我们从Python开源项目中,提取了以下17个代码示例,用于说明如何使用idaapi.get_imagebase()。
def get_list_of_function_instr(addr): f_start = addr f_end = idc.FindFuncEnd(addr) chunks = enumerate_function_chunks(f_start) list_of_addr = list() list_of_calls = list() image_base = idaapi.get_imagebase(addr) for chunk in chunks: for head in idautils.Heads(chunk[0], chunk[1]): # If the element is an instruction if head == hex(0xffffffffL): raise Exception("Invalid head for parsing") if idc.isCode(idc.GetFlags(head)): call_name = get_call_name(head) if call_name != None: list_of_calls.append(call_name) head = head - image_base head = str(hex(head)) head = head.replace("L", "") head = head.replace("0x", "") list_of_addr.append(head) return list_of_addr, list_of_calls
def enumerate_function_names(): func_name = dict() for seg_ea in idautils.Segments(): # For each of the functions function_ea = seg_ea while function_ea != 0xffffffffL: function_name = idc.GetFunctionName(function_ea) # if already analyzed if func_name.get(function_name, None) != None: function_ea = idc.NextFunction(function_ea) continue image_base = idaapi.get_imagebase(function_ea) addr = function_ea - image_base addr = str(hex(addr)) addr = addr.replace("L", "") addr = addr.replace("0x", "") func_name[function_name] = get_list_of_function_instr(function_ea) function_ea = idc.NextFunction(function_ea) return func_name
def get_list_of_function_instr(addr): ''' The function returns a list of instructions from a function @addr - is function entry point @return - list of instruction's addresses ''' f_start = addr f_end = idc.FindFuncEnd(addr) chunks = enumerate_function_chunks(f_start) list_of_addr = list() image_base = idaapi.get_imagebase(addr) for chunk in chunks: for head in idautils.Heads(chunk[0], chunk[1]): # If the element is an instruction if head == hex(0xffffffffL): raise Exception("Invalid head for parsing") if idc.isCode(idc.GetFlags(head)): head = head - image_base head = str(hex(head)) head = head.replace("L", "") head = head.replace("0x", "") list_of_addr.append(head) return list_of_addr
def enumerate_function_names(): ''' The function enumerates all functions in a dll. @return - dictionary {function_name : list of corresponded instructions} ''' func_name = dict() for seg_ea in idautils.Segments(): # For each of the functions function_ea = seg_ea while function_ea != 0xffffffffL: function_name = idc.GetFunctionName(function_ea) # if already analyzed if func_name.get(function_name, None) != None: function_ea = idc.NextFunction(function_ea) continue image_base = idaapi.get_imagebase(function_ea) addr = function_ea - image_base addr = str(hex(addr)) addr = addr.replace("L", "") addr = addr.replace("0x", "") func_name[function_name] = get_list_of_function_instr(function_ea) function_ea = idc.NextFunction(function_ea) return func_name
def _normalize_coverage(self, coverage_data, metadata): """ Normalize loaded DrCov data to the database metadata. """ # extract the coverage relevant to this IDB (well, the root binary) root_filename = idaapi.get_root_filename() coverage_blocks = coverage_data.get_blocks_by_module(root_filename) # rebase the basic blocks base = idaapi.get_imagebase() rebased_blocks = rebase_blocks(base, coverage_blocks) # coalesce the blocks into larger contiguous blobs condensed_blocks = coalesce_blocks(rebased_blocks) # flatten the blobs into individual instructions or addresses return metadata.flatten_blocks(condensed_blocks)
def init_demangled_names(*args): """ Creates dictionary of demangled names => address, that will be used further at double click on methods got from symbols. """ demangled_names.clear() for address, name in idautils.Names(): short_name = idc.Demangle(name, idc.GetLongPrm(idc.INF_SHORT_DN)) if short_name: demangled_names[short_name.split('(')[0]] = address - idaapi.get_imagebase() # Names can have templates and should be transformed before creating local type name = re.sub(r'[<>]', '_t_', name) # Thunk functions with name like "[thunk]:CWarmupHostProvider::Release`adjustor{8}'" result = re.search(r"(\[thunk\]:)?([^`]*)(.*\{(\d+)}.*)?", short_name) name, adjustor = result.group(2), result.group(4) if adjustor: demangled_names[name + "_adj_" + adjustor] = address - idaapi.get_imagebase() print "[DEBUG] Demangled names have been initialized"
