def init_segm_mem(self):
segment = {}
gdt = gdt32(GDT_MAP_ADDR)
fs_idx = idc.GetRegValue('fs')
gs_idx = idc.GetRegValue('gs')
fs_addr = idaapi.dbg_get_thread_sreg_base(idc.GetCurrentThreadId(),
int(cpu.fs))
gs_addr = idaapi.dbg_get_thread_sreg_base(idc.GetCurrentThreadId(),
int(cpu.gs))
G = 1
D = 0
L = 1
AVL = 0
gdt.addSegDiscription(fs_idx, fs_addr, 0x1000, 1, 0, 0,
(G << 3) | (D << 2) | (L << 1) | AVL)
gdt.addSegDiscription(gs_idx, gs_addr, 0x1000, 1, 0, 0,
(G << 3) | (D << 2) | (L << 1) | AVL)
return gdt.get_gdt()
def get_sreg_base_x64(name):
sdb = idaapi.dbg_get_thread_sreg_base(idc.GetCurrentThreadId(),
int(getattr(cpu, name)))
if not sdb:
for n in xrange(idaapi.get_segm_qty()):
seg = idaapi.getnseg(n)
sgname = idaapi.get_segm_name(seg, 0)
if sgname.startswith('TIB['):
_sdb = seg.startEA + 0x1000
sdb_self = int(
base64.b16encode(
idaapi.dbg_read_memory(_sdb + 0x30, 8)[::-1]), 16)
if (sdb_self == _sdb):
sdb = _sdb
print("\nwarning: the segname:%s is zero,I give %016x" %
(name, sdb))
break
if not sdb:
print(
"\n\nwarning: the segname:%s is zero, U need set it by yourself\n"
% (name))
return sdb
if bit_strings:
for s in bit_strings:
print " %s" % s
def test_manual_regions():
L = idaapi.get_manual_regions()
if not L:
print "no manual regions!"
else:
dump_meminfo(L)
def test_readwrite():
ea = cpu.Eip
buf = idaapi.dbg_read_memory(ea, 5)
print "read: ", [hex(ord(x)) for x in buf]
idaapi.dbg_write_memory(ea, buf)
test_manual_regions()
if idaapi.dbg_can_query():
print "%x: fs" % (idaapi.dbg_get_thread_sreg_base(idc.GetCurrentThreadId(),
cpu.fs))
test_getmeminfo()
test_getregs()
test_readwrite()
else:
print "run and suspend the debugger first"
L = idaapi.dbg_get_registers()
# name flags class dtyp bit_strings bit_strings_default_mask
for (name, flags, cls, dtype, bit_strings, bit_strings_default_mask) in L:
print "name=<%s> flags=%x class=%x dtype=%x bit_strings_mask=%x" % (name, flags, cls, dtype, bit_strings_default_mask)
if bit_strings:
for s in bit_strings:
print " %s" % s
def test_manual_regions():
L = idaapi.get_manual_regions()
if not L:
print "no manual regions!"
