本文整理汇总了Python中idc.GetOpnd方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetOpnd方法的具体用法?Python idc.GetOpnd怎么用?Python idc.GetOpnd使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idc的用法示例。
在下文中一共展示了idc.GetOpnd方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: find_dispatch_by_struct_index
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def find_dispatch_by_struct_index():
"""Attempts to locate the dispatch function based off it being loaded in a structure
at offset 70h, based off of https://github.com/kbandla/ImmunityDebugger/blob/master/1.73/Libs/driverlib.py """
out = set()
for function_ea in idautils.Functions():
flags = idc.get_func_flags(function_ea)
# skip library functions
if flags & idc.FUNC_LIB:
continue
func = idaapi.get_func(function_ea)
addr = func.startEA
while addr < func.endEA:
if idc.GetMnem(addr) == 'mov':
if '+70h' in idc.GetOpnd(addr, 0) and idc.GetOpType(addr, 1) == 5:
out.add(idc.GetOpnd(addr, 1))
addr = idc.NextHead(addr)
return out 示例2: create_call_map
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def create_call_map(self, ftype):
assert_ida_available()
import idc
import idautils
seg_mapping = {idc.SegName(x): (idc.SegStart(x), idc.SegEnd(x)) for x in idautils.Segments()}
imports = seg_mapping[".idata"] if ftype == PE else seg_mapping['.plt']
start, stop = seg_mapping[".text"]
current = start
while current <= stop:
inst = current
if idc.GetMnem(inst) in ["call", "jmp"]:
value = idc.GetOperandValue(inst, 0)
name = idc.GetOpnd(inst, 0)
if imports[0] <= value <= imports[1]:
entry = self.config.call_map.add()
entry.address = inst
entry.name = name
current = idc.NextHead(current, stop) 示例3: find_interesting_xors
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def find_interesting_xors(self):
next_xor = idc.FindText(idc.MinEA(), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor")
while next_xor != idc.BADADDR:
if idc.GetOpnd(next_xor, 0) != idc.GetOpnd(next_xor, 1):
entry = {"func":"", "addr": next_xor, "loop":False, "disasm": idc.GetDisasm(next_xor)}
func = idaapi.get_func(next_xor)
if func:
entry["func"] = idaapi.get_name(idc.BADADDR, func.startEA)
heads = idautils.Heads(next_xor, func.endEA)
lxors = []
for head in heads:
if idc.GetMnem(head).startswith('j'):
jmp_addr = idc.GetOperandValue(head,0)
if jmp_addr < next_xor and jmp_addr > func.startEA:
entry["loop"] = True
break
self._interesting_xors.append(entry)
next_xor = idc.FindText(idc.NextHead(next_xor), idc.SEARCH_DOWN|idc.SEARCH_NEXT, 0, 0, "xor") 示例4: __init__
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def __init__(self, opnd, ea, insn, write, read):
self._operand = opnd
self._ea = ea
self._read = read
self._write= write
self._insn = insn
self._type = opnd.type
self._index_id = None
self._base_id = None
self._displ = None
self._scale = None
if self._type in (idaapi.o_displ, idaapi.o_phrase):
specflag1 = self.op_t.specflag1
specflag2 = self.op_t.specflag2
scale = 1 << ((specflag2 & 0xC0) >> 6)
offset = self.op_t.addr
if specflag1 == 0:
index_ = None
base_ = self.op_t.reg
elif specflag1 == 1:
index_ = (specflag2 & 0x38) >> 3
base_ = (specflag2 & 0x07) >> 0
if self.op_t.reg == 0xC:
base_ += 8
# HACK: Check if the index register is there in the operand
# It will fix the issue if `rsi` is getting used as index register
if (index_ & 4) and get_register_name(index_) not in idc.GetOpnd(self._ea, opnd.n):
index_ += 8
if (index_ == base_ == idautils.procregs.sp.reg) and (scale == 1):
index_ = None
self._scale = scale
self._index_id = index_
self._base_id = base_
self._displ = offset 示例5: text
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def text(self):
return idc.GetOpnd(self._ea, self.index) 示例6: __init__
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def __init__(self, opnd, ea, insn, write, read):
self._operand = opnd
self._ea = ea
self._read = read
self._write= write
self._insn = insn
self._type = opnd.type
self._index_id = None
self._base_id = None
self._displ = None
self._scale = None
if self._type in (idaapi.o_displ, idaapi.o_phrase):
specflag1 = self.op_t.specflag1
specflag2 = self.op_t.specflag2
scale = 1 << ((specflag2 & 0xC0) >> 6)
offset = self.op_t.addr
if specflag1 == 0:
index_ = None
base_ = self.op_t.reg
elif specflag1 == 1:
index_ = (specflag2 & 0x38) >> 3
base_ = (specflag2 & 0x07) >> 0
if self.op_t.reg == 0xC:
base_ += 8
# HACK: Check if the index register is there in the operand
# It will fix the issue if `rsi` is getting used as index register
if (index_ & 4) and get_register_name(index_) not in idc.GetOpnd(self._ea, opnd.n):
index_ += 8
if (index_ == base_ == idautils.procregs.sp.reg) and (scale == 1):
index_ = None
self._scale = scale
self._index_id = index_
self._base_id = base_
self._displ = offset 示例7: add_bp_to_virtual_calls
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def add_bp_to_virtual_calls(cur_addr, end):
