So I wrote simple perl script for IDA Pro to automate this boring work. Sample of output for KseEngine:
_KseQueryDeviceFlags@12: 74A6C1 addr 74A6E2
_KseQueryDeviceData@20: 74A75B addr 74A77A
_KseQueryDeviceDataList@16: 7A5E74 addr 7A5E95
_KseSetDeviceFlags@16: 7A672D addr 7A6760
_KseUnregisterShim@12: 7A692B addr 7A698B
use strict; use warnings; use IDA; sub enum_exports { my $href = shift; my $qty = GetEntryPointQty(); return if ( !$qty ); my($i, $addr, $res); $res = 0; for ( $i = 0; $i < $qty; $i++ ) { $addr = GetEntryOrdinal($i); next if ( !$addr ); $addr = GetEntryPoint($addr); next if ( !$addr ); # check if this addr already known - one symbol can have lots of exported names next if ( exists $href->{$addr} ); # check if this symbol is function my $addr = GetFunctionAttr($addr, 0); next if ( $addr == -1 or $addr == BADADDR ); # o`k, lets add it $href->{$addr}++; $res++; } return $res; } # main my(%exfuncs, $iter, $addr); enum_exports(\%exfuncs); $addr = ScreenEA(); # enum all xrefs to this addr for ( $iter = DfirstB($addr); $iter != BADADDR; $iter = DnextB($addr, $iter) ) { # get function start my $faddr = GetFunctionAttr($iter, 0); next if ( $faddr == -1 or $faddr == BADADDR ); next if ( ! exists $exfuncs{$faddr} ); my $name = GetFunctionName($faddr); printf("%s: %X addr %X\n", $name, $faddr, $iter); }
Комментариев нет:
Отправить комментарий