Package pida :: Module module :: Class module
[show private | hide private]
[frames | no frames]

Type module

object --+    
         |    
     graph --+
             |
            module


Method Summary
  __init__(self, name, signature, depth, analysis)
Analysis of an IDA database requires the instantiation of this class and will handle, depending on the requested depth, the analysis of all functions, basic blocks, instructions and more specifically which analysis techniques to apply.
  __init_enumerate_imports__(self)
Enumerate and add nodes / edges for each import within the module.
  __init_enumerate_rpc__(self)
Enumerate all RPC interfaces and add additional properties to the RPC functions.
pida.function find_function(self, ea)
Locate and return the function that contains the specified address.
  next_ea(self, ea)
Return the instruction after to the one at ea.
  prev_ea(self, ea)
Within the function that contains ea, return the instruction prior to the one at ea.
  rebase(self, new_base)
Rebase the module and all components with the new base address.
String uuid_bin_to_string(self, uuid)
Convert the binary representation of a UUID to a human readable string.
    Inherited from graph
  add_cluster(self, cluster)
Add a pgraph cluster to the graph.
  add_edge(self, edge, prevent_dups)
Add a pgraph edge to the graph.
  add_graph(self, other_graph)
Alias of graph_cat().
  add_node(self, node)
Add a pgraph node to the graph.
  del_cluster(self, id)
Remove a cluster from the graph.
  del_edge(self, id, src, dst)
Remove an edge from the graph.
  del_graph(self, other_graph)
Alias of graph_sub().
  del_node(self, id)
Remove a node from the graph.
List edges_from(self, id)
Enumerate the edges from the specified node.
List edges_to(self, id)
Enumerate the edges to the specified node.
Mixed find_cluster(self, attribute, value)
Find and return the cluster with the specified attribute / value pair.
Mixed find_cluster_by_node(self, attribute, value)
Find and return the cluster that contains the node with the specified attribute / value pair.
Mixed find_edge(self, attribute, value)
Find and return the edge with the specified attribute / value pair.
Mixed find_node(self, attribute, value)
Find and return the node with the specified attribute / value pair.
  graph_cat(self, other_graph)
Concatenate the other graph into the current one.
pgraph.graph graph_down(self, from_node_id, max_depth)
Create a new graph, looking down, from the specified node id to the specified depth.
  graph_intersect(self, other_graph)
Remove all elements from the current graph that do not exist in the other graph.
pgraph.graph graph_proximity(self, center_node_id, max_depth_up, max_depth_down)
Create a proximity graph centered around the specified node.
  graph_sub(self, other_graph)
Remove the elements shared between the current graph and other graph from the current graph.
pgraph.graph graph_up(self, to_node_id, max_depth)
Create a new graph, looking up, from the specified node id to the specified depth.
String render_graph_gml(self)
Render the GML graph description.
pydot.Dot render_graph_graphviz(self)
Render the graphviz graph structure.
String render_graph_udraw(self)
Render the uDraw graph description.
String render_graph_udraw_update(self)
Render the uDraw graph update description.
List sorted_nodes(self)
Return a list of the nodes within the graph, sorted by id.
  update_node_id(self, current_id, new_id)
Simply updating the id attribute of a node will sever the edges to / from the given node.
    Inherited from object
  __delattr__(...)
x.__delattr__('name') <==> del x.name
  __getattribute__(...)
x.__getattribute__('name') <==> x.name
  __hash__(x)
x.__hash__() <==> hash(x)
  __new__(T, S, ...)
T.__new__(S, ...) -> a new object with type S, a subtype of T
  __reduce__(...)
helper for pickle
  __reduce_ex__(...)
helper for pickle
  __repr__(x)
x.__repr__() <==> repr(x)
  __setattr__(...)
x.__setattr__('name', value) <==> x.name = value
  __str__(x)
x.__str__() <==> str(x)

Class Variable Summary
NoneType analysis = None                                                                  
NoneType base = None                                                                  
NoneType depth = None                                                                  
dict ext = {}
NoneType name = None                                                                  
NoneType signature = None                                                                  
    Inherited from graph
list clusters = []
dict edges = {}
NoneType id = None                                                                  
dict nodes = {}

Method Details

__init__(self, name='', signature=None, depth=7, analysis=0)
(Constructor)

Analysis of an IDA database requires the instantiation of this class and will handle, depending on the requested depth, the analysis of all functions, basic blocks, instructions and more specifically which analysis techniques to apply. For the full list of ananylsis options see defines.py. Specifying ANALYSIS_IMPORTS will require an extra one-time scan through the entire structure to propogate functions (nodes) and cross references (edges) for each reference API call. Specifying ANALYSIS_RPC will require an extra one-time scan through the entire IDA database and will propogate additional function level attributes.

The signature attribute was added for use in the PaiMei process stalker module, for ensuring that a loaded DLL is equivalent to the PIDA file with matching name. Setting breakpoints in a non-matching module is obviously no good.
Parameters:
name - (Optional) Module name
           (type=String)
signature - (Optional) Unique file signature to associate with module
           (type=String)
depth - (Optional, Def=DEPTH_FULL) How deep to analyze the module
           (type=Integer)
analysis - (Optional, Def=ANALYSIS_NONE) Which extra analysis options to enable
           (type=Integer)
Overrides:
pgraph.graph.graph.__init__

See Also: defines.py

__init_enumerate_imports__(self)

Enumerate and add nodes / edges for each import within the module. This routine will pass through the entire module structure.

__init_enumerate_rpc__(self)

Enumerate all RPC interfaces and add additional properties to the RPC functions. This routine will pass through
the entire IDA database. This was entirely ripped from my RPC enumeration IDC script:

    http://www.openrce.org/downloads/details/3/RPC%20Enumerator

The approach appears to be stable enough.

find_function(self, ea)

Locate and return the function that contains the specified address.
Parameters:
ea - An address within the function to find
           (type=DWORD)
Returns:
The function that contains the given address or None if not found.
           (type=pida.function)

next_ea(self, ea=None)

Return the instruction after to the one at ea. You can call this routine without an argument after the first call. The overall structure of PIDA was not really designed for this kind of functionality, so this is kind of a hack.
Parameters:
ea - Address of instruction to return next instruction from or -1 if not found.
           (type=(Optional, def=Last EA) Dword)

To Do: See if I can do this better.

prev_ea(self, ea=None)

Within the function that contains ea, return the instruction prior to the one at ea. You can call this routine without an argument after the first call. The overall structure of PIDA was not really designed for this kind of functionality, so this is kind of a hack.
Parameters:
ea - Address of instruction to return previous instruction to or None if not found.
           (type=(Optional, def=Last EA) Dword)

To Do: See if I can do this better.

rebase(self, new_base)

Rebase the module and all components with the new base address. This routine will check if the current and requested base addresses are equivalent, so you do not have to worry about checking that yourself.
Parameters:
new_base - Address to rebase module to
           (type=Dword)

uuid_bin_to_string(self, uuid)

Convert the binary representation of a UUID to a human readable string.
Parameters:
uuid - Raw binary bytes consisting of the UUID
           (type=Raw)
Returns:
Human readable string representation of UUID.
           (type=String)

Class Variable Details

analysis

Type:
NoneType
Value:
None                                                                  

base

Type:
NoneType
Value:
None                                                                  

depth

Type:
NoneType
Value:
None                                                                  

ext

Type:
dict
Value:
{}                                                                     

name

Type:
NoneType
Value:
None                                                                  

signature

Type:
NoneType
Value:
None                                                                  

Generated by Epydoc 2.1 on Fri Jun 16 17:16:25 2006 http://epydoc.sf.net