def find_functions(): ''' yields all functions in the form a 2-tuple: (function_address, function_name) function_address is a RELATIVE offset from the image base. ''' # get image base from IDA image_base = idaapi.get_imagebase() # iterate through all functions in the executable. for func_ea in Functions(MinEA(), MaxEA()): # craft the routine record func_name = GetFunctionName(func_ea) funcaddr = func_ea - image_base yield funcaddr, func_name
def baseaddress(): '''Returns the baseaddress of the database.''' return idaapi.get_imagebase()
def get_virtual_func_address(name, tinfo=None, offset=None): """ :param name: method name :param tinfo: class tinfo :param offset: virtual table offset :return: address of the method """ address = idc.LocByName(name) if address != idaapi.BADADDR: return address address = demangled_names.get(name, idaapi.BADADDR) if address != idaapi.BADADDR: return address + idaapi.get_imagebase() if tinfo is None or offset is None: return offset *= 8 udt_member = idaapi.udt_member_t() while tinfo.is_struct(): address = demangled_names.get(tinfo.dstr() + '::' + name, idaapi.BADADDR) if address != idaapi.BADADDR: return address + idaapi.get_imagebase() udt_member.offset = offset tinfo.find_udt_member(idaapi.STRMEM_OFFSET, udt_member) tinfo = udt_member.type offset = offset - udt_member.offset
def __init__(self, tinfo, name, parent): self.tinfo = tinfo self.tinfo_modified = False self.name = name self.class_name = None self.name_modified = False self.parents = [parent] self.base_address = Helper.get_virtual_func_address(name) if self.base_address: self.base_address -= idaapi.get_imagebase() self.rowcount = 0 self.children = []
def update(self, name, tinfo): self.name = name self.tinfo = tinfo self.name_modified = False self.tinfo_modified = False self.base_address = idc.LocByName(self.name) if self.base_address != idaapi.BADADDR: self.base_address -= idaapi.get_imagebase()
def address(self): return self.base_address + idaapi.get_imagebase() if self.base_address else None
def find_bbls(function_ea): ''' yields all basic blocks that belong to the given function. The blocks are returned in a 2-tuple like: (start_address, end_address) Both start and end address are RELATIVE offsets from the image base. ''' # get image base from IDA image_base = idaapi.get_imagebase() function_ea += image_base # get flow chart from IDA flow_chart = idaapi.FlowChart( idaapi.get_func(function_ea), flags=idaapi.FC_PREDS ) # iterate through all basic blocks in # the current routine for block in flow_chart: start_addr = block.startEA - image_base end_addr = block.endEA - image_base if start_addr != end_addr: yield start_addr, end_addr
def get_image(): name = idc.GetInputFile() base = idaapi.get_imagebase() return base, name
def get_base_address(self): return idaapi.get_imagebase()
def run(self): '''Public function.''' self.symbol_path = idc.AskFile(0, '*.pdb', 'Choose PDB file...') self.image_base = idaapi.get_imagebase() print "IPL: Loading PDB data, might take a while..." self.PDBLookup = pdbparse.symlookup.Lookup([(self.symbol_path, self.image_base)]) if not self.PDBLookup: print "IPL: PDBLookup failed to initialize, exiting." return self._rename_functions() return
def do_export(): db = {} module = idaapi.get_root_filename().lower() base = idaapi.get_imagebase() file = AskFile(1, "x64dbg database|%s" % get_file_mask(), "Export database") if not file: return print "Exporting database %s" % file db["labels"] = [{ "text": name, "manual": False, "module": module, "address": "0x%X" % (ea - base) } for (ea, name) in Names()] print "%d label(s) exported" % len(db["labels"]) db["comments"] = [{ "text": comment.replace("{", "{{").replace("}", "}}"), "manual": False, "module": module, "address": "0x%X" % (ea - base) } for (ea, comment) in Comments()] print "%d comment(s) exported" % len(db["comments"]) db["breakpoints"] = [{ "address": "0x%X" % (ea - base), "enabled": True, "type": bptype, "titantype": "0x%X" % titantype, "oldbytes": "0x%X" % oldbytes, "module": module, } for (ea, bptype, titantype, oldbytes) in Breakpoints()] print "%d breakpoint(s) exported" % len(db["breakpoints"]) with open(file, "w") as outfile: json.dump(db, outfile, indent=1) print "Exported database. Done!" # 1) Create the handler class
