kung foo man
11th April 2016, 23:39
I played a bit with IDAPython, it's quite simple to print all references to a specific function:
Make a file called dumpxrefs.py and edit the address as you need:
for xref in XrefsTo(0x080681A4, flags=0):
print xref.type, XrefTypeName(xref.type), 'from', hex(xref.frm), 'to', hex(xref.to)
Or more dynamic, set a dialog to input the address when you call the script:
for xref in XrefsTo(idaapi.askaddr(0, "Enter target address"), flags=0):
print xref.type, XrefTypeName(xref.type), 'from', hex(xref.frm), 'to', hex(xref.to)
Open the file from this menu (meh, shorter way: File -> Python file...):
1089
Then just select dumpxrefs.py in the File Dialog and it will run, printing this in the console:
1090
You can copy the result then and paste it in your serious_insights_about_my_current_project.txt, because these xrefs are (at least for me) often the most important hints to get further clues about something.
Documentation for IDAPython: https://www.hex-rays.com/products/ida/support/idapython_docs/
Interesting things done with IDAPython (by a malware analyzer): http://www.openrce.org/articles/full_view/11
(http://www.openrce.org/articles/full_view/11)Oops, "File -> Python file..." is much faster.
Make a file called dumpxrefs.py and edit the address as you need:
for xref in XrefsTo(0x080681A4, flags=0):
print xref.type, XrefTypeName(xref.type), 'from', hex(xref.frm), 'to', hex(xref.to)
Or more dynamic, set a dialog to input the address when you call the script:
for xref in XrefsTo(idaapi.askaddr(0, "Enter target address"), flags=0):
print xref.type, XrefTypeName(xref.type), 'from', hex(xref.frm), 'to', hex(xref.to)
Open the file from this menu (meh, shorter way: File -> Python file...):
1089
Then just select dumpxrefs.py in the File Dialog and it will run, printing this in the console:
1090
You can copy the result then and paste it in your serious_insights_about_my_current_project.txt, because these xrefs are (at least for me) often the most important hints to get further clues about something.
Documentation for IDAPython: https://www.hex-rays.com/products/ida/support/idapython_docs/
Interesting things done with IDAPython (by a malware analyzer): http://www.openrce.org/articles/full_view/11
(http://www.openrce.org/articles/full_view/11)Oops, "File -> Python file..." is much faster.