idapython脚本之符号设置

对于wdf函数的符号脚本，有些程序中是会加载失败的，此时再看wdf的函数就比较蛋疼了，所以写了个脚本来自动化加载wdf的函数符号，方便又快捷

# -- coding: utf-8 --


import idaapi
import idc
import os
import sys




func_name = ["WdfChildListCreate",
"WdfChildListGetDevice",
"WdfChildListRetrievePdo",
"WdfChildListRetrieveAddressDescription",
"WdfChildListBeginScan",
"WdfChildListEndScan",
"WdfChildListBeginIteration",
"WdfChildListRetrieveNextDevice",
"WdfChildListEndIteration",
"WdfChildListAddOrUpdateChildDescriptionAsPresent",
"WdfChildListUpdateChildDescriptionAsMissing",
"WdfChildListUpdateAllChildDescriptionsAsPresent",
"WdfChildListRequestChildEject",
"WdfCollectionCreate",
"WdfCollectionGetCount",
"WdfCollectionAdd",
"WdfCollectionRemove",
"WdfCollectionRemoveItem",
"WdfCollectionGetItem",
"WdfCollectionGetFirstItem",
"WdfCollectionGetLastItem",
"WdfCommonBufferCreate",
"WdfCommonBufferGetAlignedVirtualAddress",
"WdfCommonBufferGetAlignedLogicalAddress",
"WdfCommonBufferGetLength",
"WdfControlDeviceInitAllocate",
"WdfControlDeviceInitSetShutdownNotification",
"WdfControlFinishInitializing",
"WdfDeviceGetDeviceState",
"WdfDeviceSetDeviceState",
"WdfWdmDeviceGetWdfDeviceHandle",
"WdfDeviceWdmGetDeviceObject",
"WdfDeviceWdmGetAttachedDevice",
"WdfDeviceWdmGetPhysicalDevice",
"WdfDeviceWdmDispatchPreprocessedIrp",
"WdfDeviceAddDependentUsageDeviceObject",
"WdfDeviceAddRemovalRelationsPhysicalDevice",
"WdfDeviceRemoveRemovalRelationsPhysicalDevice",
"WdfDeviceClearRemovalRelationsDevices",
"WdfDeviceGetDriver",
"WdfDeviceRetrieveDeviceName",
"WdfDeviceAssignMofResourceName",
"WdfDeviceGetIoTarget",
"WdfDeviceGetDevicePnpState",
"WdfDeviceGetDevicePowerState",
"WdfDeviceGetDevicePowerPolicyState",
"WdfDeviceAssignS0IdleSettings",
"WdfDeviceAssignSxWakeSettings",
"WdfDeviceOpenRegistryKey",
"WdfDeviceSetSpecialFileSupport",
"WdfDeviceSetCharacteristics",
"WdfDeviceGetCharacteristics",
"WdfDeviceGetAlignmentRequirement",
"WdfDeviceSetAlignmentRequirement",
"WdfDeviceInitFree",
"WdfDeviceInitSetPnpPowerEventCallbacks",
"WdfDeviceInitSetPowerPolicyEventCallbacks",
"WdfDeviceInitSetPowerPolicyOwnership",
"WdfDeviceInitRegisterPnpStateChangeCallback",
"WdfDeviceInitRegisterPowerStateChangeCallback",
"WdfDeviceInitRegisterPowerPolicyStateChangeCallback",
"WdfDeviceInitSetIoType",
"WdfDeviceInitSetExclusive",
"WdfDeviceInitSetPowerNotPageable",
"WdfDeviceInitSetPowerPageable",
"WdfDeviceInitSetPowerInrush",
"WdfDeviceInitSetDeviceType",
"WdfDeviceInitAssignName",
"WdfDeviceInitAssignSDDLString",
"WdfDeviceInitSetDeviceClass",
"WdfDeviceInitSetCharacteristics",
"WdfDeviceInitSetFileObjectConfig",
"WdfDeviceInitSetRequestAttributes",
"WdfDeviceInitAssignWdmIrpPreprocessCallback",
"WdfDeviceInitSetIoInCallerContextCallback",
"WdfDeviceCreate",
"WdfDeviceSetStaticStopRemove",
"WdfDeviceCreateDeviceInterface",
"WdfDeviceSetDeviceInterfaceState",
"WdfDeviceRetrieveDeviceInterfaceString",
"WdfDeviceCreateSymbolicLink",
"WdfDeviceQueryProperty",
