2007-10-20 09:03:51 +02:00
|
|
|
#------------------------------------------------------------
|
|
|
|
# IDAPython - Python plugin for Interactive Disassembler Pro
|
|
|
|
#
|
2008-06-15 12:03:53 +02:00
|
|
|
# Copyright (c) 2004-2008 Gergely Erdelyi <dyce@d-dome.net>
|
2007-10-20 09:03:51 +02:00
|
|
|
#
|
|
|
|
# All rights reserved.
|
|
|
|
#
|
|
|
|
# For detailed copyright information see the file COPYING in
|
|
|
|
# the root of the distribution archive.
|
|
|
|
#------------------------------------------------------------
|
|
|
|
"""
|
|
|
|
idautils.py - High level utility functions for IDA
|
|
|
|
"""
|
2008-04-12 11:08:11 +02:00
|
|
|
import idaapi
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
def refs(ea, funcfirst, funcnext):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Generic reference collector - INTERNAL USE ONLY.
|
|
|
|
"""
|
|
|
|
reflist = []
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
ref = funcfirst(ea)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if ref != idaapi.BADADDR:
|
|
|
|
reflist.append(ref)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
while 1:
|
|
|
|
ref = funcnext(ea, ref)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if ref == idaapi.BADADDR:
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
reflist.append(ref)
|
|
|
|
|
|
|
|
return reflist
|
|
|
|
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
def CodeRefsTo(ea, flow):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get a list of code references to 'ea'
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param ea: Target address
|
|
|
|
@param flow: Follow normal code flow or not
|
|
|
|
@type flow: Boolean (0/1, False/True)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: list of references (may be empty list)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
Example::
|
|
|
|
|
|
|
|
for ref in CodeRefsTo(ScreenEA(), 1):
|
|
|
|
print ref
|
|
|
|
"""
|
|
|
|
if flow == 1:
|
|
|
|
return refs(ea, idaapi.get_first_cref_to, idaapi.get_next_cref_to)
|
|
|
|
else:
|
|
|
|
return refs(ea, idaapi.get_first_fcref_to, idaapi.get_next_fcref_to)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
def CodeRefsFrom(ea, flow):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get a list of code references from 'ea'
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param ea: Target address
|
|
|
|
@param flow: Follow normal code flow or not
|
|
|
|
@type flow: Boolean (0/1, False/True)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: list of references (may be empty list)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
Example::
|
|
|
|
|
|
|
|
for ref in CodeRefsFrom(ScreenEA(), 1):
|
|
|
|
print ref
|
|
|
|
"""
|
|
|
|
if flow == 1:
|
|
|
|
return refs(ea, idaapi.get_first_cref_from, idaapi.get_next_cref_from)
|
|
|
|
else:
|
|
|
|
return refs(ea, idaapi.get_first_fcref_from, idaapi.get_next_fcref_from)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
def DataRefsTo(ea):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get a list of data references to 'ea'
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param ea: Target address
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: list of references (may be empty list)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
Example::
|
|
|
|
|
|
|
|
for ref in DataRefsTo(ScreenEA(), 1):
|
|
|
|
print ref
|
|
|
|
"""
|
|
|
|
return refs(ea, idaapi.get_first_dref_to, idaapi.get_next_dref_to)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
def DataRefsFrom(ea):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get a list of data references from 'ea'
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param ea: Target address
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: list of references (may be empty list)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
Example::
|
|
|
|
|
|
|
|
for ref in DataRefsFrom(ScreenEA(), 1):
|
|
|
|
print ref
|
|
|
|
"""
|
|
|
|
return refs(ea, idaapi.get_first_dref_from, idaapi.get_next_dref_from)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
2008-06-15 11:36:30 +02:00
|
|
|
