📄 idc.py
字号:
if _REGMAP.has_key(reg):
return idaapi.splitSRarea1(ea, _REGMAP[reg], value, 2)
else:
return False
def AutoMark2(start, end, queuetype):
"""
Plan to perform an action in the future.
This function will put your request to a special autoanalysis queue.
Later IDA will retrieve the request from the queue and process
it. There are several autoanalysis queue types. IDA will process all
queries from the first queue and then switch to the second queue, etc.
"""
return idaapi.auto_mark_range(start, end, queuetype)
def AutoUnmark(start, end, queuetype):
"""
Remove range of addresses from a queue.
"""
return idaapi.autoUnmark(start, end, queuetype)
def AutoMark(ea,qtype):
"""
Plan to analyze an address
"""
return AutoMark2(ea,ea+1,qtype)
AU_UNK = idaapi.AU_UNK # make unknown
AU_CODE = idaapi.AU_CODE # convert to instruction
AU_PROC = idaapi.AU_PROC # make function
AU_USED = idaapi.AU_USED # reanalyze
AU_LIBF = idaapi.AU_LIBF # apply a flirt signature (the current signature!)
AU_FINAL = idaapi.AU_FINAL # coagulate unexplored items
#----------------------------------------------------------------------------
# P R O D U C E O U T P U T F I L E S
#----------------------------------------------------------------------------
def GenerateFile(filetype, path, ea1, ea2, flags):
"""
Generate an output file
@param type: type of output file. One of OFILE_... symbols. See below.
@param path: the output file path (will be overwritten!)
@param ea1: start address. For some file types this argument is ignored
@param ea2: end address. For some file types this argument is ignored
@param flags: bit combination of GENFLG_...
@returns: number of the generated lines.
-1 if an error occured
OFILE_EXE: 0-can't generate exe file, 1-ok
"""
f = idaapi.fopenWT(path)
if f:
retval = idaapi.gen_file(filetype, f, ea1, ea2, flags)
idaapi.eclose(f)
return retval
else:
return -1
# output file types:
OFILE_MAP = idaapi.OFILE_MAP
OFILE_EXE = idaapi.OFILE_EXE
OFILE_IDC = idaapi.OFILE_IDC
OFILE_LST = idaapi.OFILE_LST
OFILE_ASM = idaapi.OFILE_ASM
OFILE_DIF = idaapi.OFILE_DIF
# output control flags:
GENFLG_MAPSEG = idaapi.GENFLG_MAPSEG # map: generate map of segments
GENFLG_MAPNAME = idaapi.GENFLG_MAPNAME # map: include dummy names
GENFLG_MAPDMNG = idaapi.GENFLG_MAPDMNG # map: demangle names
GENFLG_MAPLOC = idaapi.GENFLG_MAPLOC # map: include local names
GENFLG_IDCTYPE = idaapi.GENFLG_IDCTYPE # idc: gen only information about types
GENFLG_ASMTYPE = idaapi.GENFLG_ASMTYPE # asm&lst: gen information about types too
GENFLG_GENHTML = idaapi.GENFLG_GENHTML # asm&lst: generate html (gui version only)
GENFLG_ASMINC = idaapi.GENFLG_ASMINC # asm&lst: gen information only about types
#----------------------------------------------------------------------------
# C O M M O N I N F O R M A T I O N
#----------------------------------------------------------------------------
def GetIdaDirectory ():
"""
Get IDA directory
This function returns the directory where IDA.EXE resides
"""
return idaapi.idadir()
def GetInputFile():
"""
Get input file name
This function returns name of the file being disassembled
"""
return idaapi.get_root_filename()
def GetInputFilePath():
"""
Get input file path
This function returns the full path of the file being disassembled
"""
return idaapi.get_input_file_path()
def GetIdbPath():
"""
Get IDB full path
This function returns full path of the current IDB database
"""
return idaapi.cvar.database_idb
def GetFlags(ea):
"""
Get internal flags
@param ea: linear address
@return: 32-bit value of internal flags. See start of IDC.IDC file
for explanations.
"""
return idaapi.getFlags(ea)
def Byte(ea):
"""
Get value of program byte
@param ea: linear address
@return: value of byte. If byte has no value then returns 0xFF
If the current byte size is different from 8 bits, then the returned value
might have more 1's.
To check if a byte has a value, use functions hasValue(GetFlags(ea))
"""
return idaapi.get_byte(ea)
def GetOriginalByte(ea):
"""
Get original value of program byte
@param ea: linear address
@return: the original value of byte before any patch applied to it
"""
return idaapi.get_original_byte(ea)
def Word(ea):
"""
Get value of program word (2 bytes)
@param ea: linear address
@return: the value of the word. If word has no value then returns 0xFFFF
If the current byte size is different from 8 bits, then the returned value
might have more 1's.
"""
return idaapi.get_word(ea)
def Dword(ea):
"""
Get value of program double word (4 bytes)
@param ea: linear address
@return: the value of the double word. If double word has no value
then returns 0xFFFFFFFF.
