Python idaapi.get_import_module_qty() Examples
The following are 10 code examples for showing how to use idaapi.get_import_module_qty(). These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example.
You may check out the related API usage on the sidebar.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
Example 1
| Project: win_driver_plugin Author: FSecureLABS File: device_type.py License: BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def driver_type():
implist = idaapi.get_import_module_qty()
for i in range(0, implist):
name = idaapi.get_import_module_name(i)
idaapi.enum_import_names(i, cb)
for name in names:
if name == "FltRegisterFilter":
return "Mini-Filter"
elif name == "WdfVersionBind":
return "WDF"
elif name == "StreamClassRegisterMinidriver":
return "Stream Minidriver"
elif name == "KsCreateFilterFactory":
return "AVStream"
elif name == "PcRegisterSubdevice":
return "PortCls"
return "WDM"
Example 2
| Project: DIE Author: ynvb File: DbgImports.py License: MIT License | 6 votes |
|
def get_iat_data(self):
"""
Retrive data from IAT
"""
imp_num = idaapi.get_import_module_qty() # Number of imported modules
for i in xrange(0,imp_num):
name = idaapi.get_import_module_name(i).lower()
if not name:
#self.logger.error("Failed to get import module name for #%d", i)
continue
if not name in self.iat:
self.iat[name]= []
self.current_module = self.iat[name]
idaapi.enum_import_names(i, self.imp_cb)
Example 3
| Project: hrdev Author: ax330d File: __init__.py License: MIT License | 6 votes |
|
def _build_imports(self):
'''Build imports table. (Was taken from examples.)'''
tree = {}
nimps = idaapi.get_import_module_qty()
for i in xrange(0, nimps):
name = idaapi.get_import_module_name(i)
if not name:
continue
# Create a list for imported names
self.tmp_items = []
# Enum imported entries in this module
idaapi.enum_import_names(i, self._imports_names_cb)
if name not in tree:
tree[name] = []
tree[name].extend(self.tmp_items)
return tree
Example 4
| Project: idasec Author: RobinDavid File: idasec_core.py License: GNU Lesser General Public License v2.1 | 5 votes |
|
def compute_imports():
imports = {}
current = ""
def callback(ea, name, ordinal):
imports[current].append((ea, name, ordinal))
return True
nimps = idaapi.get_import_module_qty()
for i in xrange(0, nimps):
current = idaapi.get_import_module_name(i)
imports[current] = []
idaapi.enum_import_names(i, callback)
return imports
Example 5
| Project: DIE Author: ynvb File: DbgImports.py License: MIT License | 5 votes |
|
def getImportTableData(self):
"""
Update rt_import_table with current import table data.
"""
def imp_cb(ea, name, ord):
"""
Import enumeration callback function. used by idaapi.enum_import_names .
"""
tmpImports.append([self.current_module_name, ea, name, ord])
return True
tmpImports = [] # Contains static import table data (w\o real function addresses)
imp_num = idaapi.get_import_module_qty() # Number of imported modules
for i in xrange(0, imp_num):
self.current_module_name = idaapi.get_import_module_name(i).lower()
idaapi.enum_import_names(i, imp_cb)
# Get runtime function addresses and store in self.rt_import_table
if not idaapi.is_debugger_on():
raise RuntimeError("Debugger is not currently active.")
for module_name, ea, name, ord in tmpImports:
func_real_adrs = get_adrs_mem(ea)
self.rt_import_table[func_real_adrs] = (module_name, ea, name, ord)
Example 6
| Project: ida-batch_decompile Author: tintinweb File: ida_batch_decompile.py License: GNU General Public License v3.0 | 5 votes |
|
def get_imports():
for i in xrange(0, idaapi.get_import_module_qty()):
name = idaapi.get_import_module_name(i)
if name:
yield name
Example 7
| Project: smda Author: danielplohmann File: IdaInterface.py License: BSD 2-Clause "Simplified" License | 5 votes |
|
def getApiMap(self):
self._api_map = {}
num_imports = ida_nalt.get_import_module_qty()
for i in range(0, num_imports):
self._import_module_name = ida_nalt.get_import_module_name(i)
ida_nalt.enum_import_names(i, self._cbEnumImports)
return self._api_map
Example 8
| Project: smda Author: danielplohmann File: IdaInterface.py License: BSD 2-Clause "Simplified" License | 5 votes |
|
def getApiMap(self):
self._api_map = {}
num_imports = idaapi.get_import_module_qty()
for i in range(0, num_imports):
self._import_module_name = idaapi.get_import_module_name(i)
idaapi.enum_import_names(i, self._cbEnumImports)
return self._api_map
Example 9
| Project: flare-ida Author: fireeye File: __init__.py License: Apache License 2.0 | 5 votes |
|
def get_imports(library_calls, library_addr):
""" Populate dictionaries with import information. """
import_names_callback = make_import_names_callback(library_calls,
library_addr)
for i in xrange(0, idaapi.get_import_module_qty()):
idaapi.enum_import_names(i, import_names_callback)
Example 10
| Project: win_driver_plugin Author: FSecureLABS File: dump_pool_tags.py License: BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def find_pool_tags():
""" Dirty hack around IDA's type information, find references to tag using functions then the comment marking the tag
then add the function caller/tag to output dictionary.
"""
funcs = [
'ExAllocatePoolWithTag',
'ExFreePoolWithTag',
'ExAllocatePoolWithTagPriority'
]
tags = {}
def imp_cb(ea, name, ord):
if name in funcs:
for xref in idautils.XrefsTo(ea):
call_addr = xref.frm
caller_name = idc.GetFunctionName(call_addr)
prev = idc.PrevHead(call_addr)
for _ in range(10):
if idc.Comment(prev) == 'Tag' and idc.GetOpType(prev, 1) == 5:
tag_raw = idc.GetOperandValue(prev, 1)
tag = ''
for i in range(3, -1, -1):
tag += chr((tag_raw >> 8 * i) & 0xFF)
if tag in tags.keys():
tags[tag].add(caller_name)
else:
tags[tag] = set([caller_name])
break
prev = idc.PrevHead(prev)
return True
nimps = idaapi.get_import_module_qty()
for i in xrange(0, nimps):
name = idaapi.get_import_module_name(i)
if not name:
continue
idaapi.enum_import_names(i, imp_cb)
return tags
