Skip to content

Instantly share code, notes, and snippets.

@herrcore

herrcore/label_enums.py

Created October 8, 2021 03:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save herrcore/2a20f1adeabe1f3233201dbf5f31f7c4 to your computer and use it in GitHub Desktop.
Save herrcore/2a20f1adeabe1f3233201dbf5f31f7c4 to your computer and use it in GitHub Desktop.
Download ZIP
IDA label enums - use to label hashes in an dynamic import address table
Raw
label_enums.py
#############################################################
##
## Highlight enum data and call label_enums()
##
## Each enum address will be named after the enum value it contains
## This can be used to create an IAT struct
##
###############################################################
def enum_to_string(ea, enum_name):
enum_id = idc.get_enum(enum_name)
if enum_id == idc.BADADDR:
return None
enum_value = ida_bytes.get_dword(ea)
eid = idc.get_enum_member(enum_id, enum_value, 0, 0)
if eid == idc.BADADDR:
return None
e_str = idc.get_enum_member_name(eid)
return e_str
def label_enums():
start = idc.read_selection_start()
end = idc.read_selection_end()
if idaapi.BADADDR in (start, end):
ea = idc.here()
start = idaapi.get_item_head(ea)
end = idaapi.get_item_end(ea)
# Loop through selection and guess types
ea = start
types = []
while ea <= end:
type_name = idc.guess_type(ea)
if type_name != None:
types.append(type_name)
ea += 4
# Choose enum based on most common type
top_type = max(set(types), key = types.count)
# Check if it's a valid enum
enum_id = idc.get_enum(top_type)
if enum_id == idc.BADADDR:
print("Bad enum found: %s" % top_type)
return
# Loop through selection and label according to enum
ea = start
while ea <= end:
enum_member_name = enum_to_string(ea, top_type)
if enum_member_name != None:
idc.set_name(ea, "ptr_"+enum_member_name, idc.SN_CHECK)
ea += 4
return
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment