def get_data(start, size): ''' read the given amount of data from the given start address. better than `idc.GetManyBytes` as it fills in missing bytes with NULLs. Args: start (int): start address. size (int): number of bytes to read. Returns: bytes: `size` bytes, filled with NULL when byte not available from database. ''' # best case, works pretty often. buf = idc.GetManyBytes(start, size) if buf: return buf # but may fail, when there's no byte defined. buf = [] for ea in range(start, start + size): b = idc.GetManyBytes(ea, 1) if b: buf.append(b) else: buf.append(b'\x00') return b''.join(buf)
def find_unrefd_encoded_strings(encoded_string, delimiter=None): ''' Description: Given a known EncodedString, find unreferenced encoded strings before the next ref. By default, the delimiter is the null terminator. The original EncodedString is not modified. Input: encoded_string - The EncodedString to start from delimiter - The character(s) to split on (default is null terminator) Output: A list of new EncodedStrings (not including the original) ''' if delimiter is None: delimiter = '\x00\x00' if isinstance(encoded_string.decoded_string, unicode) else '\x00' results = [] index = encoded_string.string_location + encoded_string.size while not list(idautils.XrefsTo(index, idaapi.XREF_ALL)): # Consume bytes while we continue to find the delimiter if idc.GetManyBytes(index, len(delimiter)) == delimiter: if len(delimiter) > 1: # if the delimiter is multiple bytes, we could have stepped over a ref # in the middle of the delimiter if any( bool(list(idautils.XrefsTo(index + i, idaapi.XREF_ALL))) for i in xrange(len(delimiter))): break else: index += len(delimiter) else: index += len(delimiter) else: # For cases where the delimiter has repeated values (like unicode null), # step until the delimiter is right aligned while not list(idautils.XrefsTo(index, idaapi.XREF_ALL)) and \ idc.GetManyBytes(index + 1, len(delimiter)) == delimiter: index += 1 # Technically we need to check this again to be super safe if list(idautils.XrefsTo(index, idaapi.XREF_ALL)): break start = index # Consume non-delimiter bytes until we encounter another delimiter or a ref index += 1 while not list(idautils.XrefsTo(index, idaapi.XREF_ALL)) and \ idc.GetManyBytes(index, len(delimiter)) != delimiter: index += 1 new_string = copy.copy(encoded_string) new_string.offset = start - encoded_string.string_location new_string.size = index - start new_string.get_bytes() results.append(new_string) return results
def get_rets(bb, end_address): for func in idautils.Functions(): # Retrieve func curr_func = idaapi.get_func(func) # Get start address making sure to strip the trailing L if curr_func.startEA == bb.startEA: # This fails if the function is implemented outside (e.g. ntdll), so we need to catch the exception try: flowchart = idaapi.FlowChart(curr_func) except: #f.write("Implemented somewhere else\n") #f.write(name+"\n") return end_address for bb in flowchart: # Examine BBs with no successors if not list(bb.succs()): #f.write("empty internal:"+hex(bb.startEA)+"\n") bb_len = int(bb.endEA - bb.startEA) if bb_len != 0: # Fetch BB rawbytes bb_bytes = idc.GetManyBytes(bb.startEA, bb.endEA - bb.startEA) else: bb_bytes = idc.GetManyBytes(bb.startEA, ItemSize(bb.startEA)) # Init Capstone if get_number_of_bits() == 32: md = Cs(CS_ARCH_X86, CS_MODE_32) md.detail = True else: md = Cs(CS_ARCH_X86, CS_MODE_64) md.detail = True # Get last instruction of BB ins = list(md.disasm(bb_bytes, bb.startEA))[-1] # Dump ret address if ins.mnemonic == "ret": #f.write("INT -- 0x%x:\t%s\t%s\n" %(ins.address, ins.mnemonic, ins.op_str)) end_address["rets"].append(ins.address) return end_address