"WdfDeviceAllocAndQueryProperty",
"WdfDeviceSetPnpCapabilities",
"WdfDeviceSetPowerCapabilities",
"WdfDeviceSetBusInformationForChildren",
"WdfDeviceIndicateWakeStatus",
"WdfDeviceSetFailed",
"WdfDeviceStopIdleNoTrack",
"WdfDeviceResumeIdleNoTrack",
"WdfDeviceGetFileObject",
"WdfDeviceEnqueueRequest",
"WdfDeviceGetDefaultQueue",
"WdfDeviceConfigureRequestDispatching",
"WdfDmaEnablerCreate",
"WdfDmaEnablerGetMaximumLength",
"WdfDmaEnablerGetMaximumScatterGatherElements",
"WdfDmaEnablerSetMaximumScatterGatherElements",
"WdfDmaTransactionCreate",
"WdfDmaTransactionInitialize",
"WdfDmaTransactionInitializeUsingRequest",
"WdfDmaTransactionExecute",
"WdfDmaTransactionRelease",
"WdfDmaTransactionDmaCompleted",
"WdfDmaTransactionDmaCompletedWithLength",
"WdfDmaTransactionDmaCompletedFinal",
"WdfDmaTransactionGetBytesTransferred",
"WdfDmaTransactionSetMaximumLength",
"WdfDmaTransactionGetRequest",
"WdfDmaTransactionGetCurrentDmaTransferLength",
"WdfDmaTransactionGetDevice",
"WdfDpcCreate",
"WdfDpcEnqueue",
"WdfDpcCancel",
"WdfDpcGetParentObject",
"WdfDpcWdmGetDpc",
"WdfDriverCreate",
"WdfDriverGetRegistryPath",
"WdfDriverWdmGetDriverObject",
"WdfDriverOpenParametersRegistryKey",
"WdfWdmDriverGetWdfDriverHandle",
"WdfDriverRegisterTraceInfo",
"WdfDriverRetrieveVersionString",
"WdfDriverIsVersionAvailable",
"WdfFdoInitWdmGetPhysicalDevice",
"WdfFdoInitOpenRegistryKey",
"WdfFdoInitQueryProperty",
"WdfFdoInitAllocAndQueryProperty",
"WdfFdoInitSetEventCallbacks",
"WdfFdoInitSetFilter",
"WdfFdoInitSetDefaultChildListConfig",
"WdfFdoQueryForInterface",
"WdfFdoGetDefaultChildList",
"WdfFdoAddStaticChild",
"WdfFdoLockStaticChildListForIteration",
"WdfFdoRetrieveNextStaticChild",
"WdfFdoUnlockStaticChildListFromIteration",
"WdfFileObjectGetFileName",
"WdfFileObjectGetFlags",
"WdfFileObjectGetDevice",
"WdfFileObjectWdmGetFileObject",
"WdfInterruptCreate",
"WdfInterruptQueueDpcForIsr",
"WdfInterruptSynchronize",
"WdfInterruptAcquireLock",
"WdfInterruptReleaseLock",
"WdfInterruptEnable",
"WdfInterruptDisable",
"WdfInterruptWdmGetInterrupt",
"WdfInterruptGetInfo",
"WdfInterruptSetPolicy",
"WdfInterruptGetDevice",
"WdfIoQueueCreate",
"WdfIoQueueGetState",
"WdfIoQueueStart",
"WdfIoQueueStop",
"WdfIoQueueStopSynchronously",
"WdfIoQueueGetDevice",
"WdfIoQueueRetrieveNextRequest",
"WdfIoQueueRetrieveRequestByFileObject",
"WdfIoQueueFindRequest",
"WdfIoQueueRetrieveFoundRequest",
"WdfIoQueueDrainSynchronously",
"WdfIoQueueDrain",
"WdfIoQueuePurgeSynchronously",
"WdfIoQueuePurge",
"WdfIoQueueReadyNotify",
"WdfIoTargetCreate",
"WdfIoTargetOpen",
"WdfIoTargetCloseForQueryRemove",
"WdfIoTargetClose",
"WdfIoTargetStart",
"WdfIoTargetStop",
"WdfIoTargetGetState",
"WdfIoTargetGetDevice",
"WdfIoTargetQueryTargetProperty",
"WdfIoTargetAllocAndQueryTargetProperty",
"WdfIoTargetQueryForInterface",
"WdfIoTargetWdmGetTargetDeviceObject",
"WdfIoTargetWdmGetTargetPhysicalDevice",
"WdfIoTargetWdmGetTargetFileObject",
"WdfIoTargetWdmGetTargetFileHandle",
