Last active
November 1, 2021 14:27
-
-
Save yeggor/f65ef5a58f979dc00e702e975708dfea to your computer and use it in GitHub Desktop.
Get xrefs to a stack variable (https://reverseengineering.stackexchange.com/questions/16055/idapython-get-xrefs-to-a-stack-variable)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ida_frame | |
| import ida_funcs | |
| import idc | |
| FUNC_ADDRESS = 0x0000000080002BC0 | |
| VAR_NAME = "EfiSmmBase2Protocol" | |
| def get_member_by_name(pframe, var_name): | |
| for mid in range(pframe.memqty): | |
| if idc.get_member_name(pframe.id, pframe.get_member(mid).soff) == var_name: | |
| return pframe.get_member(mid) | |
| return None | |
| def get_stack_xrefs(func_ea, var_name): | |
| pfunc = ida_funcs.get_func(func_ea) | |
| pframe = ida_frame.get_frame(pfunc) | |
| pmember = get_member_by_name(pframe, var_name) | |
| result = list() | |
| if pmember is None: | |
| return result | |
| xrefs = ida_frame.xreflist_t() | |
| ida_frame.build_stkvar_xrefs(xrefs, pfunc, pmember) | |
| for each in xrefs: | |
| result.append(each.ea) | |
| return result | |
| xrefs = get_stack_xrefs(FUNC_ADDRESS, VAR_NAME) | |
| print(list(map(hex, xrefs))) # test |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment