当前位置: 首页>>代码示例>>Python>>正文


Python idaapi.get_inf_structure方法代码示例

本文整理汇总了Python中idaapi.get_inf_structure方法的典型用法代码示例。如果您正苦于以下问题:Python idaapi.get_inf_structure方法的具体用法?Python idaapi.get_inf_structure怎么用?Python idaapi.get_inf_structure使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idaapi的用法示例。


在下文中一共展示了idaapi.get_inf_structure方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: get_arch_dynamic

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_arch_dynamic():
    """
    Determine the execution environments architecture.
    :return: 'x64' or 'x86' if arch could be determined, else None
    """
    info = idaapi.get_inf_structure()
    if info.is_64bit():
        return 64
    elif info.is_32bit():
        return 32
    else:
        env = idaapi.dbg_get_registers()
        if env[17][0] == 'RAX':
            return 64
        elif env[17][0] == 'EAX':
            return 32
        else:
            return None


###############################
# LIB DETECTION FUNCTIONALITY #
############################### 
开发者ID:anatolikalysch,项目名称:VMAttack,代码行数:25,代码来源:Util.py

示例2: get_native_size

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_native_size():
    """
    Get the native OS size
    @return: 16, 32, 64 value indicating the native size or None if failed.
    """
    try:
        inf = idaapi.get_inf_structure()
        if inf.is_32bit():
            return 32
        elif inf.is_64bit():
            return 64
        else:
            # Native size is neither 32 or 64 bit. assuming 16 bit.
            return 16

    except Exception as ex:
        raise RuntimeError("Could not Could not retrieve native OS size: %s" %ex) 
开发者ID:ynvb,项目名称:DIE,代码行数:19,代码来源:IDAConnector.py

示例3: get_arch_info

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_arch_info():
    info = idaapi.get_inf_structure()
    proc = info.procName.lower()
    bits = get_inf_structure_bitness(info)
    instruction_set = None
    instruction_mode = None

    if proc == 'metapc':
        instruction_set = CS_ARCH_X86
        if bits == 16:
            instruction_mode = CS_MODE_16
        elif bits == 32:
            instruction_mode = CS_MODE_32
        elif bits == 64:
            instruction_mode = CS_MODE_64
    return instruction_set, instruction_mode 
开发者ID:fox-it,项目名称:mkYARA,代码行数:18,代码来源:mkyara_plugin.py

示例4: __init__

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def __init__(self):      
        self.flags = idaapi.ph_get_flag()
        # instead of checking ph flags, should __EA64__ be used?
        self.is_64bit = (self.flags & idaapi.PR_USE64) != 0
        self.is_32bit = (self.flags & idaapi.PR_USE32) != 0
        self.is_stack_up = (self.flags & idaapi.PR_STACK_UP) != 0
        self.id = idaapi.ph_get_id()
        self.is_assemble_supported = (self.flags & idaapi.PR_ASSEMBLE) != 0
        self.is_delayslot_proc = (self.flags & idaapi.PR_DELAYED) != 0
        
        # processor default ret instruction (icode, not opcode!)
        self.ret_icodes = [idaapi.ph_get_icode_return()]

        # ptrsize in bytes
        self.ptrsize = 2
        if self.is_32bit:
            self.ptrsize = 4
        if self.is_64bit:
            self.ptrsize = 8

        self.ptrsize_pyfmt_mapper = {2:"H", 4:"I", 8:"Q"}        
        self.ptrsize_mask_mapper = {2:0xFFFF, 4:0xFFFFFFFF, 8:0xFFFFFFFFFFFFFFFF}
        self.datafmt_mapper = {2:"%04X", 4:"%08X", 8:"%016X"}
        self.endianness = idaapi.get_inf_structure().mf 
开发者ID:patois,项目名称:DrGadget,代码行数:26,代码来源:payload.py

示例5: createAnalyzer

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def createAnalyzer(logger, is_elf):
    """Create a CPU-based analyzer to be used by the program.