"WdfIoTargetSendReadSynchronously",
"WdfIoTargetFormatRequestForRead",
"WdfIoTargetSendWriteSynchronously",
"WdfIoTargetFormatRequestForWrite",
"WdfIoTargetSendIoctlSynchronously",
"WdfIoTargetFormatRequestForIoctl",
"WdfIoTargetSendInternalIoctlSynchronously",
"WdfIoTargetFormatRequestForInternalIoctl",
"WdfIoTargetSendInternalIoctlOthersSynchronously",
"WdfIoTargetFormatRequestForInternalIoctlOthers",
"WdfMemoryCreate",
"WdfMemoryCreatePreallocated",
"WdfMemoryGetBuffer",
"WdfMemoryAssignBuffer",
"WdfMemoryCopyToBuffer",
"WdfMemoryCopyFromBuffer",
"WdfLookasideListCreate",
"WdfMemoryCreateFromLookaside",
"WdfDeviceMiniportCreate",
"WdfDriverMiniportUnload",
"WdfObjectGetTypedContextWorker",
"WdfObjectAllocateContext",
"WdfObjectContextGetObject",
"WdfObjectReferenceActual",
"WdfObjectDereferenceActual",
"WdfObjectCreate",
"WdfObjectDelete",
"WdfObjectQuery",
"WdfPdoInitAllocate",
"WdfPdoInitSetEventCallbacks",
"WdfPdoInitAssignDeviceID",
"WdfPdoInitAssignInstanceID",
"WdfPdoInitAddHardwareID",
"WdfPdoInitAddCompatibleID",
"WdfPdoInitAddDeviceText",
"WdfPdoInitSetDefaultLocale",
"WdfPdoInitAssignRawDevice",
"WdfPdoMarkMissing",
"WdfPdoRequestEject",
"WdfPdoGetParent",
"WdfPdoRetrieveIdentificationDescription",
"WdfPdoRetrieveAddressDescription",
"WdfPdoUpdateAddressDescription",
"WdfPdoAddEjectionRelationsPhysicalDevice",
"WdfPdoRemoveEjectionRelationsPhysicalDevice",
"WdfPdoClearEjectionRelationsDevices",
"WdfDeviceAddQueryInterface",
"WdfRegistryOpenKey",
"WdfRegistryCreateKey",
"WdfRegistryClose",
"WdfRegistryWdmGetHandle",
"WdfRegistryRemoveKey",
"WdfRegistryRemoveValue",
"WdfRegistryQueryValue",
"WdfRegistryQueryMemory",
"WdfRegistryQueryMultiString",
"WdfRegistryQueryUnicodeString",
"WdfRegistryQueryString",
"WdfRegistryQueryULong",
"WdfRegistryAssignValue",
"WdfRegistryAssignMemory",
"WdfRegistryAssignMultiString",
"WdfRegistryAssignUnicodeString",
"WdfRegistryAssignString",
"WdfRegistryAssignULong",
"WdfRequestCreate",
"WdfRequestCreateFromIrp",
"WdfRequestReuse",
"WdfRequestChangeTarget",
"WdfRequestFormatRequestUsingCurrentType",
"WdfRequestWdmFormatUsingStackLocation",
"WdfRequestSend",
"WdfRequestGetStatus",
"WdfRequestMarkCancelable",
"WdfRequestUnmarkCancelable",
"WdfRequestIsCanceled",
"WdfRequestCancelSentRequest",
"WdfRequestIsFrom32BitProcess",
"WdfRequestSetCompletionRoutine",
"WdfRequestGetCompletionParams",
"WdfRequestAllocateTimer",
"WdfRequestComplete",
"WdfRequestCompleteWithPriorityBoost",
"WdfRequestCompleteWithInformation",
"WdfRequestGetParameters",
"WdfRequestRetrieveInputMemory",
"WdfRequestRetrieveOutputMemory",
"WdfRequestRetrieveInputBuffer",
"WdfRequestRetrieveOutputBuffer",
"WdfRequestRetrieveInputWdmMdl",
"WdfRequestRetrieveOutputWdmMdl",
"WdfRequestRetrieveUnsafeUserInputBuffer",
"WdfRequestRetrieveUnsafeUserOutputBuffer",
"WdfRequestSetInformation",
"WdfRequestGetInformation",
"WdfRequestGetFileObject",
"WdfRequestProbeAndLockUserBufferForRead",
