def t_EDI(t): r'(?i)edi' if arch_size == 32: t.value = idaapi.get_reg_val("EDI") else: t.value = (idaapi.get_reg_val("RDI")) & 0xffffffff return t
def t_ECX(t): r'(?i)ecx' if arch_size == 32: t.value = idaapi.get_reg_val("ECX") else: t.value = (idaapi.get_reg_val("RCX")) & 0xffffffff return t
def t_ESP(t): r'(?i)esp' if arch_size == 32: t.value = idaapi.get_reg_val("ESP") else: t.value = (idaapi.get_reg_val("RSP")) & 0xffffffff return t
def check_memory_region(is_arch64): if ida_dbg.is_debugger_on(): if ida_kernwin.ask_buttons( "Yes", "No", "Cancel", -1, "Add auto memory region (without memory region go to EIP/RIP can fail)" ) == -1: raise UICancel ida_dbg.enable_manual_regions(1) infos = ida_idd.meminfo_vec_t() info = ida_idd.memory_info_t() info.perm = 7 if is_arch64: info.end_ea = 18446744073709551614 info.bitness = 2 else: info.end_ea = 4294967294 info.bitness = 1 info.sbase = 0 info.sclass = 'UNK' info.name = 'MEMORY' info.start_ea = 0 infos.push_back(info) ida_dbg.set_manual_regions(infos) # enable manual regions workarr: ida_dbg.enable_manual_regions(0) ida_dbg.refresh_debugger_memory() ida_dbg.enable_manual_regions(1) ida_dbg.refresh_debugger_memory() ida_dbg.edit_manual_regions() if idaapi.get_process_state() == -1: if is_arch64: cipreg = idaapi.get_reg_val('RIP') else: cipreg = idaapi.get_reg_val('EIP') ida_ua.create_insn(cipreg) ida_kernwin.jumpto(cipreg) ida_kernwin.refresh_idaview_anyway()
def get_fpu_regs(name): global rv assert (idaapi.is_reg_float(name)) rv = idaapi.regval_t() rv.clear() if idaapi.get_reg_val(name, rv): ptr = int(rv.get_data()) data = ctypes.cast(ptr, ctypes.POINTER(ctypes.c_uint8)) re = [] f80 = 0 for i in range(2, 12): b8 = data[i] re.append(b8) f80 = f80 | (b8 << (8 * i)) f64 = 0 f64_l = convert_f80le_to_f64le(re) for i in range(8): f64 = (f64 << 8) | f64_l[7 - i] return [f80, f64] raise ('fk names')
def t_RDX(t): r'(?i)rdx' t.value = idaapi.get_reg_val("RDX") return t
def t_RAX(t): r'(?i)rax' t.value = idaapi.get_reg_val("RAX") return t
def t_RSI(t): r'(?i)rsi' t.value = idaapi.get_reg_val("RSI") return t
def t_RIP(t): r'(?i)rip' t.value = idaapi.get_reg_val("RIP") return t
def t_R14(t): r'(?i)r14' t.value = idaapi.get_reg_val("R14") return t
def t_R15(t): r'(?i)r15' t.value = idaapi.get_reg_val("R15") return t
def t_RCX(t): r'(?i)rcx' t.value = idaapi.get_reg_val("RCX") return t
def t_RBP(t): r'(?i)rbp' t.value = idaapi.get_reg_val("RBP") return t
def t_R10(t): r'(?i)r10' t.value = idaapi.get_reg_val("R10") return t
def get_xmm(name): rv = idaapi.regval_t() if idaapi.get_reg_val(name, rv): return int(rv.bytes()[::-1].encode('hex'), 16) raise ('fk names')
def t_R9(t): r'(?i)r9' t.value = idaapi.get_reg_val("R9") return t
def t_R8(t): r'(?i)r8' t.value = idaapi.get_reg_val("R8") return t
def t_RSP(t): r'(?i)rsp' t.value = idaapi.get_reg_val("RSP") return t
def t_RBX(t): r'(?i)rbx' t.value = idaapi.get_reg_val("RBX") return t
def t_R13(t): r'(?i)r13' t.value = idaapi.get_reg_val("R13") return t
def t_R11(t): r'(?i)r11' t.value = idaapi.get_reg_val("R11") return t
def t_RDI(t): r'(?i)rdi' t.value = idaapi.get_reg_val("RDI") return t
def t_R12(t): r'(?i)r12' t.value = idaapi.get_reg_val("R12") return t
#used to follow instructions when debug import idaapi x=0 while x<100: idaapi.step_over() GetDebuggerEvent(WFNE_SUSP, -1) rv = idaapi.regval_t() idaapi.get_reg_val('EIP',rv) print GetDisasm(rv.ival) if GetMnem(rv.ival) == "retn": break x = x + 1