def import_pseudocomments_to_fun(f_ea, d):
if d == {}:
#print "skipping %x, empty" % f_ea
return
print "Attempting to decompile %x" % f_ea
try:
ct = idaapi.decompile(f_ea)
except idaapi.DecompilationFailure:
print "error during decompilation (IDA API)"
return
# i dont know when this happens, but for 404E1404, which is not really a function
# this is triggered
if not ct or ct.user_cmts == None:
print "failed obtaining user cmts at %x" % f_ea
return
user_cmts = ct.user_cmts
it = idaapi.user_cmts_begin(user_cmts)
for i in d.iterkeys():
t = idaapi.treeloc_t()
t.ea = d[i]["ea"]
t.itp = d[i]["itp"]
c = idaapi.citem_cmt_t(d[i]["comment"])
idaapi.user_cmts_insert(user_cmts, t, c)
python类decompile()的实例源码
def parents_from_destructors(type):
''' Finds the direct parents of the Type associated with ``tablegroup`` by
examining function calls in its destructor.
'''
def get_type_having_destructor(func_ea):
for type in Types():
if func_ea in type.destructors():
return type
return None
class destructor_finder_t(idaapi.ctree_visitor_t):
def __init__(self, ea):
idaapi.ctree_visitor_t.__init__(self, idaapi.CV_FAST)
def visit_expr(self, e):
if e.op == idaapi.cot_call:
# Destructors only take 1 arg
if len(e.a) != 1:
return 0
elif e.a[0].v is None or e.a[0].v.idx != 0:
return 0
addr = e.x.obj_ea
type = get_type_having_destructor(addr)
if type is None:
return 0
parents.append(type)
return 0
elif e.op == idaapi.cot_asg:
pass
return 0
def leave_expr(self, e):
if e.op == idaapi.cot_call:
self.destructor_candidate = None
destructors = type.destructors()
if len(destructors) == 0:
return []
#TODO: consider other candidates
destructor = destructors[0]
parents = []
try:
cfunc = idaapi.decompile(destructor);
except idaapi.DecompilationFailure:
return []
iff = destructor_finder_t(destructor)
iff.apply_to(cfunc.body, None)
return parents
