx+4:]
bin_path = os.path.dirname(get_input_file_path())
path = bin_path + local_path
else:
# system framework
os_ver = platform[4:]
home = os.path.expanduser("~")
path = home + "/Library/Developer/Xcode/iOS DeviceSupport/" + os_ver + "/Symbols" + path
# check if framework exists
if os.path.exists(path) == False:
fl_log("FridaLink: invalid path [ " + path + " ]\n")
return
fl_log("FridaLink: loading module '" + name + "' from [ " + path + " ]\n")
res = load_loader_module(None, "macho", str(path), False)
if res != 0:
Wait()
seg = get_segm_by_name("HEADER").startEA
set_segm_name(getseg(seg), name)
Wait()
fl_log("FridaLink: set first sector name for loaded module to '" + name + "'\n")
if seg < g_AppBase:
fl_log("FridaLink: move module '" + name + "' to " + ('0x%012x' % g_NextLibBase) + "\n")
# Move back all segments before main one (usually for OSX modules)
while seg < g_AppBase:
fl_log((' 0x%012x' % SegStart(seg)) + " -> " + ('0x%012x' % (SegStart(seg) + g_NextLibBase)) + ": " + SegName(seg) + "\n")
MoveSegm(SegStart(seg), SegStart(seg) + g_NextLibBase, 0)
Wait()
seg = FirstSeg()
g_NextLibBase += kModuleAlignment
fl_log("FridaLink: next module base = " + ("0x%012x" % g_NextLibBase) + "\n")
