当前位置: 首页>>代码示例>>Python>>正文


Python idc.GetDisasm方法代码示例

本文整理汇总了Python中idc.GetDisasm方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetDisasm方法的具体用法?Python idc.GetDisasm怎么用?Python idc.GetDisasm使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idc的用法示例。


在下文中一共展示了idc.GetDisasm方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: find_interesting_xors

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def find_interesting_xors(self):
        next_xor = idc.FindText(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor")
        while next_xor != idc.BADADDR:
            if idc.GetOpnd(next_xor, 0) != idc.GetOpnd(next_xor, 1):
                entry = {"func":"", "addr": next_xor, "loop":False, "disasm": idc.GetDisasm(next_xor)}
                func = idaapi.get_func(next_xor)
                if func:
                    entry["func"] = idaapi.get_name(idc.BADADDR, func.startEA)
                    heads = idautils.Heads(next_xor, func.endEA)
                    lxors = []
                    for head in heads:
                        if idc.GetMnem(head).startswith('j'):
                            jmp_addr = idc.GetOperandValue(head,0)
                            if jmp_addr < next_xor and jmp_addr > func.startEA:
                                entry["loop"] = True
                                break
                self._interesting_xors.append(entry)
            next_xor = idc.FindText(idc.NextHead(next_xor), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor") 
开发者ID:jjo-sec,项目名称:idataco,代码行数:20,代码来源:interesting_xor.py

示例2: find_xrefs_from

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def find_xrefs_from( self, func_ea ):
    
        xrefs = []

        for item in idautils.FuncItems( func_ea ):
            
            ALL_XREFS = 0
            for ref in idautils.XrefsFrom( item, ALL_XREFS ):
                    
                if ref.type not in XrefsFromFinder.XREF_TYPE2STR:
                    continue
                
                if ref.to in idautils.FuncItems( func_ea ):
                    continue
                
                disas = idc.GetDisasm( item )
                curr_xref = XrefFrom( item, ref.to, ref.type, disas )
                xrefs.append( curr_xref )
                
        return xrefs 
开发者ID:darx0r,项目名称:Reef,代码行数:22,代码来源:Reef.py

示例3: is_operand_called

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def is_operand_called(self, op, bbl):
        '''
        The function checks whether operand used for call instruction in the
        following instructions or not.
        @op - operand
        @bbl - list of instructions in bbl
        @return - True if used
        '''
        for instr in bbl:
            instr_type = GetInstructionType(int(instr,16))
            if instr_type == CALL_INSTRUCTION or\
               instr_type == BRANCH_INSTRUCTION:
                instr_ops = self.get_instr_operands(int(instr, 16))
                if op in instr_ops:
                    return True
                #trying to replace ds: and check it again
                op = op.replace("ds:","")
                comment = idc.GetDisasm(int(instr,16))
                if comment != None and op in comment:
                    return True
        return False 
开发者ID:mxmssh,项目名称:IDAmetrics,代码行数:23,代码来源:IDAMetrics_static.py

示例4: emit_fnbytes_python

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def emit_fnbytes_python(fva=None, warn=True):
    """Emit function bytes as Python code with disassembly in comments.

    Args:
        fva (numbers.Integral): function virtual address.
            Defaults to here() if that is the start of a function, else
            defaults to the start of the function that here() is a part of.
        warn (bool): enable interactive warnings

    Returns:
        str: Python code you can spruce up and paste into a script.
    """
    header = 'instrs_{name} = (\n'
    footer = ')'
    indent = '    '

    def _emit_instr_python(va, the_bytes, size):
        disas = idc.GetDisasm(va)
        return "'%s' # %s\n" % (binascii.hexlify(the_bytes), disas)

    return _emit_fnbytes(_emit_instr_python, header, footer, indent, fva, warn) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:23,代码来源:mykutils.py

示例5: emit_fnbytes_c

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def emit_fnbytes_c(fva=None, warn=True):
    """Emit function bytes as C code with disassembly in comments.

