def t_EDI(t):
r'(?i)edi'
if arch_size == 32:
t.value = idaapi.get_reg_val("EDI")
else:
t.value = (idaapi.get_reg_val("RDI")) & 0xffffffff
return t
def t_ECX(t):
r'(?i)ecx'
if arch_size == 32:
t.value = idaapi.get_reg_val("ECX")
else:
t.value = (idaapi.get_reg_val("RCX")) & 0xffffffff
return t
def t_ESP(t):
r'(?i)esp'
if arch_size == 32:
t.value = idaapi.get_reg_val("ESP")
else:
t.value = (idaapi.get_reg_val("RSP")) & 0xffffffff
return t
def check_memory_region(is_arch64):
if ida_dbg.is_debugger_on():
if ida_kernwin.ask_buttons(
"Yes", "No", "Cancel", -1,
"Add auto memory region (without memory region go to EIP/RIP can fail)"
) == -1:
raise UICancel
ida_dbg.enable_manual_regions(1)
infos = ida_idd.meminfo_vec_t()
info = ida_idd.memory_info_t()
info.perm = 7
if is_arch64:
info.end_ea = 18446744073709551614
info.bitness = 2
else:
info.end_ea = 4294967294
info.bitness = 1
info.sbase = 0
info.sclass = 'UNK'
info.name = 'MEMORY'
info.start_ea = 0
infos.push_back(info)
ida_dbg.set_manual_regions(infos)
# enable manual regions workarr:
ida_dbg.enable_manual_regions(0)
ida_dbg.refresh_debugger_memory()
ida_dbg.enable_manual_regions(1)
ida_dbg.refresh_debugger_memory()
ida_dbg.edit_manual_regions()
if idaapi.get_process_state() == -1:
if is_arch64:
cipreg = idaapi.get_reg_val('RIP')
else:
cipreg = idaapi.get_reg_val('EIP')
ida_ua.create_insn(cipreg)
ida_kernwin.jumpto(cipreg)
ida_kernwin.refresh_idaview_anyway()
def get_fpu_regs(name):
global rv
assert (idaapi.is_reg_float(name))
rv = idaapi.regval_t()
rv.clear()
if idaapi.get_reg_val(name, rv):
ptr = int(rv.get_data())
data = ctypes.cast(ptr, ctypes.POINTER(ctypes.c_uint8))
re = []
f80 = 0
for i in range(2, 12):
b8 = data[i]
re.append(b8)
f80 = f80 | (b8 << (8 * i))
f64 = 0
f64_l = convert_f80le_to_f64le(re)
for i in range(8):
f64 = (f64 << 8) | f64_l[7 - i]
return [f80, f64]
raise ('fk names')
def t_RDX(t):
r'(?i)rdx'
t.value = idaapi.get_reg_val("RDX")
return t
def t_RAX(t):
r'(?i)rax'
t.value = idaapi.get_reg_val("RAX")
return t
def t_RSI(t):
r'(?i)rsi'
t.value = idaapi.get_reg_val("RSI")
return t
def t_RIP(t):
r'(?i)rip'
t.value = idaapi.get_reg_val("RIP")
return t
def t_R14(t):
r'(?i)r14'
t.value = idaapi.get_reg_val("R14")
return t
def t_R15(t):
r'(?i)r15'
t.value = idaapi.get_reg_val("R15")
return t
def t_RCX(t):
r'(?i)rcx'
t.value = idaapi.get_reg_val("RCX")
return t
def t_RBP(t):
r'(?i)rbp'
t.value = idaapi.get_reg_val("RBP")
return t
def t_R10(t):
r'(?i)r10'
t.value = idaapi.get_reg_val("R10")
return t
def get_xmm(name):
rv = idaapi.regval_t()
if idaapi.get_reg_val(name, rv):
return int(rv.bytes()[::-1].encode('hex'), 16)
raise ('fk names')
def t_R9(t):
r'(?i)r9'
t.value = idaapi.get_reg_val("R9")
return t
def t_R8(t):
r'(?i)r8'
t.value = idaapi.get_reg_val("R8")
return t
def t_RSP(t):
r'(?i)rsp'
t.value = idaapi.get_reg_val("RSP")
return t
def t_RBX(t):
r'(?i)rbx'
t.value = idaapi.get_reg_val("RBX")
return t
def t_R13(t):
r'(?i)r13'
t.value = idaapi.get_reg_val("R13")
return t
def t_R11(t):
r'(?i)r11'
t.value = idaapi.get_reg_val("R11")
return t
def t_RDI(t):
r'(?i)rdi'
t.value = idaapi.get_reg_val("RDI")
return t
def t_R12(t):
r'(?i)r12'
t.value = idaapi.get_reg_val("R12")
return t
#used to follow instructions when debug
import idaapi
x=0
while x<100:
idaapi.step_over()
GetDebuggerEvent(WFNE_SUSP, -1)
rv = idaapi.regval_t()
idaapi.get_reg_val('EIP',rv)
print GetDisasm(rv.ival)
if GetMnem(rv.ival) == "retn":
break
x = x + 1
