Closed arizvisa closed 2 years ago
I'm using the following IDAPython nn this database for DBCLIENT.DLL (6.84.8027.1) from some random software to reproduce:
a = [0x1800a45dc, 0x1800a4611, 0x1800a4659, 0x1800a468b, 0x1800a5be8, 0x1800a5c17, 0x1800a5c4b]
for ea, f in zip(a, map(idaapi.get_fchunk, a)):
if f and f.flags & idaapi.FUNC_TAIL and f.referers.count == 1:
print(f.referers[0])
continue
This is fixed by PR #155.
Reflecting on the fix I wrote for this, I probably should be using idaapi.func_parent_iterator_t
... :-/
Nonetheless, closing this PR as #155 was merged.
In order to check a function tail, one is supposed to use
idaapi.get_fchunk
to get afunc_t
. Once getting an instance of this type, you're then supposed to check the flags (func_t.flags
) for theidaapi.FUNC_TAIL
bit. At this point thefunc_t.referers
attribute contains adyn_ea_array
of all of the referrers of this particular chunk. You can check the number of referrers by accessingfunc_t.referers.count
.In some cases when the count is larger than 0 (it should always be larger than 0), accessing the first element can result in a null-pointer dereference. This occurs in
_ida_funcs.pyd
. There's a number of places that a tail's referrers are actually checked. All of these places will likely cause IDAPython to crash.