当前位置: 首页>>代码示例>>Python>>正文


Python idc.get_item_size方法代码示例

本文整理汇总了Python中idc.get_item_size方法的典型用法代码示例。如果您正苦于以下问题:Python idc.get_item_size方法的具体用法?Python idc.get_item_size怎么用?Python idc.get_item_size使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idc的用法示例。


在下文中一共展示了idc.get_item_size方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: get_data_value

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def get_data_value(self, addr):
        """
        Returns the data item value at an address based on its size.

        Args:
            addr: Integer representing a program address.
        """
        size = idc.get_item_size(addr) * self.cbsize
        if size == 1:
            return ida_bytes.get_byte(addr)
        if size == 2:
            return ida_bytes.get_16bit(addr)
        if size == 4:
            return ida_bytes.get_32bit(addr)
        if size == 8:
            return ida_bytes.get_64bit(addr)
        return 0 
开发者ID:Cisco-Talos,项目名称:GhIDA,代码行数:19,代码来源:idaxml.py

示例2: import_codeblock

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def import_codeblock(self, code_block):
        """
        Processes a CODE_BLOCK element by disassembling the address range.

        Args:
            code_block: XML element containing codeblock start and end
                addresses.
        """
        if self.options.CodeBlocks.checked == False:
            return
        start = self.get_address(code_block, START)
        end = self.get_address(code_block, END)
        ida_bytes.del_items(start, 3, end - start + 1)
        addr = start
        while (addr <= end):
            length = ida_ua.create_insn(addr)
            addr += ida_bytes.get_item_size(addr) * self.get_cbsize()
        self.update_counter(CODE_BLOCK) 
开发者ID:Cisco-Talos,项目名称:GhIDA,代码行数:20,代码来源:idaxml.py

示例3: _stop_looking_for_xrefs

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def _stop_looking_for_xrefs(ea):
  """This is a heuristic to decide whether or not we should stop looking for
  cross-references. It is relevant to IDA structs, where IDA will treat structs
  and everything in them as one single 'thing', and so all xrefs embedded within
  a struct will actually be associated with the first EA of the struct. So
  if we're in a struct or something like it, and the item size is bigger than
  the address size, then we will assume it's actually in a struct."""
  
  if is_external_segment(ea):
    return False

  if is_code(ea):
    return False

  addr_size = get_address_size_in_bytes()
  item_size = idc.get_item_size(ea)
  return item_size > addr_size 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:19,代码来源:util.py

示例4: recover_external_variables

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def recover_external_variables(M):
  """Reover the named external variables (e.g. `stdout`) that are referenced
  within this binary."""
  global EXTERNAL_VARS_TO_RECOVER, WEAK_SYMS

  for ea, name in EXTERNAL_VARS_TO_RECOVER.items():
    EV = M.external_vars.add()
    EV.ea = ea
    EV.name = name.format('utf-8')
    EV.is_weak = idaapi.is_weak_name(ea) or (name in WEAK_SYMS)
    EV.is_thread_local = is_tls(ea)
    if name in EMAP_DATA:
      EV.size = EMAP_DATA[name]
    else:
      EV.size = idc.get_item_size(ea)
    if EV.is_thread_local:
      DEBUG("Recovering extern TLS variable {} at {:x} [size: {}]".format(name, ea, EV.size))
    else:
      DEBUG("Recovering extern variable {} at {:x} [size: {}]".format(name, ea, EV.size)) 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:21,代码来源:get_cfg.py

