1. Advisor
  2. vivisect
  3. functions
  4. vivisect.const.EXP_FUNCTION
View all vivisect analysis

How to use the vivisect.const.EXP_FUNCTION function in vivisect

To help you get started, we’ve selected a few vivisect examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github fireeye / flare-dbg / flaredbg / flaredbg.py View on Github external
self.vw._snapInAnalysisModules()
            else:
                import vivisect.parsers.pe
                import envi.memory
                import vivisect.const
                defcall = vivisect.parsers.pe.defcalls.get(self.arch)
                self.vw.setMeta("DefaultCall", defcall)
                self.vw.addMemoryMap(va, envi.memory.MM_RWX, "", bytes)
                pe = None
                if utils.is_legit_pe(bytes):
                    pe = utils.get_pe_obj(va)
                if not entry_point and pe:
                    entry_point = pe.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint + va
                if entry_point:
                    self.vw.addEntryPoint(entry_point)
                    self.vw.addExport(entry_point, vivisect.const.EXP_FUNCTION, '__entry', '')
                if pe:
                    self.vw.addVaSet("Library Loads",
                                     (("Address", vivisect.const.VASET_ADDRESS), ("Library", vivisect.const.VASET_STRING)))
                    self.vw.addVaSet('pe:ordinals',
                                     (('Address', vivisect.const.VASET_ADDRESS), ('Ordinal', vivisect.const.VASET_INTEGER)))
                    # Add exports
                    for rva, _, expname in pe.getExports():
                        self.vw.addExport(
                            va + rva, vivisect.const.EXP_UNTYPED, expname, '')
                    # Add imports
                    for rva, lname, iname in pe.getImports():
                        if self.vw.probeMemory(rva + va, 4, envi.memory.MM_READ):
                            self.vw.makeImport(rva + va, lname, iname)

                self.vw._snapInAnalysisModules()
github williballenthin / viv-utils / viv_utils / idaloader.py View on Github external
for segstart in idautils.Segments():
        segname = idc.SegName(segstart)
        segbuf = get_segment_data(segstart)

        if segbuf is None:
            raise RuntimeError('failed to read segment data')

        logger.debug('mapping section %s with %x bytes', segname, len(segbuf))
        vw.addMemoryMap(segstart, envi.memory.MM_RWX, segname, segbuf)
        vw.addSegment(segstart, len(segbuf), segname, filename)

    for ea, ordinal, name in get_exports():
        logger.debug('marking export %s at %x', name, ea)
        vw.addEntryPoint(ea)
        vw.addExport(ea, vivisect.const.EXP_FUNCTION, name, filename)

    for ea, dllname, name, ordinal in get_imports():
        logger.debug('marking import %s!%s at %x', dllname, name, ea)
        vw.makeImport(ea, dllname, name)

    logger.debug('running vivisect auto-analysis')
    vw.analyze()

    for fva in get_functions():
        logger.debug('marking function %s at %x', idc.GetFunctionName(fva), fva)
        vw.makeFunction(fva)
        vw.makeName(fva, idc.GetFunctionName(fva))

    # can only set thunk-ness after a function is defined.
    for ea, dllname, name, ordinal in get_imports():
        try:

vivisect

Pure python disassembler, debugger, emulator, and static analysis framework

GitHub
Apache-2.0
Latest version published 2 months ago

Package Health Score

80 / 100
Full package analysis

Popular vivisect functions

Similar packages