本文整理汇总了Python中ida_ua.decode_insn方法的典型用法代码示例。如果您正苦于以下问题:Python ida_ua.decode_insn方法的具体用法?Python ida_ua.decode_insn怎么用?Python ida_ua.decode_insn使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ida_ua
的用法示例。
在下文中一共展示了ida_ua.decode_insn方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: is_imm_op
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def is_imm_op(self, addr, op):
"""
Returns true if instruction operand at address is an immediate value.
Args:
addr: Integer representing instruction address.
op: Integer representing operand index (0-based).
Returns:
True if instruction operand at address is an immediate value.
False otherwise.
"""
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
if (insn.ops[op].type == idc.o_imm):
return True
return False
示例2: _ins2color
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def _ins2color(self, addr):
col = _len = 0
acc = -1
head = get_item_head(addr)
if can_decode(head):
f = get_full_flags(head)
if is_code(f):
_len = decode_insn(self.insn, head)
if _len:
if self.insn.itype in [ida_allins.NN_mov]: # TODO: add more instructions
if self.insn.Op1.type in [o_mem, o_phrase, o_displ]:
acc = ACC_WRITE
col = self.insn_colors[acc]
elif self.insn.Op2.type in [o_mem, o_phrase, o_displ]:
acc = ACC_READ
col = self.insn_colors[acc]
else:
acc = -1
return (col, _len, acc)
示例3: export_enum_reference
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def export_enum_reference(self, addr, op):
"""
Exports the enum reference for an operand at an address.
Args:
addr: Integer representing the instruction address.
op: Integer representing the operand index (0-based)
"""
(eid, serial) = ida_bytes.get_enum_id(addr, op)
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
value = insn.ops[op].value
cid = BADNODE
last = idc.get_last_bmask(eid)
if idc.is_bf(eid) == True:
last = idc.get_last_bmask(eid)
mask = idc.get_first_bmask(eid)
while cid == BADNODE:
cid = ida_enum.get_enum_member(eid, (value & mask), 0, mask)
if cid != BADNODE or mask == last:
break
mask = idc.get_next_bmask(eid, mask)
else:
cid = ida_enum.get_enum_member(eid, value, 0, last)
if cid == BADNODE:
return
self.start_element(EQUATE_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
self.write_numeric_attribute(
VALUE, ida_enum.get_enum_member_value(cid))
cname = ida_enum.get_enum_member_name(cid)
if cname != None and len(cname) > 0:
self.write_attribute(NAME, cname)
if idc.is_bf(eid) == True:
self.write_numeric_attribute("BIT_MASK", mask)
self.close_tag()
示例4: export_memory_reference
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def export_memory_reference(self, addr, op):
"""
Exports the memory reference for operand at the address.
Args:
addr: Integer representing the instruction address.
op: Integer representing the operand index (0-based)
"""
f = idc.get_full_flags(addr)
ri = ida_nalt.refinfo_t()
if ida_nalt.get_refinfo(ri, addr, op) == 1:
if ri.target != BADADDR:
target = ri.target
elif idc.is_code(f) == True:
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
target = (insn.ops[op].value - ri.tdelta + ri.base) & ((1 << 64) - 1)
elif idc.is_data(f) == True:
target = (self.get_data_value(addr) - ri.tdelta + ri.base) & ((1 << 64) - 1)
else:
return
else:
return
if ida_bytes.is_mapped(target) == False:
return
self.start_element(MEMORY_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
self.write_address_attribute(TO_ADDRESS, target)
self.write_attribute(PRIMARY, "y")
self.close_tag()
示例5: export_stack_reference
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def export_stack_reference(self, addr):
"""
Exports references to stack variables at the address.
Args:
addr: Integer containing instruction address.
"""
f = idc.get_full_flags(addr)
for op in range(ida_ida.UA_MAXOP):
if idc.is_code(f) == True and ida_bytes.is_stkvar(f, op) == True:
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, addr)
opnd = insn.ops[op]
# TODO:How to handle opnd.type for stack references
optype = opnd.type
if optype == idc.o_void:
continue
# TODO:How to handle op_t_get_addr for stack references
SV = ida_frame.get_stkvar(insn, opnd, opnd.value)
if SV == None:
continue
(sv, actval) = SV
function = ida_funcs.get_func(addr)
self.start_element(STACK_REFERENCE)
self.write_address_attribute(ADDRESS, addr)
self.write_numeric_attribute(OPERAND_INDEX, op, 10)
offset = opnd.addr
spoff = offset - function.frregs
if offset > 0x7FFFFFFF:
offset -= 0x100000000
if spoff > 0x7FFFFFFF:
spoff -= 0x100000000
self.write_numeric_attribute(STACK_PTR_OFFSET, spoff,
16, True)
if (function.flags & idc.FUNC_FRAME) != 0:
self.write_numeric_attribute(FRAME_PTR_OFFSET,
offset, 16, True)
self.close_tag()
示例6: decode_instruction
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def decode_instruction(ea):
"""Read the bytes of an x86/amd64 instruction. This handles things like
combining the bytes of an instruction with its prefix. IDA Pro sometimes
treats these as separate."""
global _NOT_INST_EAS, _BAD_INSTRUCTION, PREFIX_ITYPES
if ea in _NOT_INST_EAS:
return _BAD_INSTRUCTION
decoded_inst = ida_ua.insn_t()
inslen = ida_ua.decode_insn(decoded_inst, ea)
if inslen <= 0:
_NOT_INST_EAS.add(ea)
return _BAD_INSTRUCTION
assert decoded_inst.ea == ea
end_ea = ea + decoded_inst.size
decoded_bytes = read_bytes_slowly(ea, end_ea)
# We've got an instruction with a prefix, but the prefix is treated as
# independent.
if 1 == decoded_inst.size and decoded_inst.itype in PREFIX_ITYPES:
decoded_inst, extra_bytes = decode_instruction(end_ea)
decoded_bytes += extra_bytes
return decoded_inst, decoded_bytes
示例7: __call__
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def __call__(self):
if self.op == "hex":
ida_bytes.op_hex(self.ea, self.n)
if self.op == "bin":
ida_bytes.op_bin(self.ea, self.n)
if self.op == "dec":
ida_bytes.op_dec(self.ea, self.n)
if self.op == "chr":
ida_bytes.op_chr(self.ea, self.n)
if self.op == "oct":
ida_bytes.op_oct(self.ea, self.n)
if self.op == "offset":
ida_idc.op_plain_offset(self.ea, self.n, 0)
if self.op == "enum":
id = ida_enum.get_enum(Event.encode(self.extra["ename"]))
ida_bytes.op_enum(self.ea, self.n, id, self.extra["serial"])
if self.op == "struct":
path_len = len(self.extra["spath"])
path = ida_pro.tid_array(path_len)
for i in range(path_len):
sname = Event.encode(self.extra["spath"][i])
path[i] = ida_struct.get_struc_id(sname)
insn = ida_ua.insn_t()
ida_ua.decode_insn(insn, self.ea)
ida_bytes.op_stroff(
insn, self.n, path.cast(), path_len, self.extra["delta"]
)
if self.op == "stkvar":
ida_bytes.op_stkvar(self.ea, self.n)
# FIXME: No hooks are called when inverting sign
# if self.op == 'invert_sign':
# idc.toggle_sign(ea, n)
示例8: _is_ret
# 需要导入模块: import ida_ua [as 别名]
# 或者: from ida_ua import decode_insn [as 别名]
def _is_ret(self, x):
if can_decode(x):
insn = insn_t()
inslen = decode_insn(insn, x)
if inslen > 0 and is_ret_insn(insn):
return True
return False