本文整理汇总了Python中idc.GetCommentEx方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetCommentEx方法的具体用法?Python idc.GetCommentEx怎么用?Python idc.GetCommentEx使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idc
的用法示例。
在下文中一共展示了idc.GetCommentEx方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: is_tls
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def is_tls(ea):
if is_invalid_ea(ea):
return False
if is_tls_segment(ea):
return True
# Something references `ea`, and that something is commented as being a
# `TLS-reference`. This comes up if you have an thread-local extern variable
# declared/used in a binary, and defined in a shared lib. There will be an
# offset variable.
for source_ea in _drefs_to(ea):
comment = idc.GetCommentEx(source_ea, 0)
if isinstance(comment, str) and "TLS-reference" in comment:
return True
return False
# Mark an address as containing code.
示例2: is_external_vtable_reference
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def is_external_vtable_reference(ea):
""" It checks the references of external vtable in the .bss section, where
it is referred as the `Copy of shared data`. There is no way to resolve
the cross references for these vtable as the target address will only
appear during runtime.
It is introduced to avoid lazy initilization of runtime typeinfo variables
which gets referred by the user-defined exception types.
"""
if not is_runtime_external_data_reference(ea):
return False
comment = idc.GetCommentEx(ea, 0)
if comment and "Alternative name is '`vtable" in comment:
return True
else:
return
示例3: get_segment_end_ea
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def get_segment_end_ea(ea):
""" Return address where next MSDN info can be written to in added
segment.
Argument:
ea -- effective address within added segment where search starts
"""
addr = ea
while idc.GetCommentEx(addr, 0) is not None:
addr = addr + 1
if addr > idc.SegEnd(ea):
g_logger.debug('Address {} out of segment bounds. Expanding segment.'
.format(hex(addr)))
try:
expand_segment(ea)
except FailedToExpandSegmentException as e:
g_logger.warning(e.message)
raise e
else:
return addr
示例4: find_arg_ea
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def find_arg_ea(ea_call, arg_name):
""" Return ea of argument by looking backwards from library function
call.
Arguments:
ea_call -- effective address of call
arg_name -- the argument name to look for
"""
# the search for previous instruction/data will stop at the specified
# address (inclusive)
prev_instr = idc.PrevHead(ea_call, ea_call - PREVIOUS_INSTR_DELTA)
while prev_instr > (ea_call - ARG_SEARCH_THRESHOLD) and \
prev_instr != idaapi.BADADDR:
# False indicates not to look for repeatable comments
comment = idc.GetCommentEx(prev_instr, False)
if comment == arg_name:
return prev_instr
prev_instr = idc.PrevHead(
prev_instr, prev_instr - PREVIOUS_INSTR_DELTA)
raise ArgumentNotFoundException(' Argument {} not found within threshold'
.format(arg_name))
示例5: load_sstring
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def load_sstring():
"""
Load a short string from the idb.
"""
min_segment_addr = min(list(idautils.Segments()))
return idc.GetCommentEx(min_segment_addr,0)
示例6: is_runtime_external_data_reference
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def is_runtime_external_data_reference(ea):
"""This can happen in ELF binaries, where you'll have somehting like
`stdout@@GLIBC_2.2.5` in the `.bss` section, where at runtime the
linker will fill in the slot with a pointer to the real `stdout`.
IDA discovers this type of reference, but it has no real way to
cross-reference it to anything, because the target address will
only exist at runtime."""
comment = idc.GetCommentEx(ea, 0)
if comment and "Copy of shared data" in comment:
return True
else:
return False
示例7: get_alternative_symbol_name
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def get_alternative_symbol_name(ea):
comment = idc.GetCommentEx(ea, 0) or ""
for comment_line in comment.split("\n"):
comment_line = comment_line.replace(";", "").strip()
if not comment_line:
continue
mstr = comment_line.split("'")
if 3 <= len(mstr):
return mstr[1] + "'" + mstr[2]
return None
示例8: find_main_in_ELF_file
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def find_main_in_ELF_file():
"""Tries to automatically find the `main` function if we haven't found it
yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
ELF binaries, where one of the parameters is the `main` function. IDA will
helpfully comment it as such."""
start_ea = idc.LocByName("_start")
if is_invalid_ea(start_ea):
start_ea = idc.LocByName("start")
if is_invalid_ea(start_ea):
return idc.BADADDR
for begin_ea, end_ea in idautils.Chunks(start_ea):
for inst_ea in Heads(begin_ea, end_ea):
comment = idc.GetCommentEx(inst_ea, 0)
if comment and "main" in comment:
for main_ea in xrefs_from(inst_ea):
if not is_code(main_ea):
continue
# Sometimes the `main` function isn't identified as code. This comes
# up when there are some alignment bytes in front of `main`.
try_mark_as_code(main_ea)
if is_code_by_flags(main_ea):
try_mark_as_function(main_ea)
main = idaapi.get_func(main_ea)
if not main:
continue
if main and main.startEA == main_ea:
set_symbol_name(main_ea, "main")
DEBUG("Found main at {:x}".format(main_ea))
return main_ea
return idc.BADADDR
示例9: find_main_in_ELF_file
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def find_main_in_ELF_file():
"""Tries to automatically find the `main` function if we haven't found it
yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
ELF binaries, where one of the parameters is the `main` function. IDA will
helpfully comment it as such."""
start_ea = idc.get_name_ea_simple("_start")
if is_invalid_ea(start_ea):
start_ea = idc.get_name_ea_simple("start")
if is_invalid_ea(start_ea):
return idc.BADADDR
for begin_ea, end_ea in idautils.Chunks(start_ea):
for inst_ea in Heads(begin_ea, end_ea):
comment = idc.GetCommentEx(inst_ea, 0)
if comment and "main" in comment:
for main_ea in xrefs_from(inst_ea):
if not is_code(main_ea):
continue
# Sometimes the `main` function isn't identified as code. This comes
# up when there are some alignment bytes in front of `main`.
try_mark_as_code(main_ea)
if is_code_by_flags(main_ea):
try_mark_as_function(main_ea)
main = idaapi.get_func(main_ea)
if not main:
continue
if main and main.start_ea == main_ea:
set_symbol_name(main_ea, "main")
DEBUG("Found main at {:x}".format(main_ea))
return main_ea
return idc.BADADDR
示例10: get_jlocs
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetCommentEx [as 别名]
def get_jlocs(self, sw):
jlocs = []
ncases = sw.ncases if sw.jcases == 0 else sw.jcases
for i in range(ncases):
addr = idc.Dword(sw.jumps+i*4)
name = idaapi.get_name(idc.BADADDR, addr)
comm = idc.GetCommentEx(idc.LocByName(name), 1)
comm = comm[comm.find('case'):] if comm is not None and comm.startswith('jumptable') else comm
jlocs.append((name, idc.LocByName(name), comm))
return jlocs