def _get_blocks_codes_per_func_iter(): """ Iterative function to generate all blocks and opcodes :return: N/A """ all_blocks = {} all_codes = {} all_opcodes = [] for func in idautils.Functions(): # blocks_in_func contains # <idaapi.BasicBlock object at 0x0545F3F0>, ... blocks_in_func = idaapi.FlowChart(idaapi.get_func(func)) blocks = [] for block in blocks_in_func: # IDA BUG! block.startEA == block.endEA?? # Should be in the range "block.startEA <= block < block.endEA" if block.startEA != block.endEA: blocks.append((block.startEA, block.endEA)) for head in idautils.Heads(block.startEA, block.endEA): ibytes = idc.GetManyBytes(head, idc.ItemEnd(head) - head) spd = idc.GetSpd(head) all_codes[head] = insn.Instruction(head, ibytes, spd) # IDA BUG! all_codes[head].bytes == 0?? # The size of the code should be positive if all_codes[head].bytes != 0: all_opcodes.append( (all_codes[head].addr, all_codes[head].addr + len(all_codes[head].bytes))) all_blocks[func] = blocks yield (all_blocks, all_opcodes)
def main(): address = AskAddr(BADADDR, "Enter address: ") if address is None: # cancel return if address == BADADDR: print "Invalid address." return size = AskLong(0, "Enter size: ") if size is None: # cancel return if size == 0: print "Invalid size." return print "Range: ", hex(address), hex(size) buffer = idc.GetManyBytes(address, size, True) if buffer is not None: output_file = os.path.join(os.path.dirname(GetIdbPath()), "dump_%08x_%08x.dat" % (address, size)) with open(output_file, "wb") as f: f.write(buffer) print "Saved data success", output_file
def process(self, callback): if not self.nid_table: assert (not self.entry_table) return if not self.libname: self.libname = "{}_Syslib".format(self.module.name) nids = idc.GetManyBytes(self.nid_table, 4 * self.num_funcs) funcs = idc.GetManyBytes(self.entry_table, 4 * self.num_funcs) pairs = list( zip([u32(x) for x in chunk(nids, 4)], [u32(x) for x in chunk(funcs, 4)])) for nid, func in pairs: callback(self, func, nid)
def MakeBundledAssemblyStruct(self, FileItemStructOffset): if self.Is64Bit == True: addv = 8 mf = MakeQword vf = Qword else: mf = MakeDword addv = 4 vf = Dword offset = FileItemStructOffset mf(offset) FileNameOffset = vf(offset) FileName = idc.GetString(FileNameOffset) offset+=addv mf(offset) FileDataOffset = vf(offset) offset+=addv mf(offset) FileSize = vf(offset) FileSizeOffset = offset offset+=addv mf(offset) FileCompressedSize = vf(offset) FileCompressedSizeOffset = offset offset+=addv IsGZip = "" FileDataCompressed = idc.GetManyBytes(FileDataOffset,3) b1,b2,b3 = struct.unpack('ccc', FileDataCompressed[0:3]) if b1 == '\x1f' and b2 == '\x8b' and b3 == '\x08': IsGZip = "Y" else: IsGZip = "N" ba = BundledAssembly() ba.FileItemStructOffset = FileItemStructOffset ba.FileNameOffset = FileNameOffset ba.FileName = FileName ba.FileDataOffset = FileDataOffset ba.FileSize = FileSize ba.FileSizeOffset = FileSizeOffset ba.FileCompressedSizeOffset = FileCompressedSizeOffset ba.FileCompressedSize = FileCompressedSize ba.IsGZip = IsGZip #ba.FileDataCompressed = FileDataCompressed return ba
def trace(self, ip): self.setup() while True: if len(self.instructions) > 1000: break op = idc.GetManyBytes(ip, idc.ItemSize(ip)) prev_esp = self.tx.buildSymbolicRegister( self.tx.registers.esp).evaluate() ins = Instruction() ins.setOpcode(op) ins.setAddress(ip) self.tx.processing(ins) ins_id = self.add_instruction(ins, prev_esp) if self.debug: reads = " ".join( map(lambda x: x.getName(), self.get_side_reads(ins))) writes = " ".join( map(lambda x: x.getName(), self.get_side_writes(ins))) mem_writes = " ".join( map(lambda x: "%08x" % x.getAddress(), self.get_side_mem_writes(ins))) #print "%08x [%03d] %-30s %-20s %-20s %s" % (ip,ins_id,ins.getDisassembly(),reads,writes,self.instructions[-1]['state']) print "%08x [%03d] %-40s %-30s %-30s (mem writes: %s)" % ( ip, ins_id, ins.getDisassembly(), reads, writes, mem_writes) next_ip = self.follow_flow() if not next_ip: break ip = next_ip good = self.extract_good() print "Good instructions: %s" % sorted(good) svar_lookup = dict() num = 0 for i in sorted(good): esp = "" for op in self.instructions[i]['ins'].getOperands(): if op.getType() == OPERAND.MEM and op.getBaseRegister( ).getName() == "esp": esp = "%08x" % op.getAddress() line = "[%03d] %s" % ( i, self.instructions[i]['ins'].getDisassembly()) if esp: line = re.sub(r"\[esp.