当前位置: 首页>>代码示例>>Python>>正文


Python idc.GetString方法代码示例

本文整理汇总了Python中idc.GetString方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetString方法的具体用法?Python idc.GetString怎么用?Python idc.GetString使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idc的用法示例。


在下文中一共展示了idc.GetString方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: enum_string_refs_in_function

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def enum_string_refs_in_function(fva):
    '''
    yield the string references in the given function.
    
    Args:
      fva (int): the starting address of a function
    
    Returns:
      sequence[tuple[int, int, str]]: tuples of metadata, including:
       - the address of the instruction referencing a string
       - the address of the string
       - the string
    '''
    for ea in enum_function_addrs(fva):
        for ref in idautils.DataRefsFrom(ea):
            stype = idc.GetStringType(ref)
            if stype < 0 or stype > 7:
                continue

            CALC_MAX_LEN = -1
            s = str(idc.GetString(ref, CALC_MAX_LEN, stype))

            yield ea, ref, s 
开发者ID:williballenthin,项目名称:idawilli,代码行数:25,代码来源:hint_calls.py

示例2: parseValue

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def parseValue(self, rawValue):
        """
        Parse the string value
        @return:
        """
        if self.type_params == ASCII_STR:
            value = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
            description = "ASCII C-String"

        elif self.type_params == UNICODE_STR:
            value = idc.GetString(rawValue, strtype=idc.ASCSTR_UNICODE)
            description = "Unicode String"

        else:
            return

        value, raw_value = self.normalize_raw_value(value)
        self.addParsedvalue(value, 0, description, raw_value) 
开发者ID:ynvb,项目名称:DIE,代码行数:20,代码来源:StringParser.py

示例3: __str__

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def __str__(self):
            return idc.GetString(self.ea, self.length, self.type) 
开发者ID:CvvT,项目名称:dumpDex,代码行数:4,代码来源:idautils.py

示例4: read_string

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def read_string(ea):
  s = idc.GetString(ea, -1, idc.ASCSTR_C)
  if s:
    slen = len(s)+1
    idc.MakeUnknown(ea, slen, idc.DOUNK_SIMPLE)
    idaapi.make_ascii_string(ea, slen, idc.ASCSTR_C)
    return s, ea + slen
  else:
    return s, ea 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:11,代码来源:exception.py

示例5: get_type_info

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def get_type_info(ea):
  tis = read_pointer(ea + get_address_size_in_bytes())
  if is_invalid_ea(tis):
    return idc.BADADDR
  name = idc.GetString(tis)
  if name == None or len(name) == 0:
    return idc.BADADDR, name

  ea2 = ea + 2*get_address_size_in_bytes()
  return ea2, name 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:12,代码来源:exception.py

示例6: guessValues

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def guessValues(self, rawValue):
        """
        Guess string values
        """
        minLength = 5  # The minimal string length

        value = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "ASCII C-String", raw_value)

        value = idc.GetString(rawValue, strtype=idc.ASCSTR_UNICODE)
        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "Ascii Unicode String", raw_value)

        value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_PASCAL)
        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "Ascii Pascal string", raw_value)

        value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_LEN2)
        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "Ascii String (Len2)", raw_value)

        value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_LEN4)
        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "Ascii String (Len4)", raw_value)

        value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_ULEN2)
        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "Ascii String (ULen2)", raw_value)

        value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_ULEN4)
        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "Ascii String (ULen4)", raw_value) 
开发者ID:ynvb,项目名称:DIE,代码行数:42,代码来源:StringParser.py

示例7: guessValues

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def guessValues(self, rawValue):
        """
        Guess string values
        """
        minLength = 5
        str_value = idc.DbgDword(rawValue+4)
        if str_value is None:
            return False

        value = idc.GetString(str_value, strtype=idc.ASCSTR_C)

        if value and len(value) >= minLength:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "std::basic_string", raw_value)
            return True

        if not value:
            # If this is not an ASCII string, check for the string value at offset +0x04
            tmp = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
            if tmp:
                return False
            value = idc.GetString(rawValue+4, strtype=idc.ASCSTR_C)
            if value and len(value) >= minLength:
                value, raw_value = self.normalize_raw_value(value)
                self.addParsedvalue(value, 1, "std::basic_string", raw_value)
                return True

