python类Segments()的实例源码-面圈网

dll_parser_user.py 文件源码项目：WinHeap-Explorer 作者: WinHeapExplorer 项目源码文件源码阅读 28 收藏 0 点赞 0 评论 0

def enumerate_function_names():
    func_name = dict()
    for seg_ea in idautils.Segments():
        # For each of the functions
        function_ea = seg_ea
        while function_ea != 0xffffffffL:
            function_name = idc.GetFunctionName(function_ea)
            # if already analyzed
            if func_name.get(function_name, None) != None:
                function_ea = idc.NextFunction(function_ea)
                continue
            image_base = idaapi.get_imagebase(function_ea)
            addr = function_ea - image_base
            addr = str(hex(addr))
            addr = addr.replace("L", "")
            addr = addr.replace("0x", "")
            func_name[function_name] = get_list_of_function_instr(function_ea)
            function_ea = idc.NextFunction(function_ea)
    return func_name

dll_parser.py 文件源码项目：WinHeap-Explorer 作者: WinHeapExplorer 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def enumerate_function_names():
    '''
    The function enumerates all functions in a dll.
    @return - dictionary {function_name : list of corresponded instructions}
    '''
    func_name = dict()
    for seg_ea in idautils.Segments():
        # For each of the functions
        function_ea = seg_ea
        while function_ea != 0xffffffffL:
            function_name = idc.GetFunctionName(function_ea)
            # if already analyzed
            if func_name.get(function_name, None) != None:
                function_ea = idc.NextFunction(function_ea)
                continue
            image_base = idaapi.get_imagebase(function_ea)
            addr = function_ea - image_base
            addr = str(hex(addr))
            addr = addr.replace("L", "")
            addr = addr.replace("0x", "")
            func_name[function_name] = get_list_of_function_instr(function_ea)
            function_ea = idc.NextFunction(function_ea)
    return func_name

IdaTools.py 文件源码项目：apiscout 作者: danielplohmann 项目源码文件源码阅读 28 收藏 0 点赞 0 评论 0

def getAllMemoryFromIda(self):
        result = {}
        seg_start = [ea for ea in idautils.Segments()][0]
        current_start = seg_start
        seg_end = idc.SegEnd(current_start)
        current_buffer = ""
        for index, current_start in enumerate(idautils.Segments()):
            # get current buffer content
            current_buffer = ""
            for ea in lrange(current_start, idc.SegEnd(current_start)):
                current_buffer += chr(idc.Byte(ea))
            # first buffer is only saved
            if index == 0:
                result[seg_start] = current_buffer
                continue
            # otherwise decide if the buffers are consecutive and either save or update contents
            if current_start != seg_end:
                seg_start = current_start
                result[seg_start] = current_buffer
            else:
                result[seg_start] += current_buffer
            seg_end = idc.SegEnd(current_start)
        return result

jumper.py 文件源码项目：IDAPPL 作者: yufengzjj 项目源码文件源码阅读 22 收藏 0 点赞 0 评论 0

def enum_segm(self):
        i = 0
        for ea in idautils.Segments():
            seg = idaapi.getseg(ea)
            SigmName = idc.SegName(ea)
            startA = idc.SegStart(ea)
            endA = idc.SegEnd(ea)
            className = idaapi.get_segm_class(seg)
            seg_radio = SegmRadio(SigmName, startA, endA, className)
            self.segm.append((SigmName, startA, endA, className))
            self.segm_vbox.addWidget(seg_radio)
            self.segm_vbox.addStretch(1)
            if i == 0:
                i = 1
                seg_radio.toggle()
        return self.segm_vbox

FindCrypto.py 文件源码项目：RE 作者: wasdwasdwasdwasd 项目源码文件源码阅读 26 收藏 0 点赞 0 评论 0

def Main():
    codeSegments = GetExecutableSegments()

    #Iterate Segments
    for segment in codeSegments:
        functions = GetFunctions(segment)

        #Iterate Functions and search XOR
        for function in functions: 

            flag = GetFunctionFlags(function)
            if flag == -1 or flag & FUNC_LIB:
                continue

            #print hex(function), GetFunctionName(function)
            xorList = FindXor(function)

            if 0 < len(xorList):
                print "[+]Found Possible Crypto at 0x%08X in function %s" % (function, GetFunctionName(function))

                # Itrate over tuples (function, xorAddr, xorMnemonic, operand1, operand2)
                for xor in xorList:
                    print "[+]Crypto Inst: 0x%08X: %s %s %s" % (xor[1], xor[2], xor[3], xor[4])

