當前位置: 首頁>>代碼示例>>Python>>正文


Python idaapi.dt_qword方法代碼示例

本文整理匯總了Python中idaapi.dt_qword方法的典型用法代碼示例。如果您正苦於以下問題:Python idaapi.dt_qword方法的具體用法?Python idaapi.dt_qword怎麽用?Python idaapi.dt_qword使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在idaapi的用法示例。


在下文中一共展示了idaapi.dt_qword方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: by_indextype

# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import dt_qword [as 別名]
def by_indextype(self, index, dtype):
        """Lookup a register according to its `index` and `dtype`.

        Some examples of dtypes: idaapi.dt_byte, idaapi.dt_word, idaapi.dt_dword, idaapi.dt_qword
        """
        res = idaapi.ph.regnames[index]
        name = self.__cache__[res, dtype]
        return getattr(self.__register__, name) 
開發者ID:arizvisa,項目名稱:ida-minsc,代碼行數:10,代碼來源:_interface.py

示例2: dt_to_width

# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import dt_qword [as 別名]
def dt_to_width(self, dt):
        '''
        returns OOFW_xxx flag given a dt_xxx
        '''
        return {
            idaapi.dt_byte:  idaapi.OOFW_8,
            idaapi.dt_word:  idaapi.OOFW_16,
            idaapi.dt_dword: idaapi.OOFW_32,
            idaapi.dt_qword: idaapi.OOFW_64,
        }[dt] 
開發者ID:fireeye,項目名稱:idawasm,代碼行數:12,代碼來源:processor.py

示例3: _emulate_arm64

# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import dt_qword [as 別名]
def _emulate_arm64(start, end, on_BL=None, on_RET=None):
    """A very basic partial Arm64 emulator that does just enough to find OSMetaClass
    information."""
    # Super basic emulation.
    reg = _Regs()
    def load(addr, dtyp):
        if not addr:
            return None
        if dtyp == idaapi.dt_qword:
            size = 8
        elif dtyp == idaapi.dt_dword:
            size = 4
        else:
            return None
        return idau.read_word(addr, size)
    def cleartemps():
        for t in ['X{}'.format(i) for i in range(0, 19)]:
            reg.clear(t)
    for insn in idau.Instructions(start, end):
        _log(11, 'Processing instruction {:#x}', insn.ea)
        mnem = insn.get_canon_mnem()
        if mnem == 'ADRP' or mnem == 'ADR':
            reg[insn.Op1.reg] = insn.Op2.value
        elif mnem == 'ADD' and insn.Op2.type == idc.o_reg and insn.Op3.type == idc.o_imm:
            reg[insn.Op1.reg] = reg[insn.Op2.reg] + insn.Op3.value
        elif mnem == 'NOP':
            pass
        elif mnem == 'MOV' and insn.Op2.type == idc.o_imm:
            reg[insn.Op1.reg] = insn.Op2.value
        elif mnem == 'MOV' and insn.Op2.type == idc.o_reg:
            reg[insn.Op1.reg] = reg[insn.Op2.reg]
        elif mnem == 'RET':
            if on_RET:
                on_RET(reg)
            break
        elif (mnem == 'STP' or mnem == 'LDP') and insn.Op3.type == idc.o_displ:
            if insn.auxpref & _MEMOP_WBINDEX:
                reg[insn.Op3.reg] = reg[insn.Op3.reg] + insn.Op3.addr
            if mnem == 'LDP':
                reg.clear(insn.Op1.reg)
                reg.clear(insn.Op2.reg)
        elif (mnem == 'STR' or mnem == 'LDR') and not insn.auxpref & _MEMOP_WBINDEX:
            if mnem == 'LDR':
                if insn.Op2.type == idc.o_displ:
                    reg[insn.Op1.reg] = load(reg[insn.Op2.reg] + insn.Op2.addr, insn.Op1.dtyp)
                else:
                    reg.clear(insn.Op1.reg)
        elif mnem == 'BL' and insn.Op1.type == idc.o_near:
            if on_BL:
                on_BL(insn.Op1.addr, reg)
            cleartemps()
        else:
            _log(10, 'Unrecognized instruction at address {:#x}', insn.ea)
            reg.clearall() 
開發者ID:bazad,項目名稱:ida_kernelcache,代碼行數:56,代碼來源:collect_classes.py

示例4: __init__

# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import dt_qword [as 別名]
def __init__(self):
        super(Intel, self).__init__()
        getitem, setitem = self.__register__.__getattr__, self.__register__.__setattr__
        i2s = "{:d}".format

        [ setitem('r'+_, self.new('r'+_, 64, _)) for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip') ]
        [ setitem('r'+_, self.new('r'+_, 64)) for _ in map(i2s, six.moves.range(8, 16)) ]
        [ setitem('e'+_, self.child(self.by_name('r'+_), 'e'+_, 0, 32, _)) for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip') ]
        [ setitem('r'+_+'d', self.child(self.by_name('r'+_), 'r'+_+'d', 0, 32, idaname='r'+_)) for _ in map(i2s, six.moves.range(8, 16)) ]
        [ setitem('r'+_+'w', self.child(self.by_name('r'+_+'d'), 'r'+_+'w', 0, 16, idaname='r'+_)) for _ in map(i2s, six.moves.range(8, 16)) ]
        [ setitem('r'+_+'b', self.child(self.by_name('r'+_+'w'), 'r'+_+'b', 0, 8, idaname='r'+_)) for _ in map(i2s, six.moves.range(8, 16)) ]
        [ setitem(    _, self.child(self.by_name('e'+_), _, 0, 16)) for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip') ]
        [ setitem(_+'h', self.child(self.by_name(_+'x'), _+'h', 8, 8)) for _ in ('a', 'c', 'd', 'b') ]
        [ setitem(_+'l', self.child(self.by_name(_+'x'), _+'l', 0, 8)) for _ in ('a', 'c', 'd', 'b') ]
        [ setitem(_+'l', self.child(self.by_name(_), _+'l', 0, 8)) for _ in ('sp', 'bp', 'si', 'di') ]
        [ setitem(    _, self.new(_, 16)) for _ in ('es', 'cs', 'ss', 'ds', 'fs', 'gs') ]
        setitem('fpstack', self.new('fptags', 80*8, dtype=None))    # FIXME: is this the right IDA register name??