示例5: get_stack_vars

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def get_stack_vars(self, start, end):

		stackvars = {}
	
		ea = start
		while (ea < end):
	
			if ("ebp" in idc.print_operand(ea, 0) and idc.get_operand_type(ea, 1) == idc.o_imm):
	
				op0 = idc.get_operand_value(ea, 0)
				op1 = idc.get_operand_value(ea, 1)
	
				if (op0 in stackvars):
					stackvars[op0]["values"].append(op1)
				else:
					stackvars[op0] = {"values": [], "hits": 0}
	
			ea += idc.get_item_size(ea)

		return stackvars 
开发者ID:KasperskyLab,项目名称:ActionScript3,代码行数:22,代码来源:klfdb.py

示例6: make_array

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def make_array(ea, size):
  if ea != idc.BADADDR and ea != 0:
    flags = idc.get_full_flags(ea)
    if not idc.isByte(flags) or idc.get_item_size(ea) != 1:
      idc.del_items(ea, idc.DOUNK_SIMPLE, 1)
      idc.MakeByte(ea)
    idc.MakeArray(ea, size) 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:9,代码来源:exception.py

示例7: recover_region

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def recover_region(M, region_name, region_ea, region_end_ea, exported_vars):
  """Recover the data and cross-references from a segment. The data of a
  segment is stored verbatim within the protobuf, and accompanied by a
  series of variable and cross-reference entries."""

  seg_name = idc.get_segm_name(region_ea)

  DEBUG("Recovering region {} [{:x}, {:x}) in segment {}".format(
      region_name, region_ea, region_end_ea, seg_name))

  seg = idaapi.getseg(region_ea)

  # An item spans two regions. This may mean that there's a reference into
  # the middle of an item. This happens with strings.
  item_size = idc.get_item_size(region_end_ea - 1)
  if 1 < item_size:
    DEBUG("  ERROR: Segment should probably include {} more bytes".format(
        item_size - 1))

  S = M.segments.add()
  S.ea = region_ea
  S.data = read_bytes_slowly(region_ea, region_end_ea)
  S.read_only = (seg.perm & idaapi.SEGPERM_WRITE) == 0
  S.is_external = is_external_segment_by_flags(region_ea)
  S.is_thread_local = is_tls_segment(region_ea)
  S.name = seg_name.format('utf-8')
  S.is_exported = region_ea in exported_vars

  if region_name != seg_name:
    S.variable_name = region_name.format('utf-8')

  DEBUG_PUSH()
  recover_region_cross_references(M, S, region_ea, region_end_ea)
  recover_region_variables(M, S, region_ea, region_end_ea, exported_vars)
  DEBUG_POP() 
开发者ID:lifting-bits,项目名称:mcsema,代码行数:37,代码来源:get_cfg.py

示例8: finish_populating_widget_popup

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def finish_populating_widget_popup(self, form, popup):
        form_type = idaapi.get_widget_type(form)

        if form_type == idaapi.BWN_DISASM or form_type == idaapi.BWN_DUMP:
            t0, t1, view = idaapi.twinpos_t(), idaapi.twinpos_t(), idaapi.get_current_viewer()
            if idaapi.read_selection(view, t0, t1) or idc.get_item_size(idc.get_screen_ea()) > 1:
                idaapi.attach_action_to_popup(form, popup, ACTION_XORDATA, None)
                idaapi.attach_action_to_popup(form, popup, ACTION_FILLNOP, None)
                for action in ACTION_CONVERT:
                    idaapi.attach_action_to_popup(form, popup, action, "Convert/")

        if form_type == idaapi.BWN_DISASM and (ARCH, BITS) in [(idaapi.PLFM_386, 32),
                                                               (idaapi.PLFM_386, 64),
                                                               (idaapi.PLFM_ARM, 32),]:
            idaapi.attach_action_to_popup(form, popup, ACTION_SCANVUL, None) 
开发者ID:L4ys,项目名称:LazyIDA,代码行数:17,代码来源:LazyIDA.py

示例9: get_func_end

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def get_func_end(self, start):

		if (idc.add_func(start)):
			return idc.find_func_end(start)

		ea = start
		while (idc.get_wide_byte(ea) != 0xCC):
			idc.create_insn(ea)
			ea += idc.get_item_size(ea)

			if (ea - start > self.jit_max_size):
				return 0

		return ea 
开发者ID:KasperskyLab,项目名称:ActionScript3,代码行数:16,代码来源:klfdb.py

示例10: set_jit_info

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def set_jit_info(self, method_id, start):

		end = self.get_func_end(start)

		if (end < start or end - start > self.jit_max_size):
			return

		method = next((x for x in self.as3dump if x["id"] == method_id), None)

		if (method is None):
			return

		stackvars = self.get_stack_vars(start, end)
		save_eip = self.get_save_eip(method, stackvars)

		ea = start
		while (ea < end):
	
			if ("ebp" in idc.print_operand(ea, 0) and idc.get_operand_type(ea, 1) == idc.o_imm):
	
				op0 = idc.get_operand_value(ea, 0)
				op1 = idc.get_operand_value(ea, 1)
	
				if (op0 == save_eip):
					idc.set_cmt(ea, method["instructions"][op1], 0)
		
			ea += idc.get_item_size(ea) 
开发者ID:KasperskyLab,项目名称:ActionScript3,代码行数:29,代码来源:klfdb.py

示例11: _unpatchCalls

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def _unpatchCalls(self, grafted_segs):
        def do_unpatch_call(va_callsite):
            size = idc.get_item_size(va_callsite)
            ida_xref.del_cref(va_callsite, fva_stub, 0)
            cmt = idc.get_cmt(va_callsite, 0)

            newcmt = cmt

            # Remove automated comments
            if newcmt.startswith(g_patched_call_cmt):
                newcmt = newcmt[newcmt.find('\n') + 1:]
                if newcmt.find('\n') == -1:
                    newcmt = ''
                else:
                    newcmt = newcmt[newcmt.find('\n') + 1:]
                if newcmt.startswith(g_cmt_pointed):
                    if newcmt.find('\n') == -1:
                        newcmt = ''
                    else:
                        newcmt = newcmt[newcmt.find('\n') + 1:]

            if newcmt != cmt:
                idc.set_cmt(va_callsite, newcmt, 0)

            if idc.get_operand_type(va_callsite, 0) == ida_ua.o_mem:
                patch_import(va_callsite, idc.BADADDR)
            elif idc.get_operand_type(va_callsite, 0) == ida_ua.o_reg:
                va_imp = self._get_imp_for_register_call(va_callsite)
                if va_imp:
                    patch_pointer_width(va_imp, idc.BADADDR)
            else:
                revert_patch(va_callsite, size)

        for fva_stub in idautils.Functions():
            for seg in grafted_segs:
                if fva_stub in seg:
                    mykutils.for_each_call_to(do_unpatch_call, fva_stub) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:39,代码来源:code_grafter.py

示例12: get_opcodes

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def get_opcodes(addr, strict):
    """Get current bytes of the instruction pointed at addr.

    Args:
      addr: address of the current instruction
      strict: be more restrictive when applying wildcards (True) or not (False)

    Returns:
      String: hex-encoded representation of the bytes obtained at addr
    """

    if strict:
      offsets_types = {idaapi.o_far, idaapi.o_mem, idaapi.o_imm}
    else:
      offsets_types = {idaapi.o_far, idaapi.o_mem}

    pattern = ''
    mnem = idautils.DecodeInstruction(addr)

    if mnem is not None:
      op1_type = mnem.Op1.type
      op2_type = mnem.Op2.type

      logging.debug(
          '[VTGREP] Instruction: %s  [%d, %d, %d]',
          idc.generate_disasm_line(addr, 0),
          mnem.itype,
          op1_type,
          op2_type
          )

      inst_len = idc.get_item_size(addr)
      drefs = [x for x in idautils.DataRefsFrom(addr)]

