[*] Diplaying all the API-indicators in the TAGS view

a1ext · Sep 17, 2016 · 71c8d45 · 71c8d45
1 parent c6d8901
commit 71c8d45
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/auto_re.py b/auto_re.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*
 __author__ = 'Trafimchuk Aliaksandr'
 
+from collections import defaultdict
 import idaapi
 from idautils import FuncItems
 from idaapi import o_reg, o_imm, o_far, o_near, o_mem
@@ -136,17 +137,19 @@ def _tv_make_tag_item(self, name):
         return [rv, QtGui.QStandardItem(), QtGui.QStandardItem()]
 
     def _tv_make_ref_item(self, tag, ref):
-        ea_item = QtGui.QStandardItem(('%#0' + get_addr_width() + 'X') % ref['ea'])
+        ea_item = QtGui.QStandardItem(('%0' + get_addr_width() + 'X') % ref['ea'])
         ea_item.setEditable(False)
         ea_item.setData(ref['ea'], self.ADDR_ROLE)
 
         name_item = QtGui.QStandardItem(ref['name'])
         name_item.setEditable(False)
         name_item.setData(ref['ea'], self.ADDR_ROLE)
 
-        api_name = QtGui.QStandardItem(ref['tags'][tag])
+        apis = ', '.join(ref['tags'][tag])
+        api_name = QtGui.QStandardItem(apis)
         api_name.setEditable(False)
         api_name.setData(ref['ea'], self.ADDR_ROLE)
+        api_name.setToolTip(apis)
 
         return [ea_item, name_item, api_name]
 
@@ -201,7 +204,7 @@ def init(self):
     #     pass
 
     def _handle_tags(self, fn, fn_an):
-        tags = fn_an['tags']
+        tags = dict(fn_an['tags'])
         if not tags:
             return
         print 'fn: %#08x tags: %s' % (fn.startEA, tags)
@@ -293,7 +296,7 @@ def _analysis_handle_call_insn(cls, dis, rv):
             return
 
         name = idaapi.get_ea_name(dis.Op1.addr)
-        name = name.replace('__imp__', '')
+        name = name.replace(idaapi.FUNC_IMPORT_PREFIX, '')
 
         if '@' in name:
             name = name.split('@')[0]
@@ -306,20 +309,18 @@ def _analysis_handle_call_insn(cls, dis, rv):
             return
 
         for tag, names in TAGS.items():
-            if tag in rv['tags']:
-                continue
             if name in TAGS_IGNORE_LIST:
                 continue
 
             for tag_api in names:
                 if tag_api in name:
                     # print '%#08x: %s, tag: %s' % (dis.ea, name, tag)
-                    rv['tags'][tag] = name
+                    rv['tags'][tag].append(name)
                     break
 
     @classmethod
     def analyze_func(cls, fn):
-        rv = {'fn': fn, 'calls': [], 'math': [], 'has_bads': False, 'tags': {}}
+        rv = {'fn': fn, 'calls': [], 'math': [], 'has_bads': False, 'tags': defaultdict(list)}
         items = cls.disasm_func(fn)
 
         for item in items: