Python idc.get_name() Examples
The following are 9
code examples of idc.get_name().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 6 votes |
|
def export_symbol(self, addr, name, stype=""):
"""
Exports name for an address as a SYMBOL element. If the name is a
demangled name, add the mangled name as the MANGLED attribute.
Args:
addr: Integer representing the symbol address.
name: String containing the symbol name.
stype: String indicating symbol type (global or local)
"""
SYMBLE_TABLE_DICT[name] = addr
self.start_element(SYMBOL)
self.write_address_attribute(ADDRESS, addr)
self.write_attribute(NAME, name)
self.write_attribute(TYPE, stype)
mangled = idc.get_name(addr, idc.GN_STRICT)
if name != None and mangled != name:
self.write_attribute("MANGLED", mangled)
self.close_tag()
Example #2
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 6 votes |
|
def get_symbol_name(self, ea):
"""
Returns the symbol name for the address.
Args:
ea: Integer representing the symbol address.
Returns:
String containing the symbol name.
The demangled name will be returned if it exists, otherwise the
displayed name is returned. Spaces (' ') will be replaced with '_'.
"""
name = ida_name.get_demangled_name(ea, DEMANGLED_FORM,
self.inf.demnames, idc.GN_STRICT)
if name == None or len(name) == 0 or name == "`string'":
name = idc.get_name(ea)
if name != None:
name = name.replace(" ", "_")
return name
Example #3
| Source File: util.py From mcsema with Apache License 2.0 | 6 votes |
|
def get_symbol_name(from_ea, ea=None, allow_dummy=False):
if ea is None:
ea = from_ea
global _FORCED_NAMES
if ea in _FORCED_NAMES:
return _FORCED_NAMES[ea]
flags = idc.get_full_flags(ea)
if not allow_dummy and idaapi.has_dummy_name(flags):
return ""
name = ""
try:
name = name or idc.get_name(ea, 0) #calc_gtn_flags(from_ea, ea))
except:
pass
try:
name = name or idc.get_func_name(ea)
except:
pass
return name
Example #4
| Source File: idaxml.py From GhIDA with Apache License 2.0 | 5 votes |
|
def export_symbol_table(self):
"""
Exports user-defined and non-default names as SYMBOL elements.
"""
addr = self.min_ea
if ida_bytes.has_any_name(idc.get_full_flags(addr)) == False:
addr = ida_bytes.next_that(
addr, self.max_ea, ida_bytes.has_any_name)
if addr == BADADDR:
return
self.update_status(SYMBOL_TABLE)
self.start_element(SYMBOL_TABLE, True)
timer = time.clock()
while addr != BADADDR:
# only export meaningful names (user and auto)
f = idc.get_full_flags(addr)
if (ida_bytes.has_user_name(f) == True or
ida_bytes.has_auto_name(f) == True):
# check for global name
name = self.get_symbol_name(addr)
if name != None and len(name) > 0:
self.export_symbol(addr, name)
# check for local name
if ida_nalt.has_lname(addr):
name = idc.get_name(addr, idc.GN_LOCAL)
if name != None and len(name) > 0:
self.export_symbol(addr, name, 'local')
# get next address with any name
addr = ida_bytes.next_that(addr, self.max_ea,
ida_bytes.has_any_name)
self.end_element(SYMBOL_TABLE)
self.display_cpu_time(timer)
Example #5
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 5 votes |
|
def selRefLocByName(self, name):
if name[:6] == "selRef":
addr = self.objcSelRefs[0]
endAddr = self.objcSelRefs[1]
else:
addr = self.objcMsgRefs[0]
endAddr = self.objcMsgRefs[1]
while addr < endAddr:
if idc.get_name(addr, idc.ida_name.GN_VISIBLE) == name:
return addr
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
Example #6
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 5 votes |
|
def processMsgSend(self, eh, address, id, sel, clsName, isInstance, selref, selXref, userData):
logging.debug("addr: %s id: %s sel: %s clsName: %s isInstance: %s selRef: %s selXref: %s" % (eh.hexString(0 if address == None else address), id, sel, clsName, isInstance, eh.hexString(0 if selref == None else selref), eh.hexString(0 if selXref == None else selXref)))
if sel:
idc.set_cmt(address, "[%s %s]" % (id, sel), 0)
if sel and id != UNKNOWN:
# as a convenience, if sel is "new", fix xref to "init"
if sel == "new" and clsName in userData["classes"]:
if (len(filter(lambda x: idc.get_name(x, idc.ida_name.GN_VISIBLE) == "selRef_init", map(lambda x: x[0],
userData["classes"][clsName]["instance"]))) > 0):
selref = filter(lambda x: idc.get_name(x, idc.ida_name.GN_VISIBLE) == "selRef_init", map(
lambda x: x[0], userData["classes"][clsName]["instance"]))[0]
isInstance = True
if selXref and selXref not in self.fixedSelXRefs:
self.fixXref(eh, userData["classes"], clsName, selref,
isInstance, selXref, address, userData)
Example #7
| Source File: analyser.py From UEFI_RETool with MIT License | 4 votes |
|
def get_data_guids(self):
"""rename GUIDs in idb"""
EFI_GUID = 'EFI_GUID *'
EFI_GUID_ID = idc.get_struc_id('EFI_GUID')
segments = ['.text', '.data']
for segment in segments:
seg_start, seg_end = 0, 0
for seg in idautils.Segments():
if idc.get_segm_name(seg) == segment:
seg_start = idc.get_segm_start(seg)
seg_end = idc.get_segm_end(seg)
break
ea = seg_start
while (ea <= seg_end - 15):
prot_name = ''
if idc.get_name(ea, ida_name.GN_VISIBLE).find('unk_') != -1:
find = False
cur_guid = []
cur_guid.append(idc.get_wide_dword(ea))
cur_guid.append(idc.get_wide_word(ea + 4))
cur_guid.append(idc.get_wide_word(ea + 6))
for addr in range(ea + 8, ea + 16, 1):
cur_guid.append(idc.get_wide_byte(addr))
if cur_guid == [0] * 11:
ea += 1
continue
for guid_place in [
'ami_guids', 'asrock_guids', 'dell_guids',
'edk_guids', 'edk2_guids', 'lenovo_guids'
]:
for name in self.Protocols[guid_place]:
if self.Protocols[guid_place][name] == cur_guid:
prot_name = '{}_{:#x}'.format(name, ea)
record = {
'address': ea,
'service': 'unknown',
'guid': cur_guid,
'protocol_name': name,
'protocol_place': guid_place
}
find = True
break
if find:
break
if find and (idc.get_name(ea, ida_name.GN_VISIBLE) !=
prot_name):
idc.SetType(ea, EFI_GUID)
self.apply_struct(ea, 16, EFI_GUID_ID)
idc.set_name(ea, prot_name)
self.Protocols['data'].append(record)
ea += 1
Example #8
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 4 votes |
|
def getIvarTypeFromFunc(self, eh, va):
if va in self.ivarSetters:
return self.ivarSetters[va]
elif va in self.notIvarSetters:
return UNKNOWN
addr = va
endVa = idc.get_func_attr(va, idc.FUNCATTR_END)
if endVa - va < 0x20:
ivarVa = None
while addr <= endVa:
srcOpnd = idc.print_operand(addr, 1)
# if ivar is the src op for an instruction, assume this function will return it
if eh.arch == unicorn.UC_ARCH_ARM and "_OBJC_IVAR_$_" in srcOpnd:
oploc = idc.get_name_ea_simple(
srcOpnd[srcOpnd.find("_OBJC_IVAR_$_"):srcOpnd.find(" ")])
if oploc != idc.BADADDR:
ivarVa = oploc
break
elif eh.arch == unicorn.UC_ARCH_ARM64:
for x in idautils.XrefsFrom(addr):
if (idc.get_segm_name(x.to) == "__objc_ivar" and
idc.get_name(x.to, idc.ida_name.GN_VISIBLE)[:13] == "_OBJC_IVAR_$_"):
ivarVa = x.to
break
elif eh.arch == unicorn.UC_ARCH_X86:
if "_OBJC_IVAR_$_" in srcOpnd:
ivarVa = idc.get_operand_value(addr, 1)
break
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
if ivarVa:
for x in idautils.XrefsTo(ivarVa):
if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
typeStr = eh.getIDBString(
eh.derefPtr(x.frm + eh.size_pointer * 2))
self.ivarSetters[va] = typeStr[2:-1]
logging.debug("%s is an ivar getter function, returning type %s" % (
eh.hexString(va), typeStr[2:-1]))
return typeStr[2:-1]
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
return UNKNOWN
# returns class or sel name from IDA name
Example #9
| Source File: mykutils.py From flare-ida with Apache License 2.0 | 4 votes |
|
def _emit_fnbytes(emit_instr_cb, header, footer, indent, fva=None, warn=True):
"""Emit function bytes in a format defined by the callback and
headers/footers provided.
Warns if any instruction operands are not consistent with
position-independent code, in which case the user may need to templatize
the position-dependent portions.
"""
fva = fva or idc.here()
fva = idc.get_func_attr(fva, idc.FUNCATTR_START)
va_end = idc.get_func_attr(fva, idc.FUNCATTR_END)
# Operand types observed in position-independent code:
optypes_position_independent = set([
ida_ua.o_reg, # 1: General Register (al,ax,es,ds...)
ida_ua.o_phrase, # 3: Base + Index
ida_ua.o_displ, # 4: Base + Index + Displacement
ida_ua.o_imm, # 5: Immediate
ida_ua.o_near, # 7: Immediate Near Address
])
# Notably missing because I want to note and handle these if/as they are
# encountered:
# ida_ua.o_idpspec0 = 8: FPP register
# ida_ua.o_idpspec1 = 9: 386 control register
# ida_ua.o_idpspec2 = 10: 386 debug register
# ida_ua.o_idpspec3 = 11: 386 trace register
va = fva
nm = idc.get_name(fva)
optypes_found = set()
s = header.format(name=nm)
while va not in (va_end, idc.BADADDR):
size = idc.get_item_size(va)
the_bytes = idc.get_bytes(va, size)
for i in range(0, 8):
optype = idc.get_operand_type(va, i)
if optype:
optypes_found.add(optype)
s += indent + emit_instr_cb(va, the_bytes, size)
va = idc.next_head(va)
s += footer
position_dependent = optypes_found - optypes_position_independent
if position_dependent:
msg = ('This code may have position-dependent operands (optype %s)' %
(', '.join([str(o) for o in position_dependent])))
if warn:
Warning(msg)
else:
logger.warn(msg)
return s
