当前位置: 首页>>代码示例>>Python>>正文


Python idc.get_reg_value方法代码示例

本文整理汇总了Python中idc.get_reg_value方法的典型用法代码示例。如果您正苦于以下问题:Python idc.get_reg_value方法的具体用法?Python idc.get_reg_value怎么用?Python idc.get_reg_value使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在idc的用法示例。


在下文中一共展示了idc.get_reg_value方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: get_native_function

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_native_function(self):

		ecx = idc.get_reg_value("ECX")
		esp = idc.get_reg_value("ESP")

		method_name = self.get_method_name(esp)
		
		if (idc.get_wide_byte(idc.get_wide_dword(ecx + 8) + 0x38) != 0):
			function = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x28)
		else:
			function = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x24)
		
		print("Resolved native function: 0x%x - %s" % (function, method_name))

		if ((method_name not in self.ignore and not self.ignore_all) or
			(method_name in self.debug_if_equals) or 
			(any(x for x in self.debug_if_contains if method_name is not None and x in method_name))):
			self.traced.append({"name": method_name, "ea": function, "type": "native", "hit": 0})
			idc.add_bpt(function) 
开发者ID:KasperskyLab,项目名称:ActionScript3,代码行数:21,代码来源:klfdb.py

示例2: get_interpreted_function

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_interpreted_function(self, eip):

		if (eip == self.addr["setInterp"]):
			
			esp = idc.get_reg_value("ESP")
			self.method_name = self.get_method_name(esp)
		
			self.is_interpreted_state = True
		
		elif (eip == self.addr["setInterpRet"] and self.is_interpreted_state):

			function = idc.get_reg_value("EAX")
			
			print("Resolved interpreted function: 0x%x - %s" % (function, self.method_name))
			
			if ((self.method_name not in self.ignore and not self.ignore_all) or
				(self.method_name in self.debug_if_equals) or 
				(any(x for x in self.debug_if_contains if self.method_name is not None and x in self.method_name))):
				self.traced.append({"name": self.method_name, "ea": function, "type": "interp", "hit": 0})
				idc.add_bpt(function)
		
			self.is_interpreted_state = False 
开发者ID:KasperskyLab,项目名称:ActionScript3,代码行数:24,代码来源:klfdb.py

示例3: modify_value

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def modify_value(self):
        reg = self.get_selected_reg()
        if not reg:
            return

        reg_val = idc.get_reg_value(reg)
        b = idaapi.ask_str("0x%X" % reg_val, 0, "Modify register value")
        if b is not None:
            try:
                value = int(idaapi.str2ea(b))
                idc.set_reg_value(value, reg)
                self.reload_info()

                if reg == dbg.registers.flags:
                    self.reload_flags_view()
            except:
                idaapi.warning("Invalid expression") 
开发者ID:danigargu,项目名称:deREferencing,代码行数:19,代码来源:registers.py

示例4: reload_info

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def reload_info(self):
        if not dbg.is_process_suspended():
            return False

        self.ClearLines()
        for flag in dbg.registers.flags:
            try:
                value = idc.get_reg_value(flag)
                result = None

                if self.flag_vals[flag] != value:
                    result = self.as_changed(str(value))
                    self.flag_vals[flag] = value
                else:
                    result = str(value)
                self.add_line('%-4s %s' % (flag, result))
            except:
                pass

        return True 
开发者ID:danigargu,项目名称:deREferencing,代码行数:22,代码来源:registers.py

示例5: get_reg

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_reg(self, name):
        return idc.get_reg_value(name) 
开发者ID:andreafioraldi,项目名称:IDAngr,代码行数:4,代码来源:ida_debugger.py

示例6: get_local_var_value_64

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_local_var_value_64(loc_var_name):
    frame = ida_frame.get_frame(idc.here())
    loc_var = ida_struct.get_member_by_name(frame, loc_var_name)
    loc_var_start = loc_var.soff
    loc_var_ea = loc_var_start + idc.get_reg_value("RSP")
    loc_var_value = idc.read_dbg_qword(loc_var_ea)  # in case the variable is 32bit, just use get_wide_dword() instead
    return loc_var_value 
开发者ID:0xgalz,项目名称:Virtuailor,代码行数:9,代码来源:vtableAddress.py

示例7: get_jit_function

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_jit_function(self):

		esp = idc.get_reg_value("ESP")

		method_name = self.get_method_name(esp)
		function = idc.get_wide_dword(esp + 8)

		method_id = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x20)
		abc_info_pos = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x1C)
		method_info = get_qword(abc_info_pos) + get_qword(abc_info_pos + 8)
		
		if (self.as3dump != []):

			method = next((x for x in self.as3dump if x["id"] == method_id), None)

			if (method is not None and method["info"] == method_info):
				method_name = method["name"]
				self.set_jit_info(method_id, function)

		print("Resolved jit function: 0x%x - %s" % (function, method_name))

		self.rename_addr(function, method_name)

		if ((method_name not in self.ignore and not self.ignore_all) or
			(method_name in self.debug_if_equals) or 
			(any(x for x in self.debug_if_contains if method_name is not None and x in method_name))):
			self.traced.append({"name": method_name, "ea": function, "type": "jit", "hit": 0})
			idc.add_bpt(function) 
开发者ID:KasperskyLab,项目名称:ActionScript3,代码行数:30,代码来源:klfdb.py

