Python idc.next_head() Examples
The following are 10
code examples of idc.next_head().
These examples are extracted from open source projects.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source Project: UEFI_RETool Author: yeggor File: analyser.py License: MIT License | 6 votes |
|
def _find_est(self, gvar, start, end):
RAX = 0
BS_OFFSET = 0x60
EFI_SYSTEM_TABLE = 'EFI_SYSTEM_TABLE *'
if self.arch == 'x86':
BS_OFFSET = 0x3c
ea = start
while (ea < end):
if ((idc.print_insn_mnem(ea) == 'mov')
and (idc.get_operand_value(ea, 0) == RAX)
and (idc.get_operand_value(ea, 1) == BS_OFFSET)):
if idc.SetType(gvar, EFI_SYSTEM_TABLE):
idc.set_name(gvar, 'gSt_{addr:#x}'.format(addr=gvar))
return True
ea = idc.next_head(ea)
return False
Example #2
| Source Project: UEFI_RETool Author: yeggor File: analyser.py License: MIT License | 6 votes |
|
def get_boot_services(self):
"""found boot services in idb"""
code = list(idautils.Functions())[0]
start = idc.get_segm_start(code)
end = idc.get_segm_end(code)
ea = start
while (ea <= end):
if idc.print_insn_mnem(ea) != 'call':
ea = idc.next_head(ea)
continue
for service_name in self.BOOT_SERVICES_OFFSET:
# yapf: disable
if (idc.get_operand_value(ea, 0) == self.BOOT_SERVICES_OFFSET[service_name]):
if not self.gBServices[service_name].count(ea):
self.gBServices[service_name].append(ea)
ea = idc.next_head(ea)
Example #3
| Source Project: vt-ida-plugin Author: VirusTotal File: disassembler.py License: Apache License 2.0 | 5 votes |
|
def next_address(addr):
return idc.next_head(addr)
Example #4
| Source Project: GhIDA Author: Cisco-Talos File: idaxml.py License: Apache License 2.0 | 5 votes |
|
def export_markup(self):
"""
Exports markup for instructions and data items including references
and manual instructions and operands.
"""
self.update_status(MARKUP)
timer = time.clock()
self.start_element(MARKUP, True)
addr = self.min_ea
while addr != BADADDR:
f = idc.get_full_flags(addr)
if self.options.MemoryReferences.checked == True:
if ida_bytes.has_xref(f) == True:
self.export_user_memory_reference(addr)
if ida_bytes.is_off(f, ida_bytes.OPND_ALL) == True:
self.export_memory_references(addr)
if (self.options.Functions.checked == True and
self.options.StackReferences.checked == True and
ida_bytes.is_stkvar(f, ida_bytes.OPND_ALL) == True):
self.export_stack_reference(addr)
if (self.options.DataTypes.checked == True and
ida_bytes.is_enum(f, ida_bytes.OPND_ALL) == True):
self.export_enum_references(addr)
if self.options.Manual.checked == True:
# TODO: Ask about OPND_ALL and retrieving additional manual operands
# if ida_bytes.is_forced_operand(addr, ida_bytes.OPND_ALL) ==
# True:
if (ida_bytes.is_forced_operand(addr, 0) == True or
ida_bytes.is_forced_operand(addr, 1) == True):
self.export_manual_operand(addr)
if ida_bytes.is_manual_insn(addr) == True:
self.export_manual_instruction(addr)
addr = idc.next_head(addr, self.max_ea)
self.end_element(MARKUP)
self.display_cpu_time(timer)
Example #5
| Source Project: miasm Author: cea-sec File: symbol_exec.py License: GNU General Public License v2.0 | 5 votes |
|
def symbolic_exec():
from miasm.ir.symbexec import SymbolicExecutionEngine
from miasm.core.bin_stream_ida import bin_stream_ida
from utils import guess_machine
start, end = idc.read_selection_start(), idc.read_selection_end()
bs = bin_stream_ida()
machine = guess_machine(addr=start)
mdis = machine.dis_engine(bs)
if start == idc.BADADDR and end == idc.BADADDR:
start = idc.get_screen_ea()
end = idc.next_head(start) # Get next instruction address
mdis.dont_dis = [end]
asmcfg = mdis.dis_multiblock(start)
ira = machine.ira(loc_db=mdis.loc_db)
ircfg = ira.new_ircfg_from_asmcfg(asmcfg)
print("Run symbolic execution...")
sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init)
sb.run_at(ircfg, start)
modified = {}
for dst, src in sb.modified(init_state=machine.mn.regs.regs_init):
modified[dst] = src
view = symbolicexec_t()
all_views.append(view)
if not view.Create(modified, machine, mdis.loc_db,
"Symbolic Execution - 0x%x to 0x%x"
% (start, idc.prev_head(end))):
return
view.Show()
# Support ida 6.9 and ida 7
Example #6
| Source Project: Virtuailor Author: 0xgalz File: Main.py License: GNU General Public License v3.0 | 5 votes |
|
def add_bp_to_virtual_calls(cur_addr, end):
while cur_addr < end:
if cur_addr == idc.BADADDR:
break
elif idc.print_insn_mnem(cur_addr) == 'call' or idc.print_insn_mnem(cur_addr) == 'BLR':
if True in [idc.print_operand(cur_addr, 0).find(reg) != -1 for reg in REGISTERS]: # idc.GetOpnd(cur_addr, 0) in REGISTERS:
cond, bp_address = vtableAddress.write_vtable2file(cur_addr)
if cond != '':
bp_vtable = AddBP.add(bp_address, cond)
cur_addr = idc.next_head(cur_addr)
Example #7
| Source Project: ida-minsc Author: arizvisa File: quicktime.py License: BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def nextMnemonic(ea, mnem, maxaddr=0xc0*0x1000000):
res = idc.print_insn_mnem(ea)
if res == "": return idc.BADADDR
if res == mnem: return ea
return nextMnemonic( idc.next_head(ea, maxaddr), mnem, maxaddr )
Example #8
| Source Project: flare-ida Author: fireeye File: objc2_analyzer.py License: Apache License 2.0 | 5 votes |
|
def selRefLocByName(self, name):
if name[:6] == "selRef":
addr = self.objcSelRefs[0]
endAddr = self.objcSelRefs[1]
else:
addr = self.objcMsgRefs[0]
endAddr = self.objcMsgRefs[1]
while addr < endAddr:
if idc.get_name(addr, idc.ida_name.GN_VISIBLE) == name:
return addr
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
Example #9
| Source Project: flare-ida Author: fireeye File: objc2_analyzer.py License: Apache License 2.0 | 4 votes |
|
def getIvarTypeFromFunc(self, eh, va):
if va in self.ivarSetters:
return self.ivarSetters[va]
elif va in self.notIvarSetters:
return UNKNOWN
addr = va
endVa = idc.get_func_attr(va, idc.FUNCATTR_END)
if endVa - va < 0x20:
ivarVa = None
while addr <= endVa:
srcOpnd = idc.print_operand(addr, 1)
# if ivar is the src op for an instruction, assume this function will return it
if eh.arch == unicorn.UC_ARCH_ARM and "_OBJC_IVAR_$_" in srcOpnd:
oploc = idc.get_name_ea_simple(
srcOpnd[srcOpnd.find("_OBJC_IVAR_$_"):srcOpnd.find(" ")])
if oploc != idc.BADADDR:
ivarVa = oploc
break
elif eh.arch == unicorn.UC_ARCH_ARM64:
for x in idautils.XrefsFrom(addr):
if (idc.get_segm_name(x.to) == "__objc_ivar" and
idc.get_name(x.to, idc.ida_name.GN_VISIBLE)[:13] == "_OBJC_IVAR_$_"):
ivarVa = x.to
break
elif eh.arch == unicorn.UC_ARCH_X86:
if "_OBJC_IVAR_$_" in srcOpnd:
ivarVa = idc.get_operand_value(addr, 1)
break
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
if ivarVa:
for x in idautils.XrefsTo(ivarVa):
if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
typeStr = eh.getIDBString(
eh.derefPtr(x.frm + eh.size_pointer * 2))
self.ivarSetters[va] = typeStr[2:-1]
logging.debug("%s is an ivar getter function, returning type %s" % (
eh.hexString(va), typeStr[2:-1]))
return typeStr[2:-1]
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
return UNKNOWN
# returns class or sel name from IDA name
Example #10
| Source Project: flare-ida Author: fireeye File: mykutils.py License: Apache License 2.0 | 4 votes |
|
def _emit_fnbytes(emit_instr_cb, header, footer, indent, fva=None, warn=True):
"""Emit function bytes in a format defined by the callback and
headers/footers provided.
Warns if any instruction operands are not consistent with
position-independent code, in which case the user may need to templatize
the position-dependent portions.
"""
fva = fva or idc.here()
fva = idc.get_func_attr(fva, idc.FUNCATTR_START)
va_end = idc.get_func_attr(fva, idc.FUNCATTR_END)
# Operand types observed in position-independent code:
optypes_position_independent = set([
ida_ua.o_reg, # 1: General Register (al,ax,es,ds...)
ida_ua.o_phrase, # 3: Base + Index
ida_ua.o_displ, # 4: Base + Index + Displacement
ida_ua.o_imm, # 5: Immediate
ida_ua.o_near, # 7: Immediate Near Address
])
# Notably missing because I want to note and handle these if/as they are
# encountered:
# ida_ua.o_idpspec0 = 8: FPP register
# ida_ua.o_idpspec1 = 9: 386 control register
# ida_ua.o_idpspec2 = 10: 386 debug register
# ida_ua.o_idpspec3 = 11: 386 trace register
va = fva
nm = idc.get_name(fva)
optypes_found = set()
s = header.format(name=nm)
while va not in (va_end, idc.BADADDR):
size = idc.get_item_size(va)
the_bytes = idc.get_bytes(va, size)
for i in range(0, 8):
optype = idc.get_operand_type(va, i)
if optype:
optypes_found.add(optype)
s += indent + emit_instr_cb(va, the_bytes, size)
va = idc.next_head(va)
s += footer
position_dependent = optypes_found - optypes_position_independent
if position_dependent:
msg = ('This code may have position-dependent operands (optype %s)' %
(', '.join([str(o) for o in position_dependent])))
if warn:
Warning(msg)
else:
logger.warn(msg)
return s
