Python NextAddr Beispiele

Beispiel #1

Datei: codatify.py Projekt: tmr232/ida

    def codeify(self, ea=idc.BADADDR):
        func_count = 0
        code_count = 0

        if ea == idc.BADADDR:
            ea = self.get_start_ea(self.CODE)
            if ea == idc.BADADDR:
                ea = idc.FirstSeg()

        print "\nLooking for undefined code starting at: %s:0x%X" % (
            idc.SegName(ea), ea)

        if self.get_start_ea(self.DATA) == idc.BADADDR:
            print "WARNING: No data segments defined! I don't know where the code segment ends and the data segment begins."

        while ea != idc.BADADDR:
            try:
                if idc.GetSegmentAttr(ea, idc.SEGATTR_TYPE) == self.CODE:
                    if idc.GetFunctionName(ea) != '':
                        ea = idc.FindFuncEnd(ea)
                        continue
                    else:
                        if idc.MakeFunction(ea):
                            func_count += 1
                        elif idc.MakeCode(ea):
                            code_count += 1
            except:
                pass

            ea = idc.NextAddr(ea)

        print "Created %d new functions and %d new code blocks\n" % (
            func_count, code_count)

Beispiel #2

Datei: vita_phys_dump.py Projekt: de8gman1990/vita-ida-physdump

    def find_module_ptr(self):
        str_ptr = idc.FindBinary(0, idc.SEARCH_DOWN | idc.SEARCH_CASE,
                                 '"SceUIDModuleClass"')
        if str_ptr == idc.BADADDR:
            raise RuntimeError("failed to apply str_ptr heuristic")
        log("stage 1: str_ptr at 0x{:08X}".format(str_ptr))

        haystack = " ".join(chunk(p32(str_ptr).encode("hex"), 2))
        cls_ptr = idc.FindBinary(0, idc.SEARCH_DOWN | idc.SEARCH_CASE,
                                 haystack)
        if cls_ptr == idc.BADADDR:
            raise RuntimeError("failed to apply cls_ptr heuristic")
        cls_ptr -= 0xC
        log("stage 2: cls_ptr at 0x{:08X}".format(cls_ptr))

        haystack = " ".join(chunk(p32(cls_ptr).encode("hex"), 2))
        ea = 0
        while True:
            ea = idc.FindBinary(ea, idc.SEARCH_DOWN | idc.SEARCH_CASE,
                                haystack)
            if ea == idc.BADADDR:
                raise RuntimeError(
                    "failed to find the last module using the heuristic")
            ptr = idc.Dword(ea + 0x20)
            name = c_str(ptr, 0x20)
            if name == "SceKrm":
                self.last_module_ptr = ea + 4
                log("stage 3: last_module_ptr at 0x{:08X}".format(
                    self.last_module_ptr))
                break

            ea = idc.NextAddr(ea)

Beispiel #3

    def codeify(self, ea=idc.BADADDR):
        func_count = 0
        code_count = 0

        if ea == idc.BADADDR:
            ea = self.get_start_ea(self.CODE)
            if ea == idc.BADADDR:
                ea = idc.FirstSeg()

        self.say("\nLooking for undefined code starting at: %s:0x%X" %
                 (idc.SegName(ea), ea))

        while ea != idc.BADADDR:
            try:
                if idc.GetSegmentAttr(ea, idc.SEGATTR_TYPE) == self.CODE:
                    if idc.GetFunctionName(ea) != '':
                        ea = idc.FindFuncEnd(ea)
                        continue
                    else:
                        if idc.MakeFunction(ea):
                            func_count += 1
                        elif idc.MakeCode(ea):
                            code_count += 1
            except:
                pass

            ea = idc.NextAddr(ea)

        self.say("Created %d new functions and %d new code blocks\n" %
                 (func_count, code_count))

Beispiel #4

Datei: enumerators.py Projekt: XorgX304/idascripts-1

def findend(ea):
    ea0 = ea
    while True:
        ea = idc.NextAddr(ea)
        if XrefsTo(ea):
            break
        if idaapi.get_full_flags(ea) & idc.FF_ANYNAME:
            break
    return ea - ea0

Beispiel #5

Datei: vxhunter_ida.py Projekt: peinitaxuekanxiyang/vxhunter

 def fix_code(start_address, end_address):
     # Todo: There might be some data in the range of codes.
     offset = start_address
     while offset <= end_address:
         offset = idc.NextAddr(offset)
         flags = idc.GetFlags(offset)
         if not idc.isCode(flags):
             # Todo: Check should use MakeCode or MakeFunction
             # idc.MakeCode(offset)
             idc.MakeFunction(offset)

Beispiel #6

Datei: analysis.py Projekt: wzr/toolbag

    def hasCookie(self):
        end = idc.GetFunctionAttr(self.addr, idc.FUNCATTR_END)
        start = idc.GetFunctionAttr(self.addr, idc.FUNCATTR_START)

        count = 0
        while ((start != end) and (start != idc.BADADDR)):
            line = idc.GetDisasm(start)
            if line.startswith('xor'):
                if 'ebp' in line:
                    return True
            start = idc.NextAddr(start)
            count += 1
            # security cookie check is usually at beginning of function (unless some crazy-ass prologue)
            if (count > 20): return False
        return False

Beispiel #7

Datei: codatify.py Projekt: tmr232/ida

    def datify(self):
        ea = self.get_start_ea(self.DATA)
        if ea == idc.BADADDR:
            ea = idc.FirstSeg()

        print "Converting remaining data to DWORDs...",

        while ea != idc.BADADDR:
            flags = idc.GetFlags(ea)

            if idc.isUnknown(flags) or idc.isByte(flags):
                idc.MakeDword(ea)
                idc.OpOff(ea, 0, 0)

            ea = idc.NextAddr(ea)

        print "done."

Beispiel #8

Datei: enumerators.py Projekt: XorgX304/idascripts-1

def Addrs(*args):
    """
    Enumerate all addresses

    @param <range>: see getrange

    @return: list of all addresses in range

    """
    (first, last) = getrange(args)

    # note: problem when using range(...) for ea>=2^31
    # TODO: problem when last == BADADDR
    ea = first
    while ea != BADADDR and ea < last:
        yield ea
        ea = idc.NextAddr(ea)

Beispiel #9

    def datify(self):
        ea = self.get_start_ea(self.DATA)
        if ea == idc.BADADDR:
            ea = idc.FirstSeg()

        self.say("Converting remaining data to DWORDs...", )

        while ea != idc.BADADDR:
            flags = idc.GetFlags(ea)

            if (idc.isUnknown(flags) or idc.isByte(flags)) and ((ea % 4) == 0):
                idc.MakeDword(ea)
                idc.OpOff(ea, 0, 0)

            ea = idc.NextAddr(ea)

        self.say("done.")

        self._fix_data_offsets()

Beispiel #10

Datei: pathfinder.py Projekt: sucof/ida

 def _colorize_block(self, block_ea, color=idc.DEFCOLOR):
     if self.block_table.has_key(block_ea):
         ea = self.block_table[block_ea].startEA
         while ea < self.block_table[block_ea].endEA:
             idc.SetColor(ea, idc.CIC_ITEM, color)
             ea = idc.NextAddr(ea)

Beispiel #11

Datei: 8_指令.py Projekt: zengkefu/IDAPython_Note

dism_addr = list(idautils.FuncItems(here()))
print type(dism_addr)

print dism_addr

for line in dism_addr:
    print hex(line), idc.GetDisasm(line)

#获取下一个指令的地址
idc.NextHead(ea)

#获取上一条指令的地址
idc.PrevHead(ea)

#获取下一个地址
idc.NextAddr(ea)

#获取上一个地址
idc.PrevAddr(ea)

#遍历所有的动态调用
for func in idautils.Functions():
    flags = idc.GetFunctionFlags(func)
    if flags & FUNC_LIB or flags & FUNC_THUNK:
        continue
    dism_addr = list(idautils.FuncItems(func))
    for line in dism_addr:
        m = idc.GetMnem(line)
        if m == 'call' or m == 'jmp':
            op = idc.GetOpType(line, 0)
            if op == o_reg: