idapython: how to apply hexrays types to disassembly interface
Reverse Engineering Asked by R4444 on December 7, 2020
I am using idapro 7.5 to get variable information from binaries.
Consider following simple code:
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
int i, N, array[10];
N = atoi(argv[10]);
array[N] = N;
array[12] = N;
array[0] = 8;
for(i=0 ; i<N ; i++)
array[i] = N;
printf("%d %dn", array[12], array[5]);
return 0;
}
Using idapython, I can get function information like stack variables, their sizes, types, etc. using something like –
for ea in idautils.Functions():
for mem in ida_struct.get_struc(idc.get_frame_id(ea)).members:
name = ida_struct.get_member_name(mem.id)
size = ida_struct.get_member_size(mem)
offset = mem.get_soff()
Similarly, I can get global variable information like their name and addresses.
Now, this works fine (particularly in above binary) and I can get array with a size of 12 on correct offset (this makes sense, as I have compiled binary using -g).
But, when I strip the binary, I can’t get array size correctly with the above code (this is expected). When I use hex rays –
Here, ida decompiler was able to recover correct array bounds using decompiler algorithms. And I can also synchronize this with disassembly interface using Synchronize with option in Gui (I assume synchronize function is used to apply predicted types or other information to disassembly interface – I maybe wrong here, please forgive my ignorance).
I would like to know if there is any way I can do that using idapython (I can see some endpoints like sync_sources in ida_kernwin), so that I can use the above code to get variable properties predicted using hex rays. I am familiar with ghidra and you can apply ghidra decompiler predictions to the listing analysis (just like synchronization in ida) using:
HighFunctionDBUtil.commitLocalsToDatabase(high_func, SourceType.ANALYSIS)
Thus variables get updated in the analysis.
Edit: I can manually get function variables using hexrays decompiler
interface like –def get_local_vars(ea, stack_size): # can be used to get member size, type, etc. for var in ida_hexrays.decompile(ea).get_lvars(): print(var.name) print(-stack_size + var.get_stkoff()) print(var.width)Still, I was not able to find an automatic way to apply hexrays
decompiler interface or sync hexrays decompiler interface with
disassembly interface.
Add your own answers!
Ask a Question
Get help from others!
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?
Recent Answers
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?