本文整理匯總了Python中idaapi.o_mem方法的典型用法代碼示例。如果您正苦於以下問題:Python idaapi.o_mem方法的具體用法?Python idaapi.o_mem怎麽用?Python idaapi.o_mem使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類idaapi的用法示例。
在下文中一共展示了idaapi.o_mem方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: get_non_jmp_wrapped_functions
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import o_mem [as 別名]
def get_non_jmp_wrapped_functions():
'''Returns a list of functions addresses
Functions definited in the IDB, from auto analysis or manually
definited, are part of the list returned. Functions that are
just wrappers with a jmp instruction are not included.
Returns:
list: Empty list or list of integer values
The list of integer values correspond to a function's start
address
'''
addresses = []
for function_ea in IDAW.Functions():
function = IDAW.get_func(function_ea)
if function:
mnem = IDAW.GetMnem(function.startEA)
op_type = IDAW.GetOpType(function.startEA, 0)
if not (('jmp' == mnem) and (op_type == IDAW.o_mem)):
addresses.append(function.startEA)
return addresses 示例2: memory
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import o_mem [as 別名]
def memory(ea, op):
'''Operand type decoder for memory-type operands which return an address.'''
if op.type in {idaapi.o_mem, idaapi.o_far, idaapi.o_near, idaapi.o_displ}:
seg, sel = (op.specval & 0xffff0000) >> 16, (op.specval & 0x0000ffff) >> 0
return op.addr
optype = map(utils.funbox("{:s}({:d})".format), [('idaapi.o_far', idaapi.o_far), ('idaapi.o_near', idaapi.o_near)])
raise E.InvalidTypeOrValueError(u"{:s}.address({:#x}, {!r}) : Expected operand type `{:s}` or `{:s}` but operand type {:d} was received.".format('.'.join((__name__, 'operand_types')), ea, op, optype[0], optype[1], op.type)) 示例3: get_opcodes
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import o_mem [as 別名]
def get_opcodes(addr, strict):
"""Get current bytes of the instruction pointed at addr.
Args:
addr: address of the current instruction
strict: be more restrictive when applying wildcards (True) or not (False)
Returns:
String: hex-encoded representation of the bytes obtained at addr
"""
if strict:
offsets_types = {idaapi.o_far, idaapi.o_mem, idaapi.o_imm}
else:
offsets_types = {idaapi.o_far, idaapi.o_mem}
pattern = ''
mnem = idautils.DecodeInstruction(addr)
if mnem is not None:
op1_type = mnem.Op1.type
op2_type = mnem.Op2.type
logging.debug(
'[VTGREP] Instruction: %s [%d, %d, %d]',
idc.generate_disasm_line(addr, 0),
mnem.itype,
op1_type,
op2_type
)
inst_len = idc.get_item_size(addr)
drefs = [x for x in idautils.DataRefsFrom(addr)]
# Checks if any operand constains a memory address
if (drefs and
((op1_type == idaapi.o_imm) or (op2_type == idaapi.o_imm)) or
op1_type in offsets_types or op2_type in offsets_types):
pattern = Disassembler.wildcard_instruction(addr)
# Checks if the instruction is a CALL (near or far) or
# if it's a JMP (excluding near jumps)
else:
if ((mnem.itype == idaapi.NN_call) or
(mnem.itype == idaapi.NN_jmp and op1_type != idaapi.o_near)):
pattern = Disassembler.wildcard_instruction(addr)
# In any other case, concatenate the raw bytes to the current string
else:
pattern = binascii.hexlify(idc.get_bytes(addr, inst_len))
pattern = pattern.decode('utf-8')
return pattern
else: return 0 示例4: get_apis
# 需要導入模塊: import idaapi [as 別名]
# 或者: from idaapi import o_mem [as 別名]
def get_apis(address):
'''Returns a list of all APIs used by a function.
The address provided will be used to get a function and each
instruction in the function is examined for APIs in the sample's
IAT.
Args:
address (`int`): An address associated with a function. The
address can be any address within the function.
Returns:
list: Empty list or list of `MetadataShim` objects
'''
apis = []
# populate iat
if not FIRST.iat:
func = lambda ea, name, ord: FIRST.iat.append(name) == None
imports = IDAW.get_import_module_qty()
if imports:
for i in xrange(imports):
IDAW.enum_import_names(i, func)
# Cycle through all instructions within the function
for instr in safe_generator(IDAW.FuncItems(address)):
name = None
if not IDAW.is_call_insn(instr):
instruction = IDAW.DecodeInstruction(instr)
if not instruction:
continue
for i in xrange(len(instruction.Operands)):
if IDAW.GetOpType(instr, i) == idaapi.o_mem:
name = IDAW.Name(IDAW.GetOperandValue(instr, i))
break
else:
# It is a call instruction
for xref in safe_generator(IDAW.XrefsFrom(instr, IDAW.XREF_FAR)):
if xref.to == None:
break
name = IDAW.NameEx(0, xref.to)
if (name in FIRST.iat) and (name not in apis):
apis.append(name)
return apis