-
Notifications
You must be signed in to change notification settings - Fork 3
/
ApiCallGraph.py
43 lines (36 loc) · 1.51 KB
/
ApiCallGraph.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
class ApiCall(object):
def __init__(self, address, name):
self.address = address
self.name = name
self.called_functions = [] # List of subsequent external calls
def hook_call(call_site, from_addr, to_addr):
if from_addr != get_func_start(to_addr):
name = Name(to_addr)
new_call = ApiCall(to_addr, name)
api_calls.append(new_call)
# Analyze potential subsequent external calls within the function
for inner_call_site in FuncCalls(to_addr):
inner_call_addr = get_target_ea(inner_call_site)
if inner_call_addr and from_addr != get_func_start(inner_call_addr):
new_call.called_functions.append(inner_call_addr)
# Initialize empty list to store ApiCall objects
api_calls = []
# Hook code analysis event
HookCode(hook_call, "find_code")
# Analyze the entire loaded ida database
idc.AnalyzeArea(MinEA(), idc.BADADDR)
# Print extracted API call graphs (addresses only)
print("Extracted API Call Graphs:")
for call in api_calls:
print(f"\t- Starting Address: {hex(call.address)}")
print(f"\t- Subsequent Calls:")
for inner_call in call.called_functions:
print(f"\t\t- {hex(inner_call)}")
# Optional: Print call names if available (might be incomplete)
print("\nExtracted API Call Graphs (with names - might be incomplete):")
for call in api_calls:
print(f"\t- Starting Address: {hex(call.address)} ({call.name})")
print(f"\t- Subsequent Calls:")
for inner_call in call.called_functions:
inner_name = Name(inner_call)
print(f"\t\t- {hex(inner_call)} ({inner_name})")