Python idc.get_segm_end() Examples
The following are 19
code examples of idc.get_segm_end().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: ptmalloc.py From heap-viewer with GNU General Public License v3.0 | 6 votes |
|
def find_malloc_par():
mp_ = idc.get_name_ea_simple("mp_")
if mp_ != idc.BADADDR:
return mp_
segm = idaapi.get_segm_by_name("[heap]")
if segm is None:
return None
offset = get_struct_offsets(malloc_par()).get('sbrk_base')
sbrk_base = segm.start_ea
ea = idc.get_segm_start(get_name_ea_simple("_IO_2_1_stdin_"))
end_ea = idc.get_segm_end(ea)
while ea < end_ea:
ptr = config.get_ptr(ea)
if idaapi.is_loaded(ptr) and ptr == sbrk_base:
return (ea-offset)
ea += config.ptr_size
return None
# --------------------------------------------------------------------------
Example #2
| Source File: shellcode_hash_search.py From flare-ida with Apache License 2.0 | 6 votes |
|
def processCode(self):
if (self.params.startAddr==idc.BADADDR) and (self.params.endAddr==idc.BADADDR):
if using_ida7api:
self.params.startAddr = idc.get_segm_start(idc.here())
self.params.endAddr = idc.get_segm_end(idc.here())
else:
self.params.startAddr = idc.SegStart(idc.here())
self.params.endAddr = idc.SegEnd(idc.here())
logger.info('Processing current segment only: 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
else:
logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
if self.params.searchDwordArray:
self.lookForDwordArray(self.params.startAddr, self.params.endAddr)
if self.params.searchPushArgs:
self.lookForOpArgs(self.params.startAddr, self.params.endAddr)
Example #3
| Source File: analyser.py From UEFI_RETool with MIT License | 6 votes |
|
def get_boot_services(self):
"""found boot services in idb"""
code = list(idautils.Functions())[0]
start = idc.get_segm_start(code)
end = idc.get_segm_end(code)
ea = start
while (ea <= end):
if idc.print_insn_mnem(ea) != 'call':
ea = idc.next_head(ea)
continue
for service_name in self.BOOT_SERVICES_OFFSET:
# yapf: disable
if (idc.get_operand_value(ea, 0) == self.BOOT_SERVICES_OFFSET[service_name]):
if not self.gBServices[service_name].count(ea):
self.gBServices[service_name].append(ea)
ea = idc.next_head(ea)
Example #4
| Source File: ptmalloc.py From heap-viewer with GNU General Public License v3.0 | 5 votes |
|
def find_main_arena():
main_arena = idc.get_name_ea_simple("main_arena") # from libc6-dbg
if main_arena != idc.BADADDR:
return main_arena
ea = idc.get_segm_start(idc.get_name_ea_simple("_IO_2_1_stdin_"))
end_ea = idc.get_segm_end(ea)
# &main_arena->next
offsets = {
4: [1088, 1096], # 32 bits
8: [2152, 2160] # 64 bits
}[config.ptr_size]
if ea == idc.BADADDR or end_ea == idc.BADADDR:
return None
while ea < end_ea:
ptr = config.get_ptr(ea) # ptr to main_arena
if idaapi.is_loaded(ptr) and ptr < ea:
if (ea-ptr) in offsets:
return ptr
ea += config.ptr_size
return None
# --------------------------------------------------------------------------
Example #5
| Source File: jayutils.py From flare-ida with Apache License 2.0 | 5 votes |
|
def isValidPointer_ida7(va):
for segStart in idautils.Segments():
if (va >= segStart) and (va < idc.get_segm_end(segStart)):
return True
return False
########################################
Example #6
| Source File: shellcode_hash_search.py From flare-ida with Apache License 2.0 | 5 votes |
|
def promptForRange(self):
# Only run if QT not available, so not bothering with ida7 check
#check if a range has already been selected - if so skip prompt
if using_ida7api:
selstart = idc.read_selection_start()
selend = idc.read_selection_end()
segstart = idc.get_segm_start(idc.here())
segend = idc.get_segm_end(idc.here())
else:
selstart = idc.SelStart()
selend = idc.SelEnd()
seg = idc.SegStart(idc.here())
self.params.endAddr = idc.SegEnd(idc.here())
if selstart != idc.BADADDR:
self.params.startAddr = selstart
self.params.endAddr = selend
logger.info('Processing range 0x%08x - 0x%08x', self.params.startAddr, self.params.endAddr)
else:
self.params.startAddr = segstart
self.params.endAddr = segend
logger.info('Processing current segment only')
###################################################################
#
###################################################################
Example #7
| Source File: shellcode_hash_search.py From flare-ida with Apache License 2.0 | 5 votes |
|
def processAllSegments(self):
for seg in idautils.Segments():
if using_ida7api:
segStart = idc.get_segm_start(seg)
segEnd = idc.get_segm_end(seg)
else:
segStart = idc.SegStart(seg)
segEnd = idc.SegEnd(seg)
if self.params.searchPushArgs:
