本文整理汇总了Python中idaapi.decode_insn方法的典型用法代码示例。如果您正苦于以下问题:Python idaapi.decode_insn方法的具体用法?Python idaapi.decode_insn怎么用?Python idaapi.decode_insn使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idaapi
的用法示例。
在下文中一共展示了idaapi.decode_insn方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: at
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import decode_insn [as 别名]
def at(ea):
'''Returns the ``idaapi.insn_t`` instance at the address `ea`.'''
ea = interface.address.inside(ea)
if not database.type.is_code(ea):
raise E.InvalidTypeOrValueError(u"{:s}.at({:#x}) : Unable to decode a non-instruction at specified address.".format(__name__, ea))
# If we're using backwards-compatiblity mode (which means decode_insn takes
# different parameters, then manage the result using idaapi.cmd
if hasattr(idaapi, 'cmd'):
length = idaapi.decode_insn(ea)
if idaapi.__version__ < 7.0:
return idaapi.cmd.copy()
tmp = idaapi.insn_t()
tmp.assign(idaapi.cmd)
return tmp
# Otherwise we can just use the API as we see fit
res = idaapi.insn_t()
length = idaapi.decode_insn(res, ea)
return res
示例2: DecodeInstruction
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import decode_insn [as 别名]
def DecodeInstruction(ea):
"""
Decodes an instruction and returns an insn_t like class
@param ea: address to decode
@return: None or a new insn_t instance
"""
inslen = idaapi.decode_insn(ea)
if inslen == 0:
return None
return idaapi.cmd.copy()
示例3: is_call
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import decode_insn [as 别名]
def is_call(cls, ea):
'''Returns true if the instruction at `ea` is a call.'''
ea = interface.address.inside(ea)
if idaapi.__version__ < 7.0 and hasattr(idaapi, 'is_call_insn'):
idaapi.decode_insn(ea)
return idaapi.is_call_insn(ea)
F = feature(ea)
return database.is_code(ea) and (feature(ea) & idaapi.CF_CALL == idaapi.CF_CALL)
示例4: hook
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import decode_insn [as 别名]
def hook(self, hook_addr = 0):
"""
Args:
hook_addr(int): address for inline hook code, 0 indicates bpt hook.
Returns:
memory size in bytes used for inline hook.
"""
self.hook_addr = hook_addr
self.func_addr = idc.get_name_ea_simple(self.name)
if self.func_addr == 0:
return 0
print("Hooking %s at 0x%x" % (self.name, self.func_addr))
if self.hook_addr == 0:
idc.add_bpt(self.func_addr)
idc.set_bpt_cond(self.func_addr, self.bpt_cond_hook_code)
return 0
else:
# assemble jmp code
jmp_code = "jmp 0x%x" % self.hook_addr
jmp_buf, _ = assemble(jmp_code, self.func_addr)
# read function prologue according to jmp code length
# NOTE: instructions like 'call $+5' in prologue will
# cause problems.
insn = idaapi.insn_t()
move_length = 0
while move_length < len(jmp_buf):
idaapi.decode_insn(insn, self.func_addr + move_length)
move_length += insn.size
prologue = idaapi.get_bytes(self.func_addr, move_length)
# write jmp code
idaapi.patch_bytes(self.func_addr, jmp_buf)
# assmble hook code
hook_buf, _ = assemble(self.inline_hook_code, self.hook_addr)
hook_buf += prologue
jmp_back_code = 'jmp 0x%x' % (self.func_addr + move_length)
jmp_back_buf, _ = assemble(jmp_back_code, self.hook_addr + len(hook_buf))
hook_buf += jmp_back_buf
# wirte hook code
idaapi.patch_bytes(self.hook_addr, hook_buf)
return len(hook_buf)
示例5: graph_down
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import decode_insn [as 别名]
def graph_down(ea, path=set()):
"""
Recursively collect all function calls.
Copied with minor modifications from
http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html
"""
path.add(ea)
#
# extract all the call instructions from the current function
#
call_instructions = []
instruction_info = idaapi.insn_t()
for address in idautils.FuncItems(ea):
# decode the instruction
if not idaapi.decode_insn(instruction_info, address):
continue
# check if this instruction is a call
if not idaapi.is_call_insn(instruction_info):
continue
# save this address as a call instruction
call_instructions.append(address)
#
# iterate through all the instructions in the target function (ea) and
# inspect all the call instructions
#
for x in call_instructions:
# TODO
for r in idautils.XrefsFrom(x, idaapi.XREF_FAR):
#print(0x%08X" % h, "--calls-->", "0x%08X" % r.to)
if not r.iscode:
continue
# get the function pointed at by this call
func = idaapi.get_func(r.to)
if not func:
continue
# ignore calls to imports / library calls / thunks
if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0:
continue
#
# if we have not traversed to the destination function that this
# call references, recurse down to it to continue our traversal
#
if r.to not in path:
graph_down(r.to, path)
return path