*\]", "[%s]" % esp, line) if int(esp, 16) not in svar_lookup: svar_lookup[int(esp, 16)] = "svar%d" % num num += 1 line = line.replace("[%s]" % esp, "[%s]" % svar_lookup[int(esp, 16)]) print line
def insert_module_chunks(self): ptr = self.last_module_ptr while ptr: mod = Module(idc.GetManyBytes(ptr, 0x400)) self.modules.append(mod) ptr = mod.prev
def handle_mov(ea, state): """Updates the stack based on a mov instruction. Used by create_stack :param ea: instruction location :param state: the current TraceState :return: None - updates stack or regs """ op1 = get_opnd_replacement(ea, POS_FIRST) if idc.GetOpType(ea, POS_FIRST) != idc.o_reg: offset = get_operand_value_replacement(ea, POS_FIRST, state) set_stack(offset, ea, POS_SECOND, state) else: type_ = idc.GetOpType(ea, POS_SECOND) val = None if type_ == idc.o_reg: val = state.get_reg_value(get_opnd_replacement(ea, POS_SECOND)) elif type_ == idc.o_mem: bytes = idc.GetManyBytes(idc.GetOperandValue(ea, POS_SECOND), get_byte_size_of_operand(ea, POS_SECOND)) if bytes: val = 0 for x in range(len(bytes)): val += ord(bytes[x]) << (8 * x) elif type_ == idc.o_imm: val = idc.GetOperandValue(ea, POS_SECOND) else: offset = get_operand_value_replacement(ea, POS_SECOND, state) val, ea = state.stack.get(offset, (None, ea)) state.set_reg_value(op1, val, ea)
def main(ea): # Get Function Bytes start = idc.GetFunctionAttr(ea, FUNCATTR_START) end = idc.GetFunctionAttr(ea, FUNCATTR_END) length = end - start code = "" for byte in idc.GetManyBytes(start, length): code += byte # Determine Architecture info = idaapi.get_inf_structure() proc = info.procName if info.is_64bit(): if proc == "metapc": md = Cs(CS_ARCH_X86, CS_MODE_64) elif proc == "ARM": md = Cs(CS_ARCH_ARM64, CS_MODE_ARM) elif info.is_32bit(): if proc == "metapc": md = Cs(CS_ARCH_X86, CS_MODE_32) elif proc == "ARM": md = Cs(CS_ARCH_ARM, CS_MODE_ARM) # If need change: CS_MODE_THUMB # Disassemble with Capstone and print for i in md.disasm(code, start): try: db = "" for ba in i.bytes: db += str("%X " %(ba)).rjust(3, "0") print("%x:\t%s\t%s\t%s" %(i.address, str(db).ljust(24, " "), i.mnemonic, i.op_str)) except Exception as e: print "Exception: {}".format(e)
def ExecuteSymbolicSingleStep(addr, state=INIT_REG): size = idc.ItemSize(addr) code = idc.GetManyBytes(addr, size) loc_db = LocationDB() base = addr try: ins = mn_x86.dis(bin_stream_str(code, base_address=base), 64, base) except: return state.copy() ira = machine.ira(loc_db) ircfg = ira.new_ircfg() try: ira.add_instr_to_ircfg(ins, ircfg) sb = SymbolicExecutionEngine(ira, state) symbolic_pc = sb.run_at(ircfg, base) except: return state.copy() ret = state.copy() for key, value in sb.modified(): if isinstance(value, ExprOp) and value.op == "call_func_ret": value = ExprInt(0, 64) ret[key] = value return ret
def copy_bytes(): """ Copy selected bytes to clipboard """ if using_ida7api: start = idc.read_selection_start() end = idc.read_selection_end() if idaapi.BADADDR in (start, end): ea = idc.here() start = idaapi.get_item_head(ea) end = idaapi.get_item_end(ea) # # reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3 data = idc.get_bytes(start, end - start).hex() print("Bytes copied: %s" % data) copy_to_clip(data) else: start = idc.SelStart() end = idc.SelEnd() if idaapi.BADADDR in (start, end): ea = idc.here() start = idaapi.get_item_head(ea) end = idaapi.get_item_end(ea) # reference https://stackoverflow.com/questions/6624453/whats-the-correct-way-to-convert-bytes-to-a-hex-string-in-python-3 # not work in ida7.5 python3.7.7 # data = idc.GetManyBytes(start, end-start).encode('hex') data = idc.GetManyBytes(start, end - start).hex() print("Bytes copied: %s" % data) copy_to_clip(data) return
