Fixed: the return value truncated(32 bit) of get_name_value function that analyzed 64 bit binary file about ida64 for win, and etc

fjh658 commented 5 years ago

Added debugging by pydevd
Added name with $, eg: jmp short $Done$
Updated Author Date 2016->2018
Updated MAX_INSTRUCTION_STRLEN to 256
Fixed: the return value truncated(32 bit) of get_name_value function that analyzed 64 bit binary file about ida64 for win

fjh658 commented 5 years ago

Please PR review, I tested for ida 6.x, ida7.x. @aquynh Official ida will be fixed in 7.3 about this get_name_value issue. Workarounds currently in use.

def get_name_value(_from, name):
    """
    Fixed: the return value truncated(32 bit) of get_name_value function that analyzed 64 bit binary file about ida64 for win.

    eg:
    type == idaapi.NT_BYTE
    (type, value) = idaapi.get_name_value(idc.BADADDR, "wcschr") # ida64 for win

    value = 0x14003d3f0L is correct  ida64 > 7.x for macOS
    value = 0x4003d3f0L is truncated ida64 >= 6.x for win, ida64 == 6.x for macOS

    :param _from: ea
    :param name: name string
    :return: tuple
    """
    (type, value) = idaapi.get_name_value(_from, name)
    if type == idaapi.NT_BYTE:  # type is byte name (regular name)
        value = idaapi.get_name_ea(_from, name)
    return (type, value)

aquynh commented 5 years ago

merged, thanks!

keystone-engine / keypatch

Fixed: the return value truncated(32 bit) of get_name_value function that analyzed 64 bit binary file about ida64 for win, and etc #60