当前位置: 首页>>代码示例>>Python>>正文


Python idaapi.get_qword方法代码示例

本文整理汇总了Python中idaapi.get_qword方法的典型用法代码示例。如果您正苦于以下问题:Python idaapi.get_qword方法的具体用法?Python idaapi.get_qword怎么用?Python idaapi.get_qword使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idaapi的用法示例。


在下文中一共展示了idaapi.get_qword方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: GetDataList

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_qword [as 别名]
def GetDataList(ea, count, itemsize=1):
    """
    Get data list - INTERNAL USE ONLY
    """
    if itemsize == 1:
        getdata = idaapi.get_byte
    elif itemsize == 2:
        getdata = idaapi.get_word
    elif itemsize == 4:
        getdata = idaapi.get_long
    elif itemsize == 8:
        getdata = idaapi.get_qword
    else:
        raise ValueError, "Invalid data size! Must be 1, 2, 4 or 8"

    endea = ea + itemsize * count
    curea = ea
    while curea < endea:
        yield getdata(curea)
        curea += itemsize 
开发者ID:CvvT,项目名称:dumpDex,代码行数:22,代码来源:idautils.py

示例2: pablo

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_qword [as 别名]
def pablo(mode, address, end, search):

    while address < end:
        address = idaapi.find_binary(address, end, search, 0x10, SEARCH_DOWN)
        
        if address > idaapi.get_segm_by_name('CODE').end_ea:
            offset = address - 0x3
            
            if idaapi.isUnknown(idaapi.getFlags(offset)):
                if idaapi.get_qword(offset) <= end:
                    idaapi.create_data(offset, FF_QWORD, 0x8, BADNODE)
            
            address = offset + 0x4
        
        else:
            address += mode
            idaapi.do_unknown(address, 0)
            idaapi.create_insn(address)
            idaapi.add_func(address, BADADDR)
            address += 0x1

# Load Input Binary... 
开发者ID:SocraticBliss,项目名称:ps4_module_loader,代码行数:24,代码来源:ps4_module.py

示例3: get_qword

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_qword [as 别名]
def get_qword(self, addr):
        return idaapi.get_qword(addr) 
开发者ID:andreafioraldi,项目名称:IDAngr,代码行数:4,代码来源:ida_debugger.py

示例4: Qwords

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_qword [as 别名]
def Qwords(start=None, end=None):
    start, end = fix_addresses(start, end)

    return map(idaapi.get_qword, list(range(start, end, 8))) 
开发者ID:tmr232,项目名称:Sark,代码行数:6,代码来源:data.py

示例5: dbg_process_start

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_qword [as 别名]
def dbg_process_start(self, pid, tid, ea, name, base, size):

        self.mem_for_inline_hooks = 0
        self.virtualalloc = 0

        ntdll = DllHook('ntdll.dll')
        ntdll.add_func( FuncHook('ntdll_NtClose', NtClose_inline_hook_code_32, NtClose_bpt_cond_hook_code_32) )
        ntdll.add_func( FuncHook('ntdll_NtQueryInformationProcess', NtQueryInformationProcess_inline_hook_code_32, NtQueryInformationProcess_bpt_cond_hook_code_32) )

        self.dlls = [ntdll]


        # IDA creates a segment named "TIB[XXXXXXXX]", which points to
        # wow_peb64 antually. We can get peb from wow_peb64 with 0x1000 offset.
        #               peb_addr = wow_peb64_addr + 0x1000
        # Note: IDA has not created segment "TIB[XXXXXXXX]" at this point.

        # tid = get_current_thread()
        # tib_segm_name = "TIB[%08X]" % tid
        # print tib_segm_name
        # tib_segm = get_segm_by_name(tib_segm_name)
        # wow_peb64 = tib_segm.start_ea
        # peb = tib_segm.start_ea + 0x1000

        # on debugging start, ebx points to peb
        # get addrs of peb and wow_peb64
        ebx = idc.get_reg_value("ebx")
        peb = ebx
        wow_peb64 = peb - 0x1000

        # patch peb->BeingDebugged
        # solving peb->NtGlobalFlag and "Heap Magic" anti-debug method
        # at the same time.
        idc.patch_byte(peb + 2, 0)
        idc.patch_byte(wow_peb64 + 2, 0)


        # patching peb process paramters
        peb_process_parameters = idaapi.get_dword(peb + 0x10)
        flag = idaapi.get_dword(peb_process_parameters + 0x8)
        idc.patch_dword(peb_process_parameters + 0x8, flag | 0x4000)

        # patching peb64 process paramters
        peb64_process_parameters = idaapi.get_qword(wow_peb64 + 0x20)
        flag = idaapi.get_dword(peb64_process_parameters + 0x8)
        idc.patch_dword(peb64_process_parameters + 0x8, flag | 0x4000) 
开发者ID:iweizime,项目名称:DBGHider,代码行数:48,代码来源:DBGHider.py

示例6: resolve

# 需要导入模块: import idaapi [as 别名]
# 或者: from idaapi import get_qword [as 别名]
def resolve(self, alphabet, nids, symbols, libraries):
    
        if self.INFO > Relocation.R_X86_64_ORBIS_GOTPCREL_LOAD:
            self.INDEX = self.INFO >> 32
            self.INFO &= 0xFF
            symbol = next(value for key, value in enumerate(symbols) if key + 2 == self.INDEX)[1]
        
        # Library
        try:
            lid1 = alphabet[symbol[12:13]]
            
            # [base64]#
            if symbol[13:14] == '#':
                library = libraries[lid1]
            
            # [base64][base64]#
            elif symbol[14:15] == '#':
                lid2 = alphabet[symbol[13:14]]
                library = libraries[lid1 + lid2]
            
            else:
                raise
        
        # Not a NID
        except:
            library = ''
        
        # Function Name (Offset) == Symbol Value + AddEnd (S + A)
        # Library Name  (Offset) == Symbol Value (S)
        real = idc.get_qword(self.OFFSET)
        idc.add_func(real)
        
        # Hacky way to determine if this is the real function...
        real -= 0x6 if idc.print_insn_mnem(real) == 'push' else 0x0
        
        # Resolve the NID...
        idc.set_cmt(real, 'NID: ' + symbol, False)
        function = nids.get(symbol[:11], symbol)
        
        # Rename the Jump Function...
        idc.set_name(self.OFFSET, '__imp_' + function, SN_NOCHECK | SN_NOWARN | SN_FORCE)
        
        # Rename the Real Function...
        idc.set_name(real, function, SN_NOCHECK | SN_NOWARN | SN_FORCE)
        
        try:
            import_node = idaapi.netnode(library, 0, True)
            import_node.supset(ea2node(real), function)
        
            # Requires customized loader.i / ida_loader.py(d)
            idaapi.import_module(library, None, import_node.index(), None, 'linux')
        
        except:
            pass
        
        return self.type() 
开发者ID:SocraticBliss,项目名称:ps4_module_loader,代码行数:58,代码来源:ps4_module.py


注:本文中的idaapi.get_qword方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。