def _rpc_analyze_external_refs(cls, req, job_id): #py_olly.olly_log('_rpc_analyze_external_refs: %08X-%08X inc by %08X' % (req.ea_from, req.ea_to, req.increment)) return job_id, ollyutils.analyze_external_refs(req.ea_from, req.ea_to, req.increment, req.analysing_base, req.analysing_size)
if oa.Findname(m.codebase + off, oa.NM_EXPORT, name): externals.append({'ea': m.codebase + off, 'name': str(name.replace('\x00', ''))}) mi['apis'] = externals print mi del t import ollyapi as oa symb = bytearray(2048) comment = bytearray(oa.TEXTLEN) n = oa.Decodeaddress(0x34114c, 0, oa.ADC_SYMBOL | oa.ADC_ENTRY, symb, 2048, comment) print 'n: %s, symb: %s, comment: %s' % (n, symb.replace('\x00', ''), comment.replace('\x00', '')) import ollyutils print ollyutils.analyze_external_refs(0x34114c, 0x341150, 1) th = oa.Findthread(oa.Getcputhreadid()) import inspect r = oa.ulongArray.frompointer(th.reg.r) for i, v in enumerate(r): if i > 7: break print "%r: %08x" % (i, v) print 'eip: %08X' % th.reg.ip # --------------------- import ollyutils size, mem = ollyutils.safe_read_chunked_memory_region_as_one(0x6ef40000, 0x190000); print type(mem) with open('d:\\pe_test.bin', 'wb') as f: