def __init__(self, addr, deepness=0):
super(BGSInventoryList, self).__init__(addr, deepness)
self.weight = idc.GetFloat(addr + BGSInventoryList.Offset.Weight.value)
inventoryItemsAddr = addr + BGSInventoryList.Offset.Items.value
if (deepness >= max_deepness):
self.Items = inventoryItemsAddr
else:
self.Items = TArray(inventoryItemsAddr, BGSInventoryItem, 16,
deepness + 1)
def readData(ea, type, size):
flag = type[1]
if not flag:
return ''
t = flag & idc.DT_TYPE
tsz = DATA['typeSize'][t]
val = []
for i in range(size / tsz):
if t == idc.FF_BYTE:
val += [idc.Byte(ea)]
elif t == idc.FF_WORD:
val += [idc.Word(ea)]
elif t == idc.FF_DWRD:
val += [idc.Dword(ea)]
elif t == idc.FF_QWRD:
val += [idc.Qword(ea)]
elif t == idc.FF_FLOAT:
val += [idc.GetFloat(ea)]
ea += tsz
if len(val) == 1:
val = idc.GetString(val[0], -1, DATA['strtypes'][
type[0]]) if type[0] in DATA['strtypes'] else val[0]
return val
def decode_data(addr, size):
# print '[*]begin to find .data segment'
# data_ea_start = 0
# local_sections = Segments()
# for section in local_sections:
# seg_name = SegName(section)
# if seg_name == '.data':
# data_ea_start = section
# break
# if data_ea_start == 0:
# print '\t[-]can not locate .data segment'
# return
# data_ea_end = SegEnd(data_ea_start)
# print 'data start from 0x%x, end to 0x%x' % (data_ea_start, data_ea_end)
# size = (data_ea_end - data_ea_start)/4
# print "size: %d" % size
# buf = ""
# for i in range(0, size):
# dw = idc.Dword(addr+ i*4) #(data_ea_start + i*4)
# if dw > 0xc3000000 and dw < 0xc3ffffff:
# fori = idc.GetFloat(data_ea_start + i*4)
# fti = int(fori + fori)
# ior = ((fti ^ 0xde) + 0x22) & 0x000000ff
# buf += chr(ior)
# print '%s' % buf
buf = ""
for i in range(0, size):
dw = idc.Dword(addr + i * 4) # (data_ea_start + i*4)
if dw > 0xc3000000 and dw < 0xc3ffffff:
fori = idc.GetFloat(addr + i * 4)
fti = int(fori + fori)
ior = ((fti ^ 0xde) + 0x22) & 0x000000ff
buf += chr(ior)
return buf
#coding=utf-8 import idc import idaapi import idautils idc.Byte(ea) #获取单字节 idc.Word(ea) #获取单字 idc.Dword(ea) #获取双字 idc.Qword(ea) #获取四字 idc.GetFloat(ea) #获取单精度浮点数 idc.GetDouble(ea) #获取双精度浮点数 #0x100003b2fL mov rcx, cs:__imp__wcmdln #0x48 #0x8b48L #0xa0d8b48L #0x48ffffd70a0d8b48L #6.81509894557e-33 #4.46006192587e+43 ea = here() print hex(ea), idc.GetDisasm(ea) print hex(idc.Byte(ea)) print hex(idc.Word(ea)) print hex(idc.Dword(ea)) print hex(idc.Qword(ea)) print float(idc.GetFloat(ea)) print float(idc.GetDouble(ea)) # 利用idc.GetManyBytes(ea, size) 获取指定地址开始的多个字节码 该函数返回的是字节的字符形式 ea = here()
def export_xmm_float(self):
result_float = "_mm_set_ps(%f, %f, %f, %f)" % (idc.GetFloat(get_screen_ea() + 12),
idc.GetFloat(get_screen_ea() + 8), idc.GetFloat(get_screen_ea() + 4), idc.GetFloat(get_screen_ea()))
print("XMMCpy (Float) Result: %s" % result_float)
QApplication.clipboard().setText(result_float)