There is not sark api for SetType / ApplyType
Closed this issue · 6 comments
if I want to write a script that applies a function prototype I cannot do this from sark and have to to fall back to IDAPython with SetType / ApplyType.
Do you have a usage example?
I'd be happy to add this to Sark.
In linux binaries compiled with -fPIE (here) IDA is is not able to get the function signatures to propagate to the .plt.got functions. here's a script that fixes that problem and sets the right prototypes.
import sark
def get_seg_by_name(name):
for seg in sark.segments():
if seg.name == name:
return seg
return None
def fix_pie_func(addr=None, reg='ebx'):
if not addr:
addr = sark.Line()
# get got
got = get_seg_by_name('.got')
insn = addr.insn
if insn.mnem != 'jmp' or len(insn.operands) != 1:
return
opnd = insn.operands[0]
if opnd.reg != reg:
return
offset = opnd.offset
name = None
proto = None
got_line = list(got.lines)[offset / sark.get_native_size()]
for dref in got_line.drefs_from:
dref_addr = sark.Line(dref)
name = dref_addr.name
proto = GetType(dref_addr.ea)
if name:
break
else:
print "couldn't find name for {}".format(got_line.name)
return
sark.Function(addr).name = '{}_0'.format(name)
if proto:
SetType(addr.ea, proto)
def fix_pie(reg='ebx'):
for func in get_seg_by_name('.plt.got').functions:
fix_pie_func(next(func.lines), reg)Any preferences as to the API style? f.set_type(...) vs f.type = .... vs something else?
I like f.type = better
Thanks!
Care to take a look at the PR?
I am still conflicted regarding a solution for ApplyType, as I want to be able to retrieve the type object as well. So it can't be the same property. Unless...
I can allow assigning both strings and type objects, that's easy.
As for the return type, I can return a wrapper around the type info, which readily converts to string. I'm not if that's a good course, though. Any opinions?
LGTM :-)