本文整理匯總了Python中idc.GetCommentEx方法的典型用法代碼示例。如果您正苦於以下問題:Python idc.GetCommentEx方法的具體用法?Python idc.GetCommentEx怎麽用?Python idc.GetCommentEx使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類idc的用法示例。
在下文中一共展示了idc.GetCommentEx方法的10個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: is_tls
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def is_tls(ea):
if is_invalid_ea(ea):
return False
if is_tls_segment(ea):
return True
# Something references `ea`, and that something is commented as being a
# `TLS-reference`. This comes up if you have an thread-local extern variable
# declared/used in a binary, and defined in a shared lib. There will be an
# offset variable.
for source_ea in _drefs_to(ea):
comment = idc.GetCommentEx(source_ea, 0)
if isinstance(comment, str) and "TLS-reference" in comment:
return True
return False
# Mark an address as containing code. 示例2: is_external_vtable_reference
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def is_external_vtable_reference(ea):
""" It checks the references of external vtable in the .bss section, where
it is referred as the `Copy of shared data`. There is no way to resolve
the cross references for these vtable as the target address will only
appear during runtime.
It is introduced to avoid lazy initilization of runtime typeinfo variables
which gets referred by the user-defined exception types.
"""
if not is_runtime_external_data_reference(ea):
return False
comment = idc.GetCommentEx(ea, 0)
if comment and "Alternative name is '`vtable" in comment:
return True
else:
return 示例3: get_segment_end_ea
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def get_segment_end_ea(ea):
""" Return address where next MSDN info can be written to in added
segment.
Argument:
ea -- effective address within added segment where search starts
"""
addr = ea
while idc.GetCommentEx(addr, 0) is not None:
addr = addr + 1
if addr > idc.SegEnd(ea):
g_logger.debug('Address {} out of segment bounds. Expanding segment.'
.format(hex(addr)))
try:
expand_segment(ea)
except FailedToExpandSegmentException as e:
g_logger.warning(e.message)
raise e
else:
return addr 示例4: find_arg_ea
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def find_arg_ea(ea_call, arg_name):
""" Return ea of argument by looking backwards from library function
call.
Arguments:
ea_call -- effective address of call
arg_name -- the argument name to look for
"""
# the search for previous instruction/data will stop at the specified
# address (inclusive)
prev_instr = idc.PrevHead(ea_call, ea_call - PREVIOUS_INSTR_DELTA)
while prev_instr > (ea_call - ARG_SEARCH_THRESHOLD) and \
prev_instr != idaapi.BADADDR:
# False indicates not to look for repeatable comments
comment = idc.GetCommentEx(prev_instr, False)
if comment == arg_name:
return prev_instr
prev_instr = idc.PrevHead(
prev_instr, prev_instr - PREVIOUS_INSTR_DELTA)
raise ArgumentNotFoundException(' Argument {} not found within threshold'
.format(arg_name)) 示例5: load_sstring
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def load_sstring():
"""
Load a short string from the idb.
"""
min_segment_addr = min(list(idautils.Segments()))
return idc.GetCommentEx(min_segment_addr,0) 示例6: is_runtime_external_data_reference
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def is_runtime_external_data_reference(ea):
"""This can happen in ELF binaries, where you'll have somehting like
`stdout@@GLIBC_2.2.5` in the `.bss` section, where at runtime the
linker will fill in the slot with a pointer to the real `stdout`.
IDA discovers this type of reference, but it has no real way to
cross-reference it to anything, because the target address will
only exist at runtime."""
comment = idc.GetCommentEx(ea, 0)
if comment and "Copy of shared data" in comment:
return True
else:
return False 示例7: get_alternative_symbol_name
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def get_alternative_symbol_name(ea):
comment = idc.GetCommentEx(ea, 0) or ""
for comment_line in comment.split("\n"):
comment_line = comment_line.replace(";", "").strip()
if not comment_line:
continue
mstr = comment_line.split("'")
if 3 <= len(mstr):
return mstr[1] + "'" + mstr[2]
return None 示例8: find_main_in_ELF_file
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def find_main_in_ELF_file():
"""Tries to automatically find the `main` function if we haven't found it
yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
ELF binaries, where one of the parameters is the `main` function. IDA will
helpfully comment it as such."""
start_ea = idc.LocByName("_start")
if is_invalid_ea(start_ea):
start_ea = idc.LocByName("start")
if is_invalid_ea(start_ea):
return idc.BADADDR
for begin_ea, end_ea in idautils.Chunks(start_ea):
for inst_ea in Heads(begin_ea, end_ea):
comment = idc.GetCommentEx(inst_ea, 0)
if comment and "main" in comment:
for main_ea in xrefs_from(inst_ea):
if not is_code(main_ea):
continue
# Sometimes the `main` function isn't identified as code. This comes
# up when there are some alignment bytes in front of `main`.
try_mark_as_code(main_ea)
if is_code_by_flags(main_ea):
try_mark_as_function(main_ea)
main = idaapi.get_func(main_ea)
if not main:
continue
if main and main.startEA == main_ea:
set_symbol_name(main_ea, "main")
DEBUG("Found main at {:x}".format(main_ea))
return main_ea
return idc.BADADDR 示例9: find_main_in_ELF_file
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def find_main_in_ELF_file():
"""Tries to automatically find the `main` function if we haven't found it
yet. IDA recognizes the pattern of `_start` calling `__libc_start_main` in
ELF binaries, where one of the parameters is the `main` function. IDA will
helpfully comment it as such."""
start_ea = idc.get_name_ea_simple("_start")
if is_invalid_ea(start_ea):
start_ea = idc.get_name_ea_simple("start")
if is_invalid_ea(start_ea):
return idc.BADADDR
for begin_ea, end_ea in idautils.Chunks(start_ea):
for inst_ea in Heads(begin_ea, end_ea):
comment = idc.GetCommentEx(inst_ea, 0)
if comment and "main" in comment:
for main_ea in xrefs_from(inst_ea):
if not is_code(main_ea):
continue
# Sometimes the `main` function isn't identified as code. This comes
# up when there are some alignment bytes in front of `main`.
try_mark_as_code(main_ea)
if is_code_by_flags(main_ea):
try_mark_as_function(main_ea)
main = idaapi.get_func(main_ea)
if not main:
continue
if main and main.start_ea == main_ea:
set_symbol_name(main_ea, "main")
DEBUG("Found main at {:x}".format(main_ea))
return main_ea
return idc.BADADDR 示例10: get_jlocs
# 需要導入模塊: import idc [as 別名]
# 或者: from idc import GetCommentEx [as 別名]
def get_jlocs(self, sw):
jlocs = []
ncases = sw.ncases if sw.jcases == 0 else sw.jcases
for i in range(ncases):
addr = idc.Dword(sw.jumps+i*4)
name = idaapi.get_name(idc.BADADDR, addr)
comm = idc.GetCommentEx(idc.LocByName(name), 1)
comm = comm[comm.find('case'):] if comm is not None and comm.startswith('jumptable') else comm
jlocs.append((name, idc.LocByName(name), comm))
return jlocs