def enumerate_function_names():
func_name = dict()
for seg_ea in idautils.Segments():
# For each of the functions
function_ea = seg_ea
while function_ea != 0xffffffffL:
function_name = idc.GetFunctionName(function_ea)
# if already analyzed
if func_name.get(function_name, None) != None:
function_ea = idc.NextFunction(function_ea)
continue
image_base = idaapi.get_imagebase(function_ea)
addr = function_ea - image_base
addr = str(hex(addr))
addr = addr.replace("L", "")
addr = addr.replace("0x", "")
func_name[function_name] = get_list_of_function_instr(function_ea)
function_ea = idc.NextFunction(function_ea)
return func_name
python类GetFunctionName()的实例源码
def enumerate_function_names():
'''
The function enumerates all functions in a dll.
@return - dictionary {function_name : list of corresponded instructions}
'''
func_name = dict()
for seg_ea in idautils.Segments():
# For each of the functions
function_ea = seg_ea
while function_ea != 0xffffffffL:
function_name = idc.GetFunctionName(function_ea)
# if already analyzed
if func_name.get(function_name, None) != None:
function_ea = idc.NextFunction(function_ea)
continue
image_base = idaapi.get_imagebase(function_ea)
addr = function_ea - image_base
addr = str(hex(addr))
addr = addr.replace("L", "")
addr = addr.replace("0x", "")
func_name[function_name] = get_list_of_function_instr(function_ea)
function_ea = idc.NextFunction(function_ea)
return func_name
def revise_syscall(rename=False):
if not rename:
print('Change the function name with `CGCHeler.revise_syscall(True)`.')
# visit all instructions
start_ea, end_ea = utils.get_seg_range('.text')
eax = -1
ip = start_ea
while ip < end_ea and ip != idaapi.BADADDR:
if 'int' in idc.GetMnem(ip) and '80h' == idc.GetOpnd(ip, 0):
if eax != -1:
# fix comment and function name
print('{}: {}'.format(hex(ip), syscall_table[eax]))
idc.MakeComm(ip, 'CGC syscall: {}'.format(syscall_table[eax]))
if rename:
print('Change {} to {}'.format(idc.GetFunctionName(ip), syscall_table[eax]))
idc.MakeName(idc.GetFunctionAttr(ip, idc.FUNCATTR_START), syscall_table[eax])
elif 'mov' in idc.GetMnem(ip) and 'eax' == idc.GetOpnd(ip, 0) and 5 == idc.GetOpType(ip, 1):
value = idc.GetOpnd(ip, 1)
if re.search('^[0-9]+$', value) != None:
eax = int(value)
if eax > 7 or eax < 1:
eax = -1
ip = idc.NextHead(ip)
def post_analysis_stuff(self, results):
if results.has_formula():
self.action_selector.addItem(self.parent.HIGHLIGHT_CODE)
self.action_selector.addItem(self.parent.GRAPH_DEPENDENCY)
self.formula_area.setText(self.parent.results.formula)
if results.has_values():
self.action_selector.addItem(self.parent.DISASS_UNKNOWN_TARGET)
self.action_selector.setEnabled(True)
self.action_button.setEnabled(True)
report = HTMLReport()
report.add_title("Results", size=3)
report.add_table_header(["address", "assertion", "status", "values"])
addr = make_cell("%x" % results.target)
status = make_cell(results.get_status(), color=results.color, bold=True)
vals = ""
for value in results.values:
flag = idc.GetFlags(value)
typ = self.type_to_string(flag)
vals += "%x type:%s seg:%s fun:%s<br/>" % (value, typ, idc.SegName(value), idc.GetFunctionName(value))
report.add_table_line([addr, make_cell(cgi.escape(results.query)), status, make_cell(vals)])
report.end_table()
data = report.generate()
self.result_area.setHtml(data)
def log_stack_chains(chains):
f = open("%s/%s" % (LOG_PATH, "stack_chains"), "wb")
long_chains = 0
for c in chains:
if len(c) > 3:
long_chains += 1
for a in c:
if type(a) == type("x"):
s = a
else:
s = "[0x%08x] %s+0x%x" % (a, str(idc.GetFunctionName(Dword(a))), Dword(a) - idaapi.get_func(Dword(a)).startEA)
#print s
f.write(s)
f.write("\n")
f.write("\n")
print "%d chains found" % len(chains)
print "%d long chains" % long_chains
f.close()
def get_current_function_xrefs_from( self ):
addr_in_func = idc.ScreenEA()
curr_func = idc.GetFunctionName( addr_in_func )
refs = self.find_xrefs_from( addr_in_func )
return [ ref.get_row( XrefsFromFinder.XREF_TYPE2STR ) for ref in refs ]
# ------------------------------------------------------------------------------
def functions_iter():
functions = set()
exports = get_export_list()
for func_ea in idautils.Functions():
if func_ea in functions:
continue # functions with chunks appear once for each of them..
functions.add(func_ea)
code, blocks = get_code_and_blocks(func_ea)
crefs_to = get_func_code_refs_to(func_ea)
crefs_from = get_func_code_refs_from(func_ea, code.iterkeys())
f = func.Function(func_ea, code, blocks, crefs_to, crefs_from)
f.ftype = idc.GetType(func_ea)
f.name = idc.GetFunctionName(func_ea)
if func_ea in exports:
f.exported = True
yield f
typed_imports = get_typed_imports()
for imp_ea, ftype in typed_imports:
crefs_to = get_func_code_refs_to(imp_ea)
f = func.Function(imp_ea, None, None, crefs_to, None)
f.ftype = ftype
f.level = -1 # special level for imported functions
yield f
def sample_source():
global full_hash
full_hash = ""
c = 0
for addr in idautils.Functions(idc.MinEA(),idc.MaxEA()):
fname = idc.GetFunctionName(addr)
full_hash += normalize_fname(fname)+":"+calc_hash(addr)+":"+shexst(addr)+"|"
c = c+1
if c > 1000:
print "Too many subs. Plz run:"
print "SRC SAMPLE : open('lame_ipc.txt','wb').write(full_hash)"
print "DST SAMPLE : src_data = open('lame_ipc.txt','rb').read(full_hash)"
else:
print 'src_data = "' + full_hash + '"'
return
def sample_dest():
global src_data
if src_data is None:
print "run the src_data = ... first"
return
src_hashes = {}
for i in src_data.split("|"):
z = i.split(":")
if len(z) < 2:
continue
if src_hashes.has_key(z[1]):
src_hashes[z[1]] = "baadf00d"
else:
src_hashes[z[1]] = z[0]
dst_hashes = {}
for addr in idautils.Functions(idc.MinEA(),idc.MaxEA()):
fname = idc.GetFunctionName(addr)
z = calc_hash(addr)
if dst_hashes.has_key(z):
dst_hashes[z] = "baadf00d"
else:
dst_hashes[z] = addr
c = 0
for tmp in dst_hashes:
if dst_hashes[tmp] == "baadf00d":
continue
if src_hashes.has_key(tmp):
if src_hashes[tmp] != "baadf00d":
idc.MakeNameEx(dst_hashes[tmp],"SHARED_"+src_hashes[tmp], SN_NOWARN)
c = c+1
print "%d subs have been renamed" % (c)
return
def get_list_of_functions(self):
'''Get all functions list.'''
seg_ea = idc.BeginEA()
functions_list = {}
for func_ea in idautils.Functions(idc.SegStart(seg_ea), idc.SegEnd(seg_ea)):
function_name = self.maybe_demangle(idc.GetFunctionName(func_ea))
functions_list[function_name] = func_ea
return functions_list
def update_mapping(self):
pass
self.fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1) for x in
idautils.Functions()}
self.seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
def target_button_clicked(self):
if self.radio_addr.isChecked():
self.target_field.setText(hex(idc.here()))
else:
self.target_field.setText(idc.GetFunctionName(idc.here()))
# ================================================================================
# ================================================================================
# ==================== Data structures ==================
def process_routine(self, rtn_addr, pred_addr=None, rtn_i=1, total_rtn=1):
if rtn_addr not in self.functions_cfg:
self.functions_cfg[rtn_addr] = MyFlowGraph(rtn_addr)
cfg = self.functions_cfg[rtn_addr]
path_to = self.config_to_path_function(cfg)
if pred_addr is None:
candidates = {x for x in idautils.FuncItems(rtn_addr) if idc.GetMnem(x) in cond_jump}
else:
candidates = {pred_addr}
nb_candidates = len(candidates)
self.functions_candidates[rtn_addr] = set()
self.functions_spurious_instrs[rtn_addr] = set()
self.progressbar_loading.reset()
self.progressbar_loading.setMaximum(len(candidates))
name = idc.GetFunctionName(rtn_addr)
self.result_widget.webview.append("\n=> Function:%s\n" % name)
self.log("[result]", "Start processing function: 0x%x" % rtn_addr)
for i, addr in zip(xrange(len(candidates)), candidates):
path = path_to(addr)
res = self.process_addr(rtn_addr, addr, path)
if self.STOP:
return
elif res is None:
continue
dead_br = "/" if res.dead_branch is None else "%x" % res.dead_branch
self.result_widget.webview.append("%x:\t%s\t\tK:%d\tDead:%s" % (addr, to_status_name(res.status), res.k, dead_br))
self.result_widget.webview.verticalScrollBar().setValue(self.result_widget.webview.verticalScrollBar().maximum())
self.loading_stat.setText("Fun: %d/%d Addr: %d/%d" % (rtn_i, total_rtn, i+1, nb_candidates))
self.progressbar_loading.setValue(self.progressbar_loading.value()+1)
self.functions_candidates[rtn_addr].add(addr)
def generate_opaqueness_details_report(self):
for rtn_addr, candidates in self.functions_candidates.items():
self.report.add_title('%s' % idc.GetFunctionName(rtn_addr), size=3)
self.report.add_table_header(['address', "status", "K", "predicate", "distance", "dead branch"])
for addr in sorted(candidates):
res = self.results[addr]
status, color = to_status_name(res.status), status_to_color(res.status)
status = make_cell(status, bold=True, color=color)
dead_br_cell = make_cell("/" if res.dead_branch is None else "%x" % res.dead_branch)
self.report.add_table_line([make_cell("%x" % addr), status, make_cell(str(res.k)), make_cell(res.predicate), make_cell(str(res.distance)), dead_br_cell])
self.report.end_table()
def refresh_trace_view(self):
index = self.traces_tab.currentIndex()
try:
table = self.index_map[index]
for i in xrange(table.rowCount()):
addr_item = table.item(i, 1)
addr = int(addr_item.text(), 0)
routine_item = table.item(i, 3)
routine_item.setText(idc.GetFunctionName(addr))
print "Refresh done"
except KeyError:
print "Trace not found"
def __init__(self, fun_addr):
super(MyFlowGraph, self).__init__()
self.fun = idaapi.get_func(fun_addr)
self.startEA = self.fun.startEA
self.endEA = self.fun.endEA
for bb in idaapi.FlowChart(self.fun):
self.__setitem__(bb.id, MyBasicBlock(bb))
self._compute_links()
self.edge_map = self.make_graph()
self.shortest_path_map = self.dijkstra(self.edge_map)
