本文整理汇总了Python中idc.GetString方法的典型用法代码示例。如果您正苦于以下问题:Python idc.GetString方法的具体用法?Python idc.GetString怎么用?Python idc.GetString使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idc
的用法示例。
在下文中一共展示了idc.GetString方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: enum_string_refs_in_function
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def enum_string_refs_in_function(fva):
'''
yield the string references in the given function.
Args:
fva (int): the starting address of a function
Returns:
sequence[tuple[int, int, str]]: tuples of metadata, including:
- the address of the instruction referencing a string
- the address of the string
- the string
'''
for ea in enum_function_addrs(fva):
for ref in idautils.DataRefsFrom(ea):
stype = idc.GetStringType(ref)
if stype < 0 or stype > 7:
continue
CALC_MAX_LEN = -1
s = str(idc.GetString(ref, CALC_MAX_LEN, stype))
yield ea, ref, s
示例2: parseValue
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def parseValue(self, rawValue):
"""
Parse the string value
@return:
"""
if self.type_params == ASCII_STR:
value = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
description = "ASCII C-String"
elif self.type_params == UNICODE_STR:
value = idc.GetString(rawValue, strtype=idc.ASCSTR_UNICODE)
description = "Unicode String"
else:
return
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 0, description, raw_value)
示例3: __str__
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def __str__(self):
return idc.GetString(self.ea, self.length, self.type)
示例4: read_string
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def read_string(ea):
s = idc.GetString(ea, -1, idc.ASCSTR_C)
if s:
slen = len(s)+1
idc.MakeUnknown(ea, slen, idc.DOUNK_SIMPLE)
idaapi.make_ascii_string(ea, slen, idc.ASCSTR_C)
return s, ea + slen
else:
return s, ea
示例5: get_type_info
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def get_type_info(ea):
tis = read_pointer(ea + get_address_size_in_bytes())
if is_invalid_ea(tis):
return idc.BADADDR
name = idc.GetString(tis)
if name == None or len(name) == 0:
return idc.BADADDR, name
ea2 = ea + 2*get_address_size_in_bytes()
return ea2, name
示例6: guessValues
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def guessValues(self, rawValue):
"""
Guess string values
"""
minLength = 5 # The minimal string length
value = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "ASCII C-String", raw_value)
value = idc.GetString(rawValue, strtype=idc.ASCSTR_UNICODE)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "Ascii Unicode String", raw_value)
value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_PASCAL)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "Ascii Pascal string", raw_value)
value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_LEN2)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "Ascii String (Len2)", raw_value)
value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_LEN4)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "Ascii String (Len4)", raw_value)
value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_ULEN2)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "Ascii String (ULen2)", raw_value)
value = idc.GetString(rawValue, strtype=idaapi.ASCSTR_ULEN4)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "Ascii String (ULen4)", raw_value)
示例7: guessValues
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def guessValues(self, rawValue):
"""
Guess string values
"""
minLength = 5
str_value = idc.DbgDword(rawValue+4)
if str_value is None:
return False
value = idc.GetString(str_value, strtype=idc.ASCSTR_C)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "std::basic_string", raw_value)
return True
if not value:
# If this is not an ASCII string, check for the string value at offset +0x04
tmp = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
if tmp:
return False
value = idc.GetString(rawValue+4, strtype=idc.ASCSTR_C)
if value and len(value) >= minLength:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "std::basic_string", raw_value)
return True
return False
示例8: parseValue
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def parseValue(self, rawValue):
"""
Parse the string value
@return:
"""
str_value = idc.DbgDword(rawValue+4)
if str_value is None:
return False
value = idc.GetString(str_value, strtype=idc.ASCSTR_C)
if value:
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "std::basic_string", raw_value)
return True
else:
# If this is not an ASCII string, check for the string value at offset +0x04
tmp = idc.GetString(rawValue, strtype=idc.ASCSTR_C)
if tmp:
return False
value = idc.GetString(rawValue+4, strtype=idc.ASCSTR_C)
value, raw_value = self.normalize_raw_value(value)
self.addParsedvalue(value, 1, "std::basic_string", raw_value)
return True
return False
示例9: _process_mod_init_func_for_metaclasses
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def _process_mod_init_func_for_metaclasses(func, found_metaclass):
"""Process a function from the __mod_init_func section for OSMetaClass information."""
_log(4, 'Processing function {}', idc.GetFunctionName(func))
def on_BL(addr, reg):
X0, X1, X3 = reg['X0'], reg['X1'], reg['X3']
if not (X0 and X1 and X3):
return
_log(5, 'Have call to {:#x}({:#x}, {:#x}, ?, {:#x})', addr, X0, X1, X3)
# OSMetaClass::OSMetaClass(this, className, superclass, classSize)
if not idc.SegName(X1).endswith("__TEXT.__cstring") or not idc.SegName(X0):
return
found_metaclass(X0, idc.GetString(X1), X3, reg['X2'] or None)
_emulate_arm64(func, idc.FindFuncEnd(func), on_BL=on_BL)
示例10: parse_prelink_info
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def parse_prelink_info():
"""Find and parse the kernel __PRELINK_INFO dictionary."""
