def __init__(self, addr):
self.addr = addr
self.dests = set(idautils.CodeRefsFrom(addr, True))
self.jmps = set(idautils.CodeRefsFrom(addr, False))
falls = self.dests - self.jmps
self.fall = list(falls)[0] if falls else None
python类CodeRefsFrom()的实例源码
def refine_results(self):
likely_retag = 0
fp_retag = 0
fn_retag = 0
for rtn_addr, candidates in self.functions_candidates.items():
for addr in sorted(candidates):
res = self.results[addr]
val = sum([x in res.predicate for x in ["(0 :: 2)", "7x", "7y", u"²"]])
final_status = res.status
alive, dead = res.alive_branch, res.dead_branch
if res.status == self.po.NOT_OPAQUE:
if val != 0:
fn_retag += 1
final_status = self.po.OPAQUE
jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0]
next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0]
alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target)
self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr])
elif res.status == self.po.OPAQUE:
if val == 0:
fp_retag += 1
final_status = self.po.NOT_OPAQUE
elif res.status == self.po.LIKELY:
if val == 0:
final_status = self.po.NOT_OPAQUE
else:
final_status = self.po.OPAQUE
jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0]
next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0]
alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target)
self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr])
likely_retag += 1
self.results[addr] = AddrRet(final_status, res.k, res.dependency, res.predicate, res.distance, alive, dead)
print "Retag: FP->OK:%d" % fp_retag
print "Retag: FN->OP:%d" % fn_retag
print "Retag: Lkl->OK:%d" % likely_retag
def make_po_pair(ea, alive):
dead = [x for x in idautils.CodeRefsFrom(ea, True) if x != alive]
return alive, dead[0]
def propagate_dead_code(self, ea, op_map):
prevs = [x for x in idautils.CodeRefsTo(ea, True) if x not in self.marked_addresses and
not self.dead_br_of_op(ea, x, op_map)]
if prevs: # IF there is no legit predecessors
idc.SetColor(ea, idc.CIC_ITEM, 0x0000ff)
self.marked_addresses[ea] = None
succs = [x for x in idautils.CodeRefsFrom(ea, True)]
for succ in succs:
self.propagate_dead_code(succ, op_map)
else:
return
def get_succs(ea):
return [x for x in idautils.CodeRefsFrom(ea, True)]
def _feature_syscalls(self,f_ea):
'''
get how many system calls are made within current function, which include (may not limited)
1.direct sys call
2.indirect call from callee recursively
prior feature: null
'''
calleetree = {}
syscallcount = []
calleetree[f_ea] = get_callees(f_ea)
for ea in calleetree[f_ea]:
fname = idc.GetFunctionName(ea)
if fname in self.syscalls:#
syscallcount.append(fname) #better record the syscalls name of address
return len(syscallcount), syscallcount
# for ea in function_eas:
# xrefs = idautils.CodeRefsFrom(ea, False)
# for xref in xrefs:
# if not (xref in function_eas):
# callees.append(xref)
'''
the above commented is one level, below is recursively
'''
def GetCallees(ea):
function_eas = list(GetEAsInFunction(ea))
visited_functions = []
callees = []
for ea in function_eas:
xrefs = idautils.CodeRefsFrom(ea, False)
for xref in xrefs:
if not (xref in function_eas):
callees.append(xref)
return callees