#Script Entry

configuration_file.py 文件源码项目：idasec 作者: RobinDavid 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def create_call_map(self, ftype):
        assert_ida_available()
        import idc
        import idautils
        seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
        imports = seg_mapping[".idata"] if ftype == PE else seg_mapping['.plt']
        start, stop = seg_mapping[".text"]
        current = start
        while current <= stop:
            inst = current
            if idc.GetMnem(inst) in ["call", "jmp"]:
                value = idc.GetOperandValue(inst, 0)
                name = idc.GetOpnd(inst, 0)
                if imports[0] <= value <= imports[1]:
                    entry = self.config.call_map.add()
                    entry.address = inst
                    entry.name = name
            current = idc.NextHead(current, stop)

type.py 文件源码项目：devirtualize 作者: ALSchwalm 项目源码文件源码阅读 25 收藏 0 点赞 0 评论 0

def tables_from_heuristics(require_rtti=False):
    ''' Yields addresses of VTableGroups found via heuristic methods
    '''
    for s in idautils.Segments():
        seg = idaapi.getseg(s)
        if seg is None:
            continue
        if seg.type != idaapi.SEG_DATA:
            continue

        ea = seg.startEA
        while ea < seg.endEA:
            try:
                table = VTableGroup(ea)
                if require_rtti is True and ea.typeinfo is not None:
                    yield ea
                elif require_rtti is False:
                    yield ea
                ea += table.size
            except ValueError:
                # Assume vtables are aligned
                ea += TARGET_ADDRESS_SIZE

ida.py 文件源码项目：bap-ida-python 作者: BinaryAnalysisPlatform 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def addresses():
    """Generate all mapped addresses."""
    for s in idautils.Segments():
        ea = idc.SegStart(s)
        while ea < idc.SegEnd(s):
            yield ea
            ea = idaapi.nextaddr(ea)

ida.py 文件源码项目：bap-ida-python 作者: BinaryAnalysisPlatform 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def output_segments(out):
    """Dump binary segmentation."""
    info = idaapi.get_inf_structure()
    size = "r32" if info.is_32bit else "r64"
    out.writelines(('(', info.get_proc_name()[1], ' ', size, ' ('))
    for seg in idautils.Segments():
        out.write("\n({} {} {:d} ({:#x} {:d}))".format(
            idaapi.get_segm_name(seg),
            "code" if idaapi.segtype(seg) == idaapi.SEG_CODE else "data",
            idaapi.get_fileregion_offset(seg),
            seg, idaapi.getseg(seg).size()))
    out.write("))\n")

ida.py 文件源码项目：bap-ida-python 作者: BinaryAnalysisPlatform 项目源码文件源码阅读 21 收藏 0 点赞 0 评论 0

def output_symbols(out):
    """Dump symbols."""
    try:
        from idaapi import get_func_name2 as get_func_name
        # Since get_func_name is deprecated (at least from IDA 6.9)
    except ImportError:
        from idaapi import get_func_name
        # Older versions of IDA don't have get_func_name2
        # so we just use the older name get_func_name

    def func_name_propagate_thunk(ea):
        current_name = get_func_name(ea)
        if current_name[0].isalpha():
            return current_name
        func = idaapi.get_func(ea)
        temp_ptr = idaapi.ea_pointer()
        ea_new = idaapi.BADADDR
        if func.flags & idaapi.FUNC_THUNK == idaapi.FUNC_THUNK:
            ea_new = idaapi.calc_thunk_func_target(func, temp_ptr.cast())
        if ea_new != idaapi.BADADDR:
            ea = ea_new
        propagated_name = get_func_name(ea) or ''  # Ensure it is not `None`
        if len(current_name) > len(propagated_name) > 0:
            return propagated_name
        else:
            return current_name
            # Fallback to non-propagated name for weird times that IDA gives
            #     a 0 length name, or finds a longer import name

    for ea in idautils.Segments():
        fs = idautils.Functions(idc.SegStart(ea), idc.SegEnd(ea))
        for f in fs:
            out.write('("%s" 0x%x 0x%x)\n' % (
                func_name_propagate_thunk(f),
                idc.GetFunctionAttr(f, idc.FUNCATTR_START),
                idc.GetFunctionAttr(f, idc.FUNCATTR_END)))

yara_fn.py 文件源码项目：idawilli 作者: williballenthin 项目源码文件源码阅读 26 收藏 0 点赞 0 评论 0

def get_segments():
    '''
    fetch the segments in the current executable.
    '''
    for segstart in idautils.Segments():
         segend = idaapi.getseg(segstart).endEA
         segsize = segend - segstart
         segname = str(idc.SegName(segstart)).rstrip('\x00')
         segbuf = get_segment_buffer(segstart)
         yield Segment(segstart, segend, segname, segbuf)

color.py 文件源码项目：idawilli 作者: williballenthin 项目源码文件源码阅读 22 收藏 0 点赞 0 评论 0

def enum_segments():
    for segstart in idautils.Segments():
        segend = idc.SegEnd(segstart)
        segname = idc.SegName(segstart)
        yield Segment(segstart, segend, segname)

utils.py 文件源码项目：iddaa 作者: 0xddaa 项目源码文件源码阅读 19 收藏 0 点赞 0 评论 0

def get_seg_range(seg):
    for s in idautils.Segments():
        if idc.SegName(s) == seg:
            start_ea = idc.SegStart(s)
            end_ea = idc.SegEnd(s)
    return start_ea, end_ea

IdaForm.py 文件源码项目：apiscout 作者: danielplohmann 项目源码文件源码阅读 21 收藏 0 点赞 0 评论 0

def __init__(self, title, api_results, flags=0):
        Choose2.__init__(self,
                         title,
                         [["#", 6], ["Offset", 14], ["API Address", 14], ["DLL", 20], ["API", 35]],
                         embedded=True, width=140, height=20, flags=flags)
        self.row_count = 0
        self.base_address = [ea for ea in idautils.Segments()][0]
        self.scout = ApiScout()
        self.scout.setBaseAddress(self.base_address)
        self.api_results = api_results
        self.all_items = self.populate(api_results)
        self.items = self.populate(api_results)
        self.icon = 4
        self.selcount = 0

IdaTools.py 文件源码项目：apiscout 作者: danielplohmann 项目源码文件源码阅读 25 收藏 0 点赞 0 评论 0

def getBaseAddress(self):
        return [ea for ea in idautils.Segments()][0]

IdaTools.py 文件源码项目：apiscout 作者: danielplohmann 项目源码文件源码阅读 26 收藏 0 点赞 0 评论 0

def getLastAddress(self):
        return idc.SegEnd([ea for ea in idautils.Segments()][-1]) - 1

FindCrypto.py 文件源码项目：RE 作者: wasdwasdwasdwasd 项目源码文件源码阅读 21 收藏 0 点赞 0 评论 0

def GetExecutableSegments():
    segments = []
    for segment in idautils.Segments():
        #print SegName(segment), hex(segment)

        #Get Segment Attribute
        segPermission = GetSegmentAttr(segment, SEGATTR_PERM)
        if segPermission & SEGPERM_EXEC:
            print "[+]Code Segment %s 0x%08X" % (SegName(segment), segment)
            segments.append(segment)
    return segments

#Get Function List

DecryptStrings.py 文件源码项目：RE 作者: wasdwasdwasdwasd 项目源码文件源码阅读 21 收藏 0 点赞 0 评论 0

def GetExecutableSegments():
    segments = []
    for segment in idautils.Segments():
        #print SegName(segment), hex(segment)

        #Get Segment Attribute
        segPermission = GetSegmentAttr(segment, SEGATTR_PERM)
        if segPermission & SEGPERM_EXEC:
            print "[+]Code Segment %s 0x%08X" % (SegName(segment), segment)
            segments.append(segment)
    return segments

#Get Function List

DecryptStrings.py 文件源码项目：RE 作者: wasdwasdwasdwasd 项目源码文件源码阅读 25 收藏 0 点赞 0 评论 0

def Main():
    codeSegments = GetExecutableSegments()

    #Iterate Segments
    for segment in codeSegments:
        functions = GetFunctions(segment)

        #Iterate Functions and search XOR
        for function in functions: 

            flag = GetFunctionFlags(function)
            if flag == -1 or flag & FUNC_LIB:
                continue

            #print hex(function), GetFunctionName(function)
            xorList = FindXor(function)

            if 0 < len(xorList):
                print "[+]Found Possible Crypto at 0x%08X in function %s" % (function, GetFunctionName(function))

                # Itrate over tuples (function, xorAddr, xorMnemonic, operand1, operand2)
                for xor in xorList:
                    print "[+]Crypto Inst: 0x%08X: %s %s %s" % (xor[1], xor[2], xor[3], xor[4])

                #hardcoded addresses are not good
                if function == 0x00402C72:
                    DecryptString0(function)
                else:
                    pass

#Script Entry

DecryptStringsBonus.py 文件源码项目：RE 作者: wasdwasdwasdwasd 项目源码文件源码阅读 20 收藏 0 点赞 0 评论 0

def GetSection(sectionName):
    for seg in idautils.Segments():
        if idc.SegName(seg) == sectionName:
            return seg
    return 0

DecryptStringsBonus.py 文件源码项目：RE 作者: wasdwasdwasdwasd 项目源码文件源码阅读 20 收藏 0 点赞 0 评论 0

def Main():
    InitEmulator()
    codeSegments = GetExecutableSegments()

    #Iterate Segments
    for segment in codeSegments:
        functions = GetFunctions(segment)

        #Iterate Functions and search XOR
        for function in functions: 

            flag = GetFunctionFlags(function)
            if flag == -1 or flag & FUNC_LIB:
                continue

