#!/usr/bin/env python

"""
(c) Immunity, Inc. 2004-2007


U{Immunity Inc.<http://www.immunityinc.com>}

Pycommand example

"""

__VERSION__ = '1.0'

DESC="""PyCommands example - Params: arg1 arg2"""

import immlib
import immutils

import time

def get_time_1():
    start = time.clock()
    stop  = time.clock()
    duration = (stop - start ) * 1000
    return duration
    
def main(args):
    imm=immlib.Debugger()
    for arg in args:
        imm.Log("Arg: %s" % arg)
    
    mod  = imm.getModule("ntdll.dll")
    addr = mod.getCodebase()
    dec  = imm.findDecode( addr )
    imm.Log("Base address: 0x%08x" % addr)
    address = 0x7c93c667
    imm.Log( hex(address ) )
    imm.Log( str( dec.isJmpDestination( address ) ) )
    imm.Log( hex( dec[ address ] ) )
    #op = imm.disasmCode( address ) # 0.55
    #op = imm.Disasm( address ) # 0.83
    #op = imm.disasmData( address ) # 0.83
    #op = imm.disasmSizeOnly( address )
    
    #import profile
    
    #foo = imm.disasmFile
    import time
    
    start = time.clock()
    op = imm.disasmData( address ) # 0.27
    stop  = time.clock()
    imm.Log("DisasmData %.8f usec/pass" % (stop-start) )


    imm.Log( "is jmc" + str( op.isConditionalJmp() ) , address = address )
    imm.Log( "op dest: 0x%08x" % op.getJmpConst(), address = address )
    address += 1
    imm.Log( str(immutils.hexdump( dec.data )) )
    #ADDR = 0x7C9139ED
    #ADDR = 0x7C91D37F  # 16
    #ADDR = 0x7C920645   # 17
    #ADDR = 0x7C9206BB
    #ADDR = 0x7C923313   # 21
    #ADDR = 0x7C925D96 # 39
    #ADDR = 0x7C9260BCL # 36
    #import libanalize
    ADDR = 0x7C9105D4L
    
    f = imm.getFunction( ADDR )
    bb = f.getBasicBlocks()
    imm.Log("Basic Blocks")
    ida = [0x7c911f49,0x7c93bad1,0x7c911505,0x7c9112f2,0x7c93431e,0x7c9111f1,0x7c9342c5,0x7c9111f6,0x7c91b298,0x7c912221,0x7c911513,0x7c912270,0x7c912343,0x7c93250b,0x7c9114cf,0x7c9115ad,0x7c910c98,0x7c911566,0x7c93b95e,0x7c9116ff,0x7c931a9a,0x7c9342e9,0x7c934312,0x7c910c91,0x7c911441,0x7c911446,0x7c91122e,0x7c91b2a2,0x7c911330,0x7c9113b0,0x7c9117e4,0x7c931ad8,0x7c93b968,0x7c910cd3,0x7c93ba0c,0x7c9111a2,0x7c91222b,0x7c932508,0x7c911790,0x7c93bac9,0x7c911182,0x7c912237,0x7c910649,0x7c912230,0x7c93b89a,0x7c93bbd6,0x7c934278,0x7c911624,0x7c93ba89,0x7c9111fe,0x7c934341,0x7c911676,0x7c911573,0x7c934256,0x7c931a8c,0x7c9342a5,0x7c911570,0x7c93ba01,0x7c91154b,0x7c910cec,0x7c93bc5e,0x7c911342,0x7c934356,0x7c9113f0,0x7c91117a,0x7c910c9f,0x7c912269,0x7c934391,0x7c910ca6,0x7c93b91a,0x7c934302,0x7c934351,0x7c911fe5,0x7c9106a5,0x7c911193,0x7c911615,0x7c9112ca,0x7c911541,0x7c911815,0x7c9115fa,0x7c912243,0x7c93bbe2,0x7c934386,0x7c934380,0x7c9342ce,0x7c91142e,0x7c93437b,0x7c93b999,0x7c91176c,0x7c9115ba,0x7c911633,0x7c91062d,0x7c91153b,0x7c91067b,0x7c9106ab,0x7c93b994,0x7c93430c,0x7c9111e9,0x7c9112c4,0x7c9113a6,0x7c911fe8,0x7c93bc68,0x7c910cab,0x7c934396,0x7c911555,0x7c93bb49,0x7c934314,0x7c9114e5,0x7c93b8d5,0x7c934370,0x7c93bc25,0x7c911764,0x7c910cfa,0x7c934375,0x7c912254,0x7c9116d3,0x7c910625,0x7c911c58,0x7c93bbed,0x7c93bbb4,0x7c9105e3,0x7c93bc59,0x7c93ba63,0x7c93ba99,0x7c93ba66,0x7c9324c7,0x7c93438b,0x7c91182c,0x7c9111b1,0x7c9113b8,0x7c911487,0x7c9115d3,0x7c911484,0x7c91170a,0x7c910cc8,0x7c93b922,0x7c93bb56,0x7c9113ce,0x7c93bb50,0x7c9115ed,0x7c9113fe,0x7c93bc11,0x7c911c65,0x7c910638,0x7c9116c8,0x7c912388,0x7c912260,0x7c911239,0x7c934368,0x7c9324ec,0x7c9105d4,0x7c91130f,0x7c93b99e,0x7c91237a,0x7c91138c,0x7c934280,0x7c9116bf,0x7c931aad,0x7c911f8e,0x7c911414,0x7c911525,0x7c9343a3,0x7c911c6b,0x7c910fdc,0x7c93b9db,0x7c911f8a,0x7c9106d7,0x7c93bc1c,0x7c910687,0x7c911439,0x7c9111bb,0x7c911f77,0x7c910660,0x7c93428c,0x7c911c76,0x7c9115df,0x7c93b8a2,0x7c93bc9d,0x7c911382,0x7c911538,0x7c910609,0x7c93bbcd,0x7c931aa5,0x7c9342d3,0x7c911784,0x7c911309,0x7c93436a,0x7c911c83,0x7c91140b,0x7c91149e,0x7c93b92f,0x7c9117ae,0x7c93439d,0x7c91137a,0x7c9324e1,0x7c93b9ac,0x7c93b8cb,0x7c9106e4,0x7c9106e6,0x7c93268f,0x7c93bb16,0x7c934349,0x7c93b88e,0x7c911f7f,0x7c9113ed,0x7c9115c4,0x7c91b28c,0x7c91159a,0x7c93b9b2,0x7c911588,0x7c9117c5,0x7c91165f,0x7c9117dd,0x7c931ab4,0x7c911394,0x7c910618,0x7c9116a8,0x7c911fbd,0x7c93bb8b,0x7c911503,0x7c911501,0x7c91066e,0x7c911792,0x7c931acb,0x7c911158,0x7c910fca,0x7c93ba38,0x7c91179c,0x7c911315,0x7c910cb6,0x7c91185e,0x7c910c67,0x7c911c8c,0x7c910c61,0x7c93bb3e,0x7c93b883,0x7c91220d,0x7c93b9de,0x7c93bae5,0x7c911596,0x7c9106b8,0x7c9114a7,0x7c93b8c0,0x7c9113dc,0x7c93bb37,0x7c9115c0,0x7c911645,0x7c9106eb,0x7c912356,0x7c93ba3e,0x7c910666,0x7c9122dc,0x7c931ac1,0x7c93b903,0x7c9324fe,0x7c911241,0x7c93b953,0x7c910744,0x7c93b90e,0x7c931a6b,0x7c91139e,0x7c911253,0x7c911324,0x7c9122e8,0x7c911320,0x7c9115a4]
    for a in bb:
        imm.Log(" (0x%08x, 0x%08x )" % (a[0], a[1]) ) 
        del ida[ ida.index( a[0] ) ]
    imm.Log("BB size: %d" % len(bb) )
    imm.Log("Resto:  %d" % len(ida) )
    for a in ida:
        op = imm.disasmBackward(a)
        
        imm.Log(" -> 0x%08x %s" % (a, str(op.isCall())), address = a)