def __init__(self, addr, deepness=0): super(BGSInventoryList, self).__init__(addr, deepness) self.weight = idc.GetFloat(addr + BGSInventoryList.Offset.Weight.value) inventoryItemsAddr = addr + BGSInventoryList.Offset.Items.value if (deepness >= max_deepness): self.Items = inventoryItemsAddr else: self.Items = TArray(inventoryItemsAddr, BGSInventoryItem, 16, deepness + 1)
def readData(ea, type, size): flag = type[1] if not flag: return '' t = flag & idc.DT_TYPE tsz = DATA['typeSize'][t] val = [] for i in range(size / tsz): if t == idc.FF_BYTE: val += [idc.Byte(ea)] elif t == idc.FF_WORD: val += [idc.Word(ea)] elif t == idc.FF_DWRD: val += [idc.Dword(ea)] elif t == idc.FF_QWRD: val += [idc.Qword(ea)] elif t == idc.FF_FLOAT: val += [idc.GetFloat(ea)] ea += tsz if len(val) == 1: val = idc.GetString(val[0], -1, DATA['strtypes'][ type[0]]) if type[0] in DATA['strtypes'] else val[0] return val
def decode_data(addr, size): # print '[*]begin to find .data segment' # data_ea_start = 0 # local_sections = Segments() # for section in local_sections: # seg_name = SegName(section) # if seg_name == '.data': # data_ea_start = section # break # if data_ea_start == 0: # print '\t[-]can not locate .data segment' # return # data_ea_end = SegEnd(data_ea_start) # print 'data start from 0x%x, end to 0x%x' % (data_ea_start, data_ea_end) # size = (data_ea_end - data_ea_start)/4 # print "size: %d" % size # buf = "" # for i in range(0, size): # dw = idc.Dword(addr+ i*4) #(data_ea_start + i*4) # if dw > 0xc3000000 and dw < 0xc3ffffff: # fori = idc.GetFloat(data_ea_start + i*4) # fti = int(fori + fori) # ior = ((fti ^ 0xde) + 0x22) & 0x000000ff # buf += chr(ior) # print '%s' % buf buf = "" for i in range(0, size): dw = idc.Dword(addr + i * 4) # (data_ea_start + i*4) if dw > 0xc3000000 and dw < 0xc3ffffff: fori = idc.GetFloat(addr + i * 4) fti = int(fori + fori) ior = ((fti ^ 0xde) + 0x22) & 0x000000ff buf += chr(ior) return buf
#coding=utf-8 import idc import idaapi import idautils idc.Byte(ea) #获取单字节 idc.Word(ea) #获取单字 idc.Dword(ea) #获取双字 idc.Qword(ea) #获取四字 idc.GetFloat(ea) #获取单精度浮点数 idc.GetDouble(ea) #获取双精度浮点数 #0x100003b2fL mov rcx, cs:__imp__wcmdln #0x48 #0x8b48L #0xa0d8b48L #0x48ffffd70a0d8b48L #6.81509894557e-33 #4.46006192587e+43 ea = here() print hex(ea), idc.GetDisasm(ea) print hex(idc.Byte(ea)) print hex(idc.Word(ea)) print hex(idc.Dword(ea)) print hex(idc.Qword(ea)) print float(idc.GetFloat(ea)) print float(idc.GetDouble(ea)) # 利用idc.GetManyBytes(ea, size) 获取指定地址开始的多个字节码 该函数返回的是字节的字符形式 ea = here()
def export_xmm_float(self): result_float = "_mm_set_ps(%f, %f, %f, %f)" % (idc.GetFloat(get_screen_ea() + 12), idc.GetFloat(get_screen_ea() + 8), idc.GetFloat(get_screen_ea() + 4), idc.GetFloat(get_screen_ea())) print("XMMCpy (Float) Result: %s" % result_float) QApplication.clipboard().setText(result_float)