本文整理汇总了Python中idaapi.get_dword方法的典型用法代码示例。如果您正苦于以下问题:Python idaapi.get_dword方法的具体用法?Python idaapi.get_dword怎么用?Python idaapi.get_dword使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idaapi
的用法示例。
在下文中一共展示了idaapi.get_dword方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: lookForDwordArray
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_dword [as 别名]
def lookForDwordArray(self, start, end):
logger.debug("Starting to look between: %08x:%08x", start, end)
for i in range(end-start):
loc = start + i
if using_ida7api:
val = idaapi.get_dword(loc)
else:
val = idc.Dword(loc)
for h in self.params.hashTypes:
hits = self.dbstore.getSymbolByTypeHash(h.hashType, val)
for sym in hits:
logger.info("0x%08x: %s", loc, str(sym))
self.addHit(loc, sym)
self.markupLine(loc, sym)
###################################################################
#
###################################################################
示例2: get_dword
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_dword [as 别名]
def get_dword(self, addr):
return idaapi.get_dword(addr)
示例3: dbg_process_start
# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_dword [as 别名]
def dbg_process_start(self, pid, tid, ea, name, base, size):
self.mem_for_inline_hooks = 0
self.virtualalloc = 0
ntdll = DllHook('ntdll.dll')
ntdll.add_func( FuncHook('ntdll_NtClose', NtClose_inline_hook_code_32, NtClose_bpt_cond_hook_code_32) )
ntdll.add_func( FuncHook('ntdll_NtQueryInformationProcess', NtQueryInformationProcess_inline_hook_code_32, NtQueryInformationProcess_bpt_cond_hook_code_32) )
self.dlls = [ntdll]
# IDA creates a segment named "TIB[XXXXXXXX]", which points to
# wow_peb64 antually. We can get peb from wow_peb64 with 0x1000 offset.
# peb_addr = wow_peb64_addr + 0x1000
# Note: IDA has not created segment "TIB[XXXXXXXX]" at this point.
# tid = get_current_thread()
# tib_segm_name = "TIB[%08X]" % tid
# print tib_segm_name
# tib_segm = get_segm_by_name(tib_segm_name)
# wow_peb64 = tib_segm.start_ea
# peb = tib_segm.start_ea + 0x1000
# on debugging start, ebx points to peb
# get addrs of peb and wow_peb64
ebx = idc.get_reg_value("ebx")
peb = ebx
wow_peb64 = peb - 0x1000
# patch peb->BeingDebugged
# solving peb->NtGlobalFlag and "Heap Magic" anti-debug method
# at the same time.
idc.patch_byte(peb + 2, 0)
idc.patch_byte(wow_peb64 + 2, 0)
# patching peb process paramters
peb_process_parameters = idaapi.get_dword(peb + 0x10)
flag = idaapi.get_dword(peb_process_parameters + 0x8)
idc.patch_dword(peb_process_parameters + 0x8, flag | 0x4000)
# patching peb64 process paramters
peb64_process_parameters = idaapi.get_qword(wow_peb64 + 0x20)
flag = idaapi.get_dword(peb64_process_parameters + 0x8)
idc.patch_dword(peb64_process_parameters + 0x8, flag | 0x4000)