def __call__(self):
try:
idaapi.continue_process()
idc.GetDebuggerEvent(self.mode, self.flag)
l.debug("Debugger stopped at " + hex(idc.get_reg_value('eip')))
except Exception:
self.exception = True
def dbg_bpt(self, tid, ea):
f_ea = idc.get_func_attr(ea, 0)
if f_ea == idc.BADADDR:
return 0
funcname = idc.get_name(f_ea)
print("hit breakpoint in thread %x at %s %x" % (tid, funcname, ea))
if funcname == "":
return 0
if not funcname in self.hooks:
return 0
"""
if not ea in self.hooks[funcname]["bp"]:
return 0
"""
for name in self.hooks[funcname]["buffer"]:
ea_buffer = idc.get_name_ea_simple(name)
data = get_bytes(ea_buffer, 0x1000)
print("dumping %s" % name)
print("%s" % ["%02x" % ord(b) for b in data[:0x40]])
timestamp = time.time()
dumpfile = os.path.join(self.dumpdir,
"%s_%s_%f" % (funcname, name, timestamp))
with open(dumpfile, "wb") as f:
f.write(data)
print("wrote buffer dump to %s" % dumpfile)
idaapi.continue_process()
return 0
def fn_f9():
idaapi.continue_process()
GetDebuggerEvent(WFNE_SUSP | WFNE_CONT, -1)
def dbg_run_to(self, pid, tid=0, ea=0):
print "Runto: tid=%d" % tid
idaapi.continue_process()
import sark
import idaapi
import idautils
anim = sark.structure.get_struct('AnimationFrame')
while idaapi.is_debugger_on():
dataseg = sark.Segment(name='dataseg').ea
anim_offset = idaapi.get_word(sark.Line(ea=dataseg + idautils.cpu.di + 2).ea)
anim_addr = dataseg + anim_offset
idaapi.doStruct(anim_addr, 6, anim)
idaapi.jumpto(sark.Segment(name='dataseg').ea + anim_offset)
idaapi.continue_process()
idaapi.wait_for_next_event(2, 10000)
