本文整理匯總了Python中idaapi.decode_insn方法的典型用法代碼示例。如果您正苦於以下問題:Python idaapi.decode_insn方法的具體用法?Python idaapi.decode_insn怎麽用?Python idaapi.decode_insn使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類idaapi的用法示例。
在下文中一共展示了idaapi.decode_insn方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: at
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import decode_insn [as 別名]
def at(ea):
'''Returns the ``idaapi.insn_t`` instance at the address `ea`.'''
ea = interface.address.inside(ea)
if not database.type.is_code(ea):
raise E.InvalidTypeOrValueError(u"{:s}.at({:#x}) : Unable to decode a non-instruction at specified address.".format(__name__, ea))
# If we're using backwards-compatiblity mode (which means decode_insn takes
# different parameters, then manage the result using idaapi.cmd
if hasattr(idaapi, 'cmd'):
length = idaapi.decode_insn(ea)
if idaapi.__version__ < 7.0:
return idaapi.cmd.copy()
tmp = idaapi.insn_t()
tmp.assign(idaapi.cmd)
return tmp
# Otherwise we can just use the API as we see fit
res = idaapi.insn_t()
length = idaapi.decode_insn(res, ea)
return res 示例2: DecodeInstruction
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import decode_insn [as 別名]
def DecodeInstruction(ea):
"""
Decodes an instruction and returns an insn_t like class
@param ea: address to decode
@return: None or a new insn_t instance
"""
inslen = idaapi.decode_insn(ea)
if inslen == 0:
return None
return idaapi.cmd.copy() 示例3: is_call
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import decode_insn [as 別名]
def is_call(cls, ea):
'''Returns true if the instruction at `ea` is a call.'''
ea = interface.address.inside(ea)
if idaapi.__version__ < 7.0 and hasattr(idaapi, 'is_call_insn'):
idaapi.decode_insn(ea)
return idaapi.is_call_insn(ea)
F = feature(ea)
return database.is_code(ea) and (feature(ea) & idaapi.CF_CALL == idaapi.CF_CALL) 示例4: hook
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import decode_insn [as 別名]
def hook(self, hook_addr = 0):
"""
Args:
hook_addr(int): address for inline hook code, 0 indicates bpt hook.
Returns:
memory size in bytes used for inline hook.
"""
self.hook_addr = hook_addr
self.func_addr = idc.get_name_ea_simple(self.name)
if self.func_addr == 0:
return 0
print("Hooking %s at 0x%x" % (self.name, self.func_addr))
if self.hook_addr == 0:
idc.add_bpt(self.func_addr)
idc.set_bpt_cond(self.func_addr, self.bpt_cond_hook_code)
return 0
else:
# assemble jmp code
jmp_code = "jmp 0x%x" % self.hook_addr
jmp_buf, _ = assemble(jmp_code, self.func_addr)
# read function prologue according to jmp code length
# NOTE: instructions like 'call $+5' in prologue will
# cause problems.
insn = idaapi.insn_t()
move_length = 0
while move_length < len(jmp_buf):
idaapi.decode_insn(insn, self.func_addr + move_length)
move_length += insn.size
prologue = idaapi.get_bytes(self.func_addr, move_length)
# write jmp code
idaapi.patch_bytes(self.func_addr, jmp_buf)
# assmble hook code
hook_buf, _ = assemble(self.inline_hook_code, self.hook_addr)
hook_buf += prologue
jmp_back_code = 'jmp 0x%x' % (self.func_addr + move_length)
jmp_back_buf, _ = assemble(jmp_back_code, self.hook_addr + len(hook_buf))
hook_buf += jmp_back_buf
# wirte hook code
idaapi.patch_bytes(self.hook_addr, hook_buf)
return len(hook_buf) 示例5: graph_down
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import decode_insn [as 別名]
def graph_down(ea, path=set()):
"""
Recursively collect all function calls.
Copied with minor modifications from
http://hooked-on-mnemonics.blogspot.com/2012/07/renaming-subroutine-blocks-and.html
"""
path.add(ea)
#
# extract all the call instructions from the current function
#
call_instructions = []
instruction_info = idaapi.insn_t()
for address in idautils.FuncItems(ea):
# decode the instruction
if not idaapi.decode_insn(instruction_info, address):
continue
# check if this instruction is a call
if not idaapi.is_call_insn(instruction_info):
continue
# save this address as a call instruction
call_instructions.append(address)
#
# iterate through all the instructions in the target function (ea) and
# inspect all the call instructions
#
for x in call_instructions:
# TODO
for r in idautils.XrefsFrom(x, idaapi.XREF_FAR):
#print(0x%08X" % h, "--calls-->", "0x%08X" % r.to)
if not r.iscode:
continue
# get the function pointed at by this call
func = idaapi.get_func(r.to)
if not func:
continue
# ignore calls to imports / library calls / thunks
if (func.flags & (idaapi.FUNC_THUNK | idaapi.FUNC_LIB)) != 0:
continue
#
# if we have not traversed to the destination function that this
# call references, recurse down to it to continue our traversal
#
if r.to not in path:
graph_down(r.to, path)
return path