本文整理匯總了Python中idaapi.get_imagebase方法的典型用法代碼示例。如果您正苦於以下問題:Python idaapi.get_imagebase方法的具體用法?Python idaapi.get_imagebase怎麽用?Python idaapi.get_imagebase使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類idaapi的用法示例。
在下文中一共展示了idaapi.get_imagebase方法的12個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: get_list_of_function_instr
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def get_list_of_function_instr(addr, mode):
#TODO follow subcalls MODE_INSTRUMENT_SUBCALLS
f_start = addr
f_end = idc.FindFuncEnd(addr)
chunks = enumerate_function_chunks(f_start)
list_of_addr = list()
image_base = idaapi.get_imagebase(addr)
for chunk in chunks:
for head in idautils.Heads(chunk[0], chunk[1]):
# If the element is an instruction
if head == hex(0xffffffffL):
raise Exception("Invalid head for parsing")
if isCode(idc.GetFlags(head)):
head = head - image_base
head = str(hex(head))
head = head.replace("L", "")
head = head.replace("0x", "")
list_of_addr.append(head)
return list_of_addr 示例2: do_export
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def do_export():
db = {}
module = idaapi.get_root_filename().lower()
base = idaapi.get_imagebase()
file = ida_kernwin.ask_file(1, "x64dbg database|{}".format(get_file_mask()),
"Export database")
if not file:
return
print("Exporting database {}".format(file))
db["labels"] = [{
"text": name,
"manual": False,
"module": module,
"address": "{:#x}".format(ea - base)
} for (ea, name) in idautils.Names()]
print("{:d} label(s) exported".format(len(db["labels"])))
db["comments"] = [{
"text": comment.replace("{", "{{").replace("}", "}}"),
"manual": False,
"module": module,
"address": "{:#x}".format((ea - base))
} for (ea, comment) in Comments()]
print("{:d} comment(s) exported".format(len(db["comments"])))
db["breakpoints"] = [{
"address": "{:#x}".format(ea - base),
"enabled": True,
"type": bptype,
"titantype": "{:#x}".format(titantype),
"oldbytes": "{:#x}".format(oldbytes),
"module": module,
} for (ea, bptype, titantype, oldbytes) in Breakpoints()]
print("{:d} breakpoint(s) exported".format(len(db["breakpoints"])))
with open(file, "w") as outfile:
json.dump(db, outfile, indent=1)
print("Done!") 示例3: image_base
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def image_base(self):
return idaapi.get_imagebase()
#------------------------------------- 示例4: get_base_address
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def get_base_address(self):
return idaapi.get_imagebase() 示例5: get_imagebase
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def get_imagebase(self):
return idaapi.get_imagebase() 示例6: run
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def run(self):
'''Public function.'''
self.symbol_path = idc.AskFile(0, '*.pdb', 'Choose PDB file...')
self.image_base = idaapi.get_imagebase()
print "IPL: Loading PDB data, might take a while..."
self.PDBLookup = pdbparse.symlookup.Lookup([(self.symbol_path, self.image_base)])
if not self.PDBLookup:
print "IPL: PDBLookup failed to initialize, exiting."
return
self._rename_functions()
return 示例7: fix_vxworks_idb
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def fix_vxworks_idb(load_address, vx_version, symbol_table_start, symbol_table_end):
current_image_base = idaapi.get_imagebase()
symbol_interval = 16
if vx_version == 6:
symbol_interval = 20
symbol_table_start += load_address
symbol_table_end += load_address
ea = symbol_table_start
shift_address = load_address - current_image_base
while shift_address >= 0x70000000:
idaapi.rebase_program(0x70000000, 0x0008)
shift_address -= 0x70000000
idaapi.rebase_program(shift_address, 0x0008)
while ea < symbol_table_end:
# for VxWorks 6 unknown symbol format
if idc.Byte(ea + symbol_table_end - 2) == 3:
ea += symbol_interval
continue
offset = 4
if idaapi.IDA_SDK_VERSION >= 700:
idc.create_strlit(idc.Dword(ea + offset), idc.BADADDR)
else:
idc.MakeStr(idc.Dword(ea + offset), idc.BADADDR)
sName = idc.GetString(idc.Dword(ea + offset), -1, idc.ASCSTR_C)
print("Found %s in symbol table" % sName)
if sName:
sName_dst = idc.Dword(ea + offset + 4)
if vx_version == 6:
sName_type = idc.Dword(ea + offset + 12)
else:
sName_type = idc.Dword(ea + offset + 8)
idc.MakeName(sName_dst, sName)
if sName_type in need_create_function:
# flags = idc.GetFlags(ea)
print("Start fix Function %s at %s" % (sName, hex(sName_dst)))
idc.MakeCode(sName_dst) # might not need
idc.MakeFunction(sName_dst, idc.BADADDR)
ea += symbol_interval
print("Fix function by symbol table finish.")
