Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SeqPat doesn't work #8

Open
gnole opened this issue Apr 17, 2024 · 4 comments
Open

SeqPat doesn't work #8

gnole opened this issue Apr 17, 2024 · 4 comments

Comments

@gnole
Copy link

gnole commented Apr 17, 2024

start_from = container.index(instructions) in check(...) always None.
@Mizari
Copy link
Owner

Mizari commented Apr 18, 2024

Could you please provide your IDA Pro version and the code you're trying to use pattern on?

@gnole
Copy link
Author

gnole commented Apr 18, 2024

I use Ida pro 8.3 (32bit). I have this source code:

#include <iostream>
#include <fstream>

class FileHandler {
private:
    std::ofstream file;

public:
    FileHandler(const std::string& filename) {
        file.open(filename);
    }

    ~FileHandler() {
        file.close();
    }

    template <typename T>
    FileHandler& write(const T& data) {
        file << data;
        return *this;
    }

    template <typename T>
    FileHandler& operator<<(const T& data) {
        return write(data);
    }

};
int callDebug(){return 0;}

int main() {
    volatile int debug;
    FileHandler fh("output.txt");
    fh << "start";
    debug = callDebug();
    fh << "q"
       << "w" << "e"
       << "r" << "t"
       << "y" << "!";
    return debug;
}

I compile it with this command:

g++ -o intel32 test.cpp -g0 -m32

Output Ida pro:

  ...
  v11 = callDebug();
  v3 = FileHandler::operator<<<char [3]>(v13, "q\n");
  v4 = FileHandler::operator<<<char [3]>(v3, "w\n");
  v5 = FileHandler::operator<<<char [3]>(v4, "e\n");
  v6 = FileHandler::operator<<<char [3]>(v5, "r\n");
  v7 = FileHandler::operator<<<char [3]>(v6, "t\n");
  v8 = FileHandler::operator<<<char [3]>(v7, "y\n");
  FileHandler::operator<<<char [3]>(v8, "!\n");
  ...

I want to output the first FileHandler::operator<<<char [3]> after callDebug . I used the old version (Aug 2023) and this pattern worked, but in the new version it doesn't return anything.
my code:

import idaapi
from herapi import *
from pprint import pprint


class FunctionRenamer(Scheme):
    def __init__(self, func):
        print("[herast] Init FunctionRenamer")
        pattern = SeqPat(
                            AsgInsnPat(AnyPat(), CallPat(0x0000133D, ignore_arguments=True)), #v11 = callDebug();
                            AsgInsnPat(AnyPat(), CallPat(func, AnyPat(), DeepExprPat(AnyPat(),  bind_name="a1"), skip_missing=True)) #v3 = FileHandler::operator<<<char [2]>(v13, "q");
                        )             
        super().__init__(pattern) 
  
    def on_matched_item(self, item, ctx: MatchContext) ->  ASTPatch|None:       
        func_ea = ctx.ast_ctx.func_addr
        s = ctx.get_item("a1")
        name = s.print1(None)       
        name = idaapi.tag_remove(name)
        name = idaapi.str2user(name)
        name = name[2:-2]
        print(hex(func_ea), name)        
        return None

def do_renames(func):
    scheme = FunctionRenamer(func)
    match_objects_xrefs(scheme, func)
  
do_renames(0x00001834) #FileHandler::operator<<<char [2]>
print("[herast] end")

@gnole
Copy link
Author

gnole commented Apr 22, 2024

container.index(instruction) cannot find the correct index and always returns none

@lab313ru
Copy link

Confirming. Warning about [!] Got an exception during scheme checking: unsupported operand type(s) for +: 'NoneType' and 'int' related to this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Mizari @lab313ru @gnole