本文整理匯總了Python中idautils.DataRefsFrom方法的典型用法代碼示例。如果您正苦於以下問題:Python idautils.DataRefsFrom方法的具體用法?Python idautils.DataRefsFrom怎麽用?Python idautils.DataRefsFrom使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類idautils的用法示例。
在下文中一共展示了idautils.DataRefsFrom方法的6個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: enum_string_refs_in_function
# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DataRefsFrom [as 別名]
def enum_string_refs_in_function(fva):
'''
yield the string references in the given function.
Args:
fva (int): the starting address of a function
Returns:
sequence[tuple[int, int, str]]: tuples of metadata, including:
- the address of the instruction referencing a string
- the address of the string
- the string
'''
for ea in enum_function_addrs(fva):
for ref in idautils.DataRefsFrom(ea):
stype = idc.GetStringType(ref)
if stype < 0 or stype > 7:
continue
CALC_MAX_LEN = -1
s = str(idc.GetString(ref, CALC_MAX_LEN, stype))
yield ea, ref, s 示例2: drefs_from
# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DataRefsFrom [as 別名]
def drefs_from(self):
"""Destination addresses of data references from this line."""
return idautils.DataRefsFrom(self.ea) 示例3: get_protocols
# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DataRefsFrom [as 別名]
def get_protocols(self):
"""found UEFI protocols information in idb"""
for service_name in self.gBServices:
for address in self.gBServices[service_name]:
ea, found = address, False
if self.arch == 'x86':
for _ in range(1, 25):
ea = idc.prev_head(ea)
if (idc.get_operand_value(ea, 0) > self.base
and idc.print_insn_mnem(ea) == 'push'):
found = True
break
if self.arch == 'x64':
for _ in range(1, 16):
ea = idc.prev_head(ea)
if (idc.get_operand_value(ea, 1) > self.base
and idc.print_insn_mnem(ea) == 'lea'):
found = True
break
if not found:
continue
for xref in idautils.DataRefsFrom(ea):
if idc.print_insn_mnem(xref):
continue
if not check_guid(xref):
continue
cur_guid = get_guid(xref)
record = {
'address': xref,
'service': service_name,
'guid': cur_guid,
}
if not self.Protocols['all'].count(record):
self.Protocols['all'].append(record) 示例4: data
# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DataRefsFrom [as 別名]
def data(self):
h = self.keleven
for ea in idautils.FuncItems(self.offset):
h = self._cycle(h, idc.Byte(ea))
# skip additional bytes of any instruction that contains an offset in it
if idautils.CodeRefsFrom(ea, False) or idautils.DataRefsFrom(ea):
continue
for i in range(ea + 1, ea + idc.ItemSize(ea)):
h = self._cycle(h, idc.Byte(i))
return h 示例5: find_function_strings
# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DataRefsFrom [as 別名]
def find_function_strings( func_ea ):
end_ea = idc.FindFuncEnd(func_ea)
if end_ea == idaapi.BADADDR: return
strings = []
for line in idautils.Heads(func_ea, end_ea):
refs = idautils.DataRefsFrom(line)
for ref in refs:
try:
strings.append( String(line, ref) )
except StringParsingException:
continue
return strings 示例6: get_opcodes
# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DataRefsFrom [as 別名]
def get_opcodes(addr, strict):
"""Get current bytes of the instruction pointed at addr.
Args:
addr: address of the current instruction
strict: be more restrictive when applying wildcards (True) or not (False)
Returns:
String: hex-encoded representation of the bytes obtained at addr
"""
if strict:
offsets_types = {idaapi.o_far, idaapi.o_mem, idaapi.o_imm}
else:
offsets_types = {idaapi.o_far, idaapi.o_mem}
pattern = ''
mnem = idautils.DecodeInstruction(addr)
if mnem is not None:
op1_type = mnem.Op1.type
op2_type = mnem.Op2.type
logging.debug(
'[VTGREP] Instruction: %s [%d, %d, %d]',
idc.generate_disasm_line(addr, 0),
mnem.itype,
op1_type,
op2_type
)
inst_len = idc.get_item_size(addr)
drefs = [x for x in idautils.DataRefsFrom(addr)]
# Checks if any operand constains a memory address
if (drefs and
((op1_type == idaapi.o_imm) or (op2_type == idaapi.o_imm)) or
op1_type in offsets_types or op2_type in offsets_types):
pattern = Disassembler.wildcard_instruction(addr)
# Checks if the instruction is a CALL (near or far) or
# if it's a JMP (excluding near jumps)
else:
if ((mnem.itype == idaapi.NN_call) or
(mnem.itype == idaapi.NN_jmp and op1_type != idaapi.o_near)):
pattern = Disassembler.wildcard_instruction(addr)
# In any other case, concatenate the raw bytes to the current string
else:
pattern = binascii.hexlify(idc.get_bytes(addr, inst_len))
pattern = pattern.decode('utf-8')
return pattern
else: return 0