我们从Python开源项目中,提取了以下15个代码示例,用于说明如何使用idc.SegName()。
def enum_segm(self): i = 0 for ea in idautils.Segments(): seg = idaapi.getseg(ea) SigmName = idc.SegName(ea) startA = idc.SegStart(ea) endA = idc.SegEnd(ea) className = idaapi.get_segm_class(seg) seg_radio = SegmRadio(SigmName, startA, endA, className) self.segm.append((SigmName, startA, endA, className)) self.segm_vbox.addWidget(seg_radio) self.segm_vbox.addStretch(1) if i == 0: i = 1 seg_radio.toggle() return self.segm_vbox
def __init__(self): self.addr = None self.flags = None self.names = [ 'Function name', 'Address', 'Segment', 'Length', 'Locals', 'Arguments', 'R', 'F', 'L', 'S', 'B', 'T', '=' ] self.handlers = { 0: lambda: None, 1: lambda: self.ptr().format(self.addr), 2: lambda: '{}'.format(idc.SegName(self.addr)), 3: lambda: self.halfptr().format(idc.GetFunctionAttr( self.addr, idc.FUNCATTR_END) - self.addr), 4: lambda: self.set_if_true(idc.GetFunctionAttr( self.addr, idc.FUNCATTR_FRSIZE)), 5: lambda: self.set_if_true(idc.GetFunctionAttr( self.addr, idc.FUNCATTR_ARGSIZE)), 6: lambda: self.is_true(not self.flags & idc.FUNC_NORET, 'R'), 7: lambda: self.is_true(self.flags & idc.FUNC_FAR, 'F'), 8: lambda: self.is_true(self.flags & idc.FUNC_LIB, 'L'), 9: lambda: self.is_true(self.flags & idc.FUNC_STATIC, 'S'), 10: lambda: self.is_true(self.flags & idc.FUNC_FRAME, 'B'), 11: lambda: self.is_true(idc.GetType(self.addr), 'T'), 12: lambda: self.is_true(self.flags & idc.FUNC_BOTTOMBP, '=') }
def post_analysis_stuff(self, results): if results.has_formula(): self.action_selector.addItem(self.parent.HIGHLIGHT_CODE) self.action_selector.addItem(self.parent.GRAPH_DEPENDENCY) self.formula_area.setText(self.parent.results.formula) if results.has_values(): self.action_selector.addItem(self.parent.DISASS_UNKNOWN_TARGET) self.action_selector.setEnabled(True) self.action_button.setEnabled(True) report = HTMLReport() report.add_title("Results", size=3) report.add_table_header(["address", "assertion", "status", "values"]) addr = make_cell("%x" % results.target) status = make_cell(results.get_status(), color=results.color, bold=True) vals = "" for value in results.values: flag = idc.GetFlags(value) typ = self.type_to_string(flag) vals += "%x type:%s seg:%s fun:%s<br/>" % (value, typ, idc.SegName(value), idc.GetFunctionName(value)) report.add_table_line([addr, make_cell(cgi.escape(results.query)), status, make_cell(vals)]) report.end_table() data = report.generate() self.result_area.setHtml(data)
def create_call_map(self, ftype): assert_ida_available() import idc import idautils seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()} imports = seg_mapping[".idata"] if ftype == PE else seg_mapping['.plt'] start, stop = seg_mapping[".text"] current = start while current <= stop: inst = current if idc.GetMnem(inst) in ["call", "jmp"]: value = idc.GetOperandValue(inst, 0) name = idc.GetOpnd(inst, 0) if imports[0] <= value <= imports[1]: entry = self.config.call_map.add() entry.address = inst entry.name = name current = idc.NextHead(current, stop)
def get_segments(): ''' fetch the segments in the current executable. ''' for segstart in idautils.Segments(): segend = idaapi.getseg(segstart).endEA segsize = segend - segstart segname = str(idc.SegName(segstart)).rstrip('\x00') segbuf = get_segment_buffer(segstart) yield Segment(segstart, segend, segname, segbuf)
def enum_segments(): for segstart in idautils.Segments(): segend = idc.SegEnd(segstart) segname = idc.SegName(segstart) yield Segment(segstart, segend, segname)
def get_seg_range(seg): for s in idautils.Segments(): if idc.SegName(s) == seg: start_ea = idc.SegStart(s) end_ea = idc.SegEnd(s) return start_ea, end_ea
def setupUI(self): ea = idc.ScreenEA() seg = idaapi.getseg(ea) SigmName = idc.SegName(ea) startA = idc.SegStart(ea) endA = idc.SegEnd(ea) className = idaapi.get_segm_class(seg) self.setWindowTitle("Jumper--%s %s %s" % (hex(ea - startA).upper(), SigmName, className)) self.groupBox.setLayout(self.enum_segm()) search_hbox = QHBoxLayout() search_hbox.addWidget(QLabel("search")) search_hbox.addWidget(self.search_edit) offset_hbox = QHBoxLayout() offset_hbox.addWidget(QLabel("offset")) offset_hbox.addWidget(self.off_edit) self.scroll = QScrollArea() self.scroll.setWidgetResizable(True) # Set to make the inner widget resize with scroll area self.scroll.setWidget(self.groupBox) globle_vbox = QVBoxLayout(self) globle_vbox.addWidget(self.scroll) globle_vbox.addLayout(search_hbox) globle_vbox.addLayout(offset_hbox) btn_layout = QHBoxLayout() jump = QPushButton("jump") jump.clicked.connect(self.jump_click) get_offset = QPushButton("offset") get_offset.clicked.connect(self.get_cur_offset) btn_layout.addWidget(jump) btn_layout.addWidget(get_offset) globle_vbox.addLayout(btn_layout) self.search_edit.textChanged.connect(self.search_changed)
def get_cur_offset(self): ea = idc.ScreenEA() seg = idaapi.getseg(ea) SigmName = idc.SegName(ea) startA = idc.SegStart(ea) self.off_edit.setText(hex(ea - startA).upper()) self.search_edit.setText(SigmName)
def make_islands_xrefs_force_bl_call(ea, verbose=True): """ makes all BL references to a branch islands as call """ segname = idc.SegName(ea) if verbose: print "[+] forcing bl call on: %s [0x%X]" % (segname, ea) if "branch_islands" in segname: idc.SetFunctionFlags(ea, idc.GetFunctionFlags(ea) & (0xffffffff - 1)) for x in idautils.XrefsTo(ea): make_islands_xrefs_force_bl_call(x.frm) return idc.ArmForceBLCall(ea)
def label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code): """ labels, comments and fixes code flow on branch islands """ jmpaddrs = sorted(set(jmp_to_code.keys())) dsc_file.seek(0) header = dsc_header(dsc_file) dsc_file.seek(header.images_offset) i = 0 jmpaddrslen = len(jmpaddrs) for addr in jmpaddrs: print "status: 0x%X %d/%d" % (addr, i, jmpaddrslen) res = adrfind.find(addr) if not res: print "[!] coudln't find addr for addr:", addr dylib_path, dsc_offset, macho_offset = res exportname = adrfind.get_export_name_for_addr(addr) if _IN_IDA: eas = jmp_to_code[addr] for ea in eas: idc.MakeRptCmt(ea, "%s'%s" % (dylib_path, exportname)) if "branch_islands" in idc.SegName(ea): make_name(ea, exportname) # patch them to "RET" so they would return memcpy(ea, "\xC0\x03\x5F\xD6") make_islands_xrefs_force_bl_call(ea) else: print "[+] \\\\ %s" % exportname i += 1
def update_mapping(self): pass self.fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1) for x in idautils.Functions()} self.seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
def SanityChecks(): seg = FirstSeg() if SegName(seg) != GetInputFile().replace(' ', '_'): dlg = AskYN(0, "Name of the first segment for main module ('" + SegName(seg) + "') doesn't\nmatch main module's name ('" + GetInputFile() + "').\n\n" + "In order for the FridaLink to function correctly (i.e. resolve\nsymbols and load additional modules) this segment name\nshould be updated.\n\n" + "Update first segment name to '" + GetInputFile() + "'?") if dlg == 1: set_segm_name(getseg(seg), GetInputFile()) Wait() fl_log("FridaLink: set first sector name for main binary to '" + GetInputFile() + "'\n")
def LoadModule(platform, name, path): global g_NextLibBase if platform is not None: os_type = platform[:3] if os_type == "iOS": # check if it is custom or system framework app_idx = path.find(".app") if app_idx >=0: # custom framework local_path = path[app_idx+4:] bin_path = os.path.dirname(get_input_file_path()) path = bin_path + local_path else: # system framework os_ver = platform[4:] home = os.path.expanduser("~") path = home + "/Library/Developer/Xcode/iOS DeviceSupport/" + os_ver + "/Symbols" + path # check if framework exists if os.path.exists(path) == False: fl_log("FridaLink: invalid path [ " + path + " ]\n") return fl_log("FridaLink: loading module '" + name + "' from [ " + path + " ]\n") res = load_loader_module(None, "macho", str(path), False) if res != 0: Wait() seg = get_segm_by_name("HEADER").startEA set_segm_name(getseg(seg), name) Wait() fl_log("FridaLink: set first sector name for loaded module to '" + name + "'\n") if seg < g_AppBase: fl_log("FridaLink: move module '" + name + "' to " + ('0x%012x' % g_NextLibBase) + "\n") # Move back all segments before main one (usually for OSX modules) while seg < g_AppBase: fl_log((' 0x%012x' % SegStart(seg)) + " -> " + ('0x%012x' % (SegStart(seg) + g_NextLibBase)) + ": " + SegName(seg) + "\n") MoveSegm(SegStart(seg), SegStart(seg) + g_NextLibBase, 0) Wait() seg = FirstSeg() g_NextLibBase += kModuleAlignment fl_log("FridaLink: next module base = " + ("0x%012x" % g_NextLibBase) + "\n")
def _CheckMemOp(self, ea): ''' the itype value are defined in .\idasdk64\include\allins.hpp op.type definition is in .\idasdk64\include\ua.hpp const optype_t // Description Data field o_void = 0, // No Operand ---------- o_reg = 1, // General Register (al,ax,es,ds...) reg o_mem = 2, // Direct Memory Reference (DATA) addr o_phrase = 3, // Memory Ref [Base Reg + Index Reg] phrase o_displ = 4, // Memory Reg [Base Reg + Index Reg + Displacement] phrase+addr o_imm = 5, // Immediate Value value o_far = 6, // Immediate Far Address (CODE) addr o_near = 7, // Immediate Near Address (CODE) addr o_idpspec0 = 8, // IDP specific type ''' inst = idautils.DecodeInstruction(ea) if inst == None: return if inst.itype in [160,159]: # retn 159, retf 160 self.ftable["returnpoints"].append(ea) elif inst.itype in [122,6,209]: # mov 122 add 6 sub 209, write memory happened at first opr if 2<= inst[0].type <=7: #considered as memory write if idc.SegName(inst[0].addr) == '.idata': self.ftable["memop"].append((ea,1,1,0,0)) else: self.ftable["memop"].append((ea,1,0,0,0)) elif inst.itype in [27,210]: #cmp 27 test 210 if (2<= inst[0].type <=7 and inst[0].type != 5) or (2<= inst[1].type <=7 and inst[1].type != 5): #mem cmp self.ftable["memop"].append((ea,0,0,1,0)) elif inst.itype in [44,34]: #inc 44 dec 34; self.ftable["memop"].append((ea,0,0,0,1)) elif inst.itype in [16]: # call 13 if inst[0].type == 3 or inst[0].type == 4: self.ftable["dynamiccall"].append(ea)