self.lookForOpArgs(segStart, segEnd)
if self.params.searchDwordArray:
self.lookForDwordArray(segStart, segEnd)
Example #8
| Source File: stackstrings.py From flare-ida with Apache License 2.0 | 5 votes |
|
def getFuncRanges_ida7(ea, doAllFuncs):
if doAllFuncs:
funcs = []
funcGen = idautils.Functions(idc.get_segm_start(ea), idc.get_segm_end(ea))
for i in funcGen:
funcs.append(i)
funcRanges = []
for i in range(len(funcs) - 1):
funcRanges.append( (funcs[i], funcs[i+1]) )
funcRanges.append( (funcs[-1], idc.get_segm_end(ea)) )
return funcRanges
else:
#just get the range of the current function
fakeRanges = [( idc.get_func_attr(idc.here(), idc.FUNCATTR_START), idc.get_func_attr(idc.here(), idc.FUNCATTR_END)), ]
return fakeRanges
Example #9
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 5 votes |
|
def __init__(self):
self.magicMask64 = 0xabbadabbad000000
self.magicMask32 = 0xabba0000
self.magicMaskMask64 = 0xffffffffffff0000
self.magicMaskMask32 = 0xffff0000
self.callMnems = ["call", "jmp", "BL", "BLX", "BLEQ", "BLXEQ", "BLR", "BLREQ", "B"]
self.objcData = None
self.objcSelRefs = None
self.objcMsgRefs = None
self.objcConst = None
self.objcClassRefs = None
self.objcCatList = None
self.fixedSelXRefs = []
self.ivarSetters = {}
self.notIvarSetters = []
for segVA in idautils.Segments():
segName = idc.get_segm_name(segVA)
endVA = idc.get_segm_end(segVA)
if segName == "__objc_data":
self.objcData = (segVA, endVA)
elif segName == "__objc_selrefs":
self.objcSelRefs = (segVA, endVA)
elif segName == "__objc_msgrefs":
self.objcMsgRefs = (segVA, endVA)
elif segName == "__objc_const":
self.objcConst = (segVA, endVA)
elif segName == "__objc_classrefs":
self.objcClassRefs = (segVA, endVA)
elif segName == "__objc_catlist":
self.objcCatList = (segVA, endVA)
if self.objcSelRefs or self.objcMsgRefs:
self.processObjc()
else:
logging.debug("this Mach-O does not implement any Objective-C classes")
# it appears idc.get_name_ea_simple does not work for selector reference names that end in "_"
Example #10
| Source File: stack.py From deREferencing with GNU General Public License v3.0 | 5 votes |
|
def reload_info(self):
if not dbg.is_process_suspended():
return False
base_addr = None
if self.base_expr is None:
base_addr = idc.get_reg_value(dbg.registers.stack)
else:
base_addr = idaapi.str2ea(self.base_expr)
if base_addr == idc.BADADDR:
idaapi.warning("Invalid base expr: %s" % self.base_expr)
return False
if not idaapi.is_loaded(base_addr):
idaapi.warning("Memory address is not loaded: $#x" % base_addr)
return False
self.ClearLines()
dbg.set_thread_info()
try:
segm_end = idc.get_segm_end(base_addr)
n_entries = config.n_stack_entries or ((segm_end-base_addr) // dbg.ptr_size)
for i in range(n_entries):
offset = i * dbg.ptr_size
ptr = base_addr + offset
if not idaapi.is_loaded(ptr):
break
value = dbg.get_ptr(ptr)
self.add_line("%02d:%04X %s" % (i, offset, self.parse_value(ptr)))
except Exception as e:
idaapi.warning(str(e))
return False
return True
Example #11
| Source File: IdaProxy.py From apiscout with BSD 2-Clause "Simplified" License | 5 votes |
|
def getSegEnd(self, ea):
if idaapi.IDA_SDK_VERSION < 700:
return idc.SegEnd(ea)
else:
return idc.get_segm_end(ea)
Example #12
| Source File: functions_plus.py From functions-plus with MIT License | 5 votes |
|
def get_list_of_functions(self):
'''
Gets all functions list.
'''
functions_list = {}
seg_ea = idc.get_segm_by_sel(idc.SEG_NORM)
for func_ea in idautils.Functions(idc.get_segm_start(seg_ea),
idc.get_segm_end(seg_ea)):
function_name = idc.get_func_name(func_ea)
functions_list[function_name] = func_ea
return functions_list
Example #13
| Source File: utils.py From UEFI_RETool with MIT License | 5 votes |
|
def get_header_idb():
"""get file header from idb"""
if idc.get_segm_name(0) == 'HEADER':
header = bytearray(
[idc.get_wide_byte(ea) for ea in range(0, idc.get_segm_end(0))])
return header
return bytearray(b'')
Example #14
| Source File: bin_stream_ida.py From miasm with GNU General Public License v2.0 | 5 votes |
|
def getlen(self):
# Lazy version
if hasattr(self, "_getlen"):
return self._getlen
max_addr = get_segm_end(list(Segments())[-1] - (self.offset - self.base_address))
self._getlen = max_addr
return max_addr
Example #15
| Source File: get_cfg.py From mcsema with Apache License 2.0 | 5 votes |
|
def find_default_function_heads():
"""Loop through every function, to discover the heads of all blocks that
IDA recognizes. This will populate some global sets in `flow.py` that
will help distinguish block heads."""
