from __future__ import print_functionimport idcfrom ida_kernwin import jumpt

1. from __future__ import print_function
2. import idc
3. from ida_kernwin import jumpto, get_screen_ea
4. import ida_bytes
5. import ida_idaapi
6. import idautils
7. import ida_funcs
8. import ida_gdl
9. import ida_nalt
10.  
11. info = ida_idaapi.get_inf_structure()
12.  
13. def find_end_array_passwd(ea_start):
14.     start = block.start_ea
15.     end = info.max_ea
16.     while start <= end:
17.         # TODO: loop over head until first xref to find
18.         start = ida_bytes.next_head(start, end)
19.  
20. def treat_array_passwd_line(ea):
21.     #TODO
22.     pass
23.    
24. def treat_first_ldr(ea, ins):
25.     array_passwd_start = list(idautils.DataRefsFrom(list(idautils.DataRefsFrom(ea))[0]))[0]
26.     array_passwd_end = find_end_array_passwd(array_passwd_start)
27.     for idx in range(array_passwd_start, array_passwd_end, 0x8):
28.         treat_array_passwd_line(idx)
29.  
30. for entry in idautils.Entries():
31.     ith, ord, ea, name = entry
32.     if name == "getpwuid":
33.         f = ida_funcs.get_func(ea)
34.         for ea in idautils.Heads(f.start_ea, f.end_ea):
35.             ins = idautils.DecodeInstruction(ea)
36.             if ins.itype == 0x1e:
37.                 treat_first_ldr(ea, ins)
38.                 break