      # Checks if any operand constains a memory address
      if (drefs and
          ((op1_type == idaapi.o_imm) or (op2_type == idaapi.o_imm)) or
          op1_type in offsets_types or op2_type in offsets_types):
        pattern = Disassembler.wildcard_instruction(addr)
      # Checks if the instruction is a CALL (near or far) or
      # if it's a JMP (excluding near jumps)
      else:
        if ((mnem.itype == idaapi.NN_call) or
            (mnem.itype == idaapi.NN_jmp and op1_type != idaapi.o_near)):
          pattern = Disassembler.wildcard_instruction(addr)
        # In any other case, concatenate the raw bytes to the current string
        else:
          pattern = binascii.hexlify(idc.get_bytes(addr, inst_len))
          pattern = pattern.decode('utf-8')
      return pattern
    else: return 0 
开发者ID:VirusTotal,项目名称:vt-ida-plugin,代码行数:53,代码来源:disassembler.py

示例13: export_data

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def export_data(self):
        """
        Exports the data items in the database as <DEFINED_DATA> elements.
        """
        addr = self.min_ea
        if idc.is_data(idc.get_full_flags(addr)) == False:
            addr = ida_bytes.next_that(addr, self.max_ea, idc.is_data)
        if (addr == BADADDR):
            return
        timer = time.clock()
        self.update_status(DATA)
        self.start_element(DATA, True)
        while (addr != BADADDR):
            f = idc.get_full_flags(addr)
            if ida_bytes.is_align(f) == True:
                addr = ida_bytes.next_that(addr, self.max_ea, idc.is_data)
                continue
            dtype = self.get_datatype(addr)
            size = idc.get_item_size(addr)
            ti = ida_nalt.opinfo_t()
            msize = ida_bytes.get_data_elsize(addr, f, ti)
            if ida_bytes.is_struct(f) == True:
                s = idc.get_struc_id(dtype)
                msize = idc.get_struc_size(s)
                if msize == 0:
                    msize = 1
            if idc.is_strlit(f) == False and size != msize:
                dtype = "%s[%d]" % (dtype, size / msize)
            self.start_element(DEFINED_DATA)
            self.write_address_attribute(ADDRESS, addr)
            self.write_attribute(DATATYPE, dtype)
            self.write_numeric_attribute(SIZE, size * self.cbsize)
            # TODO consider using GetTrueNameEx and Demangle
            demangled = ida_name.get_demangled_name(addr,
                                                    DEMANGLED_TYPEINFO, self.inf.demnames, idc.GN_STRICT)
            outbuf = ''
            # TODO: How to handle print_type for data mangled names?
            #outbuf = idaapi.print_type(addr, False)
            if demangled == "'string'":
                demangled == None
            has_typeinfo = ((demangled != None and len(demangled) > 0) or
                            (outbuf != None and len(outbuf) > 0))
            # TODO export_data: add DISPLAY_SETTINGS
            self.close_tag(has_typeinfo)
            if has_typeinfo == True:
                if demangled != None and len(demangled) > 0:
                    self.export_typeinfo_cmt(demangled)
                elif len(outbuf) > 0:
                    self.export_typeinfo_cmt(outbuf)
                self.end_element(DEFINED_DATA)
            addr = ida_bytes.next_that(addr, self.max_ea, idc.is_data)
        self.end_element(DATA)
        self.display_cpu_time(timer) 
开发者ID:Cisco-Talos,项目名称:GhIDA,代码行数:55,代码来源:idaxml.py

示例14: _emit_fnbytes

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def _emit_fnbytes(emit_instr_cb, header, footer, indent, fva=None, warn=True):
    """Emit function bytes in a format defined by the callback and
    headers/footers provided.