"""
return idaapi.get_long(ea)
def GetFloat(ea):
"""
Get value of a floating point number (4 bytes)
@param ea: linear address
@return: float
"""
tmp = chr(idaapi.get_byte(ea)) + \
chr(idaapi.get_byte(ea+1)) + \
chr(idaapi.get_byte(ea+2)) + \
chr(idaapi.get_byte(ea+3))
return struct.unpack("f", tmp)[0]
def GetDouble(ea):
"""
Get value of a floating point number (8 bytes)
@param ea: linear address
@return: double
"""
tmp = chr(idaapi.get_byte(ea)) + \
chr(idaapi.get_byte(ea+1)) + \
chr(idaapi.get_byte(ea+2)) + \
chr(idaapi.get_byte(ea+3)) + \
chr(idaapi.get_byte(ea+4)) + \
chr(idaapi.get_byte(ea+5)) + \
chr(idaapi.get_byte(ea+6)) + \
chr(idaapi.get_byte(ea+7))
return struct.unpack("d", tmp)[0]
def LocByName(name):
"""
Get linear address of a name
@param name: name of program byte
@return: address of the name
badaddr - no such name
"""
return idaapi.get_name_ea(BADADDR, name)
def LocByNameEx(fromaddr, name):
"""
Get linear address of a name
@param fromaddr: the referring address. Allows to retrieve local label
addresses in functions. If a local name is not found,
then address of a global name is returned.
@param name: name of program byte
@return: address of the name (BADADDR - no such name)
"""
return idaapi.get_name_ea(fromaddr, name)
def SegByBase(base):
"""
Get segment by segment base
@param base: segment base paragraph or selector
@return: linear address of the start of the segment or BADADDR
if no such segment
"""
sel = idaapi.find_selector(base)
seg = idaapi.get_segm_by_sel(sel)
if seg:
return seg.startEA
else:
return BADADDR
def ScreenEA():
"""
Get linear address of cursor
"""
return idaapi.get_screen_ea()
def GetCurrentLine():
"""
Get the disassembly line at the cursor
@return: string
"""
return idaapi.tag_remove(idaapi.get_curline())
def SelStart():
"""
Get start address of the selected area
returns BADADDR - the user has not selected an area
"""
selection, startaddr, endaddr = idaapi.read_selection()
if selection == 1:
return startaddr
else:
return BADADDR
def SelEnd():
"""
Get end address of the selected area
@return: BADADDR - the user has not selected an area
"""
selection, startaddr, endaddr = idaapi.read_selection()
if selection == 1:
return endaddr
else:
return BADADDR
def GetReg(ea, reg):
"""
Get value of segment register at the specified address
@param ea: linear address
@param reg: name of segment register
@return: the value of the segment register or 0xFFFF on error
@note: The segment registers in 32bit program usually contain selectors,
so to get paragraph pointed by the segment register you need to
call AskSelector() function.
"""
if _REGMAP.has_key(reg):
return idaapi.getSR(ea, _REGMAP[reg]) & 0xFFFF
else:
return False
def NextAddr(ea):
"""
Get next address in the program
@param ea: linear address
@return: BADADDR - the specified address in the last used address
"""
return idaapi.nextaddr(ea)
def PrevAddr(ea):
"""
Get previous address in the program
@param ea: linear address
@return: BADADDR - the specified address in the first address
"""
return idaapi.prevaddr(ea)
def NextHead(ea, maxea):
"""
Get next defined item (instruction or data) in the program
@param ea: linear address to start search from
@param maxea: the search will stop at the address
maxea is not included in the search range
@return: BADADDR - no (more) defined items
"""
return idaapi.next_head(ea, maxea)
def PrevHead(ea, minea):
"""
Get previous defined item (instruction or data) in the program
@param ea: linear address to start search from
@param minea: the search will stop at the address
minea is included in the search range
@return: BADADDR - no (more) defined items
"""
return idaapi.prev_head(ea, minea)
def NextNotTail(ea):
"""
Get next not-tail address in the program
This function searches for the next displayable address in the program.
The tail bytes of instructions and data are not displayable.
@param ea: linear address
@return: BADADDR - no (more) not-tail addresses
"""
return idaapi.next_not_tail(ea)
def PrevNotTail(ea):
"""
Get previous not-tail address in the program
This function searches for the previous displayable address in the program.
The tail bytes of instructions and data are not displayable.
@param ea: linear address
@return: BADADDR - no (more) not-tail addresses
"""
return idaapi.prev_not_tail(ea)
def ItemEnd(ea):
"""
Get address of the end of the item (instruction or data)
@param ea: linear address
@return: address past end of the item at 'ea'
"""
return idaapi.get_item_end(ea)
def ItemSize(ea):
"""
Get size of instruction or data item in bytes
@param ea: linear address
@return: 1..n
"""
return idaapi.get_item_end(ea) - ea
def NameEx(fromaddr, ea):
"""
Get visible name of program byte
This function returns name of byte as it is displayed on the screen.
If a name contains illegal characters, IDA replaces them by the
substitution character during displaying. See IDA.CFG for the
definition of the substitution character.
@param fromaddr: the referring address. May be BADADDR.
Allows to retrieve local label addresses in functions.
If a local name is not found, then a global name is
returned.
@param ea: linear address
@return: "" - byte has no name
"""
name = idaapi.get_name(fromaddr, ea)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -