Python idc.ItemSize() Examples

The following are 7 code examples of idc.ItemSize(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module idc , or try the search function .
Example #1
Source File: util.py    From mcsema with Apache License 2.0 6 votes vote down vote up 
def _stop_looking_for_xrefs(ea):
  """This is a heuristic to decide whether or not we should stop looking for
  cross-references. It is relevant to IDA structs, where IDA will treat structs
  and everything in them as one single 'thing', and so all xrefs embedded within
  a struct will actually be associated with the first EA of the struct. So
  if we're in a struct or something like it, and the item size is bigger than
  the address size, then we will assume it's actually in a struct."""
  
  if is_external_segment(ea):
    return False

  if is_code(ea):
    return False

  addr_size = get_address_size_in_bytes()
  item_size = idc.ItemSize(ea)
  return item_size > addr_size
Example #2
Source File: get_cfg.py    From mcsema with Apache License 2.0 6 votes vote down vote up 
def recover_external_variables(M):
  """Reover the named external variables (e.g. `stdout`) that are referenced
  within this binary."""
  global EXTERNAL_VARS_TO_RECOVER, WEAK_SYMS

  for ea, name in EXTERNAL_VARS_TO_RECOVER.items():
    EV = M.external_vars.add()
    EV.ea = ea
    EV.name = name.format('utf-8')
    EV.is_weak = idaapi.is_weak_name(ea) or (name in WEAK_SYMS)
    EV.is_thread_local = is_tls(ea)
    if name in EMAP_DATA:
      EV.size = EMAP_DATA[name]
    else:
      EV.size = idc.ItemSize(ea)
    if EV.is_thread_local:
      DEBUG("Recovering extern TLS variable {} at {:x}".format(name, ea))
    else:
      DEBUG("Recovering extern variable {} at {:x}".format(name, ea))
Example #3
Source File: enumerators.py    From idascripts with MIT License 5 votes vote down vote up 
def ArrayItems(*args):
    """
    Enumerate array items

    @param ea:    address of the array you want the items enumerated, defaults to here()

    @return: list of each item in the array.

    Example::

        for ea in ArrayItems():
           pname= GetString(Dword(ea))
           MakeName(Dword(ea+4)&~1, "task_%s" % pname)
           MakeName(Dword(ea+8), "taskinfo_%s" % pame)
           MakeName(Dword(ea+12), "stack_%s" % pame)


    Assuming the cursor is on an array of structs, in which the
    first struct item points to a name, this will name the other
    items in the struct.
    """
    ea = args[0] if len(args)>0 else idc.here()

    s= idc.ItemSize(ea)
    ss= idaapi.get_data_elsize(ea, idaapi.get_full_flags(ea))

    n= s/ss

    for i in xrange(n):
        yield ea+i*ss
Example #4
Source File: exception.py    From mcsema with Apache License 2.0 5 votes vote down vote up 
def make_array(ea, size):
  if ea != idc.BADADDR and ea != 0:
    flags = idc.GetFlags(ea)
    if not idc.isByte(flags) or idc.ItemSize(ea) != 1:
      idc.MakeUnknown(ea, 1, idc.DOUNK_SIMPLE)
      idc.MakeByte(ea)
    idc.MakeArray(ea, size)
Example #5
Source File: get_cfg.py    From mcsema with Apache License 2.0 5 votes vote down vote up 
def recover_region(M, region_name, region_ea, region_end_ea, exported_vars):
  """Recover the data and cross-references from a segment. The data of a
  segment is stored verbatim within the protobuf, and accompanied by a
  series of variable and cross-reference entries."""

  seg_name = idc.SegName(region_ea)

  DEBUG("Recovering region {} [{:x}, {:x}) in segment {}".format(
      region_name, region_ea, region_end_ea, seg_name))

  seg = idaapi.getseg(region_ea)

  # An item spans two regions. This may mean that there's a reference into
  # the middle of an item. This happens with strings.
  item_size = idc.ItemSize(region_end_ea - 1)
  if 1 < item_size:
    DEBUG("  ERROR: Segment should probably include {} more bytes".format(
        item_size - 1))

  S = M.segments.add()
  S.ea = region_ea
  S.data = read_bytes_slowly(region_ea, region_end_ea)
  S.read_only = (seg.perm & idaapi.SEGPERM_WRITE) == 0
  S.is_external = is_external_segment_by_flags(region_ea)
  S.is_thread_local = is_tls_segment(region_ea)
  S.name = seg_name.format('utf-8')
  S.is_exported = region_ea in exported_vars

  if region_name != seg_name:
    S.variable_name = region_name.format('utf-8')

  DEBUG_PUSH()
  recover_region_cross_references(M, S, region_ea, region_end_ea)
  recover_region_variables(M, S, region_ea, region_end_ea, exported_vars)
  DEBUG_POP()
Example #6
Source File: instruction_hash.py    From rematch with GNU General Public License v3.0 5 votes vote down vote up 
def data(self):
    h = self.keleven
    for ea in idautils.FuncItems(self.offset):
      h = self._cycle(h, idc.Byte(ea))
      # go over all additional bytes of any instruction
      for i in range(ea + 1, ea + idc.ItemSize(ea)):
        h = self._cycle(h, idc.Byte(i))
    return h
Example #7
Source File: identity_hash.py    From rematch with GNU General Public License v3.0 5 votes vote down vote up 
def data(self):
    h = self.keleven
    for ea in idautils.FuncItems(self.offset):
      h = self._cycle(h, idc.Byte(ea))
      # skip additional bytes of any instruction that contains an offset in it
      if idautils.CodeRefsFrom(ea, False) or idautils.DataRefsFrom(ea):
        continue
      for i in range(ea + 1, ea + idc.ItemSize(ea)):
        h = self._cycle(h, idc.Byte(i))
    return h