self.size = sum([x.size() for x in self.values()])
self.viewer = MyFlowGraphViewer(self, "Extract(%s)" % idc.GetFunctionName(self.startEA))
def _feature_syscalls(self,f_ea):
'''
get how many system calls are made within current function, which include (may not limited)
1.direct sys call
2.indirect call from callee recursively
prior feature: null
'''
calleetree = {}
syscallcount = []
calleetree[f_ea] = get_callees(f_ea)
for ea in calleetree[f_ea]:
fname = idc.GetFunctionName(ea)
if fname in self.syscalls:#
syscallcount.append(fname) #better record the syscalls name of address
return len(syscallcount), syscallcount
# for ea in function_eas:
# xrefs = idautils.CodeRefsFrom(ea, False)
# for xref in xrefs:
# if not (xref in function_eas):
# callees.append(xref)
'''
the above commented is one level, below is recursively
'''
def _showFunctions(self):
DEBUG_PRINT('IN _showFunctions')
try:
ea = idc.ScreenEA()
deflt_ea = idaapi.get_func(ea).startEA
except:
deflt_ea = int(self._tablelist[0][0],16)
deflt_id = 1
views = ['0','1','2','3']
for view in views:
if [hex(deflt_ea),idc.GetFunctionName(deflt_ea),view] in self._tablelist:
deflt_id = self._tablelist.index([hex(deflt_ea),idc.GetFunctionName(deflt_ea),view]) + 1
# if [hex(deflt_ea),idc.GetFunctionName(deflt_ea),'0'] in self._tablelist:
# deflt_id = self._tablelist.index([hex(deflt_ea),idc.GetFunctionName(deflt_ea),'0']) + 1
# if [hex(deflt_ea),idc.GetFunctionName(deflt_ea),'1'] in self._tablelist:
# deflt_id = self._tablelist.index([hex(deflt_ea),idc.GetFunctionName(deflt_ea),'1']) + 1
title = "Functions with Comments"
cols = [['Address',10],['Function Name',15],['Show',4]]
chooser = IdxChoose2(title, cols, self._tablelist, deflt = deflt_id)
id = chooser.show()
if -1==id:
return 0
else:
ea = int(self._tablelist[id][0],16)
return ea
#hex(int(self._tablelist[id][0],16))
def log_stack_addrs(stack_addrs):
print len(stack_addrs)
f = open("%s/%s" % (LOG_PATH, "stack_all"), "wb")
for a in stack_addrs:
#s = "[0x%08x] ret address 0x%08x to function %s" % (a, Dword(a), str(idc.GetFunctionName(Dword(a))))
s = "[0x%08x] %s+0x%x" % (a, str(idc.GetFunctionName(Dword(a))), Dword(a) - idaapi.get_func(Dword(a)).startEA)
f.write(s)
f.write("\n")
f.close()
def name_handlers(ea_from, ea_to):
global COUNT
addr = ea_from
print "from: 0x%08x to: 0x%08x" % (addr, ea_to)
while (addr < ea_to):
func_to_name_ea = idc.Dword(addr) & 0xFFFFFFFE
log_msg_ptr = idc.Dword(addr + 12)
log_msg = idc.GetString(log_msg_ptr)
#is that a function already?
#There were 0 cases of this for our case
if not idaapi.get_func(func_to_name_ea):
print "There is no function at 0x%08x!" % func_to_name_ea
idc.MakeFunction(func_to_name_ea)
if "sms_Decode" in idc.GetFunctionName(func_to_name_ea) or "mm_Decode" in idc.GetFunctionName(func_to_name_ea) or "cc_Decode" in idc.GetFunctionName(func_to_name_ea) or "gmm_Decode" in idc.GetFunctionName(func_to_name_ea):
print "Already named appropriately, don't overwrite"
else:
print "Naming %s based on %s as %s" % (idc.GetFunctionName(func_to_name_ea), log_msg, create_name(log_msg))
COUNT += 1
name = create_name(log_msg)
# TODO: enable below naming
ret = idc.LocByName(name)
count = 1
while (ret != 0xffffffff):
count += 1
ret = idc.LocByName(name + "__" + "%d" % count)
idc.MakeName(func_to_name_ea, name + ("__%d" % count)*(count > 1))
addr += 16
def print_call_trace(stack_top, stack_base):
addr = stack_top
print '0x%08x - 0x%08x' % (stack_top, stack_base)
while (addr >= stack_base):
if ret_addr(Dword(addr)):
s = "[0x%08x] %s+0x%x" % (addr, str(idc.GetFunctionName(Dword(addr))), Dword(addr) - idaapi.get_func(Dword(addr)).startEA)
print s
addr -= 4
pass