    Args:
        logger (logger): logger instance
        is_elf (bool): True iff analysing an ELF file

    Return Value:
        Created analyzer instance (None if CPU isn't supported yet)
    """
    # Code taken from:
    # https://reverseengineering.stackexchange.com/questions/11396/how-to-get-the-cpu-architecture-via-idapython
    # Kudos to tmr232
    info = idaapi.get_inf_structure()
    if info.is_64bit():
        bits = 64
    elif info.is_32bit():
        bits = 32
    # quite rare
    else:
        bits = 16

    # At the moment we don't care about the processors endianness.

    # Check if we support this CPU
    proc_name = info.procName
    logger.info("Processor: %s, %dbit", proc_name, bits)
    if proc_name not in analyzers_factory:
        logger.error("Processor %s is NOT supported yet :(", proc_name)
        return None
    # Can now create the analyzer instance
    return analyzers_factory[proc_name](logger, bits, is_elf) 
开发者ID:CheckPointSW,项目名称:Karta,代码行数:34,代码来源:analyzer_factory.py

示例6: get_file_mask

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_file_mask():
    mask = "*.dd32"
    if idaapi.get_inf_structure().is_64bit():
        mask = "*.dd64"
    return mask 
开发者ID:x64dbg,项目名称:x64dbgida,代码行数:7,代码来源:x64dbgida.py

示例7: extract

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def extract(self):
        """Extract the control flow graph from the binary."""
        # Allocate a new graph
        self.graph = graph_alloc(0)
        
        # Initialize binary info
        self.info = get_inf_structure()
        
        # Initialize Capstone
        if self.info.is_64bit():
            mode = capstone.CS_MODE_64
        else:
            mode = capstone.CS_MODE_32
        self.capstone = capstone.Cs(capstone.CS_ARCH_X86, mode)
        
        # Get the Entry Point
        entry = None
        try:
            start_ea = self.info.start_ea
            if start_ea != 0xffffffff:
                entry = start_ea
        except:
            try:
                entry = BeginEA()
            except:
                pass
                
        if entry is None:
            print("WARNING: Could not determine entrypoint")
        else:
            self.dis(ea=entry, is_child1=None, ifrom=None)

        # Scan all the functions
        for ea in Functions():
            self.dis(ea=ea, is_child1=None, ifrom=None)

        update_children_fathers_number(self.graph)

        # Information
        print("%s graph has %d nodes" % (get_root_filename(),
                                         self.graph.nodes.size)) 
开发者ID:AirbusCyber,项目名称:grap,代码行数:43,代码来源:Graph.py

示例8: get_arch_ptrsize

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_arch_ptrsize():
    info = idaapi.get_inf_structure() 
    ptr_size = None  
    if info.is_64bit():
        ptr_size = 8
    elif info.is_32bit():
        ptr_size = 4
    else:
        raise Exception("Invalid arch")
    return ptr_size

# -------------------------------------------------------------------------- 
开发者ID:danigargu,项目名称:heap-viewer,代码行数:14,代码来源:misc.py

示例9: get_native_size

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_native_size():
  info = idaapi.get_inf_structure()
  if info.is_64bit():
    return 8
  elif info.is_32bit():
    return 4
  else:
    return 2 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:10,代码来源:collect_variable.py

示例10: get_proc_type

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_proc_type():
    """
    Get processor type
    @return: Returns the processor type or None on failure.
    """
    try:
        inf = idaapi.get_inf_structure()
        return inf.procName()

    except Exception as ex:
        raise RuntimeError("Could not retrieve processor type: %s" %ex) 
开发者ID:ynvb,项目名称:DIE,代码行数:13,代码来源:IDAConnector.py

示例11: get_native_size

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def get_native_size():
    """Get the native word size in normal 8-bit bytes."""
    info = idaapi.get_inf_structure()
    if info.is_64bit():
        return 8
    elif info.is_32bit():
        return 4
    else:
        return 2 
开发者ID:tmr232,项目名称:Sark,代码行数:11,代码来源:core.py

示例12: _initialize

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def _initialize(self):
        if self.op_t.type not in (idaapi.o_displ, idaapi.o_phrase):
            raise exceptions.OperandNotPhrase('Operand is not of type o_phrase or o_displ.')

        proc_name = idaapi.get_inf_structure().procName
        if proc_name != 'metapc':
            raise exceptions.PhraseProcessorNotSupported(
                'Phrase analysis not supported for processor {}'.format(proc_name))

        specflag1 = self.op_t.specflag1
        specflag2 = self.op_t.specflag2
        scale = 1 << ((specflag2 & 0xC0) >> 6)
        offset = self.op_t.addr

        if specflag1 == 0:
            index = None
            base_ = self.op_t.reg
        elif specflag1 == 1:
            index = (specflag2 & 0x38) >> 3
            base_ = (specflag2 & 0x07) >> 0

            if self.op_t.reg == 0xC:
                if base_ & 4:
                    base_ += 8
                if index & 4:
                    index += 8
        else:
            raise exceptions.PhraseNotSupported('o_displ, o_phrase : Not implemented yet : %x' % specflag1)

        # HACK: This is a really ugly hack. For some reason, phrases of the form `[esp + ...]` (`sp`, `rsp` as well)
        # set both the `index` and the `base` to `esp`. This is not significant, as `esp` cannot be used as an
        # index, but it does cause issues with the parsing.
        # This is only relevant to Intel architectures.
        if (index == base_ == idautils.procregs.sp.reg) and (scale == 1):
            index = None

        self.scale = scale
        self.index_id = index
        self.base_id = base_
        self.offset = offset 
开发者ID:tmr232,项目名称:Sark,代码行数:42,代码来源:instruction.py

示例13: indexing_mode

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def indexing_mode(self):
        if idaapi.get_inf_structure().procName != 'ARM':
            return IndexingMode()

        return IndexingMode(pre=bool(self.insn_t.auxpref & 0x20),
                            post=bool(self.insn_t.auxpref & 0x80)) 
开发者ID:tmr232,项目名称:Sark,代码行数:8,代码来源:instruction.py

示例14: create_runtime_ms

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def create_runtime_ms():
    debug('Attempting to find runtime_morestack function for hooking on...')

    text_seg = get_text_seg()
    if text_seg is None:
        debug('Failed to get text segment')
        return None

    #   Opcodes for "mov     large dword ptr ds:1003h, 0", binary search is faster than text search
    opcodes = 'c7 05 03 10 00 00 00 00 00 00'
    if idaapi.get_inf_structure().is_64bit():
        #   Opcodes for "mov     qword ptr ds:dword_1000+3, 0"
        opcodes = '48 c7 04 25 03 10 00 00 00 00 00 00'

    runtime_ms_end = idaapi.find_binary(text_seg.start_ea, text_seg.end_ea, opcodes, 0, SEARCH_DOWN)
    if runtime_ms_end == BADADDR:
        debug('Failed to find opcodes associated with runtime_morestack: %s' % opcodes)
        return None

    runtime_ms = idaapi.get_func(runtime_ms_end)
    if runtime_ms is None:
        debug('Failed to get runtime_morestack function from address @ 0x%x' % runtime_ms_end)
        return None

    if idc.set_name(runtime_ms.start_ea, "runtime_morestack", SN_PUBLIC):
        debug('Successfully found runtime_morestack')
    else:
        debug('Failed to rename function @ 0x%x to runtime_morestack' % runtime_ms.start_ea)

    return runtime_ms 
开发者ID:strazzere,项目名称:golang_loader_assist,代码行数:32,代码来源:golang_loader_assist.py

示例15: create_pointer

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_inf_structure [as 别名]
def create_pointer(addr, force_size=None):
    if force_size is not 4 and (idaapi.get_inf_structure().is_64bit() or force_size is 8):
        ida_bytes.create_data(addr, FF_QWORD, 8, ida_idaapi.BADADDR)
        return idc.get_qword(addr), 8
    else:
        ida_bytes.create_data(addr, FF_DWORD, 4, ida_idaapi.BADADDR)
        return idc.get_wide_dword(addr), 4 
开发者ID:strazzere,项目名称:golang_loader_assist,代码行数:9,代码来源:golang_loader_assist.py


注:本文中的idaapi.get_inf_structure方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。