def get_xdbg_reg_var(self): """ 获取寄存器的值 """ for reg_t in self.reg_val: ida_dbg.get_reg_val(reg_t, self.reg_val[reg_t]) return self.reg_val
def get_after_run_info(self, args_rule): """ 获取某函数执行后的返回值 # TODO 添加参数的变化 """ runtime_info = {} args = self.get_xdbg_reg_var() rv = ida_idd.regval_t() ida_dbg.get_reg_val('PC', rv) FELogger.console('PC: %s' % hexstr(rv.ival)) arg_v = args[arm_regset.ret].ival #str_t = FEStrMgr.get_string_from_mem(arg_v) #runtime_info[arm_regset.ret] = [hexstr(arg_v), repr(str_t)] #FELogger.console('ret: %s => %s' % (hexstr(arg_v), repr(str_t))) FELogger.console('%s: %s' % (arm_regset.ret, hexstr(arg_v))) return runtime_info
def dbg_step_over(self): eip = ida_dbg.get_reg_val("EIP") disasm = ida_lines.tag_remove( ida_lines.generate_disasm_line( eip)) self.log("Step over: EIP=0x%x, disassembly=%s" % (eip, disasm)) self.steps += 1 if self.steps >= 5: ida_dbg.request_exit_process() else: ida_dbg.request_step_over()
def get_before_run_info(self, args_rule): """ 获取某函数执行前的寄存器信息 """ runtime_info = {} args = self.get_xdbg_reg_var() rv = ida_idd.regval_t() ida_dbg.get_reg_val('PC', rv) FELogger.console('PC: %s' % hexstr(rv.ival)) # 判断是否包含变长参数 if args_rule[-1] == '...': runtime_info = self.var_len_args_run_info(args_rule, args) elif args_rule[-1] == 'va_list': # TODO 支持va_list参数解析,暂时同“...” runtime_info = self.var_len_args_run_info(args_rule, args) else: runtime_info = self.fix_len_args_run_info(args_rule, args) return runtime_info
def dbg_run_to(self, pid, tid=0, ea=0): # this hook is called once execution reaches temporary breakpoint set by run_to(ep) below if not self.epReached: ida_dbg.refresh_debugger_memory() self._log("reached entry point at 0x%X" % ida_dbg.get_reg_val("EIP")) self._log("current step trace options: %x" % ida_dbg.get_step_trace_options()) self.epReached = True # enable step tracing (single-step the program and generate dbg_trace events) ida_dbg.request_enable_step_trace(1) # change options to only "over debugger segments" (i.e. library functions will be traced) ida_dbg.request_set_step_trace_options(ida_dbg.ST_OVER_DEBUG_SEG) ida_dbg.request_continue_process() ida_dbg.run_requests()
def _get_ip_val(): inf = get_inf_structure() proc_name = inf.procName.lower() regname = "" if proc_name == "metapc": if inf.is_64bit(): regname = "rip" elif inf.is_32bit(): regname = "eip" else: regname = "ip" elif proc_name == "arm": regname = "pc" rv = regval_t() if get_reg_val(regname, rv): return rv.ival return None
def activate(self, ctx): name = ctx.regname value = ida_dbg.get_reg_val(name) rtype = "integer" rinfo = ida_idd.register_info_t() if ida_dbg.get_dbg_reg_info(name, rinfo): if rinfo.dtype == ida_ua.dt_byte: value = "0x%02x" % value elif rinfo.dtype == ida_ua.dt_word: value = "0x%04x" % value elif rinfo.dtype == ida_ua.dt_dword: value = "0x%08x" % value elif rinfo.dtype == ida_ua.dt_qword: value = "0x%016x" % value else: rtype = "float" print("> Register %s (of type %s): %s" % (name, rtype, value))
def dbg_trace(self, tid, ea): # Log all traced addresses if ea < ida_ida.inf_get_min_ea() or ea > ida_ida.inf_get_max_ea(): raise Exception( "Received a trace callback for an address outside this database!" ) self._log("trace %08X" % ea) self.traces += 1 insn = ida_ua.insn_t() insnlen = ida_ua.decode_insn(insn, ea) # log disassembly and ESP for call instructions if insnlen > 0 and insn.itype in [NN_callni, NN_call, NN_callfi]: self._log("call insn: %s" % generate_disasm_line( ea, GENDSM_FORCE_CODE | GENDSM_REMOVE_TAGS)) self._log("ESP=%08X" % ida_dbg.get_reg_val("ESP")) return 1
def my_get_reg_value(register): rv = ida_idd.regval_t() ida_dbg.get_reg_val(register, rv) current_addr = rv.ival return current_addr