def XrefTypeName(typecode):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Convert cross-reference type codes to readable names
|
|
|
|
|
|
|
|
@param typecode: cross-reference type code
|
|
|
|
"""
|
|
|
|
ref_types = {
|
|
|
|
0 : 'Data_Unknown',
|
|
|
|
1 : 'Data_Offset',
|
|
|
|
2 : 'Data_Write',
|
|
|
|
3 : 'Data_Read',
|
|
|
|
4 : 'Data_Text',
|
|
|
|
5 : 'Data_Informational',
|
|
|
|
16 : 'Code_Far_Call',
|
|
|
|
17 : 'Code_Near_Call',
|
|
|
|
18 : 'Code_Far_Jump',
|
|
|
|
19 : 'Code_Near_Jump',
|
|
|
|
20 : 'Code_User',
|
|
|
|
21 : 'Ordinary_Flow'
|
|
|
|
}
|
|
|
|
assert typecode in ref_types, "unknown reference type %d" % typecode
|
|
|
|
return ref_types[typecode]
|
2008-06-15 11:36:30 +02:00
|
|
|
|
|
|
|
|
2008-06-16 20:47:02 +02:00
|
|
|
def _copy_xref(xref):
|
|
|
|
""" Make a private copy of the xref class to preserve its contents """
|
|
|
|
class _xref:
|
|
|
|
pass
|
|
|
|
|
|
|
|
xr = _xref()
|
|
|
|
for attr in [ 'frm', 'to', 'iscode', 'type', 'user' ]:
|
|
|
|
setattr(xr, attr, getattr(xref, attr))
|
|
|
|
return xr
|
|
|
|
|
|
|
|
|
2008-06-15 11:36:30 +02:00
|
|
|
def XrefsFrom(ea, flags=0):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Return all references from address 'ea'
|
2008-06-15 11:36:30 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param ea: Reference address
|
|
|
|
@param flags: any of idaapi.XREF_* flags
|
2008-06-15 11:36:30 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
Example:
|
|
|
|
for xref in XrefsFrom(here(), 0):
|
|
|
|
print xref.type, XrefTypeName(xref.type), \
|
2008-06-15 11:36:30 +02:00
|
|
|
'from', hex(xref.frm), 'to', hex(xref.to)
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
xref = idaapi.xrefblk_t()
|
|
|
|
if xref.first_from(ea, flags):
|
2008-06-16 20:47:02 +02:00
|
|
|
yield _copy_xref(xref)
|
2008-06-15 16:39:43 +02:00
|
|
|
while xref.next_from():
|
2008-06-16 20:47:02 +02:00
|
|
|
yield _copy_xref(xref)
|
2008-06-15 11:36:30 +02:00
|
|
|
|
|
|
|
|
|
|
|
def XrefsTo(ea, flags=0):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Return all references to address 'ea'
|
2008-06-15 11:36:30 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param ea: Reference address
|
|
|
|
@param flags: any of idaapi.XREF_* flags
|
2008-06-15 11:36:30 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
Example:
|
|
|
|
for xref in XrefsTo(here(), 0):
|
|
|
|
print xref.type, XrefTypeName(xref.type), \
|
2008-06-15 11:36:30 +02:00
|
|
|
'from', hex(xref.frm), 'to', hex(xref.to)
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
xref = idaapi.xrefblk_t()
|
|
|
|
if xref.first_to(ea, flags):
|
2008-06-16 20:47:02 +02:00
|
|
|
yield _copy_xref(xref)
|
2008-06-15 16:39:43 +02:00
|
|
|
while xref.next_to():
|
2008-06-16 20:47:02 +02:00
|
|
|
yield _copy_xref(xref)
|
2008-06-15 11:36:30 +02:00
|
|
|
|
|
|
|
|
2007-10-20 09:03:51 +02:00
|
|
|
def Heads(start, end):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get a list of heads (instructions or data)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param start: start address (this one is always included)
|
|
|
|
@param end: end address
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: list of heads between start and end
|
|
|
|
"""
|
|
|
|
headlist = []
|
|
|
|
headlist.append(start)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
ea = start
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
while 1:
|
|
|
|
ea = idaapi.next_head(ea, end)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if ea == idaapi.BADADDR:
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
headlist.append(ea)
|
|
|
|
|
|
|
|
return headlist
|
|
|
|
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
def Functions(start, end):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get a list of functions
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param start: start address
|
|
|
|
@param end: end address
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: list of heads between start and end
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@note: The last function that starts before 'end' is included even
|
|
|
|
if it extends beyond 'end'.