else:
dump_meminfo(L)
def test_readwrite():
ea = cpu.Eip
buf = idaapi.dbg_read_memory(ea, 5)
print "read: ", [hex(ord(x)) for x in buf]
idaapi.dbg_write_memory(ea, buf)
test_manual_regions()
if idaapi.dbg_can_query():
print "%x: fs" % (idaapi.dbg_get_thread_sreg_base(idc.GetCurrentThreadId(), cpu.fs))
test_getmeminfo()
test_getregs()
test_readwrite()
else:
print "run and suspend the debugger first"
def GetFsBase(tid):
idc.SelectThread(tid)
base = idaapi.dbg_get_thread_sreg_base(tid, cpu.fs)
if base != 0:
return base
return WindbgGetRegBase(tid)
def Regs_method(self):
method = {
'mm0':
get_xmm,
'mm1':
get_xmm,
'mm2':
get_xmm,
'mm3':
get_xmm,
'mm4':
get_xmm,
'mm5':
get_xmm,
'mm6':
get_xmm,
'mm7':
get_xmm,
'xmm0':
get_xmm,
'xmm1':
get_xmm,
'xmm2':
get_xmm,
'xmm3':
get_xmm,
'xmm4':
get_xmm,
'xmm5':
get_xmm,
'xmm6':
get_xmm,
'xmm7':
get_xmm,
'xmm8':
get_xmm,
'xmm9':
get_xmm,
'xmm10':
get_xmm,
'xmm11':
get_xmm,
'xmm12':
get_xmm,
'xmm13':
get_xmm,
'xmm14':
get_xmm,
'xmm15':
get_xmm,
'fs':
lambda name: idaapi.dbg_get_thread_sreg_base(
idc.GetCurrentThreadId(), int(cpu.fs)),
'gs':
lambda name: idaapi.dbg_get_thread_sreg_base(
idc.GetCurrentThreadId(), int(cpu.gs)),
'fpround':
getfpround,
'sseround':
getSseRound,
'ftop':
getftop
# 'fpu_tags':getfpu_tags
}
return method
def GetFsBase(tid):
idc.select_thread(tid)
base = idaapi.dbg_get_thread_sreg_base(tid, cpu.fs)
if base != 0:
return base
return WindbgGetRegBase(tid)
def getRegs():
register_names = {
16: 'rax',
24: 'rcx',
32: 'rdx',
40: 'rbx',
48: 'rsp',
56: 'rbp',
64: 'rsi',
72: 'rdi',
80: 'r8',
88: 'r9',
96: 'r10',
104: 'r11',
112: 'r12',
120: 'r13',
128: 'r14',
136: 'r15',
144: 'cc_op',
152: 'cc_dep1',
160: 'cc_dep2',
168: 'cc_ndep',
176: 'd',
184: 'rip',
192: 'ac',
200: 'id',
208: 'fs',
216: 'sseround',
224: 'ymm0',
256: 'ymm1',
288: 'ymm2',
320: 'ymm3',
352: 'ymm4',
384: 'ymm5',
416: 'ymm6',
448: 'ymm7',
480: 'ymm8',
512: 'ymm9',
544: 'ymm10',
576: 'ymm11',
608: 'ymm12',
640: 'ymm13',
672: 'ymm14',
704: 'ymm15',
736: 'ymm16',
768: 'ftop',
776: 'mm0',
784: "mm1",
792: "mm2",
800: "mm3",
808: "mm4",
816: "mm5",
824: "mm6",
832: "mm7",
840: 'fptag',
848: 'fpround',
856: 'fc3210',
864: 'emnote',
872: 'cmstart',
880: 'cmlen',
888: 'nraddr',
904: 'gs',
912: 'ip_at_syscall'
}
values = {}
method = {
'mm0':
get_xmm,
'mm1':
get_xmm,
'mm2':
get_xmm,
'mm3':
get_xmm,
'mm4':
get_xmm,
'mm5':
get_xmm,
'mm6':
get_xmm,
'mm7':
get_xmm,
'xmm0':
get_xmm,
'xmm1':
get_xmm,
'xmm2':
get_xmm,
'xmm3':
get_xmm,
'xmm4':
get_xmm,
'xmm5':
get_xmm,
'xmm6':
get_xmm,
'xmm7':
get_xmm,
'xmm8':
get_xmm,
'xmm9':
get_xmm,
'xmm10':
get_xmm,
'xmm11':
get_xmm,
'xmm12':
get_xmm,
'xmm13':
get_xmm,
'xmm14':
get_xmm,
'xmm15':
get_xmm,
'fs':
lambda name: idaapi.dbg_get_thread_sreg_base(idc.GetCurrentThreadId(),
int(cpu.fs)),
'gs':
lambda name: idaapi.dbg_get_thread_sreg_base(idc.GetCurrentThreadId(),
int(cpu.gs)),
'fpround':
getfpround,
'sseround':
getSseRound,
'ftop':
getftop
# 'fpu_tags':getfpu_tags
}
for regAddress in register_names:
regName = register_names[regAddress]
if regName in method:
values[regAddress] = method[regName](regName)
print("success %-10s %x" % (regName, values[regAddress]))
else:
try:
values[regAddress] = idc.GetRegValue(regName)
print("success %-10s %x" % (regName, values[regAddress]))
except Exception as e:
print("filed read regName %-10s %s" % (regName, e))
pass
return values