while cur_addr < end:
if cur_addr == idc.BADADDR:
break
elif idc.print_insn_mnem(cur_addr) == 'call' or idc.print_insn_mnem(cur_addr) == 'BLR':
if True in [idc.print_operand(cur_addr, 0).find(reg) != -1 for reg in REGISTERS]: # idc.GetOpnd(cur_addr, 0) in REGISTERS:
cond, bp_address = vtableAddress.write_vtable2file(cur_addr)
if cond != '':
bp_vtable = AddBP.add(bp_address, cond)
cur_addr = idc.next_head(cur_addr) 示例8: get_instr_operands
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def get_instr_operands(self, head):
"""
@head - instruction address
@return - the function returns list of variables which is
used in the instruction
"""
i = 0
instr_op = list()
while i < 4:
op = idc.GetOpnd(head, i)
if op != "":
instr_op.append((op, idc.GetOpType(head, i)))
i += 1
return instr_op 示例9: processWriteLog
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def processWriteLog(self, tracker, cVa):
wlogEntry = tracker.va_write_map.get(cVa, None)
if (wlogEntry is None):
return
pc, writeVa, bytes = wlogEntry
if (writeVa in self.stackArgLocs) and (self.getStackArgNum(writeVa) not in self.resultArgs.keys()):
#it's a stack arg value
pc, value = transformWriteLogEntry(wlogEntry)
#self.tracker.logger.debug('writelog 0x%08x: Found stack arg %d: 0x%08x', pc, self.getStackArgNum(writeVa), value)
self.saveResult(writeVa, pc, value)
return
if writeVa not in self.tempMapping.keys():
#self.tracker.logger.debug('writelog 0x%08x: not interesting', pc)
return
#argName: the actual value we're tracing back
argName = self.tempMapping.pop(writeVa)
pc, value = transformWriteLogEntry(wlogEntry)
#we found a temp value tracing backwards, but need to determine if it's a constant
# or if we need to continue tracing backwards. basically as long as it's not
# a register, we stop?
mnem = idc.GetMnem(pc)
srcOpIdx = 0
if mnem.startswith('push'):
srcOpIdx = 0
elif mnem.startswith('mov'):
srcOpIdx = 1
else:
#TODO: any other data movement instructions need to be traced rahter
# than using the observed write log value?
#self.tracker.logger.debug('writelog 0x%08x: found (default): 0x%08x', pc, value)
self.saveResult(argName, pc, value)
return
#process data movements instructions:
optype = idc.GetOpType(pc, srcOpIdx)
if optype == idc.o_reg:
#need to trace the new reg now
newReg = idc.GetOpnd(pc, srcOpIdx)
#self.tracker.logger.debug('writelog 0x%08x tracing: (%s): %s', pc, self.getArgNameRep(argName), newReg)
self.tempMapping[newReg] = argName
else:
#not a register, so currently assuming we can use the stored value
#self.tracker.logger.debug('writelog 0x%08x: found (non-reg): 0x%08x', pc, value)
self.saveResult(argName, pc, value) 示例10: processRegMon
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetOpnd [as 别名]
def processRegMon(self, tracker, cVa):
if tracker.regMon is None:
#tracker.logger.debug('regmon: regMon is empty')
return
regMods = tracker.regMon.reg_map.get(cVa)
if regMods is None:
#tracker.logger.debug('regmon 0x%08x: no entry in reg_map', cVa)
return
#figure out if one of the monitored regs is modified in this instruction
# and if has not already been stored -> just want the first reg value
regMods = self.tracker.regMon.reg_map[cVa]
#self.tracker.logger.debug('regmon 0x%08x: examining %d items: %r', cVa, len(regMods), regMods)
for reg in regMods:
interesting1 = (reg in self.regs) and (reg not in self.resultArgs.keys())
interesting2 = (reg in self.tempMapping.keys())
if (not interesting1) and (not interesting2):
#modified reg isn't interesting: either a function arg or a temp traced value
#self.tracker.logger.debug('regmon 0x%08x: not interesting: %s', cVa, reg)
continue
mnem = idc.GetMnem(cVa)
argName = reg
if interesting1:
self.regs.remove(reg)
if interesting2:
argName = self.tempMapping.pop(reg)
if mnem.startswith('pop'):
#add the current stack read address to the temporary tracking
rlogEntry = tracker.va_read_map.get(cVa, None)
if rlogEntry is None:
raise RuntimeError('readlog entry does not exist for a pop')
pc, readVa, bytes = rlogEntry
#self.tracker.logger.debug('regmon 0x%08x tracing (pop): %s (%s): 0x%x', cVa, argName, reg, readVa)
self.tempMapping[readVa] = argName
elif mnem.startswith('mov'):
if idc.GetOpType(cVa, 1) == idc.o_reg:
#change to track this reg backwards
newReg = idc.GetOpnd(cVa, 1)
#self.tracker.logger.debug('regmon 0x%08x tracing (mov): %s (%s)', cVa, argName, newReg)
self.tempMapping[newReg] = argName
else:
#not a register, use the modified result otherwise?
#self.tracker.logger.debug('regmon 0x%08x found (mov): %s (%s): 0x%x', cVa, argName, reg, regMods[reg])
self.saveResult(argName, cVa, regMods[reg])
else:
#TODO: any other data movement instructions that should be traced back?
#self.tracker.logger.debug('regmon 0x%08x found (default): %s (%s): 0x%x', cVa, argName, reg, regMods[reg])
self.saveResult(argName, cVa, regMods[reg])