The following is the display of ida pro. The function sub_3000 is in.plt . Although it is not a user-defined code, it is regarded as a function by IDA Pro. I found that while calling FlowChart() on these functions, python-idb includes the basic blocks outside of the function. This action does not match the logic of ida pro.
Python>func = idaapi.get_func(0x3000)
Python>[hex(x.startEA) for x in idaapi.FlowChart(func)]
['0x3000L']
In python-idb:
In [4]: func = api.idaapi.get_func(0x3000)
In [5]: hex(func.startEA)
Out[5]: '0x3000'
In [6]: hex(func.endEA)
Out[6]: '0x300c'
In [7]: [hex(x.startEA) for x in api.idaapi.FlowChart(func)]
Out[7]:
['0x3000',
'0x3116',
'0x3086',
'0x31a6',
'0x31e6',
'0x3226',
'0x3266',
'0x32a6',
'0x3096',
...
]
I think a mitigation method is to check if the basic block is in range of (func.startEA, func.endEA) in FlowChart().
The following is the display of ida pro. The function
sub_3000
is in.plt
. Although it is not a user-defined code, it is regarded as a function by IDA Pro. I found that while callingFlowChart()
on these functions, python-idb includes the basic blocks outside of the function. This action does not match the logic of ida pro.In IDA pro:
In python-idb:
I think a mitigation method is to check if the basic block is in range of
(func.startEA, func.endEA)
inFlowChart()
.