def init_demangled_names(*args):
"""
Creates dictionary of demangled names => address, that will be used further at double click on methods got from
symbols.
"""
demangled_names.clear()
for address, name in idautils.Names():
short_name = idc.Demangle(name, idc.GetLongPrm(idc.INF_SHORT_DN))
if short_name:
demangled_names[short_name.split('(')[0]] = address - idaapi.get_imagebase()
# Names can have templates and should be transformed before creating local type
name = re.sub(r'[<>]', '_t_', name)
# Thunk functions with name like "[thunk]:CWarmupHostProvider::Release`adjustor{8}'"
result = re.search(r"(\[thunk\]:)?([^`]*)(.*\{(\d+)}.*)?", short_name)
name, adjustor = result.group(2), result.group(4)
if adjustor:
demangled_names[name + "_adj_" + adjustor] = address - idaapi.get_imagebase()
print "[DEBUG] Demangled names have been initialized"
python类Names()的实例源码
def get_w32syscalls():
syscalls = set()
# def get_syscall_start():
# for m, n in idautils.Names():
# if n == '_W32pServiceTable':
# return m
# ea = get_syscall_start()
ea = idaapi.str2ea('_W32pServiceTable')
f = idaapi.get_full_long(ea)
functions = set(idautils.Functions())
while f in functions:
fname = GetFunctionName(f)
syscalls.add(fname)
ea += 4
f = idaapi.get_full_long(ea)
print 'win32k system call' , len(syscalls)
return syscalls
def send_names(self):
"""
Used to send all the names to the server.
Usecase: Previously analyzed IDB
"""
for head in idautils.Names():
if not SkelUtils.func_name_blacklist(head[1]):
mtype = idc.GetType(head[0])
if mtype and not mtype.lower().startswith("char["):
self.skel_conn.push_name(head[0], head[1])
def __init__(self):
'''
one table is for one function and its xref_to functions
the table's name is the source function's name
how to store function features within the table still need consideration
'''
self.script_folder = ''
self.project_name = ''
print '---------------------', idc.ARGV[1]
arg = idc.ARGV[1]
self.script_folder = arg[arg.find('(')+2: arg.find(',')-1]
self.project_name = arg[arg.find(',')+2: arg.find(')')-1]
print '++++++++++project_name', self.project_name
print '++++++++++script_folder',self.script_folder
self.moduleName = idc.GetInputFile().replace('.','_') #name of current idb
if os.path.exists(self.moduleName):
#may need user's input to decide whether rewrite it or append it? this check shld be set as input in args
print 'the db already exist'
clear = ConfirmDialog("Delete the current DB and create a new one?")
clear.Compile()
ok = clear.Execute()
if ok:
os.remove(self.moduleName)
else:
return
print '[Get_FunctionFeatures]moduleName: %s'%self.moduleName
self.func_name_ea = {name:ea for ea, name in idautils.Names()} # all names within idb
self.ftable = collections.defaultdict(dict) # a dictionary stores the features of one function, will be refreshed for every function
self.exports = [] # all export functions
self.memop = {} #instructions with memory operation
self.syscalls = set()
self.priorMatrix = [('returnpoints', '_feature_returnpoints'), ('loopcount', '_feature_loopcount')]
#(ea, writemem, writetoglobal, cmpmem, loopcalc)
self.LoadExports()
print 'table name: ' + self.moduleName
def tables_from_names():
''' Yields addresses of VtableGroups if binary is not stripped
'''
for n in idautils.Names():
seg = idaapi.getseg(n[0])
if seg is None or seg.type != idaapi.SEG_DATA:
continue
if is_vtable_name(n[1]) is True:
yield n[0]