python类is_call_insn()的实例源码-面圈网

inp_ida.py 文件源码项目：ropf 作者: kevinkoo001 项目源码文件源码阅读 74 收藏 0 点赞 0 评论 0

def get_func_code_refs_from(func_ea, iaddrs):
    """Returns a set with the code references from this function"""
    code_refs = set()

    for addr in iaddrs:
        ref = idaapi.BADADDR

        for r in idautils.XrefsFrom(addr, idaapi.XREF_FAR):

            if r.iscode:
                to_func = idaapi.get_func(r.to)
                if not to_func or to_func.startEA != func_ea:
                    ref = r.to
            else:
                ref = r.to

        if (ref != idaapi.BADADDR or idaapi.is_call_insn(addr) or idaapi.is_indirect_jump_insn(addr)):
            #print hex(i.addr), i, hex(ref)
            code_refs.add(ref)

    return code_refs

hint_calls.py 文件源码项目：idawilli 作者: williballenthin 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def enum_calls_in_function(fva):
    '''
    yield the call instructions in the given function.

    Args:
      fva (int): the starting address of a function

    Returns:
      sequence[tuple[int, str]]: the address of a call instruction, and the disassembly line at that address
    '''
    for ea in enum_function_addrs(fva):
        if idaapi.is_call_insn(ea):
            disasm = ida_lines.generate_disassembly(ea, 16, True, False)[1][0]
            # replace consequent whitespaces by a single whitespaces
            disasm = re.sub("\s\s+", " ", disasm)
            yield ea, disasm

instruction.py 文件源码项目：idascripts 作者: ctfhacker 项目源码文件源码阅读 22 收藏 0 点赞 0 评论 0

def is_call(ea):
    '''Returns True if the instruction at ``ea`` is a call instruction.'''
#    MASK_TYPE = 0x0300
#    T_BRANCH = 0x0100
#
#    MASK_BRTYPE = 0b111
#    CF_JMPIMM = 0b001
#    CF_JMPCOND = 0b000
#    CF_CALL = 0b010
#
#    F = feature(ea)
#    return database.is_code(ea) and (feature(ea) & MASK_TYPE == T_BRANCH) and (feature(ea) & idaapi.CF_CALL == idaapi.CF_CALL)

    idaapi.decode_insn(ea)
    return idaapi.is_call_insn(ea)

ida_func_ptr.py 文件源码项目：ida_func_ptr 作者: HandsomeMatt 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def graph_down(ea, path=set()):
    """
    Recursively collect all function calls.

    Copied with minor modifications from
    http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html
    """
    path.add(ea)

    #
    # iterate through all the instructions in the target function (ea) and
    # inspect all the call instructions
    #

    for x in [x for x in idautils.FuncItems(ea) if idaapi.is_call_insn(x)]:

        #  TODO
        for r in idautils.XrefsFrom(x, idaapi.XREF_FAR):
            #print "0x%08X" % h, "--calls-->", "0x%08X" % r.to
            if not r.iscode:
                    continue

            # get the function pointed at by this call
            func = idaapi.get_func(r.to)
            if not func:
                continue

            # ignore calls to imports / library calls / thunks
            if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0:
                continue

            #
            # if we have not traversed to the destination function that this
            # call references, recurse down to it to continue our traversal
            #

            if r.to not in path:
                graph_down(r.to, path)

    return path