def parse_handler(ea, capstone_instance): """ Search in handler instruction ID :param ea: Address of call handler :param capstone_instance: Instance of capstone disassembler :return: Instruction ID or None """ i = ea jmp_id = None while True: bytes_mi = idc.GetManyBytes(i, Instruction.max_instruction_size) mi = list(capstone_instance.disasm(bytes_mi, 0))[0] if mi.mnemonic in Instruction.branching_mnemonics: break elif mi.mnemonic.lower() == "push": m = re.search("0x([ABCDEFabcdef0-9]+)", str(mi.op_str)) if m: if int(m.group(1), 16) > 0xffffff: jmp_id = int(m.group(1), 16) break i += mi.size return jmp_id
def find_WdfDeviceCreateDeviceInterface(): function_offset = OFFSET_WdfDeviceCreateDeviceInterface calls_to_pfn_list = [] try: for xref in idautils.XrefsTo(g_vars["_WDFFUNCTIONS"]+function_offset): call_pfnWdfDeviceCreateDeviceInterface = xref.frm calls_to_pfn_list.append(call_pfnWdfDeviceCreateDeviceInterface) except StopIteration: # this is case 2 or 3 pass if len(calls_to_pfn_list) == 0: call_pfnWdfDeviceCreateDeviceInterface = find_wdf_callback_through_immediate("call", 0, function_offset) if call_pfnWdfDeviceCreateDeviceInterface: calls_to_pfn_list.append(call_pfnWdfDeviceCreateDeviceInterface) idc.OpStroffEx(call_pfnWdfDeviceCreateDeviceInterface,0,(idaapi.get_struc_id("_WDFFUNCTIONS")),0) if len(calls_to_pfn_list) == 0: call_pfnWdfDeviceCreateDeviceInterface = find_wdf_callback_through_immediate("mov", 1,function_offset) if call_pfnWdfDeviceCreateDeviceInterface: calls_to_pfn_list.append(call_pfnWdfDeviceCreateDeviceInterface) idc.OpStroffEx(call_pfnWdfDeviceCreateDeviceInterface,1,(idaapi.get_struc_id("_WDFFUNCTIONS")),0) for k, pfn_call in enumerate(calls_to_pfn_list): lea_guid = find_function_arg(pfn_call, "lea", "r8", 0) interface_guid = idc.GetOperandValue(lea_guid, 1) idc.MakeName(interface_guid, '_InterfaceGUID' + str(k)) assign_struct_to_address(interface_guid, "GUID") g_vars["_InterfaceGUID" + str(k)] = interface_guid print("_InterfaceGUID: ", hex(interface_guid)) guid_bytes = idc.GetManyBytes(interface_guid, 0x10) print_guid(guid_bytes)
def ida_functionprefix(fun): """Returns the first eighteen bytes of a function as ASCII.""" B = bytearray(idc.GetManyBytes(adr, Symgrate2.SEARCHLEN)) bstr = "" for b in B: bstr += "%02x" % (0x00FF & b) return bstr
def run(self,arg): identified_func={} for func_ea in idautils.Functions(): #get the function name function_name=idc.GetFunctionName(func_ea) print function_name if not function_name.startswith("sub_"): continue func_byteStr32="" func_str=idc.GetManyBytes(func_ea, 32) for fb in func_str: byte_str=binascii.b2a_hex(fb) func_byteStr32+=byte_str print func_byteStr32 match_result=nampa.match_function(sig,func_byteStr32) print match_result if match_result[0]: function_names='' for function_name in match_result[1]: if len(function_names)==0: function_names=function_name continue function_names=function_names+"_"+function_name #set the function name num=0 print identified_func if identified_func.has_key(function_names): num=identified_func[function_names] num+=1 identified_func[function_names]=num else: identified_func[function_names]=num function_names=function_names+str(num) idc.MakeName(func_ea,function_names) warning("Ida plugin run(%d) called.\n"%arg)
def decode_here_clicked(self): inst = idc.here() if not idc.isCode(idc.GetFlags(inst)): print "Not code instruction" else: raw = idc.GetManyBytes(inst, idc.NextHead(inst) - inst) s = to_hex(raw) self.decode_ir(s)