        return False 
开发者ID:ynvb,项目名称:DIE,代码行数:30,代码来源:BasicStringParser.py

示例8: parseValue

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def parseValue(self, rawValue):
        """
        Parse the string value
        @return:
        """
        str_value = idc.DbgDword(rawValue+4)
        if str_value is None:
            return False

        value = idc.GetString(str_value, strtype=idc.ASCSTR_C)

        if value:
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "std::basic_string", raw_value)
            return True

        else:
            # If this is not an ASCII string, check for the string value at offset +0x04
            tmp = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
            if tmp:
                return False
            value = idc.GetString(rawValue+4, strtype=idc.ASCSTR_C)
            value, raw_value = self.normalize_raw_value(value)
            self.addParsedvalue(value, 1, "std::basic_string", raw_value)
            return True

        return False 
开发者ID:ynvb,项目名称:DIE,代码行数:29,代码来源:BasicStringParser.py

示例9: _process_mod_init_func_for_metaclasses

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def _process_mod_init_func_for_metaclasses(func, found_metaclass):
    """Process a function from the __mod_init_func section for OSMetaClass information."""
    _log(4, 'Processing function {}', idc.GetFunctionName(func))
    def on_BL(addr, reg):
        X0, X1, X3 = reg['X0'], reg['X1'], reg['X3']
        if not (X0 and X1 and X3):
            return
        _log(5, 'Have call to {:#x}({:#x}, {:#x}, ?, {:#x})', addr, X0, X1, X3)
        # OSMetaClass::OSMetaClass(this, className, superclass, classSize)
        if not idc.SegName(X1).endswith("__TEXT.__cstring") or not idc.SegName(X0):
            return
        found_metaclass(X0, idc.GetString(X1), X3, reg['X2'] or None)
    _emulate_arm64(func, idc.FindFuncEnd(func), on_BL=on_BL) 
开发者ID:bazad,项目名称:ida_kernelcache,代码行数:15,代码来源:collect_classes.py

示例10: parse_prelink_info

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def parse_prelink_info():
    """Find and parse the kernel __PRELINK_INFO dictionary."""
    segments = _find_prelink_info_segments()
    for segment in segments:
        prelink_info_string = idc.GetString(segment)
        prelink_info = kplist.kplist_parse(prelink_info_string)
        if prelink_info:
            return prelink_info
    _log(0, 'Could not find __PRELINK_INFO')
    return None 
开发者ID:bazad,项目名称:ida_kernelcache,代码行数:12,代码来源:kernel.py

示例11: __init__

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def __init__( self, xref, addr ):

        type = idc.GetStringType(addr)
        if type < 0 or type >= len(String.ASCSTR):
            raise StringParsingException()

        CALC_MAX_LEN = -1
        string = str( idc.GetString(addr, CALC_MAX_LEN, type) )

        self.xref = xref
        self.addr = addr
        self.type = type
        self.string = string 
开发者ID:darx0r,项目名称:Stingray,代码行数:15,代码来源:Stingray.py

示例12: fix_vxworks_idb

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def fix_vxworks_idb(load_address, vx_version, symbol_table_start, symbol_table_end):
        current_image_base = idaapi.get_imagebase()
        symbol_interval = 16
        if vx_version == 6:
            symbol_interval = 20
        symbol_table_start += load_address
        symbol_table_end += load_address
        ea = symbol_table_start
        shift_address = load_address - current_image_base
        while shift_address >= 0x70000000:
            idaapi.rebase_program(0x70000000, 0x0008)
            shift_address -= 0x70000000
        idaapi.rebase_program(shift_address, 0x0008)
        while ea < symbol_table_end:
            # for VxWorks 6 unknown symbol format
            if idc.Byte(ea + symbol_table_end - 2) == 3:
                ea += symbol_interval
                continue
            offset = 4
            if idaapi.IDA_SDK_VERSION >= 700:
                idc.create_strlit(idc.Dword(ea + offset), idc.BADADDR)
            else:
                idc.MakeStr(idc.Dword(ea + offset), idc.BADADDR)
            sName = idc.GetString(idc.Dword(ea + offset), -1, idc.ASCSTR_C)
            print("Found %s in symbol table" % sName)
            if sName:
                sName_dst = idc.Dword(ea + offset + 4)
                if vx_version == 6:
                    sName_type = idc.Dword(ea + offset + 12)
                else:
                    sName_type = idc.Dword(ea + offset + 8)
                idc.MakeName(sName_dst, sName)
                if sName_type in need_create_function:
                    # flags = idc.GetFlags(ea)
                    print("Start fix Function %s at %s" % (sName, hex(sName_dst)))
                    idc.MakeCode(sName_dst)  # might not need
                    idc.MakeFunction(sName_dst, idc.BADADDR)
            ea += symbol_interval
        print("Fix function by symbol table finish.")
        print("Start IDA auto analysis, depending on the size of the firmware this might take a few minutes.")
        idaapi.autoWait() 
开发者ID:PAGalaxyLab,项目名称:vxhunter,代码行数:43,代码来源:vxhunter_ida.py

