Python idaapi.is_call_insn() Examples
The following are 5
code examples of idaapi.is_call_insn().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: hint_calls.py From idawilli with Apache License 2.0 | 6 votes |
|
def enum_calls_in_function(fva):
'''
yield the call instructions in the given function.
Args:
fva (int): the starting address of a function
Returns:
sequence[tuple[int, str]]: the address of a call instruction, and the disassembly line at that address
'''
for ea in enum_function_addrs(fva):
if idaapi.is_call_insn(ea):
disasm = ida_lines.generate_disassembly(ea, 16, True, False)[1][0]
# replace consequent whitespaces by a single whitespaces
disasm = re.sub("\s\s+", " ", disasm)
yield ea, disasm
Example #2
| Source File: CallStackWalk.py From nightmare with GNU General Public License v2.0 | 6 votes |
|
def IsPrevInsnCall(ea):
"""
Given a return address, this function tries to check if previous instruction
is a CALL instruction
"""
global CallPattern
if ea == idaapi.BADADDR or ea < 10:
return None
for delta, opcodes in CallPattern:
# assume caller's ea
caller = ea + delta
# get the bytes
bytes = [x for x in GetDataList(caller, len(opcodes), 1)]
# do we have a match? is it a call instruction?
if bytes == opcodes and idaapi.is_call_insn(caller):
return caller
return None
# -----------------------------------------------------------------------
Example #3
| Source File: instruction.py From Sark with MIT License | 5 votes |
|
def is_call(self):
"""Is the instruction a call instruction."""
return idaapi.is_call_insn(self._insn)
Example #4
| Source File: instruction.py From ida-minsc with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def is_call(cls, ea):
'''Returns true if the instruction at `ea` is a call.'''
ea = interface.address.inside(ea)
if idaapi.__version__ < 7.0 and hasattr(idaapi, 'is_call_insn'):
idaapi.decode_insn(ea)
return idaapi.is_call_insn(ea)
F = feature(ea)
return database.is_code(ea) and (feature(ea) & idaapi.CF_CALL == idaapi.CF_CALL)
Example #5
| Source File: ida_prefix.py From prefix with MIT License | 4 votes |
|
def graph_down(ea, path=set()):
"""
Recursively collect all function calls.
Copied with minor modifications from
http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html
"""
path.add(ea)
#
# extract all the call instructions from the current function
#
call_instructions = []
instruction_info = idaapi.insn_t()
for address in idautils.FuncItems(ea):
# decode the instruction
if not idaapi.decode_insn(instruction_info, address):
continue
# check if this instruction is a call
if not idaapi.is_call_insn(instruction_info):
continue
# save this address as a call instruction
call_instructions.append(address)
#
# iterate through all the instructions in the target function (ea) and
# inspect all the call instructions
#
for x in call_instructions:
# TODO
for r in idautils.XrefsFrom(x, idaapi.XREF_FAR):
#print(0x%08X" % h, "--calls-->", "0x%08X" % r.to)
if not r.iscode:
continue
# get the function pointed at by this call
func = idaapi.get_func(r.to)
if not func:
continue
# ignore calls to imports / library calls / thunks
if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0:
continue
#
# if we have not traversed to the destination function that this
# call references, recurse down to it to continue our traversal
#
if r.to not in path:
graph_down(r.to, path)
return path
