def get_segment_functions(segment):
'''Returns functions for a given segment.
Args:
segment (`segment_t`): The segment functions will be returned
from. segment_t objects are returned from IDA's getseg API.
Returns:
list: Empty list or list of MetadataShim objects on success.
None: None on failure.
Fails if argument is not a segment_t or there are no functions
in that segment.
'''
if not isinstance(segment, idaapi.segment_t):
return None
segment_offset = segment.startEA - IDAW.get_imagebase()
if segment_offset not in FIRST.function_list:
return None
return FIRST.function_list[segment_offset].values()
python类segment_t()的实例源码
def add_segment(start, end, name, type_):
segment = idaapi.segment_t()
segment.startEA = start
segment.endEA = end
segment.bitness = 1 # 32-bit
idaapi.add_segm_ex(segment, name, type_, idaapi.ADDSEG_SPARSE | idaapi.ADDSEG_OR_DIE)
def by(segment):
'''Return a segment by it's segment_t.'''
return segment
def repr(segment):
'''Return a repr() of the segment identified by ``segment``.'''
'''Given a segment_t/address, return a printable representation of it'''
seg = by(segment)
return "{:s} {:s} {:x}-{:x} (+{:x})".format(object.__repr__(seg),idaapi.get_true_segm_name(seg),seg.startEA,seg.endEA,seg.endEA-seg.startEA)
def remove(segment, remove=False):
"""Remove the segment identified by ``segment``.
If the bool ``remove`` is specified, then remove the content of the segment from the database.
"""
if not isinstance(segment, idaapi.segment_t):
raise TypeError("{:s}.remove({!r}) : segment is not of an idaapi.segment_t. : {!r}".format(__name__, segment, type(segment)))
res = idaapi.del_selector(segment.sel)
if res == 0:
logging.warn("{:s}.remove({!r}):Unable to delete selector {:x}".format(__name__, segment, segment.sel))
res = idaapi.del_segm(segment.startEA, idaapi.SEGMOD_KILL if remove else idaapi.SEGMOD_KEEP)
if res == 0:
logging.warn("{:s}.remove({!r}):Unable to delete segment {:s} : {:s}".format(__name__, segment, segment.name, segment.sel))
return res
def save(filename, segment, offset=0):
"""Export the segment identified by ``segment`` to the file named ``filename``.
If the int ``offset`` is specified, then begin writing into the file at the specified offset.
"""
if isinstance(segment, idaapi.segment_t):
return _save_file(filename, segment.startEA, size(segment), offset)
return save(filename, by(segment))
def AddSegEx(startea, endea, base, use32, align, comb, flags):
"""
Create a new segment
@param startea: linear address of the start of the segment
@param endea: linear address of the end of the segment
this address will not belong to the segment
'endea' should be higher than 'startea'
@param base: base paragraph or selector of the segment.
a paragraph is 16byte memory chunk.
If a selector value is specified, the selector should be
already defined.
@param use32: 0: 16bit segment, 1: 32bit segment, 2: 64bit segment
@param align: segment alignment. see below for alignment values
@param comb: segment combination. see below for combination values.
@param flags: combination of ADDSEG_... bits
@return: 0-failed, 1-ok
"""
s = idaapi.segment_t()
s.startEA = startea
s.endEA = endea
s.sel = idaapi.setup_selector(base)
s.bitness = use32
s.align = align
s.comb = comb
return idaapi.add_segm_ex(s, "", "", flags)
def load_file(li, neflags, format):
# Select the PC processor module
idaapi.set_processor_type("BPF", SETPROC_ALL|SETPROC_FATAL)
buf = read_whole_file(li, 8)
if not buf:
return 0
# Load all shellcode into different segments
start = 0x1000
seg = idaapi.segment_t()
size = len(buf)
end = start + size
# Create the segment
seg.startEA = start
seg.endEA = end
seg.bitness = 1 # 32-bit
idaapi.add_segm_ex(seg, "bpf_c", "CODE", 0)
# Copy the bytes
idaapi.mem2base(buf, start, end)
# add entry point
idaapi.add_entry(start, start, "start", 1)
# add comment to beginning of disassembly
idaapi.describe(start, True, "BPF bytecode disassembly")
# Mark for analysis
AutoMark(start, AU_CODE)
setup_enums()
return 1
def get_segments_with_functions():
'''Returns a list of segments with defined functions in it.
Returns:
list: Empty list or list of segment_t objects
'''
data = []
if not FIRST.function_list:
return None
for segment_offset in FIRST.function_list:
data.append(IDAW.getseg(segment_offset + IDAW.get_imagebase()))
return data
def new(offset, size, name, **kwds):
"""Create a segment at ``offset`` with ``size`` and name it according to ``name``.
``bits`` can be used to specify the bit size of the segment
``comb`` can be used to specify any flags (idaapi.sc*)
``align`` can be used to specify paragraph alignment (idaapi.sa*)
``org`` specifies the origin of the segment (must be paragraph aligned due to ida)
"""
s = idaapi.get_segm_by_name(name)
if s is not None:
logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : a segment with the specified name already exists : {:s}".format(__name__, offset, size, name, kwds, name))
return None
bits = kwds.get( 'bits', 32 if idaapi.getseg(offset) is None else idaapi.getseg(offset).abits()) # FIXME: use disassembler default bit length instead of 32
if bits == 16:
## create a selector with the requested origin
org = kwds.get('org',0)
if org&0xf > 0:
logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : origin (.org) is not aligned to the size of a paragraph (0x10) : {:x}".format(__name__, offset, size, name, kwds, org))
return None
para = offset/16
sel = idaapi.allocate_selector(para)
idaapi.set_selector(sel, (para-kwds.get('org',0)/16)&0xffffffff)
else:
## auto-create a selector for everything else
sel = idaapi.setup_selector(kwds['selector']) if 'selector' in kwds else idaapi.find_free_selector()
# create segment. ripped from idc
s = idaapi.segment_t()
s.startEA = offset
s.endEA = offset+size
s.sel = sel
s.bitness = {16:0,32:1,64:2}[bits]
s.comb = kwds.get('comb', idaapi.scPub) # public
s.align = kwds.get('align', idaapi.saRelByte) # paragraphs
res = idaapi.add_segm_ex(s, name, "", idaapi.ADDSEG_NOSREG|idaapi.ADDSEG_SPARSE)
if res == 0:
logging.warn("{:s}.new({:x}, {:x}, {!r}, {!r}) : unable to add a new segment".format(__name__, offset, size, name, kwds))
res = idaapi.del_selector(sel)
#assert res != 0
return None
return s