    Args:
        fva (numbers.Integral): function virtual address.
            Defaults to here() if that is the start of a function, else
            defaults to the start of the function that here() is a part of.
        warn (bool): enable interactive warnings

    Returns:
        str: C code you can spruce up and paste into a script.
    """

    header = 'unsigned char *instrs_{name} = {{\n'
    footer = '};'
    indent = '\t'

    def _emit_instr_for_c(va, the_bytes, size):
        disas = idc.GetDisasm(va)
        buf = ''.join(['\\x%s' % (binascii.hexlify(c)) for c in the_bytes])
        return '"%s" /* %s */\n' % (buf, disas)

    return _emit_fnbytes(_emit_instr_for_c, header, footer, indent, fva, warn) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:25,代码来源:mykutils.py

示例6: get_bad_addresses

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def get_bad_addresses(verbose=True):
    """ gets all the unmapped addressed from IDA's database """
    ret = []
    curEa = idc.MinEA()
    while True:
        if verbose:
            print "[+] getting more bad addresses 0x%08X" % (curEa)
        # the regex "(DC[DQ]| B.*) +0x" will retrieve the following:
        # 1. DCD 0x...
        # 2. DCQ 0x...
        # 3. B   0x.....
        # 4. BL  0x....
        curEa = get_next_bad_addr(curEa, "(DC[DQ]| B.*) +0x")
        if curEa == idc.BADADDR:
            break
        if verbose:
            print "[+] found bad address at 0x%08X" % (curEa)
        dcd = idc.GetDisasm(curEa)
        res = re.findall("0x\w{8,}", dcd)
        for r in res:
            ret.append(int(r, 16))
    if verbose:
        print "[+] found %d bad addresses" % len(ret)
    return ret 
开发者ID:deepinstinct,项目名称:dsc_fix,代码行数:26,代码来源:dsc_fix.py

示例7: dump

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def dump(self):
        return '\n'.join([idc.GetDisasm(x) for x in self.instrs]) 
开发者ID:RobinDavid,项目名称:idasec,代码行数:4,代码来源:ida_utils.py

示例8: dump_alive

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def dump_alive(self):
        return '\n'.join([idc.GetDisasm(x) for x in self.instrs if self.instrs_status[x] == Status.ALIVE]) 
开发者ID:RobinDavid,项目名称:idasec,代码行数:4,代码来源:ida_utils.py

示例9: safe_path_to

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def safe_path_to(self, addr):
        path = self.full_path_to(addr)  # Start from the full path
        i = -1
        for ea, k in zip(path, range(len(path))):  # Compute i such that it is safe
            nb_preds = len([x for x in idautils.CodeRefsTo(ea, True)])
            if nb_preds > 1:
                i = k
            elif idc.GetDisasm(ea).startswith("call"):
                i = k+1
        print i
        if i == -1:
            return path
        else:
            return path[i:] 
开发者ID:RobinDavid,项目名称:idasec,代码行数:16,代码来源:ida_utils.py

示例10: refine_results

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def refine_results(self):
        likely_retag = 0
        fp_retag = 0
        fn_retag = 0
        for rtn_addr, candidates in self.functions_candidates.items():
            for addr in sorted(candidates):
                res = self.results[addr]
                val = sum([x in res.predicate for x in ["(0 :: 2)", "7x", "7y", u"²"]])
                final_status = res.status
                alive, dead = res.alive_branch, res.dead_branch
                if res.status == self.po.NOT_OPAQUE:
                    if val != 0:
                        fn_retag += 1
                        final_status = self.po.OPAQUE
                        jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0]
                        next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0]
                        alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target)
                        self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr])
                elif res.status == self.po.OPAQUE:
                    if val == 0:
                        fp_retag += 1
                        final_status = self.po.NOT_OPAQUE
                elif res.status == self.po.LIKELY:
                    if val == 0:
                        final_status = self.po.NOT_OPAQUE
                    else:
                        final_status = self.po.OPAQUE
                        jmp_target = [x for x in idautils.CodeRefsFrom(addr, 0)][0]
                        next_target = [x for x in idautils.CodeRefsFrom(addr, 1) if x != jmp_target][0]
                        alive, dead = (next_target, jmp_target) if idc.GetDisasm(addr)[:2] == "jz" else (jmp_target, next_target)
                        self.functions_spurious_instrs[rtn_addr].update(res.dependency+[addr])
                    likely_retag += 1
                self.results[addr] = AddrRet(final_status, res.k, res.dependency, res.predicate, res.distance, alive, dead)
        print "Retag: FP->OK:%d" % fp_retag
        print "Retag: FN->OP:%d" % fn_retag
        print "Retag: Lkl->OK:%d" % likely_retag 
开发者ID:RobinDavid,项目名称:idasec,代码行数:38,代码来源:static_opaque_analysis.py