def getData(self): #获取起始地址和结束地址之间的数据,并将它们存入object.buffer中 self.ogLen = self.end - self.start self.buffer = '' try: for byte in idc.GetManyBytes(self.start, self.ogLen): self.buffer = self.buffer + byte except: self.start = False return
def refreshitems(self): # Pb : rop engine has not been init if self.idarop.rop == None: return # No new data present if self.rop_list_cache == self.idarop.rop.gadgets: return self.items = [] # No data present if len(self.idarop.rop.gadgets) == 0: return if len(self.idarop.rop.gadgets) > 10000: idaapi.show_wait_box("Ida rop : loading rop list ...") for i, g in enumerate(self.idarop.rop.gadgets): # reconstruct disas if g.opcodes == "": bad_gadget = False opcodes = idc.GetManyBytes(g.address, g.ret_address - g.address + 1) instructions = list() ea = g.address while ea <= g.ret_address: instructions.append( idc.GetDisasmEx(ea, idaapi.GENDSM_FORCE_CODE)) ea += idaapi.decode_insn(ea) # Badly decoded gadget if idaapi.decode_insn(ea) == 0: bad_gadget = True break if not bad_gadget: h = Gadget(address=g.address, ret_address=g.ret_address, instructions=instructions, opcodes=opcodes, size=len(opcodes)) self.idarop.rop.gadgets[i] = h self.items.append( h.get_display_list(self.idarop.addr_format)) else: self.items.append(g.get_display_list(self.idarop.addr_format)) self.rop_list_cache = self.idarop.rop.gadgets if len(self.idarop.rop.gadgets) > 10000: idaapi.hide_wait_box()
def _parse_arr(self, start, end, cls): out = [] x = start while x < end: sz = idc.Byte(x) data = idc.GetManyBytes(x, sz) c = cls(data) c.module = self out.append(c) x += sz return out
def is_jmp_next(ea): (short, off) = is_short_jmp(ea) if short: b = idc.Byte(ea + off) return b == 0x00 else: s = idc.GetManyBytes( ea + off, 4 ) #Byte() returns int, but GetManyBytes a string. consistency FTW ;p return s == "\0\0\0\0" assert (False)
def DecompressFileTo(self, FileItem,OutputDir): newpath = '{}\\{}'.format(OutputDir, FileItem.FileName) FileDataCompressed = idc.GetManyBytes(FileItem.FileDataOffset,FileItem.FileCompressedSize) if FileItem.IsGZip == "Y": self.DecompressGzipTo(FileDataCompressed,newpath) else: self.DecompressZLib(FileDataCompressed,newpath)
def get_padded_bytes(self, size): result = "\x00" * size ranges_left = [MemoryRange(self.address, self.address + size)] segment_count = idaapi.get_segm_qty() valid_memory_ranges = [] for i in range(segment_count): segment = idaapi.getnseg(i) # Skip segments with unstable data if segment.type == idaapi.SEG_XTRN: continue valid_memory_ranges.append( MemoryRange(segment.startEA, segment.endEA)) while len(ranges_left) > 0: # Get a requested memory range and remove it from the list current_range = ranges_left.pop() intersection = None for memory_range in valid_memory_ranges: start = max(current_range.start, memory_range.start) end = min(current_range.end, memory_range.end) if end > start: intersection = MemoryRange(start, end) break # No segment can satisfy any part of requested range if intersection is None: continue chunk = idc.GetManyBytes(intersection.start, intersection.end - intersection.start) if chunk is None: print( '[librgb] Some bytes are unreadable in %s..%s' % (idc.atoa(intersection.start), idc.atoa(intersection.end))) continue result = \ result[0:intersection.start - self.address] \ + chunk \ + result[intersection.end - self.address:] assert len(result) == size # If necessary, enqueue ranges unsatisfied by chosen mem segment range1 = MemoryRange(current_range.start, intersection.start) range2 = MemoryRange(intersection.end, current_range.end) if range1.length > 0: ranges_left.append(range1) if range2.length > 0: ranges_left.append(range2) assert len(result) == size return result
