当前位置: 首页>>代码示例>>Python>>正文


Python idc.GetMnem方法代码示例

本文整理汇总了Python中idc.GetMnem方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetMnem方法的具体用法?Python idc.GetMnem怎么用?Python idc.GetMnem使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idc的用法示例。


在下文中一共展示了idc.GetMnem方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: find_dispatch_by_struct_index

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_dispatch_by_struct_index():
    """Attempts to locate the dispatch function based off it being loaded in a structure
    at offset 70h, based off of https://github.com/kbandla/ImmunityDebugger/blob/master/1.73/Libs/driverlib.py """
    
    out = set()
    for function_ea in idautils.Functions():
        flags = idc.get_func_flags(function_ea)
        # skip library functions
        if flags & idc.FUNC_LIB:
            continue
        func = idaapi.get_func(function_ea)
        addr = func.startEA
        while addr < func.endEA:
            if idc.GetMnem(addr) == 'mov':
                if '+70h' in idc.GetOpnd(addr, 0) and idc.GetOpType(addr, 1) == 5:
                    out.add(idc.GetOpnd(addr, 1))
            addr = idc.NextHead(addr)
    return out 
开发者ID:FSecureLABS,项目名称:win_driver_plugin,代码行数:20,代码来源:win_driver_plugin.py

示例2: create_call_map

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def create_call_map(self, ftype):
        assert_ida_available()
        import idc
        import idautils
        seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
        imports = seg_mapping[".idata"] if ftype == PE else seg_mapping['.plt']
        start, stop = seg_mapping[".text"]
        current = start
        while current <= stop:
            inst = current
            if idc.GetMnem(inst) in ["call", "jmp"]:
                value = idc.GetOperandValue(inst, 0)
                name = idc.GetOpnd(inst, 0)
                if imports[0] <= value <= imports[1]:
                    entry = self.config.call_map.add()
                    entry.address = inst
                    entry.name = name
            current = idc.NextHead(current, stop) 
开发者ID:RobinDavid,项目名称:idasec,代码行数:20,代码来源:configuration_file.py

示例3: detect_start_and_stop

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def detect_start_and_stop(self):  # FIXME:Duplicate code with core (or something similar)
        start, stop = 0, 0
        if self.core.ftype == "PE":
            start, stop = self.core.fun_mapping["start"]
        else:
            if "main" in self.core.fun_mapping:
                start, stop = self.core.fun_mapping["main"]
            elif "start" in self.core.fun_mapping:
                if "__libc_start_main" in self.core.fun_mapping:
                    instrs = list(idautils.FuncItems(self.core.fun_mapping["start"][0]))
                    instrs.reverse()
                    for inst in instrs:
                        arg1 = idc.GetOperandValue(inst, 0)
                        if idc.GetMnem(inst) == "push":
                            start, stop = arg1, self.core.fun_mapping["start"][1]
                            break
                else:
                    start, stop = self.core.fun_mapping["start"]
            else:
                start, stop = idc.BeginEA(), 0
        self.start, self.stop = start, stop 
开发者ID:RobinDavid,项目名称:idasec,代码行数:23,代码来源:AnalysisWidget.py

示例4: find_all_ioctls

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_all_ioctls():
    """
    From the currently selected address attempts to traverse all blocks inside the current function to find all immediate values which
    are used for a comparison/sub immediately before a jz. Returns a list of address, second operand pairs.
    """
    
    ioctls = []
    # Find the currently selected function and get a list of all of it's basic blocks
    addr = idc.ScreenEA()
    f = idaapi.get_func(addr)
    fc = idaapi.FlowChart(f, flags=idaapi.FC_PREDS)
    for block in fc:
        # grab the last two instructions in the block 
        last_inst = idc.PrevHead(block.endEA)
        penultimate_inst = idc.PrevHead(last_inst)
        # If the penultimate instruction is cmp or sub against an immediate value immediately preceding a 'jz' 
        # then it's a decent guess that it's an IOCTL code (if this is a dispatch function)
        if idc.GetMnem(penultimate_inst) in ['cmp', 'sub'] and idc.GetOpType(penultimate_inst, 1) == 5:
            if idc.GetMnem(last_inst) == 'jz':
                value = get_operand_value(penultimate_inst)
                ioctls.append((penultimate_inst, value))
                ioctl_tracker.add_ioctl(penultimate_inst, value)
    return ioctls 
开发者ID:FSecureLABS,项目名称:win_driver_plugin,代码行数:25,代码来源:win_driver_plugin.py

示例5: find_interesting_xors

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_interesting_xors(self):
        next_xor = idc.FindText(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor")
        while next_xor != idc.BADADDR:
            if idc.GetOpnd(next_xor, 0) != idc.GetOpnd(next_xor, 1):
                entry = {"func":"", "addr": next_xor, "loop":False, "disasm": idc.GetDisasm(next_xor)}
                func = idaapi.get_func(next_xor)
                if func:
                    entry["func"] = idaapi.get_name(idc.BADADDR, func.startEA)
                    heads = idautils.Heads(next_xor, func.endEA)
                    lxors = []
                    for head in heads:
                        if idc.GetMnem(head).startswith('j'):
                            jmp_addr = idc.GetOperandValue(head,0)
                            if jmp_addr < next_xor and jmp_addr > func.startEA:
                                entry["loop"] = True
                                break
                self._interesting_xors.append(entry)
            next_xor = idc.FindText(idc.NextHead(next_xor), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor") 
开发者ID:jjo-sec,项目名称:idataco,代码行数:20,代码来源:interesting_xor.py

示例6: GetInstructionType

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def GetInstructionType(instr_addr):
    instr_mnem = idc.GetMnem(instr_addr)
    if instr_mnem.startswith('call'):
        return CALL_INSTRUCTION
    elif instr_mnem.startswith('j'):
        # It seems that there is no other type of instructions
        # starting with j in x86/x86_64
        return BRANCH_INSTRUCTION
    for assign_instr_mnem in assign_instructions_general:
        if instr_mnem.startswith(assign_instr_mnem):
            return ASSIGNMENT_INSTRUCTION
    for assign_instr_mnem in assign_instructions_fp:
        if instr_mnem.startswith(assign_instr_mnem):
            return ASSIGNMENT_INSTRUCTION
    for compare_instruction in compare_instructions:
        if instr_mnem.startswith(compare_instruction):
            return COMPARE_INSTRUCTION
    for stack_push_instruction in stack_push_instructions:
        if instr_mnem.startswith(stack_push_instruction):
            return STACK_PUSH_INSTRUCTION
    for stack_pop_instruction in stack_pop_instructions:
        if instr_mnem.startswith(stack_pop_instruction):
            return STACK_POP_INSTRUCTION
    return OTHER_INSTRUCTION 
开发者ID:mxmssh,项目名称:IDAmetrics,代码行数:26,代码来源:IDAMetrics_static.py

示例7: get_oviedo_df

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def get_oviedo_df(self, local_vars):
        '''
        The function calculates Oviedo's DF value
        @local_vars - a dictionary of local variables for function
        @return - Oviedo's DF value
        '''
        oviedo_df = 0
        # get local variables usage count, except initialization, such as:
        # mov [ebp+var_0], some_value
        for local_var in local_vars:
            usage_list = local_vars.get(local_var, None)
            if usage_list == None:
                print "WARNING: empty usage list for ", local_var
                continue
            for instr_addr in usage_list:
                instr_mnem = idc.GetMnem(int(instr_addr, 16))
                if instr_mnem.startswith('mov'):
                    # get local var position
                    operands = self.get_instr_operands(int(instr_addr, 16))
                    for idx, (operand, type) in enumerate(operands):
                        if local_var in operand and idx == 0:
                            oviedo_df -= 1
                            break
            oviedo_df += len(usage_list)
        return oviedo_df 
开发者ID:mxmssh,项目名称:IDAmetrics,代码行数:27,代码来源:IDAMetrics_static.py

示例8: set_start_stop

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def set_start_stop(self, ftype):
        assert_ida_available()
        import idc
        import idaapi
        import idautils
        fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
                       for x in idautils.Functions()}
        start = idc.BeginEA()
        stop = 0
        if ftype == PE:
            start, stop = fun_mapping["start"]
        else:
            if not idc.isCode(idc.GetFlags(start)):
                if idc.MakeCode(start) == 0:
                    print "Fail to decode instr !"
                idaapi.autoWait()
            if idc.GetFunctionName(start) == "":
                if idc.MakeFunction(start) == 0:
                    print "Fail to create function !"
                idaapi.autoWait()
                fun_mapping = {idc.GetFunctionName(x): (idaapi.get_func(x).startEA, idaapi.get_func(x).endEA-1)
                               for x in idautils.Functions()}

            if "main" in fun_mapping:
                start, stop = fun_mapping["main"]
            elif "start" in fun_mapping:
                if "__libc_start_main" in fun_mapping:
                    instrs = list(idautils.FuncItems(fun_mapping["start"][0]))
                    instrs.reverse()
                    for inst in instrs:
                        arg1 = idc.GetOperandValue(inst, 0)
                        if idc.GetMnem(inst) == "push":
                            start, stop = arg1, fun_mapping["start"][1]
                            break
                else:
                    start, stop = fun_mapping["start"]
        self.config.start, self.config.stop = start, stop 
开发者ID:RobinDavid,项目名称:idasec,代码行数:39,代码来源:configuration_file.py

示例9: process_routine

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def process_routine(self, rtn_addr, pred_addr=None, rtn_i=1, total_rtn=1):
        if rtn_addr not in self.functions_cfg:
            self.functions_cfg[rtn_addr] = MyFlowGraph(rtn_addr)
        cfg = self.functions_cfg[rtn_addr]
        path_to = self.config_to_path_function(cfg)
        if pred_addr is None:
            candidates = {x for x in idautils.FuncItems(rtn_addr) if idc.GetMnem(x) in cond_jump}
        else:
            candidates = {pred_addr}
        nb_candidates = len(candidates)
        self.functions_candidates[rtn_addr] = set()
        self.functions_spurious_instrs[rtn_addr] = set()

        self.progressbar_loading.reset()
        self.progressbar_loading.setMaximum(len(candidates))

        name = idc.GetFunctionName(rtn_addr)
        self.result_widget.webview.append("\n=> Function:%s\n" % name)

        self.log("[result]", "Start processing function: 0x%x" % rtn_addr)
        for i, addr in zip(xrange(len(candidates)), candidates):
            path = path_to(addr)
            res = self.process_addr(rtn_addr, addr, path)
            if self.STOP:
                return
            elif res is None:
                continue
            dead_br = "/" if res.dead_branch is None else "%x" % res.dead_branch
            self.result_widget.webview.append("%x:\t%s\t\tK:%d\tDead:%s" % (addr, to_status_name(res.status), res.k, dead_br))

            self.result_widget.webview.verticalScrollBar().setValue(self.result_widget.webview.verticalScrollBar().maximum())
            self.loading_stat.setText("Fun: %d/%d  Addr: %d/%d" % (rtn_i, total_rtn, i+1, nb_candidates))

            self.progressbar_loading.setValue(self.progressbar_loading.value()+1)
            self.functions_candidates[rtn_addr].add(addr) 
开发者ID:RobinDavid,项目名称:idasec,代码行数:37,代码来源:static_opaque_analysis.py

