- changed status to resolved
semanticidentifier.py - Wrapper function - Dynamic Calls
Issue #9
resolved
The wrapper function is identifying dynamic functions as wrapper functions. The below example is an example.
.text:0042FB95 RegQueryValueExW_w proc near ; DATA XREF: __imp_memset_2+57?o
.text:0042FB95 mov ecx, [ecx+18h]
.text:0042FB98 mov eax, [ecx]
.text:0042FB9A call dword ptr [eax]
.text:0042FB9C xor ecx, ecx
.text:0042FB9E test al, al
.text:0042FBA0 setnz cl
.text:0042FBA3 lea eax, [ecx-1]
.text:0042FBA6 retn
.text:0042FBA6 RegQueryValueExW_w endp
.text:0042FBA6
The following check will fix this
if self.idaproxy.GetOperandValue(i_ea,0) == 0: # Not a valid address
nr_calls = nr_calls + 2
Comments (1)
-
reporter
- Log in to comment
Fixed with commit f1270f4. Decided to go a different route than GetOperandValue. GetOptype was a better choice.