    Warns if any instruction operands are not consistent with
    position-independent code, in which case the user may need to templatize
    the position-dependent portions.
    """
    fva = fva or idc.here()
    fva = idc.get_func_attr(fva, idc.FUNCATTR_START)
    va_end = idc.get_func_attr(fva, idc.FUNCATTR_END)

    # Operand types observed in position-independent code:
    optypes_position_independent = set([
        ida_ua.o_reg,       # 1: General Register (al,ax,es,ds...)
        ida_ua.o_phrase,    # 3: Base + Index
        ida_ua.o_displ,     # 4: Base + Index + Displacement
        ida_ua.o_imm,       # 5: Immediate
        ida_ua.o_near,      # 7: Immediate Near Address
    ])

    # Notably missing because I want to note and handle these if/as they are
    # encountered:
    # ida_ua.o_idpspec0 = 8: FPP register
    # ida_ua.o_idpspec1 = 9: 386 control register
    # ida_ua.o_idpspec2 = 10: 386 debug register
    # ida_ua.o_idpspec3 = 11: 386 trace register

    va = fva
    nm = idc.get_name(fva)
    optypes_found = set()
    s = header.format(name=nm)
    while va not in (va_end, idc.BADADDR):
        size = idc.get_item_size(va)
        the_bytes = idc.get_bytes(va, size)

        for i in range(0, 8):
            optype = idc.get_operand_type(va, i)
            if optype:
                optypes_found.add(optype)

        s += indent + emit_instr_cb(va, the_bytes, size)
        va = idc.next_head(va)
    s += footer

    position_dependent = optypes_found - optypes_position_independent
    if position_dependent:
        msg = ('This code may have position-dependent operands (optype %s)' %
               (', '.join([str(o) for o in position_dependent])))
        if warn:
            Warning(msg)
        else:
            logger.warn(msg)

    return s 
开发者ID:fireeye,项目名称:flare-ida,代码行数:57,代码来源:mykutils.py

示例15: _patchCalls

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_item_size [as 别名]
def _patchCalls(self):
        def do_patch_call(va):
            retval = False
            stub_loc = idc.get_name_ea_simple(self._stubname(nm))

            # Preserve original disassembly and format new comment
            old_target = idc.print_operand(va, 0)
            orig_cmt = idc.get_cmt(va, 0) or ''
            new_cmt = '%s\n\t%s' % (g_patched_call_cmt, idc.GetDisasm(va))

            if idc.get_operand_type(va, 0) == ida_ua.o_mem:
                retval = patch_import(va, self._stubname(nm))
                new_cmt += '\n%s %s to %s)' % (g_cmt_pointed, old_target,
                                               self._stubname(nm))
            elif idc.get_operand_type(va, 0) == ida_ua.o_reg:
                va_imp = self._get_imp_for_register_call(va, nm)
                if va_imp:
                    patch_pointer_width(va_imp, stub_loc)
                    retval = True
                else:
                    logger.warn('Could not find import to patch call at %s' %
                                (phex(va)))

            else:  # Usually optype 7 otherwise
                # Won't work if displacement exceeds 32-bit operand size
                call_offset_loc = va + idc.get_item_size(va)
                if abs(call_offset_loc - stub_loc) > 0x100000000:
                    msg = ('Call site at %s too far from %s (%s)' %
                           (phex(va), self._stubname(nm), phex(stub_loc)))
                    raise CodeGraftingDisplacementError(msg)
                retval = patch_call(va, self._stubname(nm))

            if retval:
                if orig_cmt:
                    new_cmt += '\n%s' % (orig_cmt)
                idc.set_cmt(va, new_cmt, 0)
                ida_xref.add_cref(va, stub_loc, ida_xref.fl_CN)

            return retval

        for names in self._emu_stubs.keys():
            for nm in names:
                va = idc.get_name_ea_simple(nm)
                mykutils.for_each_call_to(do_patch_call, va)

        for nm, aliases in g_allocators_aliases.items():
            for alias in aliases:
                # do_patch_call closure will turn <nm> into stub_<nm>
                mykutils.for_each_call_to(do_patch_call,
                                          idc.get_name_ea_simple(alias)) 
开发者ID:fireeye,项目名称:flare-ida,代码行数:52,代码来源:code_grafter.py


注:本文中的idc.get_item_size方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。