idaisn

1.  
2. import idautils
3. from idaapi import *
4. from idc import *
5. import enum
6. from time import sleep
7. import ctypes
8.  
9. kOperandNone = 0
10. kOperandReg = 1
11. kOperandMemory = 2
12. kOperandImmediate = 3
13. kOperandBranch = 4
14.  
15. kSegNone = 0
16. kSegGS = 1
17. kSegFS = 2
18. kSegDS = 3
19. kSegSS = 4
20.  
21. class Operand:
22.     def __init__(self, otype, base, index, scale, disp, imm, seg):
23.         self.type = otype
24.         self.seg = seg
25.         self.base = base
26.  
27.     def seg(self):
28.         return self.seg
29.     def base_reg(self):
30.         return self.base
31.     def type(self):
32.         return self.type
33.  
34. class Instruction:
35.     def __init__(self, addr, length):
36.         self.mnem = idc.print_insn_mnem(addr)
37.         self.address = addr
38.         self.operands = []
39.         self.line = idc.generate_disasm_line(addr, 1)
40.         self.opcodes = ida_bytes.get_bytes(addr, length)
41.     def type(self):
42.         return self.mnem
43.     def add_operand(self, operand):
44.         self.operands.append(operand)
45.     def text(self):
46.         return self.line
47.     def operands(self):
48.         return self.operands
49.     def address(self):
50.         return self.address
51.     def opcodes(self):
52.         return self.opcodes
53.  
54. class BasicBlock:
55.     def __init__(self, ea):
56.         self.start = ea
57.         self.instructions = []
58.     def add_instruction(self, i):
59.         self.instructions.append(i)
60.     def address(self):
61.         return self.start
62.     def instructions(self):
63.         return self.instructions
64.  
65. class Function:
66.     def __init__(self, addr):
67.         self.addr = addr
68.         self.blocks = []
69.     def add_block(self, bb):
70.         self.blocks.append(bb)
71.     def blocks(self):
72.         return self.blocks
73.  
74. def save_instruction(ea):
75.     #print("Save Instruction")
76.     insn = idaapi.insn_t()
77.     insnLen = idaapi.decode_insn(insn, ea)
78.     i = Instruction(ea, insnLen)
79.     #print(i.type())
80.     DATA_SIZE = {dt_byte: 1, dt_word: 2, dt_dword: 4, dt_tbyte: 4, dt_float: 4, dt_qword: 8, dt_double: 8, dt_byte16: 16}
81.     SEG_NAMES = {0: kSegNone, 29: kSegNone, 31: kSegSS, 32: kSegDS, 34: kSegGS}
82.     for oidx in range(8):
83.         operand = insn.ops[oidx]
84.         segrg  = (operand.specval & 0xffff0000) >> 16
85.         segsel = (operand.specval & 0x0000ffff) >> 0
86.         #print("---")
87.         #print(operand.type)
88.         #print(f"segreg: {segrg} segsel: {segsel}")
89.  
90.  
91.         if operand.type == ida_ua.o_reg:
92.             reg = operand.reg
93.             #print(f"reg: {get_reg_name(reg,DATA_SIZE[operand.dtype])}")
94.             tmp = Operand(kOperandReg, get_reg_name(reg,DATA_SIZE[operand.dtype]), None, None, None, None, kSegNone)
95.             i.add_operand(tmp)
96.             #print("Saved - kOperandReg")
97.         elif operand.type == ida_ua.o_displ or operand.type == ida_ua.o_phrase or operand.type == ida_ua.o_mem:
98.             sib = operand.specflag2
99.             hasSIB = operand.specflag1
100.             #print("HAS SIB: " + str(hasSIB))
101.             base = sib  & 7
102.             #print(f"{hex(ea)} - " + idc.generate_disasm_line(ea, 1))
103.             base_size = DATA_SIZE[operand.dtype]
104.             index = (sib >> 3) & 7
105.             index_size = DATA_SIZE[operand.dtype]
106.             scale = (sib >> 6) & 3
107.             disp = operand.addr
108.             reg = operand.reg
109.             #print(f"{hex(ea)} - " + idc.generate_disasm_line(ea, 1))
110.             seg = SEG_NAMES[segrg]
111.  
112.             #print(f"reg: {get_reg_name(reg,base_size)} base: {get_reg_name(base,base_size)} idx: {get_reg_name(index,index_size)} scale: {scale*2} disp: {hex(disp)}")
113.  
114.             if not hasSIB:
115.                 reg = get_reg_name(reg,base_size)
116.                 if operand.type == ida_ua.o_mem:
117.                     reg = None
118.                 tmp = Operand(kOperandMemory, reg, None, None, disp, None, seg)
119.                 i.add_operand(tmp)
120.             else:
121.                 if operand.type == ida_ua.o_mem:
122.                     tmp = Operand(kOperandMemory, get_reg_name(index,index_size), None, scale*2, disp, None, seg)
123.                     i.add_operand(tmp)
124.                 else:
125.                     tmp = Operand(kOperandMemory, get_reg_name(base,base_size), get_reg_name(index,index_size), scale*2, disp, None, seg)
126.                     i.add_operand(tmp)
127.  
128.             #print("Saved - kOperandMemory")
129.         elif operand.type == ida_ua.o_imm:
130.             value = operand.value
131.             #print(f"value: {hex(value)}")
132.             tmp = Operand(kOperandImmediate, None, None, None, None, value, kSegNone)
133.             i.add_operand(tmp)
134.             #print("Saved - kOperandImmediate")
135.         elif operand.type == ida_ua.o_near:
136.             value = operand.addr
137.             #print(f"value: {hex(value)}")
138.             tmp = Operand(kOperandBranch, None, None, None, None, value, kSegNone)
139.             i.add_operand(tmp)
140.             #print("Saved - kOperandBranch")
141.         else:
142.             tmp = Operand(kOperandNone, None, None, None, None, None, None)
143.             i.add_operand(tmp)
144.     #print("Saved")
145.     return i