我们从Python开源项目中,提取了以下7个代码示例,用于说明如何使用idautils.CodeRefsFrom()。
def __init__(self, addr): self.addr = addr self.dests = set(idautils.CodeRefsFrom(addr, True)) self.jmps = set(idautils.CodeRefsFrom(addr, False)) falls = self.dests - self.jmps self.fall = list(falls)[0] if falls else None
def refine_results(self): likely_retag = 0 fp_retag = 0 fn_retag = 0 for rtn_addr, candidates in self.functions_candidates.items(): for addr in sorted(candidates): res = self.results[addr] val = sum([x in res.predicate for x in ["(0 :: 2)", "7x", "7y", u"²"]]) final_status = res.status alive, dead = res.alive_branch, res.dead_branch if res.status == self.po.NOT_OPAQUE: if val != 0: fn_retag += 1 final_status = self.po.OPAQUE jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0] next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0] alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target) self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr]) elif res.status == self.po.OPAQUE: if val == 0: fp_retag += 1 final_status = self.po.NOT_OPAQUE elif res.status == self.po.LIKELY: if val == 0: final_status = self.po.NOT_OPAQUE else: final_status = self.po.OPAQUE jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0] next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0] alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target) self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr]) likely_retag += 1 self.results[addr] = AddrRet(final_status, res.k, res.dependency, res.predicate, res.distance, alive, dead) print "Retag: FP->OK:%d" % fp_retag print "Retag: FN->OP:%d" % fn_retag print "Retag: Lkl->OK:%d" % likely_retag
def make_po_pair(ea, alive): dead = [x for x in idautils.CodeRefsFrom(ea, True) if x != alive] return alive, dead[0]
def propagate_dead_code(self, ea, op_map): prevs = [x for x in idautils.CodeRefsTo(ea, True) if x not in self.marked_addresses and not self.dead_br_of_op(ea, x, op_map)] if prevs: # IF there is no legit predecessors idc.SetColor(ea, idc.CIC_ITEM, 0x0000ff) self.marked_addresses[ea] = None succs = [x for x in idautils.CodeRefsFrom(ea, True)] for succ in succs: self.propagate_dead_code(succ, op_map) else: return
def get_succs(ea): return [x for x in idautils.CodeRefsFrom(ea, True)]
def _feature_syscalls(self,f_ea): ''' get how many system calls are made within current function, which include (may not limited) 1.direct sys call 2.indirect call from callee recursively prior feature: null ''' calleetree = {} syscallcount = [] calleetree[f_ea] = get_callees(f_ea) for ea in calleetree[f_ea]: fname = idc.GetFunctionName(ea) if fname in self.syscalls:# syscallcount.append(fname) #better record the syscalls name of address return len(syscallcount), syscallcount # for ea in function_eas: # xrefs = idautils.CodeRefsFrom(ea, False) # for xref in xrefs: # if not (xref in function_eas): # callees.append(xref) ''' the above commented is one level, below is recursively '''
def GetCallees(ea): function_eas = list(GetEAsInFunction(ea)) visited_functions = [] callees = [] for ea in function_eas: xrefs = idautils.CodeRefsFrom(ea, False) for xref in xrefs: if not (xref in function_eas): callees.append(xref) return callees