"WdfRequestProbeAndLockUserBufferForWrite",
"WdfRequestGetRequestorMode",
"WdfRequestForwardToIoQueue",
"WdfRequestGetIoQueue",
"WdfRequestRequeue",
"WdfRequestStopAcknowledge",
"WdfRequestWdmGetIrp",
"WdfIoResourceRequirementsListSetSlotNumber",
"WdfIoResourceRequirementsListSetInterfaceType",
"WdfIoResourceRequirementsListAppendIoResList",
"WdfIoResourceRequirementsListInsertIoResList",
"WdfIoResourceRequirementsListGetCount",
"WdfIoResourceRequirementsListGetIoResList",
"WdfIoResourceRequirementsListRemove",
"WdfIoResourceRequirementsListRemoveByIoResList",
"WdfIoResourceListCreate",
"WdfIoResourceListAppendDescriptor",
"WdfIoResourceListInsertDescriptor",
"WdfIoResourceListUpdateDescriptor",
"WdfIoResourceListGetCount",
"WdfIoResourceListGetDescriptor",
"WdfIoResourceListRemove",
"WdfIoResourceListRemoveByDescriptor",
"WdfCmResourceListAppendDescriptor",
"WdfCmResourceListInsertDescriptor",
"WdfCmResourceListGetCount",
"WdfCmResourceListGetDescriptor",
"WdfCmResourceListRemove",
"WdfCmResourceListRemoveByDescriptor",
"WdfStringCreate",
"WdfStringGetUnicodeString",
"WdfObjectAcquireLock",
"WdfObjectReleaseLock",
"WdfWaitLockCreate",
"WdfWaitLockAcquire",
"WdfWaitLockRelease",
"WdfSpinLockCreate",
"WdfSpinLockAcquire",
"WdfSpinLockRelease",
"WdfTimerCreate",
"WdfTimerStart",
"WdfTimerStop",
"WdfTimerGetParentObject",
"WdfUsbTargetDeviceCreate",
"WdfUsbTargetDeviceRetrieveInformation",
"WdfUsbTargetDeviceGetDeviceDescriptor",
"WdfUsbTargetDeviceRetrieveConfigDescriptor",
"WdfUsbTargetDeviceQueryString",
"WdfUsbTargetDeviceAllocAndQueryString",
"WdfUsbTargetDeviceFormatRequestForString",
"WdfUsbTargetDeviceGetNumInterfaces",
"WdfUsbTargetDeviceSelectConfig",
"WdfUsbTargetDeviceWdmGetConfigurationHandle",
"WdfUsbTargetDeviceRetrieveCurrentFrameNumber",
"WdfUsbTargetDeviceSendControlTransferSynchronously",
"WdfUsbTargetDeviceFormatRequestForControlTransfer",
"WdfUsbTargetDeviceIsConnectedSynchronous",
"WdfUsbTargetDeviceResetPortSynchronously",
"WdfUsbTargetDeviceCyclePortSynchronously",
"WdfUsbTargetDeviceFormatRequestForCyclePort",
"WdfUsbTargetDeviceSendUrbSynchronously",
"WdfUsbTargetDeviceFormatRequestForUrb",
"WdfUsbTargetPipeGetInformation",
"WdfUsbTargetPipeIsInEndpoint",
"WdfUsbTargetPipeIsOutEndpoint",
"WdfUsbTargetPipeGetType",
"WdfUsbTargetPipeSetNoMaximumPacketSizeCheck",
"WdfUsbTargetPipeWriteSynchronously",
"WdfUsbTargetPipeFormatRequestForWrite",
"WdfUsbTargetPipeReadSynchronously",
"WdfUsbTargetPipeFormatRequestForRead",
"WdfUsbTargetPipeConfigContinuousReader",
"WdfUsbTargetPipeAbortSynchronously",
"WdfUsbTargetPipeFormatRequestForAbort",
"WdfUsbTargetPipeResetSynchronously",
"WdfUsbTargetPipeFormatRequestForReset",
"WdfUsbTargetPipeSendUrbSynchronously",
"WdfUsbTargetPipeFormatRequestForUrb",
"WdfUsbInterfaceGetInterfaceNumber",
"WdfUsbInterfaceGetNumEndpoints",
"WdfUsbInterfaceGetDescriptor",
"WdfUsbInterfaceSelectSetting",
"WdfUsbInterfaceGetEndpointInformation",