示例8: handler

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def handler(self, break_on_next = False):

		if (not self.init()):
			return False

		timeout = time.time() + self.timeout_seconds

		while(self.wait_event()):
		
			eip = idc.get_reg_value("EIP")
			
			if (eip == self.addr["verifyNative"]):
				self.get_native_function()
			
			elif (eip == self.addr["setJit"]):
				self.get_jit_function()
		
			elif (eip == self.addr["setInterp"] or eip == self.addr["setInterpRet"]):
				self.get_interpreted_function(eip)

			elif (eip == self.addr["writePrologue"] or eip == self.addr["hasReachableExceptionsRet"]):
				self.force_save_eip_generation(eip)

			elif (self.stop_execution(eip, break_on_next)):
				break

			if (time.time() > timeout):

				ret = ask_yn(-1, 'Timeout %d seconds. Would you like to continue execution?' % self.timeout_seconds)

				if (ret == 1):
					timeout = time.time() + self.timeout_seconds
				else:
					return False

		return True 
开发者ID:KasperskyLab,项目名称:ActionScript3,代码行数:38,代码来源:klfdb.py

示例9: reload_info

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def reload_info(self):
        if not dbg.is_process_suspended():
            return False

        base_addr = None
        if self.base_expr is None:
            base_addr = idc.get_reg_value(dbg.registers.stack)
        else:
            base_addr = idaapi.str2ea(self.base_expr)
            if base_addr == idc.BADADDR:
                idaapi.warning("Invalid base expr: %s" % self.base_expr)
                return False

            if not idaapi.is_loaded(base_addr):
                idaapi.warning("Memory address is not loaded: $#x" % base_addr)
                return False

        self.ClearLines()
        dbg.set_thread_info()

        try:
            segm_end = idc.get_segm_end(base_addr)
            n_entries = config.n_stack_entries or ((segm_end-base_addr) // dbg.ptr_size)

            for i in range(n_entries):
                offset = i * dbg.ptr_size
                ptr = base_addr + offset

                if not idaapi.is_loaded(ptr):
                    break

                value = dbg.get_ptr(ptr)
                self.add_line("%02d:%04X  %s" % (i, offset, self.parse_value(ptr)))

        except Exception as e:
            idaapi.warning(str(e))
            return False
        return True 
开发者ID:danigargu,项目名称:deREferencing,代码行数:40,代码来源:stack.py

示例10: colorize_register

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def colorize_register(self, reg):
        result = ''
        reduced = False

        try:
            reg_val = idc.get_reg_value(reg)
        except:
            return None, False

        label, changed = self.get_reg_label(reg, reg_val)
        chain = self.get_ptr_chain(reg_val)

        result += label + self.colorize_value(chain[0])

        if reg == dbg.registers.flagsr:
            return result, changed

        elif reg != dbg.registers.pc:
            vals = chain[1:]
            if len(vals) > config.max_deref_levels:
                vals = vals[:config.max_deref_levels]
                reduced = True

            result += ''.join([self.as_ptr(value) for value in vals])
            if reduced:
                result += self.as_arrow_string("[...]")

        result += self.get_value_info(chain[-1])
        if chain.limit_exceeded:
            result += self.as_arrow_string("[...]")

        return result, changed 
开发者ID:danigargu,项目名称:deREferencing,代码行数:34,代码来源:registers.py

示例11: dbg_process_start

# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def dbg_process_start(self, pid, tid, ea, name, base, size):

        self.mem_for_inline_hooks = 0
        self.virtualalloc = 0

        ntdll = DllHook('ntdll.dll')
        ntdll.add_func( FuncHook('ntdll_NtClose', NtClose_inline_hook_code_32, NtClose_bpt_cond_hook_code_32) )
        ntdll.add_func( FuncHook('ntdll_NtQueryInformationProcess', NtQueryInformationProcess_inline_hook_code_32, NtQueryInformationProcess_bpt_cond_hook_code_32) )

        self.dlls = [ntdll]


        # IDA creates a segment named "TIB[XXXXXXXX]", which points to
        # wow_peb64 antually. We can get peb from wow_peb64 with 0x1000 offset.
        #               peb_addr = wow_peb64_addr + 0x1000
        # Note: IDA has not created segment "TIB[XXXXXXXX]" at this point.

        # tid = get_current_thread()
        # tib_segm_name = "TIB[%08X]" % tid
        # print tib_segm_name
        # tib_segm = get_segm_by_name(tib_segm_name)
        # wow_peb64 = tib_segm.start_ea
        # peb = tib_segm.start_ea + 0x1000

        # on debugging start, ebx points to peb
        # get addrs of peb and wow_peb64
        ebx = idc.get_reg_value("ebx")
        peb = ebx
        wow_peb64 = peb - 0x1000

        # patch peb->BeingDebugged
        # solving peb->NtGlobalFlag and "Heap Magic" anti-debug method
        # at the same time.
        idc.patch_byte(peb + 2, 0)
        idc.patch_byte(wow_peb64 + 2, 0)


        # patching peb process paramters
        peb_process_parameters = idaapi.get_dword(peb + 0x10)
        flag = idaapi.get_dword(peb_process_parameters + 0x8)
        idc.patch_dword(peb_process_parameters + 0x8, flag | 0x4000)

        # patching peb64 process paramters
        peb64_process_parameters = idaapi.get_qword(wow_peb64 + 0x20)
        flag = idaapi.get_dword(peb64_process_parameters + 0x8)
        idc.patch_dword(peb64_process_parameters + 0x8, flag | 0x4000) 
开发者ID:iweizime,项目名称:DBGHider,代码行数:48,代码来源:DBGHider.py


注:本文中的idc.get_reg_value方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。