当前位置: 首页>>代码示例>>Python>>正文


Python idc.GetCommentEx方法代码示例

本文整理汇总了Python中idc.GetCommentEx方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetCommentEx方法的具体用法?Python idc.GetCommentEx怎么用?Python idc.GetCommentEx使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idc的用法示例。


在下文中一共展示了idc.GetCommentEx方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: is_tls

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def is_tls(ea):
  if is_invalid_ea(ea):
    return False

  if is_tls_segment(ea):
    return True

  # Something references `ea`, and that something is commented as being a
  # `TLS-reference`. This comes up if you have an thread-local extern variable
  # declared/used in a binary, and defined in a shared lib. There will be an
  # offset variable.
  for source_ea in _drefs_to(ea):
    comment = idc.GetCommentEx(source_ea, 0)
    if isinstance(comment, str) and "TLS-reference" in comment:
      return True

  return False

# Mark an address as containing code. 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:21,代码来源:util.py

示例2: is_external_vtable_reference

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def is_external_vtable_reference(ea):
  """ It checks the references of external vtable in the .bss section, where
      it is referred as the `Copy of shared data`. There is no way to resolve
      the cross references for these vtable as the target address will only
      appear during runtime.

      It is introduced to avoid lazy initilization of runtime typeinfo variables
      which gets referred by the user-defined exception types.
  """
  if not is_runtime_external_data_reference(ea):
    return False

  comment = idc.GetCommentEx(ea, 0)
  if comment and "Alternative name is '`vtable" in comment:
    return True
  else:
    return 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:19,代码来源:util.py

示例3: get_segment_end_ea

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def get_segment_end_ea(ea):
    """ Return address where next MSDN info can be written to in added
    segment.

    Argument:
    ea -- effective address within added segment where search starts
    """
    addr = ea
    while idc.GetCommentEx(addr, 0) is not None:
        addr = addr + 1
    if addr > idc.SegEnd(ea):
        g_logger.debug('Address {} out of segment bounds. Expanding segment.'
                       .format(hex(addr)))
        try:
            expand_segment(ea)
        except FailedToExpandSegmentException as e:
            g_logger.warning(e.message)
            raise e
    else:
        return addr 
开发者ID:fireeye,项目名称:flare-ida,代码行数:22,代码来源:__init__.py

示例4: find_arg_ea

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def find_arg_ea(ea_call, arg_name):
    """ Return ea of argument by looking backwards from library function
    call.

    Arguments:
    ea_call -- effective address of call
    arg_name -- the argument name to look for
    """
    # the search for previous instruction/data will stop at the specified
    # address (inclusive)
    prev_instr = idc.PrevHead(ea_call, ea_call - PREVIOUS_INSTR_DELTA)
    while prev_instr > (ea_call - ARG_SEARCH_THRESHOLD) and \
            prev_instr != idaapi.BADADDR:
        # False indicates not to look for repeatable comments
        comment = idc.GetCommentEx(prev_instr, False)
        if comment == arg_name:
            return prev_instr
        prev_instr = idc.PrevHead(
            prev_instr, prev_instr - PREVIOUS_INSTR_DELTA)
    raise ArgumentNotFoundException('  Argument {} not found within threshold'
                                    .format(arg_name)) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:23,代码来源:__init__.py

示例5: load_sstring

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def load_sstring():
    """
    Load a short string from the idb.
    """
    min_segment_addr = min(list(idautils.Segments()))
    return idc.GetCommentEx(min_segment_addr,0) 
开发者ID:xorpd,项目名称:fcatalog_client,代码行数:8,代码来源:fcatalog_plugin.py

示例6: is_runtime_external_data_reference

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def is_runtime_external_data_reference(ea):
  """This can happen in ELF binaries, where you'll have somehting like
  `stdout@@GLIBC_2.2.5` in the `.bss` section, where at runtime the
  linker will fill in the slot with a pointer to the real `stdout`.

  IDA discovers this type of reference, but it has no real way to
  cross-reference it to anything, because the target address will
  only exist at runtime."""
  comment = idc.GetCommentEx(ea, 0)
  if comment and "Copy of shared data" in comment:
    return True
  else:
    return False 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:15,代码来源:util.py

示例7: get_alternative_symbol_name

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def get_alternative_symbol_name(ea):
  comment = idc.GetCommentEx(ea, 0) or ""
  for comment_line in comment.split("\n"):
    comment_line = comment_line.replace(";", "").strip()
    if not comment_line:
      continue
    mstr = comment_line.split("'")
    if 3 <= len(mstr):
      return mstr[1] + "'" + mstr[2]
  return None 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:12,代码来源:exception.py

示例8: find_main_in_ELF_file

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def find_main_in_ELF_file():
  """Tries to automatically find the `main` function if we haven't found it
  yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
  ELF binaries, where one of the parameters is the `main` function. IDA will
  helpfully comment it as such."""

  start_ea = idc.LocByName("_start")
  if is_invalid_ea(start_ea):
    start_ea = idc.LocByName("start")
    if is_invalid_ea(start_ea):
      return idc.BADADDR

  for begin_ea, end_ea in idautils.Chunks(start_ea):
    for inst_ea in Heads(begin_ea, end_ea):
      comment = idc.GetCommentEx(inst_ea, 0)
      if comment and "main" in comment:
        for main_ea in xrefs_from(inst_ea):
          if not is_code(main_ea):
            continue

          # Sometimes the `main` function isn't identified as code. This comes
          # up when there are some alignment bytes in front of `main`.
          try_mark_as_code(main_ea)
          if is_code_by_flags(main_ea):
            try_mark_as_function(main_ea)

          main = idaapi.get_func(main_ea)
          if not main:
            continue

          if main and main.startEA == main_ea:
            set_symbol_name(main_ea, "main")
            DEBUG("Found main at {:x}".format(main_ea))
            return main_ea

  return idc.BADADDR 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:38,代码来源:get_cfg.py

示例9: find_main_in_ELF_file

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def find_main_in_ELF_file():
  """Tries to automatically find the `main` function if we haven't found it
  yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
  ELF binaries, where one of the parameters is the `main` function. IDA will
  helpfully comment it as such."""

  start_ea = idc.get_name_ea_simple("_start")
  if is_invalid_ea(start_ea):
    start_ea = idc.get_name_ea_simple("start")
    if is_invalid_ea(start_ea):
      return idc.BADADDR

  for begin_ea, end_ea in idautils.Chunks(start_ea):
    for inst_ea in Heads(begin_ea, end_ea):
      comment = idc.GetCommentEx(inst_ea, 0)
      if comment and "main" in comment:
        for main_ea in xrefs_from(inst_ea):
          if not is_code(main_ea):
            continue

          # Sometimes the `main` function isn't identified as code. This comes
          # up when there are some alignment bytes in front of `main`.
          try_mark_as_code(main_ea)
          if is_code_by_flags(main_ea):
            try_mark_as_function(main_ea)

          main = idaapi.get_func(main_ea)
          if not main:
            continue

          if main and main.start_ea == main_ea:
            set_symbol_name(main_ea, "main")
            DEBUG("Found main at {:x}".format(main_ea))
            return main_ea

  return idc.BADADDR 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:38,代码来源:get_cfg.py

示例10: get_jlocs

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def get_jlocs(self, sw):
        jlocs = []
        ncases = sw.ncases if sw.jcases == 0 else sw.jcases
        for i in range(ncases):
            addr = idc.Dword(sw.jumps+i*4)
            name = idaapi.get_name(idc.BADADDR, addr)
            comm = idc.GetCommentEx(idc.LocByName(name), 1)
            comm = comm[comm.find('case'):] if comm is not None and comm.startswith('jumptable') else comm
            jlocs.append((name, idc.LocByName(name), comm))
        return jlocs 
开发者ID:jjo-sec,项目名称:idataco,代码行数:12,代码来源:switch_jumps.py


注:本文中的idc.GetCommentEx方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。