本文整理匯總了Python中idaapi.get_inf_structure方法的典型用法代碼示例。如果您正苦於以下問題:Python idaapi.get_inf_structure方法的具體用法?Python idaapi.get_inf_structure怎麽用?Python idaapi.get_inf_structure使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類idaapi的用法示例。
在下文中一共展示了idaapi.get_inf_structure方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: get_arch_dynamic
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_arch_dynamic():
"""
Determine the execution environments architecture.
:return: 'x64' or 'x86' if arch could be determined, else None
"""
info = idaapi.get_inf_structure()
if info.is_64bit():
return 64
elif info.is_32bit():
return 32
else:
env = idaapi.dbg_get_registers()
if env[17][0] == 'RAX':
return 64
elif env[17][0] == 'EAX':
return 32
else:
return None
###############################
# LIB DETECTION FUNCTIONALITY #
############################### 示例2: get_native_size
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_native_size():
"""
Get the native OS size
@return: 16, 32, 64 value indicating the native size or None if failed.
"""
try:
inf = idaapi.get_inf_structure()
if inf.is_32bit():
return 32
elif inf.is_64bit():
return 64
else:
# Native size is neither 32 or 64 bit. assuming 16 bit.
return 16
except Exception as ex:
raise RuntimeError("Could not Could not retrieve native OS size: %s" %ex) 示例3: get_arch_info
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_arch_info():
info = idaapi.get_inf_structure()
proc = info.procName.lower()
bits = get_inf_structure_bitness(info)
instruction_set = None
instruction_mode = None
if proc == 'metapc':
instruction_set = CS_ARCH_X86
if bits == 16:
instruction_mode = CS_MODE_16
elif bits == 32:
instruction_mode = CS_MODE_32
elif bits == 64:
instruction_mode = CS_MODE_64
return instruction_set, instruction_mode 示例4: __init__
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def __init__(self):
self.flags = idaapi.ph_get_flag()
# instead of checking ph flags, should __EA64__ be used?
self.is_64bit = (self.flags & idaapi.PR_USE64) != 0
self.is_32bit = (self.flags & idaapi.PR_USE32) != 0
self.is_stack_up = (self.flags & idaapi.PR_STACK_UP) != 0
self.id = idaapi.ph_get_id()
self.is_assemble_supported = (self.flags & idaapi.PR_ASSEMBLE) != 0
self.is_delayslot_proc = (self.flags & idaapi.PR_DELAYED) != 0
# processor default ret instruction (icode, not opcode!)
self.ret_icodes = [idaapi.ph_get_icode_return()]
# ptrsize in bytes
self.ptrsize = 2
if self.is_32bit:
self.ptrsize = 4
if self.is_64bit:
self.ptrsize = 8
self.ptrsize_pyfmt_mapper = {2:"H", 4:"I", 8:"Q"}
self.ptrsize_mask_mapper = {2:0xFFFF, 4:0xFFFFFFFF, 8:0xFFFFFFFFFFFFFFFF}
self.datafmt_mapper = {2:"%04X", 4:"%08X", 8:"%016X"}
self.endianness = idaapi.get_inf_structure().mf 示例5: createAnalyzer
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def createAnalyzer(logger, is_elf):
"""Create a CPU-based analyzer to be used by the program.
Args:
logger (logger): logger instance
is_elf (bool): True iff analysing an ELF file
Return Value:
Created analyzer instance (None if CPU isn't supported yet)
"""
# Code taken from:
# https://reverseengineering.stackexchange.com/questions/11396/how-to-get-the-cpu-architecture-via-idapython
# Kudos to tmr232
info = idaapi.get_inf_structure()
if info.is_64bit():
bits = 64
elif info.is_32bit():
bits = 32
# quite rare
else:
bits = 16
# At the moment we don't care about the processors endianness.
# Check if we support this CPU
proc_name = info.procName
logger.info("Processor: %s, %dbit", proc_name, bits)
if proc_name not in analyzers_factory:
logger.error("Processor %s is NOT supported yet :(", proc_name)
return None
# Can now create the analyzer instance
return analyzers_factory[proc_name](logger, bits, is_elf) 示例6: get_file_mask
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_file_mask():
mask = "*.dd32"
if idaapi.get_inf_structure().is_64bit():
mask = "*.dd64"
return mask 示例7: extract
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def extract(self):
"""Extract the control flow graph from the binary."""
# Allocate a new graph
self.graph = graph_alloc(0)
# Initialize binary info
self.info = get_inf_structure()
# Initialize Capstone
if self.info.is_64bit():
mode = capstone.CS_MODE_64
else:
mode = capstone.CS_MODE_32
self.capstone = capstone.Cs(capstone.CS_ARCH_X86, mode)
# Get the Entry Point
entry = None
try:
start_ea = self.info.start_ea
if start_ea != 0xffffffff:
entry = start_ea
except:
try:
entry = BeginEA()
except:
pass
if entry is None:
print("WARNING: Could not determine entrypoint")
else:
self.dis(ea=entry, is_child1=None, ifrom=None)
# Scan all the functions
for ea in Functions():
self.dis(ea=ea, is_child1=None, ifrom=None)
update_children_fathers_number(self.graph)
# Information
print("%s graph has %d nodes" % (get_root_filename(),
self.graph.nodes.size)) 示例8: get_arch_ptrsize
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_arch_ptrsize():
info = idaapi.get_inf_structure()
ptr_size = None
if info.is_64bit():
ptr_size = 8
elif info.is_32bit():
ptr_size = 4
else:
raise Exception("Invalid arch")
return ptr_size
# -------------------------------------------------------------------------- 示例9: get_native_size
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_native_size():
info = idaapi.get_inf_structure()
if info.is_64bit():
return 8
elif info.is_32bit():
return 4
else:
return 2 示例10: get_proc_type
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_proc_type():
"""
Get processor type
@return: Returns the processor type or None on failure.
"""
try:
inf = idaapi.get_inf_structure()
return inf.procName()
except Exception as ex:
raise RuntimeError("Could not retrieve processor type: %s" %ex) 示例11: get_native_size
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def get_native_size():
"""Get the native word size in normal 8-bit bytes."""
info = idaapi.get_inf_structure()
if info.is_64bit():
return 8
elif info.is_32bit():
return 4
else:
return 2 示例12: _initialize
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def _initialize(self):
if self.op_t.type not in (idaapi.o_displ, idaapi.o_phrase):
raise exceptions.OperandNotPhrase('Operand is not of type o_phrase or o_displ.')
proc_name = idaapi.get_inf_structure().procName
if proc_name != 'metapc':
raise exceptions.PhraseProcessorNotSupported(
'Phrase analysis not supported for processor {}'.format(proc_name))
specflag1 = self.op_t.specflag1
specflag2 = self.op_t.specflag2
scale = 1 << ((specflag2 & 0xC0) >> 6)
offset = self.op_t.addr
if specflag1 == 0:
index = None
base_ = self.op_t.reg
elif specflag1 == 1:
index = (specflag2 & 0x38) >> 3
base_ = (specflag2 & 0x07) >> 0
if self.op_t.reg == 0xC:
if base_ & 4:
base_ += 8
if index & 4:
index += 8
else:
raise exceptions.PhraseNotSupported('o_displ, o_phrase : Not implemented yet : %x' % specflag1)
# HACK: This is a really ugly hack. For some reason, phrases of the form `[esp + ...]` (`sp`, `rsp` as well)
# set both the `index` and the `base` to `esp`. This is not significant, as `esp` cannot be used as an
# index, but it does cause issues with the parsing.
# This is only relevant to Intel architectures.
if (index == base_ == idautils.procregs.sp.reg) and (scale == 1):
index = None
self.scale = scale
self.index_id = index
self.base_id = base_
self.offset = offset 示例13: indexing_mode
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def indexing_mode(self):
if idaapi.get_inf_structure().procName != 'ARM':
return IndexingMode()
return IndexingMode(pre=bool(self.insn_t.auxpref & 0x20),
post=bool(self.insn_t.auxpref & 0x80)) 示例14: create_runtime_ms
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def create_runtime_ms():
debug('Attempting to find runtime_morestack function for hooking on...')
text_seg = get_text_seg()
if text_seg is None:
debug('Failed to get text segment')
return None
# Opcodes for "mov large dword ptr ds:1003h, 0", binary search is faster than text search
opcodes = 'c7 05 03 10 00 00 00 00 00 00'
if idaapi.get_inf_structure().is_64bit():
# Opcodes for "mov qword ptr ds:dword_1000+3, 0"
opcodes = '48 c7 04 25 03 10 00 00 00 00 00 00'
runtime_ms_end = idaapi.find_binary(text_seg.start_ea, text_seg.end_ea, opcodes, 0, SEARCH_DOWN)
if runtime_ms_end == BADADDR:
debug('Failed to find opcodes associated with runtime_morestack: %s' % opcodes)
return None
runtime_ms = idaapi.get_func(runtime_ms_end)
if runtime_ms is None:
debug('Failed to get runtime_morestack function from address @ 0x%x' % runtime_ms_end)
return None
if idc.set_name(runtime_ms.start_ea, "runtime_morestack", SN_PUBLIC):
debug('Successfully found runtime_morestack')
else:
debug('Failed to rename function @ 0x%x to runtime_morestack' % runtime_ms.start_ea)
return runtime_ms 示例15: create_pointer
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import get_inf_structure [as 別名]
def create_pointer(addr, force_size=None):
if force_size is not 4 and (idaapi.get_inf_structure().is_64bit() or force_size is 8):
ida_bytes.create_data(addr, FF_QWORD, 8, ida_idaapi.BADADDR)
return idc.get_qword(addr), 8
else:
ida_bytes.create_data(addr, FF_DWORD, 4, ida_idaapi.BADADDR)
return idc.get_wide_dword(addr), 4