I don't know how to find the main() function using IDAPython.
How can I do this?
Asked
Active
Viewed 1,192 times
2 Answers
0
Run this in the python console of IDA, and it will print the address of a function named main
for funcAddr in idautils.Functions():
funcName = idc.get_func_name(funcAddr)
if funcName == 'main':
print(f"{funcAddr:#x}")
0xC0000022L
- 20,597
- 9
- 86
- 152
macro_controller
- 1,469
- 1
- 14
- 32
0
Your question is a little unclear, to be honest. You write main function, but I wonder if you mean the C runtime's main or the (main) entry point of the binary?
These are two different things. The idautils module offers an Entries() function and a Names() function.
The documentation for both is slightly misleading. They return generators, not a list -- as documented.
By using Names() you can do what the other answer suggests. Using a list comprehension makes it a little more concise:
import idautils
# by looking for "main", we look anywhere in the tuple
mainfunc = [name for name in idautils.Names() if "main" in name]
# mainfunc is a list of tuples of (ea, name)
# NB: if there is just a single match, it's a single list element
print(mainfunc)
... might yield an output like: [(5368942248, 'main')]
import idautils
# by accessing index 3, we access the name
mainfunc = [name for name in idautils.Entries() if "main" in name[3]]
# mainfunc is a list of tuples of (index, ordinal, ea, name)
print(mainfunc)
... might yield an output of [(0, 5369098092, 5369098092, 'wmainCRTStartup')]
0xC0000022L
- 20,597
- 9
- 86
- 152