print("Start IDA auto analysis, depending on the size of the firmware this might take a few minutes.")
idaapi.autoWait() 示例8: __init__
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def __init__(self):
self.image_base = idaapi.get_imagebase();
self.code_coverage_total = 0.0
self.loc_executed_total = 0
self.bbls_executed_total = 0
self.functions_executed_total = 0
self.calls_executed_total = 0
self.functions = dict() 示例9: database_inited
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def database_inited(self, is_new_db, idc_script):
# A file was loaded, reset vars
self.plugin.filename = idaapi.get_input_file_path()
self.plugin.cfg = None
self.plugin.angr_proj = None
self.plugin.global_vars = None
self.plugin.opaque_predicates = dict()
self.plugin.extra_constraints = dict()
self.plugin.symbolic_vars = dict()
# Check if it (still) exists
if not isfile(self.plugin.filename):
print("### Drop error: original input file no longer exists, unable to load it into angr. ###")
return
# Load the file into angr
try:
# This is a bit inefficient, but figure out if it's PIC by loading twice
p = angr.Project(self.plugin.filename, load_options={'auto_load_libs': False})
if p.loader.main_bin.pic:
# Load with IDA's imagebase as base_addr
base_addr = idaapi.get_imagebase()
else:
# Load with 0 as base_addr
base_addr = 0
del p
self.plugin.angr_proj = angr.Project(self.plugin.filename,
load_options={'auto_load_libs': False, 'main_opts': {
'custom_base_addr': base_addr}})
# get and store the file bitness
# Don't use idaapi.get_inf_structure().is_32bit(), it will give True for MIPS64...
self.plugin.bitness = self.plugin.angr_proj.arch.bits
# Save the list of all recognized variables in .bss, .data and .rodata (TODO: why these? any others?)
# TODO: Other segments as well?
self.plugin.global_vars = [var for s in sark.segments() for var in get_segment_names(s) if s.name in [".bss", ".data", ".rodata"]]
print("### Loaded file into angr succesfully! ###")
except:
import traceback
print("ERROR: Failed to load file into angr: {}".format(traceback.format_exc())) 示例10: _get_ida_bg_color_from_file
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def _get_ida_bg_color_from_file(self):
"""
Get the background color of the IDA disassembly views via HTML export.
"""
logger.debug("Attempting to get IDA disassembly background color from HTML...")
#
# TODO/IDA: we need better early detection for if IDA is fully ready,
# this isn't effective and this func theme func can crash IDA if
# called too early (eg, during db load...).
#
# this isn't a problem now... but I don't want us to be at risk of
# hard crashing people's IDA in the future should we change something.
#
imagebase = idaapi.get_imagebase()
#if imagebase == idaapi.BADADDR:
# logger.debug(" - No imagebase...")
# return None
# create a temp file that we can write to
handle, path = tempfile.mkstemp()
os.close(handle)
# attempt to generate an 'html' dump of the first 0x20 bytes (instructions)
ida_fd = idaapi.fopenWT(path)
idaapi.gen_file(idaapi.OFILE_LST, ida_fd, imagebase, imagebase+0x20, idaapi.GENFLG_GENHTML)
idaapi.eclose(ida_fd)
# read the dumped text
with open(path, "r") as fd:
html = fd.read()
# delete the temp file from disk
try:
os.remove(path)
except OSError:
pass
# attempt to parse the user's disassembly background color from the html
bg_color_text = get_string_between(html, '<body bgcolor="', '">')
if bg_color_text:
logger.debug(" - Extracted bgcolor '%s' from regex!" % bg_color_text)
return QtGui.QColor(bg_color_text)
# sometimes the above one isn't present... so try this one
bg_color_text = get_string_between(html, '.c1 \{ background-color: ', ';')
if bg_color_text:
logger.debug(" - Extracted background-color '%s' from regex!" % bg_color_text)
return QtGui.QColor(bg_color_text)
logger.debug(" - HTML color regex failed...")
