Python idautils.CodeRefsFrom() Examples

The following are 11 code examples of idautils.CodeRefsFrom(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module idautils , or try the search function .
Example #1
Source File: ida_utils.py    From idasec with GNU Lesser General Public License v2.1 5 votes vote down vote up
def get_succs(ea):
    return [x for x in idautils.CodeRefsFrom(ea, True)] 
Example #2
Source File: static_opaque_analysis.py    From idasec with GNU Lesser General Public License v2.1 5 votes vote down vote up
def refine_results(self):
        likely_retag = 0
        fp_retag = 0
        fn_retag = 0
        for rtn_addr, candidates in self.functions_candidates.items():
            for addr in sorted(candidates):
                res = self.results[addr]
                val = sum([x in res.predicate for x in ["(0 :: 2)", "7x", "7y", u"²"]])
                final_status = res.status
                alive, dead = res.alive_branch, res.dead_branch
                if res.status == self.po.NOT_OPAQUE:
                    if val != 0:
                        fn_retag += 1
                        final_status = self.po.OPAQUE
                        jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0]
                        next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0]
                        alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target)
                        self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr])
                elif res.status == self.po.OPAQUE:
                    if val == 0:
                        fp_retag += 1
                        final_status = self.po.NOT_OPAQUE
                elif res.status == self.po.LIKELY:
                    if val == 0:
                        final_status = self.po.NOT_OPAQUE
                    else:
                        final_status = self.po.OPAQUE
                        jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0]
                        next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0]
                        alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target)
                        self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr])
                    likely_retag += 1
                self.results[addr] = AddrRet(final_status, res.k, res.dependency, res.predicate, res.distance, alive, dead)
        print "Retag: FP->OK:%d" % fp_retag
        print "Retag: FN->OP:%d" % fn_retag
        print "Retag: Lkl->OK:%d" % likely_retag 
Example #3
Source File: opaque_analysis.py    From idasec with GNU Lesser General Public License v2.1 5 votes vote down vote up
def make_po_pair(ea, alive):
        dead = [x for x in idautils.CodeRefsFrom(ea, True) if x != alive]
        return alive, dead[0] 
Example #4
Source File: opaque_analysis.py    From idasec with GNU Lesser General Public License v2.1 5 votes vote down vote up
def propagate_dead_code(self, ea, op_map):
        prevs = [x for x in idautils.CodeRefsTo(ea, True) if x not in self.marked_addresses and
                 not self.dead_br_of_op(ea, x, op_map)]
        if prevs:  # IF there is no legit predecessors
            idc.SetColor(ea, idc.CIC_ITEM, 0x0000ff)
            self.marked_addresses[ea] = None
            succs = [x for x in idautils.CodeRefsFrom(ea, True)]
            for succ in succs:
                self.propagate_dead_code(succ, op_map)
        else:
            return 
Example #5
Source File: line.py    From Sark with MIT License 5 votes vote down vote up
def crefs_from(self):
        """Destination addresses of code references from this line."""
        return idautils.CodeRefsFrom(self.ea, 1) 
Example #6
Source File: ida.py    From bap-ida-python with MIT License 5 votes vote down vote up
def __init__(self, addr):
        self.addr = addr
        self.dests = set(idautils.CodeRefsFrom(addr, True))
        self.jmps = set(idautils.CodeRefsFrom(addr, False))
        falls = self.dests - self.jmps
        self.fall = list(falls)[0] if falls else None 
Example #7
Source File: identity_hash.py    From rematch with GNU General Public License v3.0 5 votes vote down vote up
def data(self):
    h = self.keleven
    for ea in idautils.FuncItems(self.offset):
      h = self._cycle(h, idc.Byte(ea))
      # skip additional bytes of any instruction that contains an offset in it
      if idautils.CodeRefsFrom(ea, False) or idautils.DataRefsFrom(ea):
        continue
      for i in range(ea + 1, ea + idc.ItemSize(ea)):
        h = self._cycle(h, idc.Byte(i))
    return h 
Example #8
Source File: Stingray.py    From Stingray with GNU General Public License v3.0 5 votes vote down vote up
def find_function_callees( func_ea, maxlvl ):

    callees = []
    visited = set()
    pending = set( (func_ea,) )
    lvl = 0

    while len(pending) > 0:
        func_ea = pending.pop()
        visited.add(func_ea)

        func_name = idc.GetFunctionName(func_ea)
        if not func_name: continue
        callees.append(func_ea)

        func_end = idc.FindFuncEnd(func_ea)
        if func_end == idaapi.BADADDR: continue

        lvl +=1
        if lvl >= maxlvl: continue

        all_refs = set()
        for line in idautils.Heads(func_ea, func_end):

            if not ida_bytes.isCode(get_flags(line)): continue

            ALL_XREFS = 0
            refs = idautils.CodeRefsFrom(line, ALL_XREFS)
            refs = set( filter( lambda x: not (x >= func_ea and x <= func_end), 
                                refs) )
            all_refs |= refs

        all_refs -= visited
        pending |= all_refs

    return callees 
Example #9
Source File: IdaInterface.py    From smda with BSD 2-Clause "Simplified" License 5 votes vote down vote up
def getCodeOutRefs(self, offset):
        return [(offset, ref_to) for ref_to in idautils.CodeRefsFrom(offset, True)] 
Example #10
Source File: IdaInterface.py    From smda with BSD 2-Clause "Simplified" License 5 votes vote down vote up
def getCodeOutRefs(self, offset):
        return [(offset, ref_to) for ref_to in idautils.CodeRefsFrom(offset, True)] 
Example #11
Source File: metadata.py    From lighthouse with MIT License 4 votes vote down vote up
def _ida_refresh_nodes(self, _):
        """
        Refresh function node metadata against an open IDA database.
        """
        function_metadata = self
        function_metadata.nodes = {}

        # get function & flowchart object from IDA database
        function  = idaapi.get_func(self.address)
        flowchart = idaapi.qflow_chart_t("", function, idaapi.BADADDR, idaapi.BADADDR, 0)

        #
        # now we will walk the flowchart for this function, collecting
        # information on each of its nodes (basic blocks) and populating
        # the function & node metadata objects.
        #

        for node_id in xrange(flowchart.size()):
            node = flowchart[node_id]

            #
            # the node current node appears to have a size of zero. This means
            # that another flowchart / function owns this node so we can just
            # ignore it...
            #

            if node.start_ea == node.end_ea:
                continue

            # create a new metadata object for this node
            node_metadata = NodeMetadata(node.start_ea, node.end_ea, node_id)

            #
            # establish a relationship between this node (basic block) and
            # this function metadata (its parent)
            #

            function_metadata.nodes[node.start_ea] = node_metadata

        # compute all of the edges between nodes in the current function
        for node_metadata in itervalues(function_metadata.nodes):
            edge_src = node_metadata.edge_out
            for edge_dst in idautils.CodeRefsFrom(edge_src, True):
                if edge_dst in function_metadata.nodes:
                    function_metadata.edges[edge_src].append(edge_dst)