示例13: yarasearch

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def yarasearch(self, memory, offsets, rules):
        print(">>> start yara search")
        values = list()
        matches = rules.match(data=memory)
        for match in matches:
            for string in match.strings:
                name = match.rule
                if name.endswith("_API"):
                    try:
                        name = name + "_" + idc.GetString(self.toVirtualAddress(string[0], offsets))
                    except:
                        pass
                value = [
                    self.toVirtualAddress(string[0], offsets),
                    match.namespace,
                    name + "_" + hex(self.toVirtualAddress(string[0], offsets)).lstrip("0x").rstrip("L").upper(),
                    string[1],
                    repr(string[2]),
                ]
                idaapi.set_name(value[0], name
                             + "_"
                             + hex(self.toVirtualAddress(string[0], offsets)).lstrip("0x").rstrip("L").upper()
                             , 0)
                values.append(value)
        print("<<< end yara search")
        return values 
开发者ID:polymorf,项目名称:findcrypt-yara,代码行数:28,代码来源:findcrypt3.py

示例14: __init__

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def __init__(self,objc_class_va,segment_map,arch=ARCH_X86_64):
        """Create a new ObjcClass instance
                
        Arguments:
            objc_class_va {number} -- Virtual address of the Objective-C class to parse
            segment_map {dictionary} -- A dictionary mapping segment names to a start/end virtual address tuple
        
        Keyword Arguments:
            arch {number} -- CPU architecture. Either ARCH_X86_64 or ARM64 (default: {ARCH_X86_64})
        """
        self.arch=arch
        self.segment_map=segment_map
        class_ro_va=Qword(objc_class_va+self.OBJC2_CLASS_RO_OFFSET)
        self.name_pointer=Qword(class_ro_va+self.OBJC2_CLASS_RO_NAME_OFFSET)
        self.method_list=[]
        if class_ro_va == BADADDR or class_ro_va==0:
            self.class_ro_va=None
            return
        self.class_ro_va=class_ro_va

        class_methods_va=Qword(class_ro_va+self.OBJC2_CLASS_RO_BASE_METHODS_OFFSET)

        if class_methods_va == BADADDR or class_methods_va==0:
            self.class_methods_va=None
            return
        self.class_methods_va=class_methods_va
        Message("Class found at virtual address: 0x%x\n" % objc_class_va)
        Message("Class name: %s\n" % GetString(self.name_pointer))
        #Parse the method_list_t struct and build a list of methods
        self.method_list=ObjcMethodList(class_methods_va,segment_map,arch=arch) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:32,代码来源:objc2_xrefs_helper.py

示例15: findGetProcAddress

# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def findGetProcAddress(cfunc):
    class visitor(idaapi.ctree_visitor_t):
        def __init__(self, cfunc):
            idaapi.ctree_visitor_t.__init__(self, idaapi.CV_FAST)
            self.cfunc = cfunc

        def visit_expr(self, i):
            if i.op == idaapi.cot_call:
                # look for calls to GetProcAddress
                if idc.Name(i.x.obj_ea) == "GetProcAddress":

                    # ASCSTR_C == 0
                    # Check to see if the second argument is a C string
                    if idc.GetStringType(i.a[1].obj_ea) == 0:
                        targetName = idc.GetString(i.a[1].obj_ea, -1, 0)

                        # Found function name
                        # Look for global assignment
                        parent = self.cfunc.body.find_parent_of(i)
                        if parent.op == idaapi.cot_cast:
                            # Ignore casts and look for the parent
                            parent = self.cfunc.body.find_parent_of(parent)

                        if parent.op == idaapi.cot_asg:
                            # We want to find the left hand side (x)
                            idc.MakeName(parent.cexpr.x.obj_ea, targetName + "_")

            return 0
    
    v = visitor(cfunc)
    v.apply_to(cfunc.body, None) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:33,代码来源:find_get_proc_address.py


注:本文中的idc.GetString方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。