本文整理汇总了Python中idc.get_reg_value方法的典型用法代码示例。如果您正苦于以下问题:Python idc.get_reg_value方法的具体用法?Python idc.get_reg_value怎么用?Python idc.get_reg_value使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类idc
的用法示例。
在下文中一共展示了idc.get_reg_value方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_native_function
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_native_function(self):
ecx = idc.get_reg_value("ECX")
esp = idc.get_reg_value("ESP")
method_name = self.get_method_name(esp)
if (idc.get_wide_byte(idc.get_wide_dword(ecx + 8) + 0x38) != 0):
function = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x28)
else:
function = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x24)
print("Resolved native function: 0x%x - %s" % (function, method_name))
if ((method_name not in self.ignore and not self.ignore_all) or
(method_name in self.debug_if_equals) or
(any(x for x in self.debug_if_contains if method_name is not None and x in method_name))):
self.traced.append({"name": method_name, "ea": function, "type": "native", "hit": 0})
idc.add_bpt(function)
示例2: get_interpreted_function
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_interpreted_function(self, eip):
if (eip == self.addr["setInterp"]):
esp = idc.get_reg_value("ESP")
self.method_name = self.get_method_name(esp)
self.is_interpreted_state = True
elif (eip == self.addr["setInterpRet"] and self.is_interpreted_state):
function = idc.get_reg_value("EAX")
print("Resolved interpreted function: 0x%x - %s" % (function, self.method_name))
if ((self.method_name not in self.ignore and not self.ignore_all) or
(self.method_name in self.debug_if_equals) or
(any(x for x in self.debug_if_contains if self.method_name is not None and x in self.method_name))):
self.traced.append({"name": self.method_name, "ea": function, "type": "interp", "hit": 0})
idc.add_bpt(function)
self.is_interpreted_state = False
示例3: modify_value
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def modify_value(self):
reg = self.get_selected_reg()
if not reg:
return
reg_val = idc.get_reg_value(reg)
b = idaapi.ask_str("0x%X" % reg_val, 0, "Modify register value")
if b is not None:
try:
value = int(idaapi.str2ea(b))
idc.set_reg_value(value, reg)
self.reload_info()
if reg == dbg.registers.flags:
self.reload_flags_view()
except:
idaapi.warning("Invalid expression")
示例4: reload_info
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def reload_info(self):
if not dbg.is_process_suspended():
return False
self.ClearLines()
for flag in dbg.registers.flags:
try:
value = idc.get_reg_value(flag)
result = None
if self.flag_vals[flag] != value:
result = self.as_changed(str(value))
self.flag_vals[flag] = value
else:
result = str(value)
self.add_line('%-4s %s' % (flag, result))
except:
pass
return True
示例5: get_reg
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_reg(self, name):
return idc.get_reg_value(name)
示例6: get_local_var_value_64
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_local_var_value_64(loc_var_name):
frame = ida_frame.get_frame(idc.here())
loc_var = ida_struct.get_member_by_name(frame, loc_var_name)
loc_var_start = loc_var.soff
loc_var_ea = loc_var_start + idc.get_reg_value("RSP")
loc_var_value = idc.read_dbg_qword(loc_var_ea) # in case the variable is 32bit, just use get_wide_dword() instead
return loc_var_value
示例7: get_jit_function
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def get_jit_function(self):
esp = idc.get_reg_value("ESP")
method_name = self.get_method_name(esp)
function = idc.get_wide_dword(esp + 8)
method_id = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x20)
abc_info_pos = idc.get_wide_dword(idc.get_wide_dword(esp + 4) + 0x1C)
method_info = get_qword(abc_info_pos) + get_qword(abc_info_pos + 8)
if (self.as3dump != []):
method = next((x for x in self.as3dump if x["id"] == method_id), None)
if (method is not None and method["info"] == method_info):
method_name = method["name"]
self.set_jit_info(method_id, function)
print("Resolved jit function: 0x%x - %s" % (function, method_name))
self.rename_addr(function, method_name)
if ((method_name not in self.ignore and not self.ignore_all) or
(method_name in self.debug_if_equals) or
(any(x for x in self.debug_if_contains if method_name is not None and x in method_name))):
self.traced.append({"name": method_name, "ea": function, "type": "jit", "hit": 0})
idc.add_bpt(function)
示例8: handler
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def handler(self, break_on_next = False):
if (not self.init()):
return False
timeout = time.time() + self.timeout_seconds
while(self.wait_event()):
eip = idc.get_reg_value("EIP")
if (eip == self.addr["verifyNative"]):
self.get_native_function()
elif (eip == self.addr["setJit"]):
self.get_jit_function()
elif (eip == self.addr["setInterp"] or eip == self.addr["setInterpRet"]):
self.get_interpreted_function(eip)
elif (eip == self.addr["writePrologue"] or eip == self.addr["hasReachableExceptionsRet"]):
self.force_save_eip_generation(eip)
elif (self.stop_execution(eip, break_on_next)):
break
if (time.time() > timeout):
ret = ask_yn(-1, 'Timeout %d seconds. Would you like to continue execution?' % self.timeout_seconds)
if (ret == 1):
timeout = time.time() + self.timeout_seconds
else:
return False
return True
示例9: reload_info
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def reload_info(self):
if not dbg.is_process_suspended():
return False
base_addr = None
if self.base_expr is None:
base_addr = idc.get_reg_value(dbg.registers.stack)
else:
base_addr = idaapi.str2ea(self.base_expr)
if base_addr == idc.BADADDR:
idaapi.warning("Invalid base expr: %s" % self.base_expr)
return False
if not idaapi.is_loaded(base_addr):
idaapi.warning("Memory address is not loaded: $#x" % base_addr)
return False
self.ClearLines()
dbg.set_thread_info()
try:
segm_end = idc.get_segm_end(base_addr)
n_entries = config.n_stack_entries or ((segm_end-base_addr) // dbg.ptr_size)
for i in range(n_entries):
offset = i * dbg.ptr_size
ptr = base_addr + offset
if not idaapi.is_loaded(ptr):
break
value = dbg.get_ptr(ptr)
self.add_line("%02d:%04X %s" % (i, offset, self.parse_value(ptr)))
except Exception as e:
idaapi.warning(str(e))
return False
return True
示例10: colorize_register
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def colorize_register(self, reg):
result = ''
reduced = False
try:
reg_val = idc.get_reg_value(reg)
except:
return None, False
label, changed = self.get_reg_label(reg, reg_val)
chain = self.get_ptr_chain(reg_val)
result += label + self.colorize_value(chain[0])
if reg == dbg.registers.flagsr:
return result, changed
elif reg != dbg.registers.pc:
vals = chain[1:]
if len(vals) > config.max_deref_levels:
vals = vals[:config.max_deref_levels]
reduced = True
result += ''.join([self.as_ptr(value) for value in vals])
if reduced:
result += self.as_arrow_string("[...]")
result += self.get_value_info(chain[-1])
if chain.limit_exceeded:
result += self.as_arrow_string("[...]")
return result, changed
示例11: dbg_process_start
# 需要导入模块: import idc [as 别名]
# 或者: from idc import get_reg_value [as 别名]
def dbg_process_start(self, pid, tid, ea, name, base, size):
self.mem_for_inline_hooks = 0
self.virtualalloc = 0
ntdll = DllHook('ntdll.dll')
ntdll.add_func( FuncHook('ntdll_NtClose', NtClose_inline_hook_code_32, NtClose_bpt_cond_hook_code_32) )
ntdll.add_func( FuncHook('ntdll_NtQueryInformationProcess', NtQueryInformationProcess_inline_hook_code_32, NtQueryInformationProcess_bpt_cond_hook_code_32) )
self.dlls = [ntdll]
# IDA creates a segment named "TIB[XXXXXXXX]", which points to
# wow_peb64 antually. We can get peb from wow_peb64 with 0x1000 offset.
# peb_addr = wow_peb64_addr + 0x1000
# Note: IDA has not created segment "TIB[XXXXXXXX]" at this point.
# tid = get_current_thread()
# tib_segm_name = "TIB[%08X]" % tid
# print tib_segm_name
# tib_segm = get_segm_by_name(tib_segm_name)
# wow_peb64 = tib_segm.start_ea
# peb = tib_segm.start_ea + 0x1000
# on debugging start, ebx points to peb
# get addrs of peb and wow_peb64
ebx = idc.get_reg_value("ebx")
peb = ebx
wow_peb64 = peb - 0x1000
# patch peb->BeingDebugged
# solving peb->NtGlobalFlag and "Heap Magic" anti-debug method
# at the same time.
idc.patch_byte(peb + 2, 0)
idc.patch_byte(wow_peb64 + 2, 0)
# patching peb process paramters
peb_process_parameters = idaapi.get_dword(peb + 0x10)
flag = idaapi.get_dword(peb_process_parameters + 0x8)
idc.patch_dword(peb_process_parameters + 0x8, flag | 0x4000)
# patching peb64 process paramters
peb64_process_parameters = idaapi.get_qword(wow_peb64 + 0x20)
flag = idaapi.get_dword(peb64_process_parameters + 0x8)
idc.patch_dword(peb64_process_parameters + 0x8, flag | 0x4000)