TransWikia.com

Checking if a call is a API/Library call in IDApython?

Reverse Engineering Asked on March 2, 2021

I asked the question a while ago but found no answer so I’m trying my luck again

the only solution is this :

Finding all API calls in a function

but it doesn’t work when the library call is a .NET library call, and it seems like it doesn’t include calling to recognized staticley linked library calls that were recognized by flirt

basically i just want to check if a call instruction is a API/Library call or just a local function call

I already tried to use the GetOpType function but didnt work, both of the "local" calls and library calls will return 10 :

void [mscorlib]System.Threading.Thread::Sleep(int32)
10

unsigned int8[] Loader.Nyan::AES_Decrypt(unsigned int8[] bytesToBeDecrypted)
10 (LOCAL function)

Currently I’m using regex as a dirty workaround to find library calls only if there is a [*] in the operand but there has to be a better way..

as another work around I’m checking to see if the last byte of call is 0x0A or not, based on experience all the library calls have this byte at the end, not sure if its gonna work for all the calls or not

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP