parent
20b24010c9
commit
f1a7e02520
@ -1,64 +1,64 @@
|
||||
import idautils
|
||||
import idc
|
||||
import idaapi
|
||||
|
||||
# Get the start and end addresses of .data segment
|
||||
data_seg = idaapi.get_segm_by_name('.data')
|
||||
if data_seg:
|
||||
data_start, data_end = data_seg.start_ea, data_seg.end_ea
|
||||
else:
|
||||
print("Error: .data segment not found.")
|
||||
exit()
|
||||
|
||||
global_vars = {}
|
||||
|
||||
# Traverse all functions in the IDB
|
||||
for function_ea in idautils.Functions():
|
||||
# Traverse all instruction addresses in the current function
|
||||
for instruction_ea in idautils.FuncItems(function_ea):
|
||||
# Check if the instruction operates on a memory location
|
||||
if idc.is_loaded(idc.get_operand_value(instruction_ea, 1)):
|
||||
# Get the segment address of the memory location
|
||||
seg_ea = idaapi.getseg(idc.get_operand_value(instruction_ea, 1)).start_ea
|
||||
|
||||
# Check if the segment is the .data segment
|
||||
if seg_ea == data_start:
|
||||
# Get the name of the global variable being accessed
|
||||
global_var_name = idc.get_name(idc.get_operand_value(instruction_ea, 1))
|
||||
|
||||
# If the global variable is not already in the dictionary, add it
|
||||
if global_var_name not in global_vars:
|
||||
global_vars[global_var_name] = {'refs': [], 'calls': []}
|
||||
|
||||
# Add the current instruction address to the list of references for the current global variable
|
||||
global_vars[global_var_name]['refs'].append(instruction_ea)
|
||||
|
||||
# Check if the next instruction is a call instruction
|
||||
if idaapi.is_call_insn(instruction_ea + idaapi.get_item_size(instruction_ea)):
|
||||
# Get the address being called
|
||||
call_instr_ea = instruction_ea + idaapi.get_item_size(instruction_ea)
|
||||
call_ea = idc.get_operand_value(call_instr_ea, 0)
|
||||
|
||||
# If the call is to a function, add it to the list of calls for the current global variable
|
||||
if idaapi.get_func(call_ea):
|
||||
global_vars[global_var_name]['calls'].append((call_ea, call_instr_ea))
|
||||
|
||||
# Output the results to the console
|
||||
for global_var_name, info_dict in global_vars.items():
|
||||
print(".data ptr: %s" % global_var_name)
|
||||
|
||||
if info_dict['refs']:
|
||||
print(" References:")
|
||||
for ref_ea in info_dict['refs']:
|
||||
func = idaapi.get_func(ref_ea)
|
||||
func_ea = func.start_ea
|
||||
func_name = idaapi.get_func_name(func_ea)
|
||||
print(" 0x%x in function %s" % (ref_ea, func_name))
|
||||
|
||||
if info_dict['calls']:
|
||||
print(" Calls:")
|
||||
for call_ea, call_instr_ea in info_dict['calls']:
|
||||
unc = idaapi.get_func(call_ea)
|
||||
func_ea = func.start_ea
|
||||
func_name = idaapi.get_func_name(func_ea)
|
||||
print(" Function %s (called at: 0x%x)" % (func_name, call_instr_ea))
|
||||
import idautils
|
||||
import idc
|
||||
import idaapi
|
||||
|
||||
# Get the start and end addresses of .data segment
|
||||
data_seg = idaapi.get_segm_by_name('.data')
|
||||
if data_seg:
|
||||
data_start, data_end = data_seg.start_ea, data_seg.end_ea
|
||||
else:
|
||||
print("Error: .data segment not found.")
|
||||
exit()
|
||||
|
||||
global_vars = {}
|
||||
|
||||
# Traverse all functions in the IDB
|
||||
for function_ea in idautils.Functions():
|
||||
# Traverse all instruction addresses in the current function
|
||||
for instruction_ea in idautils.FuncItems(function_ea):
|
||||
# Check if the instruction operates on a memory location
|
||||
if idc.is_loaded(idc.get_operand_value(instruction_ea, 1)):
|
||||
# Get the segment address of the memory location
|
||||
seg_ea = idaapi.getseg(idc.get_operand_value(instruction_ea, 1)).start_ea
|
||||
|
||||
# Check if the segment is the .data segment
|
||||
if seg_ea == data_start:
|
||||
# Get the name of the global variable being accessed
|
||||
global_var_name = idc.get_name(idc.get_operand_value(instruction_ea, 1))
|
||||
|
||||
# If the global variable is not already in the dictionary, add it
|
||||
if global_var_name not in global_vars:
|
||||
global_vars[global_var_name] = {'refs': [], 'calls': []}
|
||||
|
||||
# Add the current instruction address to the list of references for the current global variable
|
||||
global_vars[global_var_name]['refs'].append(instruction_ea)
|
||||
|
||||
# Check if the next instruction is a call instruction
|
||||
if idaapi.is_call_insn(instruction_ea + idaapi.get_item_size(instruction_ea)):
|
||||
# Get the address being called
|
||||
call_instr_ea = instruction_ea + idaapi.get_item_size(instruction_ea)
|
||||
call_ea = idc.get_operand_value(call_instr_ea, 0)
|
||||
|
||||
# If the call is to a function, add it to the list of calls for the current global variable
|
||||
if idaapi.get_func(call_ea):
|
||||
global_vars[global_var_name]['calls'].append((call_ea, call_instr_ea))
|
||||
|
||||
# Output the results to the console
|
||||
for global_var_name, info_dict in global_vars.items():
|
||||
print(".data ptr: %s" % global_var_name)
|
||||
|
||||
if info_dict['refs']:
|
||||
print(" References:")
|
||||
for ref_ea in info_dict['refs']:
|
||||
func = idaapi.get_func(ref_ea)
|
||||
func_ea = func.start_ea
|
||||
func_name = idaapi.get_func_name(func_ea)
|
||||
print(" 0x%x in function %s" % (ref_ea, func_name))
|
||||
|
||||
if info_dict['calls']:
|
||||
print(" Calls:")
|
||||
for call_ea, call_instr_ea in info_dict['calls']:
|
||||
func = idaapi.get_func(call_ea)
|
||||
func_ea = func.start_ea
|
||||
func_name = idaapi.get_func_name(func_ea)
|
||||
print(" Function %s (called at: 0x%x)" % (func_name, call_instr_ea))
|
||||
|
Loading…
Reference in new issue