/
defeat_api_hammering.py
40 lines (32 loc) · 1.06 KB
/
defeat_api_hammering.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import idaapi
import idautils
import ida_hexrays
hammering_apis = []
def cbImport(ea, name, ordinal):
# Count num of calls to the API
xrefs = list(idautils.CodeRefsTo(ea, 0))
num_calls = len(xrefs)
print(f"[+] Num of calls {name} API is {num_calls}")
if num_calls > 400:
hammering_apis.append(name)
# Continue enumeration
return True
num_imports = idaapi.get_import_module_qty()
for i in range(num_imports):
name = idaapi.get_import_module_name(i)
# Enumerate module imports
idaapi.enum_import_names(i, cbImport)
class myhooks_t(ida_hexrays.Hexrays_Hooks):
# Hook function printing notification
def func_printed(self, cfunc):
i = 0
code = cfunc.pseudocode
while i < len(code):
# Erase the pseudocode line if it contains one of the bad APIs
if any(api in code[i].line for api in hammering_apis):
code.erase(code[i])
continue
i += 1
return 0
myhooks = myhooks_t()
myhooks.hook()