API tools faq
paste
Advertisement
Guest User

ida mapping

a guest
Apr 30th, 2013
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.85 KB | None | 0 0
raw download clone embed print report
  1. ## This script helps with renaming functions
  2. ## See the following link for more info
  3. ## Created by alexander.hanel@gmail.com
  4.  
  5. from idaapi import *
  6. import idautils
  7. import idc
  8. import sys
  9. imports_list = []
  10.  
  11. # The following two functions are used to get the import API names.
  12. # ret_list_of_imports() returns the api names in a list
  13. def imp_cb(ea, name, ord):
  14.     global imports_list
  15.     if not name:
  16.         pass
  17.     else:
  18.         imports_list.append(name)
  19.     return True
  20.  
  21. def ret_list_of_imports():
  22.     global imports_list
  23.     nimps = idaapi.get_import_module_qty()
  24.     for i in xrange(0,nimps):
  25.         name = idaapi.get_import_module_name(i)
  26.         if not name:
  27.             pass
  28.         idaapi.enum_import_names(i, imp_cb)
  29.  
  30.     return imports_list
  31.  
  32.  
  33. def graph_down(ea, graph = {}, path = set([])):
  34.     # This function was borrowed from Carlos G. Prado. Check out his Milf-Plugin for IDA on Google Code.
  35.     graph[ea] = list()    # Create a new entry on the graph dictionary {node: [child1, child2, ...], ...}
  36.     path.add(ea)        # This is a set, therefore the add() method
  37.  
  38.     # Iterate through all function instructions and take only call instructions
  39.     for x in [x for x in FuncItems(ea) if is_call_insn(x)]:        # Take the call elements
  40.             for xref in XrefsFrom(x, XREF_FAR):                                  
  41.                     if not xref.iscode:
  42.                             continue
  43.                                    
  44.                     if xref.to not in path:        # Eliminates recursions
  45.                             graph[ea].append(xref.to)
  46.                             graph_down(xref.to, graph, path)
  47.     return path
  48.  
  49. def main():
  50.     # Get function name as input.
  51.     func_name = LocByName(AskStr("sub_0xxxxx", "Enter Function Name"))
  52.  
  53.     if func_name == 0xffffffff:
  54.         Warning("[ERROR] Bad Function Name [ERROR]")
  55.         return
  56.  
  57.     tag = AskStr("string", "Function Tag")  
  58.     if tag == None:
  59.         Warning("[ERROR] Tag cannot be None [ERROR]")
  60.         return
  61.  
  62.     list_imports = ret_list_of_imports()
  63.     # graph down needs the address of the function passed.
  64.     nodes_xref_down = graph_down(func_name,graph = {}, path = set([]))
  65.     # graph_down returns the int address needs to be converted
  66.     tmp  = []
  67.     tmp1 = ''
  68.     for func in nodes_xref_down:
  69.         tmp1 = GetFunctionName(func)
  70.         if tmp1 != '':
  71.             tmp.append(tmp1)
  72.     nodes_xref_down = tmp
  73.  
  74.     # Remove the APIs from the xref list
  75.     for xx in set(list_imports).intersection(set(nodes_xref_down)):
  76.         nodes_xref_down.remove(xx)
  77.  
  78.     for rename in nodes_xref_down:
  79.         func_addr =  LocByName(rename)
  80.         if tag not in rename:
  81.             MakeNameEx(func_addr, str(tag) + str('_') + rename, SN_NOWARN)
  82.  
  83.  =============================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!