"WdfUsbTargetDeviceGetInterface",
"WdfUsbInterfaceGetConfiguredSettingIndex",
"WdfUsbInterfaceGetNumConfiguredPipes",
"WdfUsbInterfaceGetConfiguredPipe",
"WdfUsbTargetPipeWdmGetPipeHandle",
"WdfVerifierDbgBreakPoint",
"WdfVerifierKeBugCheck",
"WdfWmiProviderCreate",
"WdfWmiProviderGetDevice",
"WdfWmiProviderIsEnabled",
"WdfWmiProviderGetTracingHandle",
"WdfWmiInstanceCreate",
"WdfWmiInstanceRegister",
"WdfWmiInstanceDeregister",
"WdfWmiInstanceGetDevice",
"WdfWmiInstanceGetProvider",
"WdfWmiInstanceFireEvent",
"WdfWorkItemCreate",
"WdfWorkItemEnqueue",
"WdfWorkItemGetParentObject",
"WdfWorkItemFlush",
"WdfCommonBufferCreateWithConfig",
"WdfDmaEnablerGetFragmentLength",
"WdfDmaEnablerWdmGetDmaAdapter",
"WdfUsbInterfaceGetNumSettings",
"WdfDeviceRemoveDependentUsageDeviceObject",
"WdfDeviceGetSystemPowerAction",
"WdfInterruptSetExtendedPolicy",
"WdfIoQueueAssignForwardProgressPolicy",
"WdfPdoInitAssignContainerID",
"WdfPdoInitAllowForwardingRequestToParent",
"WdfRequestMarkCancelableEx",
"WdfRequestIsReserved",
"WdfRequestForwardToParentDeviceIoQueue",
"WdfCxDeviceInitAllocate",
"WdfCxDeviceInitAssignWdmIrpPreprocessCallback",
"WdfCxDeviceInitSetIoInCallerContextCallback",
"WdfCxDeviceInitSetRequestAttributes",
"WdfCxDeviceInitSetFileObjectConfig",
"WdfDeviceWdmDispatchIrp",
"WdfDeviceWdmDispatchIrpToIoQueue",
"WdfDeviceInitSetRemoveLockOptions",
"WdfDeviceConfigureWdmIrpDispatchCallback",
"WdfDmaEnablerConfigureSystemProfile",
"WdfDmaTransactionInitializeUsingOffset",
"WdfDmaTransactionGetTransferInfo",
"WdfDmaTransactionSetChannelConfigurationCallback",
"WdfDmaTransactionSetTransferCompleteCallback",
"WdfDmaTransactionSetImmediateExecution",
"WdfDmaTransactionAllocateResources",
"WdfDmaTransactionSetDeviceAddressOffset",
"WdfDmaTransactionFreeResources",
"WdfDmaTransactionCancel",
"WdfDmaTransactionWdmGetTransferContext",
"WdfInterruptQueueWorkItemForIsr",
"WdfInterruptTryToAcquireLock",
"WdfIoQueueStopAndPurge",
"WdfIoQueueStopAndPurgeSynchronously",
"WdfIoTargetPurge",
"WdfUsbTargetDeviceCreateWithParameters",
"WdfUsbTargetDeviceQueryUsbCapability",
"WdfUsbTargetDeviceCreateUrb",
"WdfUsbTargetDeviceCreateIsochUrb",
"WdfDeviceWdmAssignPowerFrameworkSettings",
"WdfDmaTransactionStopSystemTransfer",
"WdfCxVerifierKeBugCheck",
"WdfInterruptReportActive",
"WdfInterruptReportInactive",
"WdfDeviceInitSetReleaseHardwareOrderOnFailure",
"WdfGetTriageInfo",
"WdfDeviceInitSetIoTypeEx",
"WdfDeviceQueryPropertyEx",
"WdfDeviceAllocAndQueryPropertyEx",
"WdfDeviceAssignProperty",
"WdfFdoInitQueryPropertyEx",
"WdfFdoInitAllocAndQueryPropertyEx",
"WdfDeviceStopIdleActual",
"WdfDeviceResumeIdleActual",
"WdfDeviceGetSelfIoTarget",
"WdfDeviceInitAllowSelfIoTarget",
"WdfIoTargetSelfAssignDefaultIoQueue",
"WdfDeviceOpenDevicemapKey",
"WdfDmaTransactionSetSingleTransferRequirement",
"WdfCxDeviceInitSetPnpPowerEventCallbacks",
"WdfFileObjectGetInitiatorProcessId",
"WdfRequestGetRequestorProcessId"]

def IsX86():
    return True


def SetWdfFuncName(baseAddr,funcNameList,funcNum,isX86):
    minFuncNum = None
    if len(funcNameList) > funcNum:
        minFuncNum = funcNum
    else:
        minFuncNum = len(funcNameList)
        
    for i in range(minFuncNum):
        if isX86:
            idc.MakeDword(baseAddr+4*i)
            idc.MakeName(baseAddr+4*i,funcNameList[i])
        else:
            idc.MakeQword(baseAddr+8*i)
            idc.MakeName(baseAddr+8*i,funcNameList[i])
    
    
    pass
    


isX86 = None
funcNum = None
wdfBase = None
myaddr = idc.AskAddr(0x14030,"address:")


if myaddr != None:
    if IsX86():
        isX86 = True
        funcNum = idc.Word(myaddr+0x14)
        wdfBase = idc.Dword(myaddr+0x18)
    else:
        isX86 = False
        funcNum = idc.Word(myaddr+0x1c)
        wdfBase = idc.Qword(myaddr+0x20)
    SetWdfFuncName(wdfBase,func_name,funcNum,isX86)
    

上面是x86版本，如果想改成x64版本，直接让IsX86()返回false即可。为什么那么麻烦呢，其实我主要是没有找到判断程序版本的idapython api，如果你找到了，可以留言告诉我