def load_file(li, neflags, format):
# Select the PC processor module
idaapi.set_processor_type("BPF", SETPROC_ALL|SETPROC_FATAL)
buf = read_whole_file(li, 8)
if not buf:
return 0
# Load all shellcode into different segments
start = 0x1000
seg = idaapi.segment_t()
size = len(buf)
end = start + size
# Create the segment
seg.startEA = start
seg.endEA = end
seg.bitness = 1 # 32-bit
idaapi.add_segm_ex(seg, "bpf_c", "CODE", 0)
# Copy the bytes
idaapi.mem2base(buf, start, end)
# add entry point
idaapi.add_entry(start, start, "start", 1)
# add comment to beginning of disassembly
idaapi.describe(start, True, "BPF bytecode disassembly")
# Mark for analysis
AutoMark(start, AU_CODE)
setup_enums()
return 1
评论列表
文章目录
