我们从Python开源项目中,提取了以下5个代码示例,用于说明如何使用idautils.Names()。
def init_demangled_names(*args): """ Creates dictionary of demangled names => address, that will be used further at double click on methods got from symbols. """ demangled_names.clear() for address, name in idautils.Names(): short_name = idc.Demangle(name, idc.GetLongPrm(idc.INF_SHORT_DN)) if short_name: demangled_names[short_name.split('(')[0]] = address - idaapi.get_imagebase() # Names can have templates and should be transformed before creating local type name = re.sub(r'[<>]', '_t_', name) # Thunk functions with name like "[thunk]:CWarmupHostProvider::Release`adjustor{8}'" result = re.search(r"(\[thunk\]:)?([^`]*)(.*\{(\d+)}.*)?", short_name) name, adjustor = result.group(2), result.group(4) if adjustor: demangled_names[name + "_adj_" + adjustor] = address - idaapi.get_imagebase() print "[DEBUG] Demangled names have been initialized"
def get_w32syscalls(): syscalls = set() # def get_syscall_start(): # for m, n in idautils.Names(): # if n == '_W32pServiceTable': # return m # ea = get_syscall_start() ea = idaapi.str2ea('_W32pServiceTable') f = idaapi.get_full_long(ea) functions = set(idautils.Functions()) while f in functions: fname = GetFunctionName(f) syscalls.add(fname) ea += 4 f = idaapi.get_full_long(ea) print 'win32k system call' , len(syscalls) return syscalls
def send_names(self): """ Used to send all the names to the server. Usecase: Previously analyzed IDB """ for head in idautils.Names(): if not SkelUtils.func_name_blacklist(head[1]): mtype = idc.GetType(head[0]) if mtype and not mtype.lower().startswith("char["): self.skel_conn.push_name(head[0], head[1])
def __init__(self): ''' one table is for one function and its xref_to functions the table's name is the source function's name how to store function features within the table still need consideration ''' self.script_folder = '' self.project_name = '' print '---------------------', idc.ARGV[1] arg = idc.ARGV[1] self.script_folder = arg[arg.find('(')+2: arg.find(',')-1] self.project_name = arg[arg.find(',')+2: arg.find(')')-1] print '++++++++++project_name', self.project_name print '++++++++++script_folder',self.script_folder self.moduleName = idc.GetInputFile().replace('.','_') #name of current idb if os.path.exists(self.moduleName): #may need user's input to decide whether rewrite it or append it? this check shld be set as input in args print 'the db already exist' clear = ConfirmDialog("Delete the current DB and create a new one?") clear.Compile() ok = clear.Execute() if ok: os.remove(self.moduleName) else: return print '[Get_FunctionFeatures]moduleName: %s'%self.moduleName self.func_name_ea = {name:ea for ea, name in idautils.Names()} # all names within idb self.ftable = collections.defaultdict(dict) # a dictionary stores the features of one function, will be refreshed for every function self.exports = [] # all export functions self.memop = {} #instructions with memory operation self.syscalls = set() self.priorMatrix = [('returnpoints', '_feature_returnpoints'), ('loopcount', '_feature_loopcount')] #(ea, writemem, writetoglobal, cmpmem, loopcalc) self.LoadExports() print 'table name: ' + self.moduleName
def tables_from_names(): ''' Yields addresses of VtableGroups if binary is not stripped ''' for n in idautils.Names(): seg = idaapi.getseg(n[0]) if seg is None or seg.type != idaapi.SEG_DATA: continue if is_vtable_name(n[1]) is True: yield n[0]
