Python idaapi.o_imm() Examples
The following are 10
code examples of idaapi.o_imm().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: stub.py From ida_kernelcache with MIT License | 6 votes |
|
def _process_stub_template_1(stub):
"""A template to match the following stub pattern:
ADRP X<reg>, #<offset>@PAGE
LDR X<reg>, [X<reg>, #<offset>@PAGEOFF]
BR X<reg>
"""
adrp, ldr, br = idau.Instructions(stub, count=3)
if (adrp.itype == idaapi.ARM_adrp and adrp.Op1.type == idaapi.o_reg
and adrp.Op2.type == idaapi.o_imm
and ldr.itype == idaapi.ARM_ldr and ldr.Op1.type == idaapi.o_reg
and ldr.Op2.type == idaapi.o_displ and ldr.auxpref == 0
and br.itype == idaapi.ARM_br and br.Op1.type == idaapi.o_reg
and adrp.Op1.reg == ldr.Op1.reg == ldr.Op2.reg == br.Op1.reg):
offset = adrp.Op2.value + ldr.Op2.addr
target = idau.read_word(offset)
if target and idau.is_mapped(target):
return target
Example #2
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def op_num(ea, opnum):
'''Set the type for operand `opnum` belonging to the instruction at `ea` to a number and return it.'''
t = idaapi.num_flag()
ok, signed = idaapi.set_op_type(ea, t, opnum), idaapi.is_invsign(ea, database.type.flags(ea), opnum)
if not ok:
raise E.DisassemblerError(u"{:s}.op_num({:#x}, {:d}) : Unable to restore the type of operand {:d} to a number.".format(__name__, ea, opnum, opnum))
# Extract the operand's op_t and its maximum value, as we'll use this to
# transform the value if necessary.
res, max = operand(ea, opnum), 2 ** op_bits(ea, opnum)
# If this is an immediate value, then we can treat it normally.
if res.type in {idaapi.o_imm}:
integer = res.value & (max - 1)
return 0 if integer == 0 else (integer - max) if signed else integer
# If the signed-flag is set in our operand, then convert it into its actual
# signed value.
maximum = math.trunc(2 ** math.ceil(math.log(idaapi.BADADDR, 2)))
integer = (res.addr - maximum) if res.addr & (maximum // 2) else res.addr
# Now we can return the value transformed if the operand has an inverted sign
return 0 if integer == 0 else (maximum + integer) if signed and integer < 0 else (integer - maximum) if signed else integer
Example #3
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def op_bin(ea, opnum):
'''Set the type for operand `opnum` belonging to the instruction at `ea` to binary and return it.'''
t = idaapi.bin_flag()
ok, signed = idaapi.set_op_type(ea, t, opnum), idaapi.is_invsign(ea, database.type.flags(ea), opnum)
if not ok:
raise E.DisassemblerError(u"{:s}.op_bin({:#x}, {:d}) : Unable to set the type of operand {:d} to binary.".format(__name__, ea, opnum, opnum))
# Extract the operand's op_t and its maximum value, as we'll use this to
# transform the value if necessary.
res, max = operand(ea, opnum), 2 ** op_bits(ea, opnum)
# If this is an immediate value, then we can treat it normally.
if res.type in {idaapi.o_imm}:
integer = res.value & (max - 1)
return 0 if integer == 0 else (integer - max) if signed else integer
# If the signed-flag is set in our operand, then convert it into its actual
# signed value.
maximum = math.trunc(2 ** math.ceil(math.log(idaapi.BADADDR, 2)))
integer = (res.addr - maximum) if res.addr & (maximum // 2) else res.addr
# Now we can return the value transformed if the operand has an inverted sign
return 0 if integer == 0 else (maximum + integer) if signed and integer < 0 else (integer - maximum) if signed else integer
Example #4
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def op_oct(ea, opnum):
'''Set the type for operand `opnum` belonging to the instruction at `ea` to octal and return it.'''
t = idaapi.oct_flag()
ok, signed = idaapi.set_op_type(ea, t, opnum), idaapi.is_invsign(ea, database.type.flags(ea), opnum)
if not ok:
raise E.DisassemblerError(u"{:s}.op_oct({:#x}, {:d}) : Unable to set the type of operand {:d} to octal.".format(__name__, ea, opnum, opnum))
# Extract the operand's op_t and its maximum value, as we'll use this to
# transform the value if necessary.
res, max = operand(ea, opnum), 2 ** op_bits(ea, opnum)
# If this is an immediate value, then we can treat it normally.
if res.type in {idaapi.o_imm}:
integer = res.value & (max - 1)
return 0 if integer == 0 else (integer - max) if signed else integer
# If the signed-flag is set in our operand, then convert it into its actual
# signed value.
maximum = math.trunc(2 ** math.ceil(math.log(idaapi.BADADDR, 2)))
integer = (res.addr - maximum) if res.addr & (maximum // 2) else res.addr
# Now we can return the value transformed if the operand has an inverted sign
return 0 if integer == 0 else (maximum + integer) if signed and integer < 0 else (integer - maximum) if signed else integer
Example #5
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def op_dec(ea, opnum):
'''Set the type for operand `opnum` belonging to the instruction at `ea` to decimal and return it.'''