|
|
|
|
"""
|
|
|
|
startaddr = start
|
|
|
|
endaddr = end
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
funclist = []
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
func = idaapi.get_func(start)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if func:
|
|
|
|
funclist.append(func.startEA)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
ea = start
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
while 1:
|
|
|
|
func = idaapi.get_next_func(ea)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if not func: break
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if func.startEA < end:
|
|
|
|
funclist.append(func.startEA)
|
|
|
|
ea = func.startEA
|
|
|
|
else:
|
|
|
|
break
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
return funclist
|
|
|
|
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-13 22:29:05 +02:00
|
|
|
def Chunks(start):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get a list of function chunks
|
2008-06-13 22:29:05 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param start: address of the function
|
2008-06-13 22:29:05 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: list of funcion chunks (tuples of the form (start_ea, end_ea))
|
|
|
|
belonging to the function
|
|
|
|
"""
|
|
|
|
function_chunks = []
|
2008-06-13 22:29:05 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
func_iter = idaapi.func_tail_iterator_t( idaapi.get_func( start ) )
|
|
|
|
status = func_iter.main()
|
2008-06-13 22:29:05 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
while status:
|
|
|
|
chunk = func_iter.chunk()
|
|
|
|
function_chunks.append((chunk.startEA, chunk.endEA))
|
|
|
|
status = func_iter.next()
|
2008-06-13 22:29:05 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
return function_chunks
|
2008-06-13 22:29:05 +02:00
|
|
|
|
|
|
|
|
2007-10-20 09:03:51 +02:00
|
|
|
def Segments():
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get list of segments (sections) in the binary image
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: List of segment start addresses.
|
|
|
|
"""
|
|
|
|
seglist = []
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
for n in range(idaapi.get_segm_qty()):
|
|
|
|
seg = idaapi.getnseg(n)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if not seg:
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
seglist.append(seg.startEA)
|
|
|
|
|
|
|
|
return seglist
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
def GetDataList(ea, count, itemsize=1):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Get data list - INTERNAL USE ONLY
|
|
|
|
"""
|
|
|
|
getdata = None
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if itemsize == 1:
|
|
|
|
getdata = idaapi.get_byte
|
|
|
|
if itemsize == 2:
|
|
|
|
getdata = idaapi.get_word
|
|
|
|
if itemsize == 4:
|
|
|
|
getdata = idaapi.get_dword
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if getdata == None:
|
|
|
|
raise ValueError, "Invalid data size! Must be 1, 2 or 4"
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
list = []
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
for offs in range(count):
|
|
|
|
list.append(getdata(ea))
|
|
|
|
ea = ea + itemsize
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
return list
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
def PutDataList(ea, list, itemsize=1):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Put data list - INTERNAL USE ONLY
|
|
|
|
"""
|
|
|
|
putdata = None
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if itemsize == 1:
|
|
|
|
putdata = idaapi.patch_byte
|
|
|
|
if itemsize == 2:
|
|
|
|
putdata = idaapi.patch_word
|
|
|
|
if itemsize == 4:
|
|
|
|
putdata = idaapi.patch_dword
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
if putdata == None:
|
|
|
|
raise ValueError, "Invalid data size! Must be 1, 2 or 4"
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
for val in list:
|
|
|
|
putdata(ea, val)
|
|
|
|
ea = ea + itemsize
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
def MapDataList(ea, length, func, wordsize=1):
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Map through a list of data words in the database
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@param ea: start address
|
|
|
|
@param length: number of words to map
|
|
|
|
@param func: mapping function
|
|
|
|
@param wordsize: size of words to map [default: 1 byte]
|
2007-10-20 09:03:51 +02:00
|
|
|
|
2008-06-15 16:39:43 +02:00
|
|
|
@return: None
|
|
|
|
"""
|
|
|
|
PutDataList(ea, map(func, GetDataList(ea, length, wordsize)), wordsize)
|
2007-10-20 09:03:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
def GetInputFileMD5():
|
2008-06-15 16:39:43 +02:00
|
|
|
"""
|
|
|
|
Return the MD5 hash of the input binary file
|
|
|
|
|
|
|
|
@return: MD5 string or None on error
|
|
|
|
"""
|
|
|
|
ua=idaapi.ucharArray(16)
|
|
|
|
if idaapi.retrieve_input_file_md5(ua.cast()):
|
|
|
|
md5str=""
|
|
|
|
for i in range(16):
|
|
|
|
md5str += "%02x" % ua[i]
|
|
|
|
return md5str
|
|
|
|
else:
|
|
|
|
return None
|
2007-10-20 09:03:51 +02:00
|
|
|
|