示例10: find_all_switch_jumps

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def find_all_switch_jumps(self):
        self._switch_dict = defaultdict(list)
        next_switch = idc.FindBinary(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, "ff 24")
        while next_switch != idc.BADADDR:
            sw = idaapi.get_switch_info_ex(next_switch)
            if idc.GetMnem(next_switch).startswith("jmp") and sw:
                ic = self.get_jlocs(sw)
                self._switch_dict[idaapi.get_func_name(next_switch)].append((next_switch, sw.ncases, ic))
            next_switch = idc.FindBinary(idc.NextHead(next_switch), idc.SEARCH_DOWN|idc.SEARCH_NEXT, "ff 24") 
开发者ID:jjo-sec,项目名称:idataco,代码行数:11,代码来源:switch_jumps.py

示例11: data

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def data(self):
    md5 = hashlib.md5()
    for ea in idautils.FuncItems(self.offset):
      mnem_line = idc.GetMnem(ea)
      mnem_line = mnem_line.strip()
      mnem_line = mnem_line.lower()
      md5.update(mnem_line)
    return md5.hexdigest() 
开发者ID:nirizr,项目名称:rematch,代码行数:10,代码来源:mnemonic_hash.py

示例12: data

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def data(self):
    instruction_hist = defaultdict(int)

    for ea in idautils.FuncItems(self.offset):
      mnem_line = idc.GetMnem(ea)
      mnem_line = mnem_line.lower()
      instruction_hist[mnem_line] += 1

    if sum(instruction_hist.values()) < 5:
      return None

    return instruction_hist 
开发者ID:nirizr,项目名称:rematch,代码行数:14,代码来源:mnemonic_hist.py

示例13: is_jump

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def is_jump(va):
    """
    return True if the instruction at the given address appears to be a jump.
    """
    return idc.GetMnem(va).startswith("j") 
开发者ID:williballenthin,项目名称:python-idb,代码行数:7,代码来源:yara_fn.py

示例14: get_chepin

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def get_chepin(self, local_vars, function_ea, function_metrics):
        '''
        The function calculates Chepin metric
        @local_vars - a dictionary of local variables
        @function_ea - function entry address
        @function_metrics - function metrics structure
        @return - Chepin value
        '''
        chepin = 0
        p = 0
        m = 0
        c = 0
        tmp_dict = dict()
        var_args_tmp = dict()
        (p, var_args_tmp) = self.get_function_args_count(function_ea, local_vars)
        for local_var in local_vars:
            usage_list = local_vars.get(local_var, None)
            if usage_list == None:
                print "WARNING: empty usage list for ", local_var
                continue
            for instr_addr in usage_list:
                instr_mnem = idc.GetMnem(int(instr_addr, 16))
                if instr_mnem.startswith('cmp') or instr_mnem.startswith('test'):
                    tmp_dict.setdefault(local_var, []).append(instr_addr)

        for var_arg in var_args_tmp:
            if var_arg in local_vars:
                del local_vars[var_arg]
        for cmp_var in tmp_dict:
            if cmp_var in local_vars:
                del local_vars[cmp_var]

        c = len(tmp_dict)
        m = len(local_vars)
        chepin = p + 2*m + 3*c
        return chepin 
开发者ID:mxmssh,项目名称:IDAmetrics,代码行数:38,代码来源:IDAMetrics_static.py

示例15: walk_selector_refs

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetMnem [as 别名]
def walk_selector_refs(self):
        #sel_ref_va is the address of the selref, which itself is a pointer to the selector string
        #we're looking for cross references *to* the the address of the selref
        #If we find ones we like and replace them with a cross reference to the actual method implementation, rather than the selector
        for xref in XrefsTo(self.sel_ref_va):
            if GetMnem(xref.frm) == self.CALL_MNEMONIC:
                continue
            #We found a xref *from* somewhere *to* our selref. We need to replace that with a reference
            #To the actual method implementation
            method_xref=self.add_method_xref(xref)
            self.patched_xrefs.append(method_xref) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:13,代码来源:objc2_xrefs_helper.py


注:本文中的idc.GetMnem方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。