t = idaapi.dec_flag()
ok, signed = idaapi.set_op_type(ea, t, opnum), idaapi.is_invsign(ea, database.type.flags(ea), opnum)
if not ok:
raise E.DisassemblerError(u"{:s}.op_dec({:#x}, {:d}) : Unable to set the type of operand {:d} to decimal.".format(__name__, ea, opnum, opnum))
# Extract the operand's op_t and its maximum value, as we'll use this to
# transform the value if necessary.
res, max = operand(ea, opnum), 2 ** op_bits(ea, opnum)
# If this is an immediate value, then we can treat it normally.
if res.type in {idaapi.o_imm}:
integer = res.value & (max - 1)
return 0 if integer == 0 else (integer - max) if signed else integer
# If the signed-flag is set in our operand, then convert it into its actual
# signed value.
maximum = math.trunc(2 ** math.ceil(math.log(idaapi.BADADDR, 2)))
integer = (res.addr - maximum) if res.addr & (maximum // 2) else res.addr
# Now we can return the value transformed if the operand has an inverted sign
return 0 if integer == 0 else (maximum + integer) if signed and integer < 0 else (integer - maximum) if signed else integer
Example #6
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def op_chr(ea, opnum):
'''Set the type for operand `opnum` belonging to the instruction at `ea` to a character and return it.'''
t = idaapi.char_flag()
ok, signed = idaapi.set_op_type(ea, t, opnum), idaapi.is_invsign(ea, database.type.flags(ea), opnum)
if not ok:
raise E.DisassemblerError(u"{:s}.op_chr({:#x}, {:d}) : Unable to set the type of operand {:d} to a character.".format(__name__, ea, opnum, opnum))
# Extract the operand's op_t and its maximum value, as we'll use this to
# transform the value if necessary.
res, max = operand(ea, opnum), 2 ** op_bits(ea, opnum)
# If this is an immediate value, then we can treat it normally.
if res.type in {idaapi.o_imm}:
integer = res.value & (max - 1)
result = 0 if integer == 0 else (integer - max) if signed else integer
# If the signed-flag is set in our operand, then convert it into its actual
# signed value.
else:
maximum = math.trunc(2 ** math.ceil(math.log(idaapi.BADADDR, 2)))
integer = (res.addr - maximum) if res.addr & (maximum // 2) else res.addr
# Now we can use the value transformed if the operand has an inverted sign
result = 0 if integer == 0 else (maximum + integer) if signed and integer < 0 else (integer - maximum) if signed else integer
# There's no such thing as a signed character, so if we do get a signed
# value back from our above logic, then we need to figure out its absolute
# value so we can return it properly.
absolute = abs(result)
# IDA actually returns integers larger than a byte as a string, so we'll
# first chunk our integer into octets.
octets = []
while absolute > 0:
octets.append(absolute & 0xff)
absolute //= 0x100
# Last thing to do is to join each octet together back into some bytes
return bytes().join(map(six.int2byte, reversed(bytearray(octets))))
Example #7
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def op_flt(ea, opnum):
'''Set the type for operand `opnum` belonging to the instruction at `ea` to floating-point and return it.'''
t = idaapi.flt_flag()
# Explicitly set the operand type using idaapi.
ok = idaapi.set_op_type(ea, t, opnum)
if not ok:
raise E.DisassemblerError(u"{:s}.op_flt({:#x}, {:d}) : Unable to set the type of operand {:d} to floating-point.".format(__name__, ea, opnum, opnum))
# Read the number of bits for the operand so we can figure out how to properly
# decode this integer.
res, bits = operand(ea, opnum), op_bits(ea, opnum)
integer = res.value if res.type in {idaapi.o_imm} else res.addr
# Figure out which floating-point components to use for decoding
if bits == 64:
fraction, exponent, sign = 52, 11, 1
elif bits == 32:
fraction, exponent, sign = 23, 8, 1
elif bits == 16:
fraction, exponent, sign = 10, 5, 1
# If we couldn't find a valid encoding, then raise an exception.
else:
raise E.UnsupportedCapability(u"{:s}.op_flt({:#x}, {:d}) : Unable to decode operand {:d} for instruction due to an unsupported number of bits ({:d}).".format(__name__, ea, opnum, opnum, bits))
# Now we can decode the floating-point operand and return it.
try:
res = utils.float_of_integer(integer, fraction, exponent, sign)
# If an exception was raised, then re-raise it with our parameters prefixed.
except ValueError as message:
raise ValueError(u"{:s}.op_flt({:#x}, {:d}) : {!s}".format(__name__, ea, opnum, message))
# That's all, folks.
return res
Example #8
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def immediate(ea, op):
'''Operand type decoder for ``idaapi.o_imm`` which returns an immediate integer.'''
get_dtype_attribute = operator.attrgetter('dtyp' if idaapi.__version__ < 7.0 else 'dtype')
get_dtype_size = idaapi.get_dtyp_size if idaapi.__version__ < 7.0 else idaapi.get_dtype_size
if op.type in {idaapi.o_imm, idaapi.o_phrase}:
bits = 8 * get_dtype_size(get_dtype_attribute(op))
# figure out the sign flag
sf, res = 2 ** (bits - 1), op.value
# if op.value has its sign inverted, then signify it otherwise just use it
return -2 ** bits + res if interface.node.alt_opinverted(ea, op.n) else res & (2 ** bits - 1)
optype = "{:s}({:d})".format('idaapi.o_imm', idaapi.o_imm)
raise E.InvalidTypeOrValueError(u"{:s}.immediate({:#x}, {!r}) : Expected operand type `{:s}` but operand type {:d} was received.".format('.'.join((__name__, 'operand_types')), ea, op, optype, op.type))
Example #9
| Source File: disassembler.py From vt-ida-plugin with Apache License 2.0 | 4 votes |
|
def get_opcodes(addr, strict):
"""Get current bytes of the instruction pointed at addr.
Args:
addr: address of the current instruction
strict: be more restrictive when applying wildcards (True) or not (False)
Returns:
String: hex-encoded representation of the bytes obtained at addr
"""
if strict:
offsets_types = {idaapi.o_far, idaapi.o_mem, idaapi.o_imm}
else:
offsets_types = {idaapi.o_far, idaapi.o_mem}
pattern = ''
mnem = idautils.DecodeInstruction(addr)
if mnem is not None:
op1_type = mnem.Op1.type
op2_type = mnem.Op2.type
logging.debug(
'[VTGREP] Instruction: %s [%d, %d, %d]',
idc.generate_disasm_line(addr, 0),
mnem.itype,
op1_type,
op2_type
)
inst_len = idc.get_item_size(addr)
drefs = [x for x in idautils.DataRefsFrom(addr)]
# Checks if any operand constains a memory address
if (drefs and
((op1_type == idaapi.o_imm) or (op2_type == idaapi.o_imm)) or
op1_type in offsets_types or op2_type in offsets_types):
pattern = Disassembler.wildcard_instruction(addr)
# Checks if the instruction is a CALL (near or far) or
# if it's a JMP (excluding near jumps)
else:
if ((mnem.itype == idaapi.NN_call) or
(mnem.itype == idaapi.NN_jmp and op1_type != idaapi.o_near)):
pattern = Disassembler.wildcard_instruction(addr)
# In any other case, concatenate the raw bytes to the current string
else:
pattern = binascii.hexlify(idc.get_bytes(addr, inst_len))
pattern = pattern.decode('utf-8')
return pattern
else: return 0
Example #10
| Source File: __init__.py From flare-ida with Apache License 2.0 | 4 votes |
|
def rename_constant(arg_ea, fct_name, arg_name, arg_enums):
""" Rename constants to values from standard enumerations. """
instruction = idc.GetMnem(arg_ea)
if instruction == 'push':
op_num = 0
elif instruction == 'mov':
op_num = 1
else:
raise RenamingException('Constant: unhandled instruction ' +
instruction)
op_val = idc.GetOperandValue(arg_ea, op_num)
# NULL
if op_val == 0:
targetid = idc.GetConstByName('NULL_{}_{}'.format(arg_name, fct_name))
serial = 0
enumid = idc.GetEnum(NULL_ENUM_NAME)
constid = idc.GetConstEx(enumid, 0, serial, -1)
while constid != idaapi.BADADDR:
if constid == targetid:
idc.OpEnumEx(arg_ea, op_num, enumid, serial)
return
serial = serial + 1
constid = idc.GetConstEx(enumid, 0, serial, -1)
# All other constants
op_type = idc.GetOpType(arg_ea, op_num)
if op_type == idaapi.o_imm:
# only one choice
if len(arg_enums) == 1:
enumid = idc.GetEnum(arg_enums[0])
idc.OpEnumEx(arg_ea, op_num, enumid, 0)
return
for enum in arg_enums:
enumid = idc.GetEnum(enum)
constid = get_constant_id(enumid, op_val)
if constid == idaapi.BADADDR:
# Not in this enum
continue
else:
# Found the right enum
idc.OpEnumEx(arg_ea, op_num, enumid, 0)
return