        # FIXME: rex-prefixed 32-bit registers are implicitly extended to the 64-bit regs which implies that 64-bit are children of 32-bit
        for _ in ('ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di', 'ip'):
            r32, r64 = getitem('e'+_), getitem('r'+_)
            r32.alias, r64.alias = { r64 }, { r32 }
        for _ in map(i2s, six.moves.range(8, 16)):
            r32, r64 = getitem('r'+_+'d'), getitem('r'+_)
            r32.alias, r64.alias = { r64 }, { r32 }

        # explicitly set the lookups for (word-register, idaapi.dt_byte) which exist due to ida's love for the inconsistent
        [ self.__cache__.setdefault((_+'x', self.by_name(_+'l').dtype), self.by_name(_+'l').__name__) for _ in ('a', 'c', 'd', 'b') ]

        fpstack = self.__register__.fpstack
        # single precision
        [ setitem("st{:d}f".format(_), self.child(fpstack, "st{:d}f".format(_), _*80, 80, "st{:d}".format(_), dtype=idaapi.dt_float)) for _ in six.moves.range(8) ]
        # double precision
        [ setitem("st{:d}d".format(_), self.child(fpstack, "st{:d}d".format(_), _*80, 80, "st{:d}".format(_), dtype=idaapi.dt_double)) for _ in six.moves.range(8) ]
        # umm..80-bit precision? i've seen op_t's in ida for fsubp with the implied st(0) using idaapi.dt_tbyte
        [ setitem("st{:d}".format(_), self.child(fpstack, "st{:d}".format(_), _*80, 80, "st{:d}".format(_), dtype=idaapi.dt_tbyte)) for _ in six.moves.range(8) ]

        # not sure if the mmx registers trash the other 16 bits of an fp register
        [ setitem("mm{:d}".format(_), self.child(fpstack, "mm{:d}".format(_), _*80, 64, dtype=idaapi.dt_qword)) for _ in six.moves.range(8) ]

        # sse1/sse2 simd registers
        [ setitem("xmm{:d}".format(_), self.new("xmm{:d}".format(_), 128, dtype=idaapi.dt_byte16)) for _ in six.moves.range(16) ]
        [ setitem("ymm{:d}".format(_), self.new("ymm{:d}".format(_), 128, dtype=idaapi.dt_ldbl)) for _ in six.moves.range(16) ]

        # control registers
        [ setitem("cr{:d}".format(_), self.new("cr{:d}".format(_), database.config.bits())) for _ in six.moves.range(8) ]

        ##fpctrl, fpstat, fptags
        ##mxcsr
        ## 'cf', 'zf', 'sf', 'of', 'pf', 'af', 'tf', 'if', 'df', 'efl', 
開發者ID:arizvisa,項目名稱:ida-minsc,代碼行數:52,代碼來源:instruction.py

示例5: build_yara_string

# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import dt_qword [as 別名]
def build_yara_string():
    ea = GetFunctionAttr(ScreenEA(), FUNCATTR_START)
    if ea == BADADDR:
        print 'Failed to determine function start'
        return
    y = YaraBuffer()
    is_64bit = idaapi.get_inf_structure().is_64bit()
    nq = 0
    for rip in Heads(*Chunks(ea).next()):
        rip_next = NextHead(rip)
        if rip_next - rip <= 4:     # Anything smaller than DWord has no relation
            y.ship(rip, rip_next)
            continue
        # both 32-bit and 64-bit mode have 32bit near jumps
        # (far jumps & far calls are tacitly ignored here)
        if GetMnem(rip) == 'call' and GetOpType(rip, 0) != o_reg:
            y.ship(rip, rip_next - 4)
            y.shipq(4)
            continue
        # 32bit and 64-bit cases are somewhat different
        insn = DecodeInstruction(rip)
        if is_64bit:
            if insn.Op2.type == o_void:
                # Single operand
                if insn.Op1.type == o_mem:
                    y.ship(rip, rip_next - 4)
                    y.shipq(4)
                else:
                    y.ship(rip, rip_next)
            else:
                # Two opearands
                if insn.Op1.type == o_mem:
                    # rip relative Op1
                    y.ship(rip, rip + insn.Op1.offb)
                    y.shipq(rip_next - rip - insn.Op1.offb)
                else:
                    if (insn.Op2.type == o_imm and insn.Op2.dtyp == idaapi.dt_qword
                                               and rip_next - rip - insn.Op2.offb == 8
                                               and insn.Op2.value >= MinEA()
                                               and insn.Op2.value < MaxEA()):
                        y.ship(rip, rip_next - 8)
                        y.shipq(8)
                    else:
                        y.ship(rip, rip_next)
        else:
            # 32bit heuristic treatment
            t = Dword(rip_next - 4)
            if GetMnem(rip) == 'call' or (t >= MinEA() and t < MaxEA()):
                y.ship(rip, rip_next - 4)
                y.shipq(4)
                nq += 4
            else:
                y.ship(rip, rip_next)
    return y.get_string() 
開發者ID:eleemosynator,項目名稱:writeups,代碼行數:56,代碼來源:build_yara_string.py


注:本文中的idaapi.dt_qword方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。