func_heads = set()
for seg_ea in idautils.Segments():
seg_type = idc.get_segm_attr(seg_ea, idc.SEGATTR_TYPE)
if seg_type != idc.SEG_CODE:
continue
for func_ea in idautils.Functions(seg_ea, idc.get_segm_end(seg_ea)):
if is_code_by_flags(func_ea):
func_heads.add(func_ea)
return func_heads
Example #16
| Source File: exception.py From mcsema with Apache License 2.0 | 5 votes |
|
def recover_frame_entries(seg_ea):
if seg_ea == idc.BADADDR:
return
DEBUG("Recover entries from section : {}".format(idc.get_segm_name(seg_ea)))
ea = idc.get_segm_start(seg_ea)
end_ea = idc.get_segm_end(seg_ea)
while ea != idc.BADADDR and ea < end_ea:
ea = format_entries(ea)
Example #17
| Source File: ida_find_ptrs.py From idawilli with Apache License 2.0 | 5 votes |
|
def enum_segments():
for segstart in idautils.Segments():
segend = idc.get_segm_end(segstart)
segname = idc.get_segm_name(segstart)
yield segstart, segend, segname
Example #18
| Source File: analyser.py From UEFI_RETool with MIT License | 4 votes |
|
def get_data_guids(self):
"""rename GUIDs in idb"""
EFI_GUID = 'EFI_GUID *'
EFI_GUID_ID = idc.get_struc_id('EFI_GUID')
segments = ['.text', '.data']
for segment in segments:
seg_start, seg_end = 0, 0
for seg in idautils.Segments():
if idc.get_segm_name(seg) == segment:
seg_start = idc.get_segm_start(seg)
seg_end = idc.get_segm_end(seg)
break
ea = seg_start
while (ea <= seg_end - 15):
prot_name = ''
if idc.get_name(ea, ida_name.GN_VISIBLE).find('unk_') != -1:
find = False
cur_guid = []
cur_guid.append(idc.get_wide_dword(ea))
cur_guid.append(idc.get_wide_word(ea + 4))
cur_guid.append(idc.get_wide_word(ea + 6))
for addr in range(ea + 8, ea + 16, 1):
cur_guid.append(idc.get_wide_byte(addr))
if cur_guid == [0] * 11:
ea += 1
continue
for guid_place in [
'ami_guids', 'asrock_guids', 'dell_guids',
'edk_guids', 'edk2_guids', 'lenovo_guids'
]:
for name in self.Protocols[guid_place]:
if self.Protocols[guid_place][name] == cur_guid:
prot_name = '{}_{:#x}'.format(name, ea)
record = {
'address': ea,
'service': 'unknown',
'guid': cur_guid,
'protocol_name': name,
'protocol_place': guid_place
}
find = True
break
if find:
break
if find and (idc.get_name(ea, ida_name.GN_VISIBLE) !=
prot_name):
idc.SetType(ea, EFI_GUID)
self.apply_struct(ea, 16, EFI_GUID_ID)
idc.set_name(ea, prot_name)
self.Protocols['data'].append(record)
ea += 1
Example #19
| Source File: util.py From mcsema with Apache License 2.0 | 4 votes |
|
def get_function_bounds(ea):
"""Get the bounds of the function containing `ea`. We want to discover jump
table targets that are missed by IDA, and it's possible that they aren't
marked as being part of the current function, and perhaps are after the
assumed range of the current function. Ideally they will fall before the
beginning of the next function, though.
We need to be pretty careful with the case that one function tail-calls
another. IDA will sometimes treat the end of the tail-called function
(e.g. a thunk) as if it is the end of the caller. For this reason, we start
with loose bounds using the prev/next functions, then try to narrow with
the bounds of the function containing `ea`.
TODO(pag): Handle discontinuous regions (e.g. because of function chunks).
It may be worth to return an object here that can we queried
for membership using the `__in__` method.
"""
seg_start, seg_end = idc.get_segm_start(ea), idc.get_segm_end(ea)
min_ea = seg_start
max_ea = seg_end
if is_invalid_ea(min_ea) or not is_code(ea):
return ea, ea
# Get an upper bound using the next function.
next_func_ea = idc.get_next_func(ea)
if not is_invalid_ea(next_func_ea):
max_ea = min(next_func_ea, max_ea)
# Get a lower bound using the previous function.
prev_func_ea = idc.get_prev_func(ea)
if not is_invalid_ea(prev_func_ea):
min_ea = max(min_ea, prev_func_ea)
prev_func = idaapi.get_func(prev_func_ea)
if prev_func and prev_func.end_ea < ea:
min_ea = max(min_ea, prev_func.end_ea)
# Try to tighten the bounds using the function containing `ea`.
func = idaapi.get_func(ea)
if func:
min_ea = max(min_ea, func.start_ea)
max_ea = min(max_ea, func.end_ea)
return min_ea, max_ea
