def get_xdbg_reg_var(self):
"""
获取寄存器的值
"""
for reg_t in self.reg_val:
ida_dbg.get_reg_val(reg_t, self.reg_val[reg_t])
return self.reg_val
def get_after_run_info(self, args_rule):
"""
获取某函数执行后的返回值
# TODO 添加参数的变化
"""
runtime_info = {}
args = self.get_xdbg_reg_var()
rv = ida_idd.regval_t()
ida_dbg.get_reg_val('PC', rv)
FELogger.console('PC: %s' % hexstr(rv.ival))
arg_v = args[arm_regset.ret].ival
#str_t = FEStrMgr.get_string_from_mem(arg_v)
#runtime_info[arm_regset.ret] = [hexstr(arg_v), repr(str_t)]
#FELogger.console('ret: %s => %s' % (hexstr(arg_v), repr(str_t)))
FELogger.console('%s: %s' % (arm_regset.ret, hexstr(arg_v)))
return runtime_info
def dbg_step_over(self):
eip = ida_dbg.get_reg_val("EIP")
disasm = ida_lines.tag_remove(
ida_lines.generate_disasm_line(
eip))
self.log("Step over: EIP=0x%x, disassembly=%s" % (eip, disasm))
self.steps += 1
if self.steps >= 5:
ida_dbg.request_exit_process()
else:
ida_dbg.request_step_over()
def get_before_run_info(self, args_rule):
"""
获取某函数执行前的寄存器信息
"""
runtime_info = {}
args = self.get_xdbg_reg_var()
rv = ida_idd.regval_t()
ida_dbg.get_reg_val('PC', rv)
FELogger.console('PC: %s' % hexstr(rv.ival))
# 判断是否包含变长参数
if args_rule[-1] == '...':
runtime_info = self.var_len_args_run_info(args_rule, args)
elif args_rule[-1] == 'va_list':
# TODO 支持va_list参数解析,暂时同“...”
runtime_info = self.var_len_args_run_info(args_rule, args)
else:
runtime_info = self.fix_len_args_run_info(args_rule, args)
return runtime_info
def dbg_run_to(self, pid, tid=0, ea=0):
# this hook is called once execution reaches temporary breakpoint set by run_to(ep) below
if not self.epReached:
ida_dbg.refresh_debugger_memory()
self._log("reached entry point at 0x%X" % ida_dbg.get_reg_val("EIP"))
self._log("current step trace options: %x" % ida_dbg.get_step_trace_options())
self.epReached = True
# enable step tracing (single-step the program and generate dbg_trace events)
ida_dbg.request_enable_step_trace(1)
# change options to only "over debugger segments" (i.e. library functions will be traced)
ida_dbg.request_set_step_trace_options(ida_dbg.ST_OVER_DEBUG_SEG)
ida_dbg.request_continue_process()
ida_dbg.run_requests()
def _get_ip_val():
inf = get_inf_structure()
proc_name = inf.procName.lower()
regname = ""
if proc_name == "metapc":
if inf.is_64bit():
regname = "rip"
elif inf.is_32bit():
regname = "eip"
else:
regname = "ip"
elif proc_name == "arm":
regname = "pc"
rv = regval_t()
if get_reg_val(regname, rv):
return rv.ival
return None
def activate(self, ctx):
name = ctx.regname
value = ida_dbg.get_reg_val(name)
rtype = "integer"
rinfo = ida_idd.register_info_t()
if ida_dbg.get_dbg_reg_info(name, rinfo):
if rinfo.dtype == ida_ua.dt_byte:
value = "0x%02x" % value
elif rinfo.dtype == ida_ua.dt_word:
value = "0x%04x" % value
elif rinfo.dtype == ida_ua.dt_dword:
value = "0x%08x" % value
elif rinfo.dtype == ida_ua.dt_qword:
value = "0x%016x" % value
else:
rtype = "float"
print("> Register %s (of type %s): %s" % (name, rtype, value))
def dbg_trace(self, tid, ea):
# Log all traced addresses
if ea < ida_ida.inf_get_min_ea() or ea > ida_ida.inf_get_max_ea():
raise Exception(
"Received a trace callback for an address outside this database!"
)
self._log("trace %08X" % ea)
self.traces += 1
insn = ida_ua.insn_t()
insnlen = ida_ua.decode_insn(insn, ea)
# log disassembly and ESP for call instructions
if insnlen > 0 and insn.itype in [NN_callni, NN_call, NN_callfi]:
self._log("call insn: %s" % generate_disasm_line(
ea, GENDSM_FORCE_CODE | GENDSM_REMOVE_TAGS))
self._log("ESP=%08X" % ida_dbg.get_reg_val("ESP"))
return 1
def my_get_reg_value(register):
rv = ida_idd.regval_t()
ida_dbg.get_reg_val(register, rv)
current_addr = rv.ival
return current_addr
