函数功能相关
idc?
http://www.cnblogs.com/fply/p/8506225.html?
創建函數
MakeFunction(start, end = idaapi.BADADDR)
?
刪除函數
?DelFunction(ea)
?
修數結束位置
SetFunctionEnd(ea, end)
查找下一個函數
NextFunction(ea)
上一個函數
PrevFunction(ea)
?
獲取設置函數屬性
GetFunctionAttr(ea, attr)
SetFunctionAttr(ea, attr, value)
?
FUNCATTR_START = 0 # function start address FUNCATTR_END = 4 # function end address FUNCATTR_FLAGS = 8 # function flags FUNCATTR_FRAME = 10 # function frame id FUNCATTR_FRSIZE = 14 # size of local variables FUNCATTR_FRREGS = 18 # size of saved registers area FUNCATTR_ARGSIZE = 20 # number of bytes purged from the stack FUNCATTR_FPD = 24 # frame pointer delta FUNCATTR_COLOR = 28 # function color code FUNCATTR_OWNER = 10 # chunk owner (valid only for tail chunks) FUNCATTR_REFQTY = 14 # number of chunk parents (valid only for tail chunks)# Redefining the constants for 64-bit if __EA64__:FUNCATTR_START = 0FUNCATTR_END = 8FUNCATTR_FLAGS = 16FUNCATTR_FRAME = 18FUNCATTR_FRSIZE = 26FUNCATTR_FRREGS = 34FUNCATTR_ARGSIZE = 36FUNCATTR_FPD = 44FUNCATTR_COLOR = 52FUNCATTR_OWNER = 18FUNCATTR_REFQTY = 26_FUNCATTRMAP = {FUNCATTR_START : (True, 'startEA'),FUNCATTR_END : (True, 'endEA'),FUNCATTR_FLAGS : (False, 'flags'),FUNCATTR_FRAME : (True, 'frame'),FUNCATTR_FRSIZE : (True, 'frsize'),FUNCATTR_FRREGS : (True, 'frregs'),FUNCATTR_ARGSIZE : (True, 'argsize'),FUNCATTR_FPD : (False, 'fpd'),FUNCATTR_COLOR : (False, 'color'),FUNCATTR_OWNER : (True, 'owner'),FUNCATTR_REFQTY : (True, 'refqty') }?
獲取函數flag
GetFunctionFlags(ea)
SetFunctionFlags(ea, flags)
FUNC_NORET = idaapi.FUNC_NORET # function doesn't return FUNC_FAR = idaapi.FUNC_FAR # far function FUNC_LIB = idaapi.FUNC_LIB # library function FUNC_STATIC = idaapi.FUNC_STATICDEF # static function FUNC_FRAME = idaapi.FUNC_FRAME # function uses frame pointer (BP) FUNC_USERFAR = idaapi.FUNC_USERFAR # user has specified far-ness# of the function FUNC_HIDDEN = idaapi.FUNC_HIDDEN # a hidden function FUNC_THUNK = idaapi.FUNC_THUNK # thunk (jump) function FUNC_BOTTOMBP = idaapi.FUNC_BOTTOMBP # BP points to the bottom of the stack frame FUNC_NORET_PENDING = idaapi.FUNC_NORET_PENDING # Function 'non-return' analysis# must be performed. This flag is# verified upon func_does_return() FUNC_SP_READY = idaapi.FUNC_SP_READY # SP-analysis has been performed# If this flag is on, the stack# change points should not be not# modified anymore. Currently this# analysis is performed only for PC FUNC_PURGED_OK = idaapi.FUNC_PURGED_OK # 'argsize' field has been validated.# If this bit is clear and 'argsize'# is 0, then we do not known the real# number of bytes removed from# the stack. This bit is handled# by the processor module. FUNC_TAIL = idaapi.FUNC_TAIL # This is a function tail.# Other bits must be clear# (except FUNC_HIDDEN)?
獲取函數名
GetFunctionName(ea)
?
獲取函數i注釋
GetFunctionCmt(ea, repeatable)
SetFunctionCmt(ea, cmt, repeatable)
?
用戶選擇一個函數 與ctrl+p相同功能
ChooseFunction(title)
?
獲取函數 地址+函數名信息
GetFuncOffset(ea)
?
FindFuncEnd(ea)
"""
Determine a new function boundaries
?
GetFrame(ea)
"""
Get ID of function frame structure
GetFrameLvarSize(ea)
GetFrameRegsSize(ea)
"""
Get size of saved registers in function frame
?
GetSpd(ea)
"""
Get current delta for the stack pointer
?
GetSpDiff(ea)
Get modification of SP made by the instruction
?
SetSpDiff(ea, delta):
"""
Setup modification of SP made by the instruction
轉載于:https://www.cnblogs.com/fply/p/8506225.html
總結