segments = _find_prelink_info_segments()
for segment in segments:
prelink_info_string = idc.GetString(segment)
prelink_info = kplist.kplist_parse(prelink_info_string)
if prelink_info:
return prelink_info
_log(0, 'Could not find __PRELINK_INFO')
return None
示例11: __init__
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def __init__( self, xref, addr ):
type = idc.GetStringType(addr)
if type < 0 or type >= len(String.ASCSTR):
raise StringParsingException()
CALC_MAX_LEN = -1
string = str( idc.GetString(addr, CALC_MAX_LEN, type) )
self.xref = xref
self.addr = addr
self.type = type
self.string = string
示例12: fix_vxworks_idb
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def fix_vxworks_idb(load_address, vx_version, symbol_table_start, symbol_table_end):
current_image_base = idaapi.get_imagebase()
symbol_interval = 16
if vx_version == 6:
symbol_interval = 20
symbol_table_start += load_address
symbol_table_end += load_address
ea = symbol_table_start
shift_address = load_address - current_image_base
while shift_address >= 0x70000000:
idaapi.rebase_program(0x70000000, 0x0008)
shift_address -= 0x70000000
idaapi.rebase_program(shift_address, 0x0008)
while ea < symbol_table_end:
# for VxWorks 6 unknown symbol format
if idc.Byte(ea + symbol_table_end - 2) == 3:
ea += symbol_interval
continue
offset = 4
if idaapi.IDA_SDK_VERSION >= 700:
idc.create_strlit(idc.Dword(ea + offset), idc.BADADDR)
else:
idc.MakeStr(idc.Dword(ea + offset), idc.BADADDR)
sName = idc.GetString(idc.Dword(ea + offset), -1, idc.ASCSTR_C)
print("Found %s in symbol table" % sName)
if sName:
sName_dst = idc.Dword(ea + offset + 4)
if vx_version == 6:
sName_type = idc.Dword(ea + offset + 12)
else:
sName_type = idc.Dword(ea + offset + 8)
idc.MakeName(sName_dst, sName)
if sName_type in need_create_function:
# flags = idc.GetFlags(ea)
print("Start fix Function %s at %s" % (sName, hex(sName_dst)))
idc.MakeCode(sName_dst) # might not need
idc.MakeFunction(sName_dst, idc.BADADDR)
ea += symbol_interval
print("Fix function by symbol table finish.")
print("Start IDA auto analysis, depending on the size of the firmware this might take a few minutes.")
idaapi.autoWait()
示例13: yarasearch
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def yarasearch(self, memory, offsets, rules):
print(">>> start yara search")
values = list()
matches = rules.match(data=memory)
for match in matches:
for string in match.strings:
name = match.rule
if name.endswith("_API"):
try:
name = name + "_" + idc.GetString(self.toVirtualAddress(string[0], offsets))
except:
pass
value = [
self.toVirtualAddress(string[0], offsets),
match.namespace,
name + "_" + hex(self.toVirtualAddress(string[0], offsets)).lstrip("0x").rstrip("L").upper(),
string[1],
repr(string[2]),
]
idaapi.set_name(value[0], name
+ "_"
+ hex(self.toVirtualAddress(string[0], offsets)).lstrip("0x").rstrip("L").upper()
, 0)
values.append(value)
print("<<< end yara search")
return values
示例14: __init__
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def __init__(self,objc_class_va,segment_map,arch=ARCH_X86_64):
"""Create a new ObjcClass instance
Arguments:
objc_class_va {number} -- Virtual address of the Objective-C class to parse
segment_map {dictionary} -- A dictionary mapping segment names to a start/end virtual address tuple
Keyword Arguments:
arch {number} -- CPU architecture. Either ARCH_X86_64 or ARM64 (default: {ARCH_X86_64})
"""
self.arch=arch
self.segment_map=segment_map
class_ro_va=Qword(objc_class_va+self.OBJC2_CLASS_RO_OFFSET)
self.name_pointer=Qword(class_ro_va+self.OBJC2_CLASS_RO_NAME_OFFSET)
self.method_list=[]
if class_ro_va == BADADDR or class_ro_va==0:
self.class_ro_va=None
return
self.class_ro_va=class_ro_va
class_methods_va=Qword(class_ro_va+self.OBJC2_CLASS_RO_BASE_METHODS_OFFSET)
if class_methods_va == BADADDR or class_methods_va==0:
self.class_methods_va=None
return
self.class_methods_va=class_methods_va
Message("Class found at virtual address: 0x%x\n" % objc_class_va)
Message("Class name: %s\n" % GetString(self.name_pointer))
#Parse the method_list_t struct and build a list of methods
self.method_list=ObjcMethodList(class_methods_va,segment_map,arch=arch)
示例15: findGetProcAddress
# 需要导入模块: import idc [as 别名]
# 或者: from idc import GetString [as 别名]
def findGetProcAddress(cfunc):
class visitor(idaapi.ctree_visitor_t):
def __init__(self, cfunc):
idaapi.ctree_visitor_t.__init__(self, idaapi.CV_FAST)
self.cfunc = cfunc
def visit_expr(self, i):
if i.op == idaapi.cot_call:
# look for calls to GetProcAddress
if idc.Name(i.x.obj_ea) == "GetProcAddress":
# ASCSTR_C == 0
# Check to see if the second argument is a C string
if idc.GetStringType(i.a[1].obj_ea) == 0:
targetName = idc.GetString(i.a[1].obj_ea, -1, 0)
# Found function name
# Look for global assignment
parent = self.cfunc.body.find_parent_of(i)
if parent.op == idaapi.cot_cast:
# Ignore casts and look for the parent
parent = self.cfunc.body.find_parent_of(parent)
if parent.op == idaapi.cot_asg:
# We want to find the left hand side (x)
idc.MakeName(parent.cexpr.x.obj_ea, targetName + "_")
return 0
v = visitor(cfunc)
v.apply_to(cfunc.body, None)