lkmidas · July 13, 2021 03:24
diff --git a/IDA_find_call_with_arg.py b/IDA_find_call_with_arg.py
 from idc import *
 import idautils
 import ida_allins

 def find_call_with_arg(func_name, arg_no, arg_value):

    func_ea = idaapi.get_name_ea(0, func_name)

    for ref in idautils.CodeRefsTo(func_ea, 0):
        arg_addrs = idaapi.get_arg_addrs(ref)
        #print(hex(ref), arg_addrs)
        if arg_addrs == None:
            continue
        if len(arg_addrs) < arg_no:
            continue
        insn = idaapi.insn_t()
        idaapi.decode_insn(insn, arg_addrs[arg_no])
        #if insn.itype != ida_allins.NN_mov:
        #    continue
        arg = idc.get_operand_value(arg_addrs[arg_no], 1)
        if arg == arg_value:
            print("Found at: " + hex(ref))

 # Example: find_call_with_arg("malloc", 0, 0x100)
	from idc import *
	import idautils
	import ida_allins

	def find_call_with_arg(func_name, arg_no, arg_value):

	func_ea = idaapi.get_name_ea(0, func_name)

	for ref in idautils.CodeRefsTo(func_ea, 0):
	arg_addrs = idaapi.get_arg_addrs(ref)
	#print(hex(ref), arg_addrs)
	if arg_addrs == None:
	continue
	if len(arg_addrs) < arg_no:
	continue
	insn = idaapi.insn_t()
	idaapi.decode_insn(insn, arg_addrs[arg_no])
	#if insn.itype != ida_allins.NN_mov:
	# continue
	arg = idc.get_operand_value(arg_addrs[arg_no], 1)
	if arg == arg_value:
	print("Found at: " + hex(ref))

	# Example: find_call_with_arg("malloc", 0, 0x100)