logger.debug(html)
return None 示例11: __init__
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def __init__(self):
header = get_header_idb()
if not len(header):
header = get_header_file()
self.arch = get_machine_type(header)
self.subsystem = check_subsystem(header)
self.valid = True
if not self.subsystem:
print('[ERROR] Wrong subsystem')
self.valid = False
if not (self.arch == 'x86' or self.arch == 'x64'):
print('[ERROR] Wrong architecture')
self.valid = False
if self.arch == 'x86':
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86
if self.arch == 'x64':
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64
self.base = idaapi.get_imagebase()
idc.import_type(-1, 'EFI_GUID')
idc.import_type(-1, 'EFI_SYSTEM_TABLE')
idc.import_type(-1, 'EFI_RUNTIME_SERVICES')
idc.import_type(-1, 'EFI_BOOT_SERVICES')
self.gBServices = {}
self.gBServices['InstallProtocolInterface'] = []
self.gBServices['ReinstallProtocolInterface'] = []
self.gBServices['UninstallProtocolInterface'] = []
self.gBServices['HandleProtocol'] = []
self.gBServices['RegisterProtocolNotify'] = []
self.gBServices['OpenProtocol'] = []
self.gBServices['CloseProtocol'] = []
self.gBServices['OpenProtocolInformation'] = []
self.gBServices['ProtocolsPerHandle'] = []
self.gBServices['LocateHandleBuffer'] = []
self.gBServices['LocateProtocol'] = []
self.gBServices['InstallMultipleProtocolInterfaces'] = []
self.gBServices['UninstallMultipleProtocolInterfaces'] = []
self.Protocols = {}
self.Protocols['ami_guids'] = ami_guids.ami_guids
self.Protocols['asrock_guids'] = asrock_guids.asrock_guids
self.Protocols['dell_guids'] = dell_guids.dell_guids
self.Protocols['edk_guids'] = edk_guids.edk_guids
self.Protocols['edk2_guids'] = edk2_guids.edk2_guids
self.Protocols['lenovo_guids'] = lenovo_guids.lenovo_guids
self.Protocols['all'] = []
self.Protocols['prop_guids'] = []
self.Protocols['data'] = [] 示例12: load_symbols
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_imagebase [as 別名]
def load_symbols(self, file_data, is_big_endian=True):
symbol_list = []
if is_big_endian:
unpack_format = '>I'
else:
unpack_format = '<I'
symbol_count = struct.unpack(unpack_format, file_data[4:8])[0]
print("symbol_count: %s" % symbol_count)
symbol_offset = 8
string_table_offset = 8 + 8 * symbol_count
print("string_table_offset: %s" % string_table_offset)
# get symbols
for i in range(symbol_count):
offset = i * 8
symbol_data = file_data[symbol_offset + offset:symbol_offset + offset + 8]
flag = ord(symbol_data[0])
string_offset = struct.unpack(unpack_format, '\x00' + symbol_data[1:4])[0]
string_offset += string_table_offset
print("string_offset: %s" % string_offset)
symbol_name = ""
while True:
if file_data[string_offset] != '\x00':
symbol_name += file_data[string_offset]
string_offset += 1
else:
break
print("symbol_name: %s" % symbol_name)
symbol_address = struct.unpack(unpack_format, symbol_data[-4:])[0]
symbol_list.append([flag, symbol_name, symbol_address])
# Find TP-Link device loading address with symbols
if "wrs_kernel_text_start" in symbol_name:
load_address = symbol_address
current_image_base = idaapi.get_imagebase()
shift_address = load_address - current_image_base
while shift_address >= 0x70000000:
idaapi.rebase_program(0x70000000, 0x0008)
shift_address -= 0x70000000
idaapi.rebase_program(shift_address, 0x0008)
# load symbols
for symbol_data in symbol_list:
flag, symbol_name, symbol_address = symbol_data
idc.MakeName(symbol_address, symbol_name)
if flag == 0x54:
if symbol_name:
print("Start fix Function %s at %s" % (symbol_name, hex(symbol_address)))
idc.MakeCode(symbol_address) # might not need
idc.MakeFunction(symbol_address, idc.BADADDR)