def DumpProtoBin(root_dir, file_name, data, length): data = idc.GetManyBytes(data, length) full_file_name = os.path.join(root_dir, file_name + "bin") directory = os.path.dirname(full_file_name) if not os.path.exists(directory): os.makedirs(directory) file = open(full_file_name, "wb") file.write(data) file.close()
def DecompressFileTo(self, FileItem,OutputDir): if FileItem.IsME == "Y": extname = ".ME" else: extname = "" newpath = '{}\\{}{}'.format(OutputDir, FileItem.FileName, extname) if FileItem.IsCompressed == "Y": FileDataCompressed = idc.GetManyBytes(FileItem.FileDataOffset,FileItem.FileCompressedSize) if FileItem.IsGZip == "Y": self.DecompressGzipTo(FileDataCompressed,newpath) else: self.DecompressZLib(FileDataCompressed,newpath) else: FileData = idc.GetManyBytes(FileItem.FileDataOffset,FileItem.FileSize) f = open(newpath, 'wb') f.write(FileData) f.close() pass
def get_segment_buffer(segstart): ''' fetch the bytes of the section that starts at the given address. if the entire section cannot be accessed, try smaller regions until it works. ''' segend = idaapi.getseg(segstart).endEA buf = None segsize = segend - segstart while buf is None: buf = idc.GetManyBytes(segstart, segsize - 1) if buf is None: segsize -= 0x1000 return buf
def get_code_and_blocks(ea): """Extracts the control flow graph for the function at the given address. Returns a dictionary with the instructions (ea->insn.Instruction) and a list of the basic blocs (bbl.BasicBlock).""" code = {} blocks = {} ida_blocks = set(idaapi.FlowChart(idaapi.get_func(ea))) for bb in ida_blocks: # XXX: it seems that it's not a bug but inter-function jumps! if bb.startEA == bb.endEA: # skip that .. it's IDA's bug #print "skipping block %x : %x in func %x"%(bb.startEA, bb.endEA, ea) continue blocks[bb.startEA] = bbl.BasicBlock(bb.startEA, bb.endEA, {}) for head in idautils.Heads(bb.startEA, bb.endEA): ibytes = idc.GetManyBytes(head, idc.ItemEnd(head) - head) spd = idc.GetSpd(head) code[head] = insn.Instruction(head, ibytes, spd) blocks[bb.startEA].instrs.append(code[head]) next_head = idc.NextHead(head, bb.endEA) if idaapi.isFlow(idc.GetFlags(next_head)): code[head].succ.add(next_head) for suc_bb in (s for s in bb.succs() if s.startEA != s.endEA): #assume head is the last instruction of the block code[head].succ.add(suc_bb.startEA) for bb in (b for b in ida_blocks if b.startEA != b.endEA): for suc_bb in (s for s in bb.succs() if s.startEA != s.endEA): # a jump with zero offset (like, jz 0) gives two succs to the same bb if blocks[suc_bb.startEA] not in blocks[bb.startEA].successors: blocks[bb.startEA].successors.append(blocks[suc_bb.startEA]) blocks[bb.startEA].successors.sort(key=lambda x: x.begin, reverse=True) #FIXME: find a better way .. for block in blocks.itervalues(): if block.instrs[0].addr == ea: #print "found the entry!:", block.instrs block.instrs[0].f_entry = True block.type |= bbl.BasicBlock.ENTRY break else: print "BUG: could not find function entry in instrs!!" #print "blocks:", blocks return code, blocks.values()
def _get_func_data(func_addr): """ Get function's data """ logger.debug('_get_func_data: {}'.format(func_addr)) func_length = _get_func_length(func_addr) if func_length is None: return None func_data = idc.GetManyBytes(func_addr, func_length) if func_data is None: return None # raise FCatalogClientError('Failed reading function {:X} data'.\ # format(func_addr)) return str(func_data)
def get_segments(self): if len(self.segments) == 0: for seg in idautils.Segments(): name = idc.SegName(seg) start = idc.SegStart(seg) end = idc.SegEnd(seg) d = idc.GetManyBytes(start, end - start) d = [ord(item) for item in list(d)] seg_data = { "name": name, "start": start, "end": end, "data": d } self.segments.append(seg_data) return self.segments