            #print hex(function), GetFunctionName(function)
            xorList = FindXor(function)

            if 0 < len(xorList):
                print "[+]Found Possible Crypto at 0x%08X in function %s" % (function, GetFunctionName(function))

                # Itrate over tuples (function, xorAddr, xorMnemonic, operand1, operand2)
                for xor in xorList:
                    print "[+]Crypto Inst: 0x%08X: %s %s %s" % (xor[1], xor[2], xor[3], xor[4])

                print

                #hardcoded addresses are not good
                if function == 0x00402CB8:
                    DecryptStackStrings(function)
                else:
                    pass

#Script Entry

idb_indexer.py 文件源码项目：idsearch 作者: xorpd 项目源码文件源码阅读 24 收藏 0 点赞 0 评论 0

def iter_lines():
    """
    Iterate through all line addresses in the IDB
    Yields addresses of all lines.
    """
    for ea in idautils.Segments():
        seg_start = idc.SegStart(ea)
        seg_end = idc.SegEnd(ea)

        cur_addr = seg_start
        while (cur_addr < seg_end) and (cur_addr != idaapi.BADADDR):
            yield cur_addr
            cur_addr = idc.NextHead(cur_addr)

idasec_core.py 文件源码项目：idasec 作者: RobinDavid 项目源码文件源码阅读 27 收藏 0 点赞 0 评论 0

def update_mapping(self):
        pass
        self.fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1) for x in
                            idautils.Functions()}
        self.seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}

stackscan.py 文件源码项目：shannonRE 作者: Comsecuris 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def ret_addr(ea):

    #we can't assume Thumb only, so we also keep ARM cases, just adjust addr in Thumb cases
    if (ea % 2) != 0:
        ea -= 1

    '''
    #calculating code segment ranges every time is wasteful
    code_segs = []
    for s in idautils.Segments():
        if idaapi.segtype(s) == idaapi.SEG_CODE:
            s_end = idc.GetSegmentAttr(s, SEGATTR_END)
            code_segs.append({"start" : s, "end" : s_end})

    if not reduce(lambda x, y: x or y, map(lambda x: (x["start"] <= ea) and (x["end"] > ea), code_segs)):
        return False
    '''

    #this is-in-function check is enough (segment check redundant) if we trust function ID'ing anyway.

    f_ea = idaapi.get_func(ea)
    if not f_ea:
        return False

    #Preceding or Previous?
    #   Not necessarily all preceding will be a call to a ret instruction,
    #   but "the" prev should be always the one.
    i = idautils.DecodePreviousInstruction(ea)
    if i and "BL" in idc.GetMnem(i.ea):
        return True

    return False

findcrypt.py 文件源码项目：ida 作者: you0708 项目源码文件源码阅读 23 收藏 0 点赞 0 评论 0

def main():
    print("[*] loading crypto constants")
    for const in non_sparse_consts:
        const["byte_array"] = convert_to_byte_array(const)

    for start in idautils.Segments():
        print("[*] searching for crypto constants in %s" % idc.get_segm_name(start))
        ea = start
        while ea < idc.get_segm_end(start):
            bbbb = list(struct.unpack("BBBB", idc.get_bytes(ea, 4)))
            for const in non_sparse_consts:
                if bbbb != const["byte_array"][:4]:
                    continue
                if map(lambda x:ord(x), get_bytes(ea, len(const["byte_array"]))) == const["byte_array"]:
                    print(("0x%0" + str(digits) + "X: found const array %s (used in %s)") % (ea, const["name"], const["algorithm"]))
                    idc.set_name(ea, const["name"])
                    if const["size"] == "B":
                        idc.create_byte(ea)
                    elif const["size"] == "L":
                        idc.create_dword(ea)
                    elif const["size"] == "Q":
                        idc.create_qword(ea)
                    make_array(ea, len(const["array"]))
                    ea += len(const["byte_array"]) - 4
                    break
            ea += 4

        ea = start
        if get_segm_attr(ea, SEGATTR_TYPE) == 2:
            while ea < get_segm_end(start):
                d = ida_bytes.get_dword(ea)
                for const in sparse_consts:
                    if d != const["array"][0]:
                        continue
                    tmp = ea + 4
                    for val in const["array"][1:]:
                        for i in range(8):
                            if ida_bytes.get_dword(tmp + i) == val:
                                tmp = tmp + i + 4
                                break
                        else:
                            break
                    else:
                        print(("0x%0" + str(digits) + "X: found sparse constants for %s") % (ea, const["algorithm"]))
                        cmt = idc.get_cmt(idc.prev_head(ea), 0)
                        if cmt:
                            idc.set_cmt(idc.prev_head(ea), cmt + ' ' + const["name"], 0)
                        else:
                            idc.set_cmt(idc.prev_head(ea), const["name"], 0)
                        ea = tmp
                        break
                ea += 1
    print("[*] finished")