本文整理汇总了Python中idc.GetMnem方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetMnem方法的具体用法?Python idc.GetMnem怎么用?Python idc.GetMnem使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idc
的用法示例。
在下文中一共展示了idc.GetMnem方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: find_dispatch_by_struct_index
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_dispatch_by_struct_index():
"""Attempts to locate the dispatch function based off it being loaded in a structure
at offset 70h, based off of https://github.com/kbandla/ImmunityDebugger/blob/master/1.73/Libs/driverlib.py """
out = set()
for function_ea in idautils.Functions():
flags = idc.get_func_flags(function_ea)
# skip library functions
if flags & idc.FUNC_LIB:
continue
func = idaapi.get_func(function_ea)
addr = func.startEA
while addr < func.endEA:
if idc.GetMnem(addr) == 'mov':
if '+70h' in idc.GetOpnd(addr, 0) and idc.GetOpType(addr, 1) == 5:
out.add(idc.GetOpnd(addr, 1))
addr = idc.NextHead(addr)
return out
示例2: create_call_map
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def create_call_map(self, ftype):
assert_ida_available()
import idc
import idautils
seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
imports = seg_mapping[".idata"] if ftype == PE else seg_mapping['.plt']
start, stop = seg_mapping[".text"]
current = start
while current <= stop:
inst = current
if idc.GetMnem(inst) in ["call", "jmp"]:
value = idc.GetOperandValue(inst, 0)
name = idc.GetOpnd(inst, 0)
if imports[0] <= value <= imports[1]:
entry = self.config.call_map.add()
entry.address = inst
entry.name = name
current = idc.NextHead(current, stop)
示例3: detect_start_and_stop
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def detect_start_and_stop(self): # FIXME:Duplicate code with core (or something similar)
start, stop = 0, 0
if self.core.ftype == "PE":
start, stop = self.core.fun_mapping["start"]
else:
if "main" in self.core.fun_mapping:
start, stop = self.core.fun_mapping["main"]
elif "start" in self.core.fun_mapping:
if "__libc_start_main" in self.core.fun_mapping:
instrs = list(idautils.FuncItems(self.core.fun_mapping["start"][0]))
instrs.reverse()
for inst in instrs:
arg1 = idc.GetOperandValue(inst, 0)
if idc.GetMnem(inst) == "push":
start, stop = arg1, self.core.fun_mapping["start"][1]
break
else:
start, stop = self.core.fun_mapping["start"]
else:
start, stop = idc.BeginEA(), 0
self.start, self.stop = start, stop
示例4: find_all_ioctls
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_all_ioctls():
"""
From the currently selected address attempts to traverse all blocks inside the current function to find all immediate values which
are used for a comparison/sub immediately before a jz. Returns a list of address, second operand pairs.
"""
ioctls = []
# Find the currently selected function and get a list of all of it's basic blocks
addr = idc.ScreenEA()
f = idaapi.get_func(addr)
fc = idaapi.FlowChart(f, flags=idaapi.FC_PREDS)
for block in fc:
# grab the last two instructions in the block
last_inst = idc.PrevHead(block.endEA)
penultimate_inst = idc.PrevHead(last_inst)
# If the penultimate instruction is cmp or sub against an immediate value immediately preceding a 'jz'
# then it's a decent guess that it's an IOCTL code (if this is a dispatch function)
if idc.GetMnem(penultimate_inst) in ['cmp', 'sub'] and idc.GetOpType(penultimate_inst, 1) == 5:
if idc.GetMnem(last_inst) == 'jz':
value = get_operand_value(penultimate_inst)
ioctls.append((penultimate_inst, value))
ioctl_tracker.add_ioctl(penultimate_inst, value)
return ioctls
示例5: find_interesting_xors
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_interesting_xors(self):
next_xor = idc.FindText(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor")
while next_xor != idc.BADADDR:
if idc.GetOpnd(next_xor, 0) != idc.GetOpnd(next_xor, 1):
entry = {"func":"", "addr": next_xor, "loop":False, "disasm": idc.GetDisasm(next_xor)}
func = idaapi.get_func(next_xor)
if func:
entry["func"] = idaapi.get_name(idc.BADADDR, func.startEA)
heads = idautils.Heads(next_xor, func.endEA)
lxors = []
for head in heads:
if idc.GetMnem(head).startswith('j'):
jmp_addr = idc.GetOperandValue(head,0)
if jmp_addr < next_xor and jmp_addr > func.startEA:
entry["loop"] = True
break
self._interesting_xors.append(entry)
next_xor = idc.FindText(idc.NextHead(next_xor), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor")
示例6: GetInstructionType
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def GetInstructionType(instr_addr):
instr_mnem = idc.GetMnem(instr_addr)
if instr_mnem.startswith('call'):
return CALL_INSTRUCTION
elif instr_mnem.startswith('j'):
# It seems that there is no other type of instructions
# starting with j in x86/x86_64
return BRANCH_INSTRUCTION
for assign_instr_mnem in assign_instructions_general:
if instr_mnem.startswith(assign_instr_mnem):
return ASSIGNMENT_INSTRUCTION
for assign_instr_mnem in assign_instructions_fp:
if instr_mnem.startswith(assign_instr_mnem):
return ASSIGNMENT_INSTRUCTION
for compare_instruction in compare_instructions:
if instr_mnem.startswith(compare_instruction):
return COMPARE_INSTRUCTION
for stack_push_instruction in stack_push_instructions:
if instr_mnem.startswith(stack_push_instruction):
return STACK_PUSH_INSTRUCTION
for stack_pop_instruction in stack_pop_instructions:
if instr_mnem.startswith(stack_pop_instruction):
return STACK_POP_INSTRUCTION
return OTHER_INSTRUCTION
示例7: get_oviedo_df
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def get_oviedo_df(self, local_vars):
'''
The function calculates Oviedo's DF value
@local_vars - a dictionary of local variables for function
@return - Oviedo's DF value
'''
oviedo_df = 0
# get local variables usage count, except initialization, such as:
# mov [ebp+var_0], some_value
for local_var in local_vars:
usage_list = local_vars.get(local_var, None)
if usage_list == None:
print "WARNING: empty usage list for ", local_var
continue
for instr_addr in usage_list:
instr_mnem = idc.GetMnem(int(instr_addr, 16))
if instr_mnem.startswith('mov'):
# get local var position
operands = self.get_instr_operands(int(instr_addr, 16))
for idx, (operand, type) in enumerate(operands):
if local_var in operand and idx == 0:
oviedo_df -= 1
break
oviedo_df += len(usage_list)
return oviedo_df
示例8: set_start_stop
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def set_start_stop(self, ftype):
assert_ida_available()
import idc
import idaapi
import idautils
fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
for x in idautils.Functions()}
start = idc.BeginEA()
stop = 0
if ftype == PE:
start, stop = fun_mapping["start"]
else:
if not idc.isCode(idc.GetFlags(start)):
if idc.MakeCode(start) == 0:
print "Fail to decode instr !"
idaapi.autoWait()
if idc.GetFunctionName(start) == "":
if idc.MakeFunction(start) == 0:
print "Fail to create function !"
idaapi.autoWait()
fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
for x in idautils.Functions()}
if "main" in fun_mapping:
start, stop = fun_mapping["main"]
elif "start" in fun_mapping:
if "__libc_start_main" in fun_mapping:
instrs = list(idautils.FuncItems(fun_mapping["start"][0]))
instrs.reverse()
for inst in instrs:
arg1 = idc.GetOperandValue(inst, 0)
if idc.GetMnem(inst) == "push":
start, stop = arg1, fun_mapping["start"][1]
break
else:
start, stop = fun_mapping["start"]
self.config.start, self.config.stop = start, stop
示例9: process_routine
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def process_routine(self, rtn_addr, pred_addr=None, rtn_i=1, total_rtn=1):
if rtn_addr not in self.functions_cfg:
self.functions_cfg[rtn_addr] = MyFlowGraph(rtn_addr)
cfg = self.functions_cfg[rtn_addr]
path_to = self.config_to_path_function(cfg)
if pred_addr is None:
candidates = {x for x in idautils.FuncItems(rtn_addr) if idc.GetMnem(x) in cond_jump}
else:
candidates = {pred_addr}
nb_candidates = len(candidates)
self.functions_candidates[rtn_addr] = set()
self.functions_spurious_instrs[rtn_addr] = set()
self.progressbar_loading.reset()
self.progressbar_loading.setMaximum(len(candidates))
name = idc.GetFunctionName(rtn_addr)
self.result_widget.webview.append("\n=> Function:%s\n" % name)
self.log("[result]", "Start processing function: 0x%x" % rtn_addr)
for i, addr in zip(xrange(len(candidates)), candidates):
path = path_to(addr)
res = self.process_addr(rtn_addr, addr, path)
if self.STOP:
return
elif res is None:
continue
dead_br = "/" if res.dead_branch is None else "%x" % res.dead_branch
self.result_widget.webview.append("%x:\t%s\t\tK:%d\tDead:%s" % (addr, to_status_name(res.status), res.k, dead_br))
self.result_widget.webview.verticalScrollBar().setValue(self.result_widget.webview.verticalScrollBar().maximum())
self.loading_stat.setText("Fun: %d/%d Addr: %d/%d" % (rtn_i, total_rtn, i+1, nb_candidates))
self.progressbar_loading.setValue(self.progressbar_loading.value()+1)
self.functions_candidates[rtn_addr].add(addr)
示例10: find_all_switch_jumps
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_all_switch_jumps(self):
self._switch_dict = defaultdict(list)
next_switch = idc.FindBinary(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, "ff 24")
while next_switch != idc.BADADDR:
sw = idaapi.get_switch_info_ex(next_switch)
if idc.GetMnem(next_switch).startswith("jmp") and sw:
ic = self.get_jlocs(sw)
self._switch_dict[idaapi.get_func_name(next_switch)].append((next_switch, sw.ncases, ic))
next_switch = idc.FindBinary(idc.NextHead(next_switch), idc.SEARCH_DOWN|idc.SEARCH_NEXT, "ff 24")
示例11: data
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def data(self):
md5 = hashlib.md5()
for ea in idautils.FuncItems(self.offset):
mnem_line = idc.GetMnem(ea)
mnem_line = mnem_line.strip()
mnem_line = mnem_line.lower()
md5.update(mnem_line)
return md5.hexdigest()
示例12: data
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def data(self):
instruction_hist = defaultdict(int)
for ea in idautils.FuncItems(self.offset):
mnem_line = idc.GetMnem(ea)
mnem_line = mnem_line.lower()
instruction_hist[mnem_line] += 1
if sum(instruction_hist.values()) < 5:
return None
return instruction_hist
示例13: is_jump
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def is_jump(va):
"""
return True if the instruction at the given address appears to be a jump.
"""
return idc.GetMnem(va).startswith("j")
示例14: get_chepin
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def get_chepin(self, local_vars, function_ea, function_metrics):
'''
The function calculates Chepin metric
@local_vars - a dictionary of local variables
@function_ea - function entry address
@function_metrics - function metrics structure
@return - Chepin value
'''
chepin = 0
p = 0
m = 0
c = 0
tmp_dict = dict()
var_args_tmp = dict()
(p, var_args_tmp) = self.get_function_args_count(function_ea, local_vars)
for local_var in local_vars:
usage_list = local_vars.get(local_var, None)
if usage_list == None:
print "WARNING: empty usage list for ", local_var
continue
for instr_addr in usage_list:
instr_mnem = idc.GetMnem(int(instr_addr, 16))
if instr_mnem.startswith('cmp') or instr_mnem.startswith('test'):
tmp_dict.setdefault(local_var, []).append(instr_addr)
for var_arg in var_args_tmp:
if var_arg in local_vars:
del local_vars[var_arg]
for cmp_var in tmp_dict:
if cmp_var in local_vars:
del local_vars[cmp_var]
c = len(tmp_dict)
m = len(local_vars)
chepin = p + 2*m + 3*c
return chepin
示例15: walk_selector_refs
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def walk_selector_refs(self):
#sel_ref_va is the address of the selref, which itself is a pointer to the selector string
#we're looking for cross references *to* the the address of the selref
#If we find ones we like and replace them with a cross reference to the actual method implementation, rather than the selector
for xref in XrefsTo(self.sel_ref_va):
if GetMnem(xref.frm) == self.CALL_MNEMONIC:
continue
#We found a xref *from* somewhere *to* our selref. We need to replace that with a reference
#To the actual method implementation
method_xref=self.add_method_xref(xref)
self.patched_xrefs.append(method_xref)