elias.bachaalany 109158fabb - IDA Pro 6.1 support
- Added AskUsingForm() with embedded forms support (check ex_askusingform.py example and formchooser.py in the SDK)
- Added idautils.DecodePreviousInstruction() / DecodePrecedingInstruction()
- Added idc.BeginTypeUpdating() / EndTypeUpdating() for fast batch type update operations
- Added more IDP callbacks
- Added UI_Hooks with a few notification events
- Added idaapi.process_ui_action() / idc.ProcessUiAction()
- Added netnode.index() to get netnode number
- Better handling of ea_t values with bitwise negation
- Execute statement hotkey (Ctrl-F3), script timeout, and other options are now configurable with Python.cfg
- bugfix: idaapi.msg() / error() and warning() so they don't accept vararg
- bugfix: processor_t.id constants were incorrect
- bugfix: get_debug_names() was broken with IDA64
- Various bugfixes
2011-04-18 16:07:00 +00:00

69 lines
2.0 KiB
Python

# -----------------------------------------------------------------------
# This is an example illustrating how to enumerate all addresses
# that refer to all imported functions in a given module
#
# (c) Hex-Rays
#
import idaapi
import idc
import idautils
import re
# -----------------------------------------------------------------------
def find_imported_funcs(dllname):
def imp_cb(ea, name, ord):
if not name:
name = ''
imports.append([ea, name, ord])
return True
imports = []
nimps = idaapi.get_import_module_qty()
for i in xrange(0, nimps):
name = idaapi.get_import_module_name(i)
if re.match(dllname, name, re.IGNORECASE) is None:
continue
idaapi.enum_import_names(i, imp_cb)
return imports
# -----------------------------------------------------------------------
def find_import_ref(dllname):
imports = find_imported_funcs(dllname)
R = dict()
for i, (ea, name,_) in enumerate(imports):
#print "%x -> %s" % (ea, name)
for xref in idautils.XrefsTo(ea):
# check if referrer is a thunk
ea = xref.frm
f = idaapi.get_func(ea)
if f and (f.flags & idaapi.FUNC_THUNK) != 0:
imports.append([f.startEA, idaapi.get_func_name(f.startEA), 0])
#print "\t%x %s: from a thunk, parent added %x" % (ea, name, f.startEA)
continue
# save results
if not R.has_key(i):
R[i] = []
R[i].append(ea)
return (imports, R)
# -----------------------------------------------------------------------
def main():
dllname = idc.AskStr('kernel32', "Enter module name")
if not dllname:
print("Cancelled")
return
imports, R = find_import_ref(dllname)
for k, v in R.items():
print(imports[k][1])
for ea in v:
print("\t%x" % ea)
# -----------------------------------------------------------------------
main()