示例11: disasm

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def disasm(self):
        """Line Disassembly"""
        return idc.GetDisasm(self.ea) 
开发者ID:tmr232,项目名称:Sark,代码行数:5,代码来源:line.py

示例12: get_disasm

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def get_disasm(self, ea):
        d = idc.GetDisasm(ea)[:config.max_string_len]
        return self.strip_disas_spaces(d) 
开发者ID:danigargu,项目名称:deREferencing,代码行数:5,代码来源:colorizer.py

示例13: renameDword

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def renameDword(self):
        proc_addr = self._import_table.item(self._import_table.currentRow(), 3).text()
        proc_name = str(self._import_table.item(self._import_table.currentRow(), 2).text())
        renamed = 0
        if proc_addr:
            try:
                proc_addr = int(proc_addr, 16)
                proc_bin_str = " ".join([x.encode("hex") for x in struct.pack("<I", proc_addr)])
                next_dword = idc.FindBinary(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, proc_bin_str)
                while next_dword != idc.BADADDR:
                    log.debug("Trying to fix-up 0x{:08x}".format(next_dword))
                    # DWORDs can be "inaccessible" for many reasons and it requires "breaking up" the data blobs
                    # and manually fixing them

                    # Reason 1: In a dword array in an unknown section
                    if idc.isUnknown(next_dword):
                        idc.MakeUnkn(next_dword, idc.DOUNK_EXPAND)
                        idc.MakeDword(next_dword)
                    # Reason 2: In a dword array in a data section
                    elif idc.isData(next_dword):
                        hd = idc.ItemHead(next_dword)
                        idc.MakeDword(hd)
                        idc.MakeDword(next_dword)
                    # Reason 3: In a dword array in a code section (validate via "dd <dword>,")
                    elif idc.isCode(next_dword) and idc.GetDisasm(next_dword).startswith("dd "):
                        hd = idc.ItemHead(next_dword)
                        idc.MakeDword(hd)
                        idc.MakeDword(next_dword)

                    # Only perform
                    if idc.Name(next_dword).startswith(("off_", "dword_")) or idc.Name(next_dword) == "":
                        success = idc.MakeNameEx(next_dword, proc_name, idc.SN_NOWARN|idc.SN_NON_AUTO)
                        i = 0
                        new_proc_name = proc_name
                        while not success and i < 10:
                            new_proc_name = "{}{}".format(proc_name, i)
                            success = idc.MakeNameEx(next_dword, new_proc_name, idc.SN_NOWARN|idc.SN_NON_AUTO)
                            i += 1
                        if success:
                            renamed += 1
                            item = self._import_table.item(self._import_table.currentRow(), 5)
                            item.setText("{}, {}".format(str(item.text()), new_proc_name))
                            log.debug("DWORD @ 0x{:08x} now has name {}".format(next_dword, new_proc_name))
                        else:
                            log.error("Unable to auto-rename successfully, terminating search")
                            break
                    else: log.debug("Value at 0x{:08x} does not meet renaming requirements".format(next_dword))
                    next_dword = idc.FindBinary(next_dword+4, idc.SEARCH_DOWN|idc.SEARCH_NEXT, proc_bin_str)
            except Exception, e:
                log.error("Error encountered: {}".format(e))
            log.debug("Renamed {:d} instances of {}".format(renamed, proc_name)) 
开发者ID:jjo-sec,项目名称:idataco,代码行数:53,代码来源:imports.py

示例14: get_function_args_count

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def get_function_args_count(self, function_ea, local_vars):
        """
        The function returns count of function arguments
        @function_ea - function entry point
        @local_vars - local variables dictionary
        @return - function arguments count
        """
        # i#9 Now, we can't identify fastcall functions.

        function_args_count = 0
        args_dict = dict()
        for local_var in local_vars:
            usage_list = local_vars.get(local_var, None)
            if usage_list == None:
                print "WARNING: empty usage list for ", local_var
                continue
            for head in usage_list:
                ops = self.get_instr_operands(int(head, 16))
                for idx, (op,type) in enumerate(ops):
                    if op.count("+") == 1:
                        value = idc.GetOperandValue(int (head, 16), idx)
                        if value < (15 * ARGUMENT_SIZE) and "ebp" in op:
                            args_dict.setdefault(local_var, []).append(head)
                    elif op.count("+") == 2:
                        if "arg" in local_var:
                            args_dict.setdefault(local_var, []).append(head)
                    else:
                        continue

        function_args_count = len(args_dict)
        if function_args_count:
            return function_args_count, args_dict

        #TODO Check previous algorithm here
        f_end = idc.FindFuncEnd(function_ea)
        f_end = idc.PrevHead(f_end, 0)
        instr_mnem = idc.GetMnem(f_end)
        #stdcall ?
        if "ret" in instr_mnem:
            ops = self.get_instr_operands(f_end)
            if len(ops) == 1:
                for op,type in ops:
                    op = op.replace("h", "")
                    function_args_count = int(op,16)/ARGUMENT_SIZE
                    return function_args_count, args_dict
        #cdecl ?
        refs = idautils.CodeRefsTo(function_ea, 0)
        for ref in refs:
            #trying to find add esp,x signature after call
            head = idc.NextHead(ref, 0xFFFFFFFF)
            if head:
                disasm = idc.GetDisasm(head)
                if "add" in disasm and "esp," in disasm:
                    ops = self.get_instr_operands(head)
                    op,type = ops[1]
                    if op:
                        op = op.replace("h", "")
                        function_args_count = int(op,16)/ARGUMENT_SIZE
                        return function_args_count, args_dict
        return function_args_count, args_dict 
开发者ID:mxmssh,项目名称:IDAmetrics,代码行数:62,代码来源:IDAMetrics_static.py

示例15: _patchCalls

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetDisasm [as 别名]
def _patchCalls(self):
        def do_patch_call(va):
            retval = False
            stub_loc = idc.get_name_ea_simple(self._stubname(nm))

            # Preserve original disassembly and format new comment
            old_target = idc.print_operand(va, 0)
            orig_cmt = idc.get_cmt(va, 0) or ''
            new_cmt = '%s\n\t%s' % (g_patched_call_cmt, idc.GetDisasm(va))

            if idc.get_operand_type(va, 0) == ida_ua.o_mem:
                retval = patch_import(va, self._stubname(nm))
                new_cmt += '\n%s %s to %s)' % (g_cmt_pointed, old_target,
                                               self._stubname(nm))
            elif idc.get_operand_type(va, 0) == ida_ua.o_reg:
                va_imp = self._get_imp_for_register_call(va, nm)
                if va_imp:
                    patch_pointer_width(va_imp, stub_loc)
                    retval = True
                else:
                    logger.warn('Could not find import to patch call at %s' %
                                (phex(va)))

            else:  # Usually optype 7 otherwise
                # Won't work if displacement exceeds 32-bit operand size
                call_offset_loc = va + idc.get_item_size(va)
                if abs(call_offset_loc - stub_loc) > 0x100000000:
                    msg = ('Call site at %s too far from %s (%s)' %
                           (phex(va), self._stubname(nm), phex(stub_loc)))
                    raise CodeGraftingDisplacementError(msg)
                retval = patch_call(va, self._stubname(nm))

            if retval:
                if orig_cmt:
                    new_cmt += '\n%s' % (orig_cmt)
                idc.set_cmt(va, new_cmt, 0)
                ida_xref.add_cref(va, stub_loc, ida_xref.fl_CN)

            return retval

        for names in self._emu_stubs.keys():
            for nm in names:
                va = idc.get_name_ea_simple(nm)
                mykutils.for_each_call_to(do_patch_call, va)

        for nm, aliases in g_allocators_aliases.items():
            for alias in aliases:
                # do_patch_call closure will turn <nm> into stub_<nm>
                mykutils.for_each_call_to(do_patch_call,
                                          idc.get_name_ea_simple(alias)) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:52,代码来源:code_grafter.py


注:本文中的idc.GetDisasm方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。