def get_imports():
'''
enumerate the imports of the currently loaded module.
Yields:
Tuple[int, str, str, int]:
- address of import table pointer
- name of imported library
- name of imported function
- ordinal of import
'''
for i in range(idaapi.get_import_module_qty()):
dllname = idaapi.get_import_module_name(i)
if not dllname:
continue
entries = []
def cb(ea, name, ordinal):
entries.append((ea, name, ordinal))
return True # continue enumeration
idaapi.enum_import_names(i, cb)
for ea, name, ordinal in entries:
yield ea, dllname, name, ordinal
python类enum_import_names()的实例源码
def init_imported_ea(*args):
def imp_cb(ea, name, ord):
imported_ea.add(ea)
# True -> Continue enumeration
# False -> Stop enumeration
return True
print "[Info] Collecting information about imports"
imported_ea.clear()
nimps = idaapi.get_import_module_qty()
for i in xrange(0, nimps):
name = idaapi.get_import_module_name(i)
if not name:
print "[Warning] Failed to get import module name for #%d" % i
continue
# print "Walking-> %s" % name
idaapi.enum_import_names(i, imp_cb)
print "[Info] Done..."
def driver_type():
implist = idaapi.get_import_module_qty()
for i in range(0, implist):
name = idaapi.get_import_module_name(i)
idaapi.enum_import_names(i, cb)
for i in names:
if name == "FltRegisterFilter":
return "Mini-Filter"
elif name == "WdfVersionBind":
return "WDF"
elif name == "StreamClassRegisterMinidriver":
return "Stream Minidriver"
elif name == "KsCreateFilterFactory":
return "AVStream"
elif name == "PcRegisterSubdevice":
return "PortCls"
return "WDM"
def get_imports(library_calls):
""" Populate dictionaries with import information. Return imported modules. """
import_modules = []
import_names_callback = make_import_names_callback(library_calls)
for i in xrange(0, idaapi.get_import_module_qty()):
import_modules.append(idaapi.get_import_module_name(i))
idaapi.enum_import_names(i, import_names_callback)
return import_modules
def make_import_names_callback(library_calls):
""" Return a callback function used by idaapi.enum_import_names(). """
def callback(ea, name, ordinal):
""" Callback function to retrieve code references to library calls. """
library_calls[name] = []
for ref in idautils.CodeRefsTo(ea, 0):
library_calls[name].append(ref)
return True # True -> Continue enumeration
return callback
def get_typed_imports():
"""Queries IDA for functions in the import table that do have a type.
Returns a set of (func_ea, func_type) tuples."""
imp_funcs = set()
def imp_cb(ea, name, ordn):
ftype = idc.GetType(ea)
if ftype:
imp_funcs.add((ea, ftype))
return True
for i in xrange(idaapi.get_import_module_qty()):
idaapi.enum_import_names(i, imp_cb)
return imp_funcs
def __iterate__():
"""Iterate through all of the imports in the database.
Yields (ea,(module,name,ordinal)) for each iteration.
"""
for idx in xrange(idaapi.get_import_module_qty()):
module = idaapi.get_import_module_name(idx)
result = []
idaapi.enum_import_names(idx, utils.compose(utils.box,result.append,utils.fdiscard(lambda:True)))
for ea,name,ordinal in result:
yield (ea,(module,name,ordinal))
continue
return
def compute_imports():
imports = {}
current = ""
def callback(ea, name, ordinal):
imports[current].append((ea, name, ordinal))
return True
nimps = idaapi.get_import_module_qty()
for i in xrange(0, nimps):
current = idaapi.get_import_module_name(i)
imports[current] = []
idaapi.enum_import_names(i, callback)
return imports
