def __init__(self): ida_dbg.DBG_Hooks.__init__(self) self.bp_hit_count = {} # 断点触发次数 self.bf_hit_count = {} # 断点所在函数触发次数 self.reg_val = {} # 保存寄存器的值 for reg in arm_regset.args + (arm_regset.stack, ): self.reg_val[reg] = ida_idd.regval_t() self.step_dbg = False
def _get_ip_val(): inf = get_inf_structure() proc_name = inf.procName.lower() regname = "" if proc_name == "metapc": if inf.is_64bit(): regname = "rip" elif inf.is_32bit(): regname = "eip" else: regname = "ip" elif proc_name == "arm": regname = "pc" rv = regval_t() if get_reg_val(regname, rv): return rv.ival return None
def get_after_run_info(self, args_rule): """ 获取某函数执行后的返回值 # TODO 添加参数的变化 """ runtime_info = {} args = self.get_xdbg_reg_var() rv = ida_idd.regval_t() ida_dbg.get_reg_val('PC', rv) FELogger.console('PC: %s' % hexstr(rv.ival)) arg_v = args[arm_regset.ret].ival #str_t = FEStrMgr.get_string_from_mem(arg_v) #runtime_info[arm_regset.ret] = [hexstr(arg_v), repr(str_t)] #FELogger.console('ret: %s => %s' % (hexstr(arg_v), repr(str_t))) FELogger.console('%s: %s' % (arm_regset.ret, hexstr(arg_v))) return runtime_info
def get_before_run_info(self, args_rule): """ 获取某函数执行前的寄存器信息 """ runtime_info = {} args = self.get_xdbg_reg_var() rv = ida_idd.regval_t() ida_dbg.get_reg_val('PC', rv) FELogger.console('PC: %s' % hexstr(rv.ival)) # 判断是否包含变长参数 if args_rule[-1] == '...': runtime_info = self.var_len_args_run_info(args_rule, args) elif args_rule[-1] == 'va_list': # TODO 支持va_list参数解析,暂时同“...” runtime_info = self.var_len_args_run_info(args_rule, args) else: runtime_info = self.fix_len_args_run_info(args_rule, args) return runtime_info
def my_get_reg_value(register): rv = ida_idd.regval_t() ida_dbg.get_reg_val(register, rv) current_addr = rv.ival return current_addr
def gogo(): t = ida_idd.regval_t() t.set_int(0x76794cfa) ida_dbg.set_reg_val("PC", t)
def get_tev_reg_val(tev, reg): rv = ida_idd.regval_t() if get_insn_tev_reg_val(tev, reg, rv): if rv.rvtype == ida_idd.RVT_INT: return rv.ival