def enum_segm(self):
i = 0
for ea in idautils.Segments():
seg = idaapi.getseg(ea)
SigmName = idc.SegName(ea)
startA = idc.SegStart(ea)
endA = idc.SegEnd(ea)
className = idaapi.get_segm_class(seg)
seg_radio = SegmRadio(SigmName, startA, endA, className)
self.segm.append((SigmName, startA, endA, className))
self.segm_vbox.addWidget(seg_radio)
self.segm_vbox.addStretch(1)
if i == 0:
i = 1
seg_radio.toggle()
return self.segm_vbox
python类SegStart()的实例源码
def map_exports(exports, verbose=True):
""" gets an array of [(vaddress, name),..] and writes it to db"""
if verbose:
print "[+] going for %d exports" % (len(exports))
for addr, export_name in exports:
print "[+] creating export", export_name
# check that there are no existing segments in that address
if idc.SegStart(addr) == idc.BADADDR:
print "[+] creating seg: 0x%08X: %d" % (addr, 4)
idc.AddSegEx(addr,
addr + 4, 0, 0,
idaapi.saRelPara, idaapi.scPub,
idc.ADDSEG_FILLGAP)
elif verbose:
print "[!] Skipping creation of existing segment.."
# set it as execuable
idc.SetSegmentAttr(addr, idc.SEGATTR_PERM, SEGPERM_EXEC)
if verbose:
print "[+] making name: %s" % (export_name)
make_name(addr, export_name)
def create_call_map(self, ftype):
assert_ida_available()
import idc
import idautils
seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
imports = seg_mapping[".idata"] if ftype == PE else seg_mapping['.plt']
start, stop = seg_mapping[".text"]
current = start
while current <= stop:
inst = current
if idc.GetMnem(inst) in ["call", "jmp"]:
value = idc.GetOperandValue(inst, 0)
name = idc.GetOpnd(inst, 0)
if imports[0] <= value <= imports[1]:
entry = self.config.call_map.add()
entry.address = inst
entry.name = name
current = idc.NextHead(current, stop)
def addresses():
"""Generate all mapped addresses."""
for s in idautils.Segments():
ea = idc.SegStart(s)
while ea < idc.SegEnd(s):
yield ea
ea = idaapi.nextaddr(ea)
def output_symbols(out):
"""Dump symbols."""
try:
from idaapi import get_func_name2 as get_func_name
# Since get_func_name is deprecated (at least from IDA 6.9)
except ImportError:
from idaapi import get_func_name
# Older versions of IDA don't have get_func_name2
# so we just use the older name get_func_name
def func_name_propagate_thunk(ea):
current_name = get_func_name(ea)
if current_name[0].isalpha():
return current_name
func = idaapi.get_func(ea)
temp_ptr = idaapi.ea_pointer()
ea_new = idaapi.BADADDR
if func.flags & idaapi.FUNC_THUNK == idaapi.FUNC_THUNK:
ea_new = idaapi.calc_thunk_func_target(func, temp_ptr.cast())
if ea_new != idaapi.BADADDR:
ea = ea_new
propagated_name = get_func_name(ea) or '' # Ensure it is not `None`
if len(current_name) > len(propagated_name) > 0:
return propagated_name
else:
return current_name
# Fallback to non-propagated name for weird times that IDA gives
# a 0 length name, or finds a longer import name
for ea in idautils.Segments():
fs = idautils.Functions(idc.SegStart(ea), idc.SegEnd(ea))
for f in fs:
out.write('("%s" 0x%x 0x%x)\n' % (
func_name_propagate_thunk(f),
idc.GetFunctionAttr(f, idc.FUNCATTR_START),
idc.GetFunctionAttr(f, idc.FUNCATTR_END)))
def get_functions():
'''
enumerate the functions in the currently loaded module.
Yields:
int: address of the function.
'''
startea = idc.BeginEA()
for fva in idautils.Functions(idc.SegStart(startea), idc.SegEnd(startea)):
yield fva
def seg_start(ea):
"""Returns the start of the segment that ea belongs in."""
return idc.SegStart(ea)
def get_seg_range(seg):
for s in idautils.Segments():
if idc.SegName(s) == seg:
start_ea = idc.SegStart(s)
end_ea = idc.SegEnd(s)
return start_ea, end_ea
def setupUI(self):
ea = idc.ScreenEA()
seg = idaapi.getseg(ea)
SigmName = idc.SegName(ea)
startA = idc.SegStart(ea)
endA = idc.SegEnd(ea)
className = idaapi.get_segm_class(seg)
self.setWindowTitle("Jumper--%s %s %s" % (hex(ea - startA).upper(), SigmName, className))
self.groupBox.setLayout(self.enum_segm())
search_hbox = QHBoxLayout()
search_hbox.addWidget(QLabel("search"))
search_hbox.addWidget(self.search_edit)
offset_hbox = QHBoxLayout()
offset_hbox.addWidget(QLabel("offset"))
offset_hbox.addWidget(self.off_edit)
self.scroll = QScrollArea()
self.scroll.setWidgetResizable(True) # Set to make the inner widget resize with scroll area
self.scroll.setWidget(self.groupBox)
globle_vbox = QVBoxLayout(self)
globle_vbox.addWidget(self.scroll)
globle_vbox.addLayout(search_hbox)
globle_vbox.addLayout(offset_hbox)
btn_layout = QHBoxLayout()
jump = QPushButton("jump")
jump.clicked.connect(self.jump_click)
get_offset = QPushButton("offset")
get_offset.clicked.connect(self.get_cur_offset)
btn_layout.addWidget(jump)
btn_layout.addWidget(get_offset)
globle_vbox.addLayout(btn_layout)
self.search_edit.textChanged.connect(self.search_changed)
def get_cur_offset(self):
ea = idc.ScreenEA()
seg = idaapi.getseg(ea)
SigmName = idc.SegName(ea)
startA = idc.SegStart(ea)
self.off_edit.setText(hex(ea - startA).upper())
self.search_edit.setText(SigmName)
def map_segments(segments, dsc_file, verbose=True):
for segaddr, segsize, segdata in segments:
print "[+] creating seg: 0x%08X: %d" % (segaddr, segsize)
# check that there are no existing segments in that address
if idc.SegStart(segaddr) == idc.BADADDR:
idc.AddSegEx(segaddr,
segaddr + segsize, 0, 0,
idaapi.saRelPara, idaapi.scPub,
idc.ADDSEG_FILLGAP)
# set it as read-only
idc.SetSegmentAttr(segaddr, idc.SEGATTR_PERM, SEGPERM_READ)
else:
print "[!] Skipping creation of existing segment.."
# after mapping the segment, write the data to the db.
try:
for addr, size, macho_offset in segdata:
dsc_file.seek(macho_offset)
memcpy(addr, dsc_file.read(size))
if verbose:
print "0x%X, 0x%06X, 0x%06X: %s" % (addr,
size,
macho_offset,
dsc_file.read(size))
except Exception:
print segdata
raise
def get_list_of_functions(self):
'''Get all functions list.'''
seg_ea = idc.BeginEA()
functions_list = {}
for func_ea in idautils.Functions(idc.SegStart(seg_ea), idc.SegEnd(seg_ea)):
function_name = self.maybe_demangle(idc.GetFunctionName(func_ea))
functions_list[function_name] = func_ea
return functions_list
def iter_lines():
"""
Iterate through all line addresses in the IDB
Yields addresses of all lines.
"""
for ea in idautils.Segments():
seg_start = idc.SegStart(ea)
seg_end = idc.SegEnd(ea)
cur_addr = seg_start
while (cur_addr < seg_end) and (cur_addr != idaapi.BADADDR):
yield cur_addr
cur_addr = idc.NextHead(cur_addr)
def update_mapping(self):
pass
self.fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1) for x in
idautils.Functions()}
self.seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
def GetNextModuleBase():
global g_NextLibBase
g_NextLibBase = FirstSeg()
while SegStart(g_NextLibBase) != BADADDR:
g_NextLibBase += kModuleAlignment
fl_log("FridaLink: next module base = " + ("0x%012x" % g_NextLibBase) + "\n")
def LoadModule(platform, name, path):
global g_NextLibBase
if platform is not None:
os_type = platform[:3]
if os_type == "iOS":
# check if it is custom or system framework
app_idx = path.find(".app")
if app_idx >=0:
# custom framework
local_path = path[app_idx+4:]
bin_path = os.path.dirname(get_input_file_path())
path = bin_path + local_path
else:
# system framework
os_ver = platform[4:]
home = os.path.expanduser("~")
path = home + "/Library/Developer/Xcode/iOS DeviceSupport/" + os_ver + "/Symbols" + path
# check if framework exists
if os.path.exists(path) == False:
fl_log("FridaLink: invalid path [ " + path + " ]\n")
return
fl_log("FridaLink: loading module '" + name + "' from [ " + path + " ]\n")
res = load_loader_module(None, "macho", str(path), False)
if res != 0:
Wait()
seg = get_segm_by_name("HEADER").startEA
set_segm_name(getseg(seg), name)
Wait()
fl_log("FridaLink: set first sector name for loaded module to '" + name + "'\n")
if seg < g_AppBase:
fl_log("FridaLink: move module '" + name + "' to " + ('0x%012x' % g_NextLibBase) + "\n")
# Move back all segments before main one (usually for OSX modules)
while seg < g_AppBase:
fl_log((' 0x%012x' % SegStart(seg)) + " -> " + ('0x%012x' % (SegStart(seg) + g_NextLibBase)) + ": " + SegName(seg) + "\n")
MoveSegm(SegStart(seg), SegStart(seg) + g_NextLibBase, 0)
Wait()
seg = FirstSeg()
g_NextLibBase += kModuleAlignment
fl_log("FridaLink: next module base = " + ("0x%012x" % g_NextLibBase) + "\n")
