我们从Python开源项目中,提取了以下5个代码示例,用于说明如何使用idautils.XrefsFrom()。
def find_xrefs_from( self, func_ea ): xrefs = [] for item in idautils.FuncItems( func_ea ): ALL_XREFS = 0 for ref in idautils.XrefsFrom( item, ALL_XREFS ): if ref.type not in XrefsFromFinder.XREF_TYPE2STR: continue if ref.to in idautils.FuncItems( func_ea ): continue disas = idc.GetDisasm( item ) curr_xref = XrefFrom( item, ref.to, ref.type, disas ) xrefs.append( curr_xref ) return xrefs
def get_func_code_refs_from(func_ea, iaddrs): """Returns a set with the code references from this function""" code_refs = set() for addr in iaddrs: ref = idaapi.BADADDR for r in idautils.XrefsFrom(addr, idaapi.XREF_FAR): if r.iscode: to_func = idaapi.get_func(r.to) if not to_func or to_func.startEA != func_ea: ref = r.to else: ref = r.to if (ref != idaapi.BADADDR or idaapi.is_call_insn(addr) or idaapi.is_indirect_jump_insn(addr)): #print hex(i.addr), i, hex(ref) code_refs.add(ref) return code_refs
def find_tight_loops(fva): """ Code from Willi Ballenthin """ tight_loops = [] function = idaapi.get_func(fva) for bb in idaapi.FlowChart(function): # bb.endEA is the first addr not in the basic block bb_end = idc.PrevHead(bb.endEA) for x in idautils.XrefsFrom(bb_end): if x.to == bb.startEA and bb.startEA < bb_end: tight_loops.append((bb.startEA, bb_end)) if tight_loops: g_logger.debug("Tight loops in 0x%x: %s", fva, ["0x%x - 0x%x" % (s, e) for (s, e) in tight_loops]) return tight_loops
def get_custom_viewer_hint(self, view, place): try: tform = idaapi.get_current_tform() if idaapi.get_tform_type(tform) != idaapi.BWN_DISASM: return None curline = idaapi.get_custom_viewer_curline(view, True) # sometimes get_custom_viewer_place() returns [x, y] and sometimes [place_t, x, y]. # we want the place_t. viewer_place = idaapi.get_custom_viewer_place(view, True) if len(viewer_place) != 3: return None _, x, y = viewer_place ea = place.toea() # "color" is a bit of misnomer: its the type of the symbol currently hinted color = get_color_at_char(curline, x) if color != idaapi.COLOR_ADDR: return None # grab the FAR references to code (not necessarilty a branch/call/jump by itself) far_code_references = [xref.to for xref in idautils.XrefsFrom(ea, ida_xref.XREF_FAR) if idc.isCode(idc.GetFlags(xref.to))] if len(far_code_references) != 1: return None fva = far_code_references[0] # ensure its actually a function if not idaapi.get_func(fva): return None # this magic constant is the number of "important lines" to display by default. # the remaining lines get shown if you scroll down while the hint is displayed, revealing more lines. return render_function_hint(fva), DEFAULT_IMPORTANT_LINES_NUM except Exception as e: logger.warning('unexpected exception: %s. Get in touch with @williballenthin.', e, exc_info=True) return None
def graph_down(ea, path=set()): """ Recursively collect all function calls. Copied with minor modifications from http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html """ path.add(ea) # # iterate through all the instructions in the target function (ea) and # inspect all the call instructions # for x in [x for x in idautils.FuncItems(ea) if idaapi.is_call_insn(x)]: # TODO for r in idautils.XrefsFrom(x, idaapi.XREF_FAR): #print "0x%08X" % h, "--calls-->", "0x%08X" % r.to if not r.iscode: continue # get the function pointed at by this call func = idaapi.get_func(r.to) if not func: continue # ignore calls to imports / library calls / thunks if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0: continue # # if we have not traversed to the destination function that this # call references, recurse down to it to continue our traversal # if r.to not in path: graph_down(r.to, path) return path