def AppendComment(ea, s, repeatable=False):
# see williutils and http://blogs.norman.com/2011/security-research/improving-ida-analysis-of-x64-exception-handling
if repeatable:
string = idc.RptCmt(ea)
else:
string = idc.Comment(ea)
if not string:
string = s # no existing comment
else:
if s in string: # ignore duplicates
return
string = string + "\n" + s
if repeatable:
idc.MakeRptCmt(ea, string)
else:
idc.MakeComm(ea, string)
python类MakeComm()的实例源码
def revise_syscall(rename=False):
if not rename:
print('Change the function name with `CGCHeler.revise_syscall(True)`.')
# visit all instructions
start_ea, end_ea = utils.get_seg_range('.text')
eax = -1
ip = start_ea
while ip < end_ea and ip != idaapi.BADADDR:
if 'int' in idc.GetMnem(ip) and '80h' == idc.GetOpnd(ip, 0):
if eax != -1:
# fix comment and function name
print('{}: {}'.format(hex(ip), syscall_table[eax]))
idc.MakeComm(ip, 'CGC syscall: {}'.format(syscall_table[eax]))
if rename:
print('Change {} to {}'.format(idc.GetFunctionName(ip), syscall_table[eax]))
idc.MakeName(idc.GetFunctionAttr(ip, idc.FUNCATTR_START), syscall_table[eax])
elif 'mov' in idc.GetMnem(ip) and 'eax' == idc.GetOpnd(ip, 0) and 5 == idc.GetOpType(ip, 1):
value = idc.GetOpnd(ip, 1)
if re.search('^[0-9]+$', value) != None:
eax = int(value)
if eax > 7 or eax < 1:
eax = -1
ip = idc.NextHead(ip)
def _ApdComm(self, ea, id):
# DEBUG_PRINT('_ApdComm')
g_mark = ' '
if self._global == 1:
idx = self._dbDict[ea]._idx_list[id][0]
g_mark = '_g'
else:
idx = self._dbDict[ea]._idx_list[id][0] - self._dbDict[idaapi.get_func(ea).startEA]._idx_list[0][0]
g_mark = '_L'
idxcomm = self._dbDict[ea]._idx_list[id][1]
comm = self._commMarker + str(idx) + g_mark +' ' +str(idxcomm).strip('{}')
oldComm = str(idc.GetCommentEx(ea, 0))
tag = ''
for xref in idautils.CodeRefsTo(ea, 0):
if xref !=[]:
if ea != idaapi.get_func(ea).startEA and oldComm == 'None':
comm = '\n' + comm
break
if(oldComm != 'None'):
comm = oldComm + '\n' + comm
idc.MakeComm(ea, str(comm))
self._dbDict[ea]._shown = True
return
def append_comment(ea, s, repeatable=False):
'''
add the given string as a (possibly repeating) comment to the given address.
does not add the comment if it already exists.
adds the comment on its own line.
Args:
ea (int): the address at which to add the comment.
s (str): the comment text.
repeatable (bool): if True, set a repeatable comment.
Raises:
UnicodeEncodeError: if the given string is not ascii.
'''
# see: http://blogs.norman.com/2011/security-research/improving-ida-analysis-of-x64-exception-handling
s = s.encode('ascii')
if repeatable:
string = idc.RptCmt(ea)
else:
string = idc.Comment(ea)
if not string:
string = s # no existing comment
else:
if s in string: # ignore duplicates
return
string = string + "\\n" + s
if repeatable:
idc.MakeRptCmt(ea, string)
else:
idc.MakeComm(ea, string)
def disassemble_from_trace(self):
try:
index = self.traces_tab.currentIndex()
trace = self.core.traces[self.id_map[index]]
self.disassemble_button.setFlat(True)
found_match = False
for k, inst in trace.instrs.items():
if k in trace.metas:
for name, arg1, arg2 in trace.metas[k]:
if name == "wave":
self.parent.log("LOG", "Wave n°%d encountered at (%s,%x) stop.." % (arg1, k, inst.address))
prev_inst = trace.instrs[k-1]
idc.MakeComm(prev_inst.address, "Jump into Wave %d" % arg1)
self.disassemble_button.setFlat(False)
return
# TODO: Check that the address is in the address space of the program
if not idc.isCode(idc.GetFlags(inst.address)):
found_match = True
# TODO: Add an xref with the previous instruction
self.parent.log("LOG", "Addr:%x not decoded as an instruction" % inst.address)
if idc.MakeCode(inst.address) == 0:
self.parent.log("ERROR", "Fail to decode at:%x" % inst.address)
else:
idaapi.autoWait()
self.parent.log("SUCCESS", "Instruction decoded at:%x" % inst.address)
if not found_match:
self.parent.log("LOG", "All instruction are already decoded")
self.disassemble_button.setFlat(False)
except KeyError:
print "No trace found to use"
def make_comment(pos, string):
"""
Creates a comment with contents `string` at address `pos`.
If the address is already commented append the new comment to the existing comment
"""
current_comment = idc.Comment(pos)
if not current_comment:
idc.MakeComm(pos, string)
elif string not in current_comment:
idc.MakeComm(pos, current_comment + " " + string)
def activate(self, ctx):
pos = idc.ScreenEA()
# Get current comment for this instruction and remove the C define from it, if present
comment = idc.Comment(pos)
code = get_operand_value(pos)
define = ioctl_decoder.get_define(code)
comment = comment.replace(define, "")
idc.MakeComm(pos, comment)
# Remove the ioctl from the valid list and add it to the invalid list to avoid 'find_all_ioctls' accidently re-indexing it.
ioctl_tracker.remove_ioctl(pos)
def _RmComm(self, ea):
oldComm = str(idc.GetCommentEx(ea, 0))
startIdx = oldComm.find(self._commMarker)
if(startIdx != -1):
comm = oldComm[0:startIdx]
idc.MakeComm(ea, str(comm).strip())
self._dbDict[ea]._shown = False
return
def GlobalorLocal(self):
origlobal= self._global
views = ['1','2','3']
if self._global == 1:
tmpglobal = 0
else:
tmpglobal = 1
c_ea = idc.ScreenEA()
(c_startEA,c_endEA) = self._GetFuncRange(c_ea)
indexs = [i for i,item in enumerate(self._tablelist) if item[2] in views]
for index in indexs:
ea = int(self._tablelist[index][0],16)
DEBUG_PRINT( ea)
(startEA,endEA) = self._GetFuncRange(ea)
if startEA == c_startEA:
c_index = index
continue
self._delComms(startEA,endEA)
self._tablelist[index][2] = '0'
for ea in range(c_startEA,c_endEA+1):
if ea in self._dbDict.keys():
if self._dbDict[ea]._shown == True:
idx = self.GetIDX(ea)
id = self.GetID(ea, idx)
oldComm = str(idc.GetCommentEx(ea, 0))
startIdx = oldComm.find(self._commMarker)
if(startIdx != -1):
comm = oldComm[0:startIdx]
idc.MakeComm(ea, str(comm).strip())
self._global = tmpglobal
self._ApdComm(ea,id)
self._global = origlobal
self._global = tmpglobal
return
def print_mcr_op(i, mcr, s):
print "%x: %s (using r%d)" %(i.ea, s, mcr['opcode1'])
if ADD_COMMENT:
idc.MakeComm(i.ea, s)
