mirror of
https://github.com/cemu-project/idapython.git
synced 2024-11-24 10:09:20 +01:00
109158fabb
- Added AskUsingForm() with embedded forms support (check ex_askusingform.py example and formchooser.py in the SDK) - Added idautils.DecodePreviousInstruction() / DecodePrecedingInstruction() - Added idc.BeginTypeUpdating() / EndTypeUpdating() for fast batch type update operations - Added more IDP callbacks - Added UI_Hooks with a few notification events - Added idaapi.process_ui_action() / idc.ProcessUiAction() - Added netnode.index() to get netnode number - Better handling of ea_t values with bitwise negation - Execute statement hotkey (Ctrl-F3), script timeout, and other options are now configurable with Python.cfg - bugfix: idaapi.msg() / error() and warning() so they don't accept vararg - bugfix: processor_t.id constants were incorrect - bugfix: get_debug_names() was broken with IDA64 - Various bugfixes
69 lines
2.0 KiB
Python
69 lines
2.0 KiB
Python
# -----------------------------------------------------------------------
|
|
# This is an example illustrating how to enumerate all addresses
|
|
# that refer to all imported functions in a given module
|
|
#
|
|
# (c) Hex-Rays
|
|
#
|
|
|
|
import idaapi
|
|
import idc
|
|
import idautils
|
|
import re
|
|
|
|
# -----------------------------------------------------------------------
|
|
def find_imported_funcs(dllname):
|
|
def imp_cb(ea, name, ord):
|
|
if not name:
|
|
name = ''
|
|
imports.append([ea, name, ord])
|
|
return True
|
|
|
|
imports = []
|
|
nimps = idaapi.get_import_module_qty()
|
|
for i in xrange(0, nimps):
|
|
name = idaapi.get_import_module_name(i)
|
|
if re.match(dllname, name, re.IGNORECASE) is None:
|
|
continue
|
|
idaapi.enum_import_names(i, imp_cb)
|
|
|
|
return imports
|
|
|
|
|
|
# -----------------------------------------------------------------------
|
|
def find_import_ref(dllname):
|
|
imports = find_imported_funcs(dllname)
|
|
R = dict()
|
|
for i, (ea, name,_) in enumerate(imports):
|
|
#print "%x -> %s" % (ea, name)
|
|
for xref in idautils.XrefsTo(ea):
|
|
# check if referrer is a thunk
|
|
ea = xref.frm
|
|
f = idaapi.get_func(ea)
|
|
if f and (f.flags & idaapi.FUNC_THUNK) != 0:
|
|
imports.append([f.startEA, idaapi.get_func_name(f.startEA), 0])
|
|
#print "\t%x %s: from a thunk, parent added %x" % (ea, name, f.startEA)
|
|
continue
|
|
|
|
# save results
|
|
if not R.has_key(i):
|
|
R[i] = []
|
|
|
|
R[i].append(ea)
|
|
|
|
return (imports, R)
|
|
|
|
# -----------------------------------------------------------------------
|
|
def main():
|
|
dllname = idc.AskStr('kernel32', "Enter module name")
|
|
if not dllname:
|
|
print("Cancelled")
|
|
return
|
|
|
|
imports, R = find_import_ref(dllname)
|
|
for k, v in R.items():
|
|
print(imports[k][1])
|
|
for ea in v:
|
|
print("\t%x" % ea)
|
|
|
|
# -----------------------------------------------------------------------
|
|
main() |