Python idautils.DecodeInstruction方法代碼示例

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def Instructions(start, end=None, count=None):
    """A generator to iterate over instructions.

    Instructions are decoded using IDA's DecodeInstruction(). If an address range is specified and
    the end of the address range does not fall on an instruction boundary, raises an
    AlignmentError.

    Arguments:
        start: The linear address from which to start decoding instructions.

    Options:
        end: The linear address at which to stop, exclusive.
        count: The number of instructions to decode.

    Notes:
        Exactly one of end and count must be specified.
    """
    if (end is not None and count is not None) or (end is None and count is None):
        raise ValueError('Invalid arguments: end={}, count={}'.format(end, count))
    if end is not None:
        return _instructions_by_range(start, end)
    else:
        return _instructions_by_count(start, count) 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def get_disasm(ea, maxinstr=5):
    result = ""
    delim = "\n"

    i = 0
    while i<maxinstr:
        ins = DecodeInstruction(ea)
        if not ins:
            break
        
        disasm = GetDisasmEx(ea, GENDSM_FORCE_CODE)
        if not disasm:
            break
        result += disasm + delim
        ea += ins.size
        i += 1
    return result 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def decode_instruction(ea):
  """Read the bytes of an x86/amd64 instruction. This handles things like
  combining the bytes of an instruction with its prefix. IDA Pro sometimes
  treats these as separate."""
  global _NOT_INST_EAS, _BAD_INSTRUCTION, PREFIX_ITYPES

  if ea in _NOT_INST_EAS:
    return _BAD_INSTRUCTION

  decoded_inst = idautils.DecodeInstruction(ea)
  if not decoded_inst:
    _NOT_INST_EAS.add(ea)
    return _BAD_INSTRUCTION

  assert decoded_inst.ea == ea
  end_ea = ea + decoded_inst.size

  decoded_bytes = read_bytes_slowly(ea, end_ea)

  # We've got an instruction with a prefix, but the prefix is treated as
  # independent.
  if 1 == decoded_inst.size and decoded_inst.itype in PREFIX_ITYPES:
    decoded_inst, extra_bytes = decode_instruction(end_ea)
    decoded_bytes += extra_bytes

  return decoded_inst, decoded_bytes 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def is_ea_call(ea):
    inst = idautils.DecodeInstruction(ea)
    feature = inst.get_canon_feature()
    return feature & idaapi.CF_CALL 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def __init__(self, ea):
        self._ea = ea
        self._insn = idautils.DecodeInstruction(ea)

        if self._insn is None:
            raise exceptions.SarkNoInstruction("No Instruction at 0x{:08X}.".format(ea))

        self._operands = self._make_operands() 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def apply_struct(start, end, reg_name, struct_name):
    offsets, operands = infer_struct_offsets(start, end, reg_name)

    sid = get_struct(struct_name)

    for ea, n in operands:
        insn = idautils.DecodeInstruction(ea)
        idc.op_stroff(insn, n, sid, 0) 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def _instructions_by_range(start, end):
    """A generator to iterate over instructions in a range."""
    pc = start
    while pc < end:
        insn = idautils.DecodeInstruction(pc)
        if insn is None:
            break
        next_pc = pc + insn.size
        if next_pc > end:
            raise AlignmentError(end)
        yield insn
        pc = next_pc 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def _instructions_by_count(pc, count):
    """A generator to iterate over a specified number of instructions."""
    for i in xrange(count):
        insn = idautils.DecodeInstruction(pc)
        if insn is None:
            break
        yield insn
        pc += insn.size 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def _convert_operands_to_struct_offsets(access_addresses):
    """Convert the operands that generated struct accesses into struct offsets."""
    for classname, addresses_and_deltas in access_addresses.items():
        sid = idau.struct_open(classname)
        if sid is not None:
            for ea, delta in addresses_and_deltas:
                insn = idautils.DecodeInstruction(ea)
                if insn:
                    for op in insn.Operands:
                        if op.type == idaapi.o_displ:
                            if not idau.insn_op_stroff(insn, op.n, sid, delta):
                                _log(1, 'Could not convert {:#x} to struct offset for class {} '
                                        'delta {}', ea, classname, delta) 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def disasm_single_ins(self, ea):
        result = None
        i = DecodeInstruction(ea)
        if i != None:
            flags = GetSegmentAttr(ea, SEGATTR_FLAGS)
            use_dbg = flags & SFL_DEBUG != 0
            stream = GetManyBytes(ea, i.size, use_dbg)
            result = (ea, i, GetDisasmEx(ea, GENDSM_FORCE_CODE), self.is_ret(ea), stream)
        return result 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def getInstructionBytes(self, offset):
        ins = idautils.DecodeInstruction(offset)
        ins_bytes = ida_bytes.get_bytes(offset, ins.size)
        return ins_bytes 

# 需要導入模塊: import idautils [as 別名]
# 或者: from idautils import DecodeInstruction [as 別名]
def get_opcodes(addr, strict):
    """Get current bytes of the instruction pointed at addr.

    Args:
      addr: address of the current instruction
      strict: be more restrictive when applying wildcards (True) or not (False)

    Returns:
      String: hex-encoded representation of the bytes obtained at addr
    """

    if strict:
      offsets_types = {idaapi.o_far, idaapi.o_mem, idaapi.o_imm}
    else:
      offsets_types = {idaapi.o_far, idaapi.o_mem}

    pattern = ''
    mnem = idautils.DecodeInstruction(addr)

    if mnem is not None:
      op1_type = mnem.Op1.type
      op2_type = mnem.Op2.type

      logging.debug(
          '[VTGREP] Instruction: %s  [%d, %d, %d]',
          idc.generate_disasm_line(addr, 0),
          mnem.itype,
          op1_type,
          op2_type
          )

      inst_len = idc.get_item_size(addr)
      drefs = [x for x in idautils.DataRefsFrom(addr)]

      # Checks if any operand constains a memory address
      if (drefs and
          ((op1_type == idaapi.o_imm) or (op2_type == idaapi.o_imm)) or
          op1_type in offsets_types or op2_type in offsets_types):
        pattern = Disassembler.wildcard_instruction(addr)
      # Checks if the instruction is a CALL (near or far) or
      # if it's a JMP (excluding near jumps)
      else:
        if ((mnem.itype == idaapi.NN_call) or
            (mnem.itype == idaapi.NN_jmp and op1_type != idaapi.o_near)):
          pattern = Disassembler.wildcard_instruction(addr)
        # In any other case, concatenate the raw bytes to the current string
        else:
          pattern = binascii.hexlify(idc.get_bytes(addr, inst_len))
          pattern = pattern.decode('utf-8')
      return pattern
    else: return 0