-
Notifications
You must be signed in to change notification settings - Fork 0
/
GADHash.py
75 lines (57 loc) · 1.72 KB
/
GADHash.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
from idc import *
from idaapi import *
from idautils import *
import os
import hashlib
import re
def main():
autoWait()
#first_ea = MinEA()
inDir = get_input_file_path()
inDir = inDir.replace(get_root_filename(), "")
text_file = open(inDir + "Output.txt", "a")
#text_file.write("[DEBUG] Starting to hash file %s\n" % (get_root_filename()))
for first_ea in Segments():
for funcea in Functions(SegStart(first_ea), SegEnd(first_ea)):
funcLen = 0
functionName = GetFunctionName(funcea)
funcType = GetType(funcea)
if(funcType is None):
continue
#print("[DEBUG] Moving to function %s" % (hex(funcea)))
concat = ""
for (startea, endea) in Chunks(funcea):
for head in Heads(startea, endea):
opnum = op_count(head)
name = GetMnem(head)
for i in range(0, opnum):
optype, val = op(head, i)
if(optype == 1):
name = name + " R,"
else:
name = name + " ADDR,"
funcLen = funcLen + 1
concat = concat + name
if(funcLen <= 20):
continue
m = hashlib.md5()
m.update(concat)
my_hash = m.hexdigest()
#print("[DEBUG] Created hash %s for function %s\n" % (my_hash, hex(funcea)))
text_file.write("%s, %s, %s, %d\n" % (my_hash, functionName, hex(funcea), funcLen))
text_file.close()
idc.Exit(0)
def op_count(ea):
'''Return the number of operands of given instruction'''
length = idaapi.decode_insn(ea)
for c,v in enumerate(idaapi.cmd.Operands):
if v.type == idaapi.o_void:
return c
continue
# maximum operand count. ida might be wrong here...
return c
def op(ea, n):
'''Returns a tuple describing a specific operand of an instruction'''
return (idc.GetOpType(ea, n), idc.GetOperandValue(ea, n))
if __name__ == '__main__':
main()