identify_string_decoders.py 文件源码

def is_security_cookie(va, ph, nh):
    # for security cookie check the xor should use ESP or EBP
    if idc.GetOpnd(va, 1) not in ["esp", "ebp", "rsp", "rbp"]:
        return False

    if "security" in idc.GetOpnd(ph, 1):
        return True
    elif "security" in idc.GetDisasm(nh):
        return True
    elif "security" in idc.GetDisasm(idc.NextHead(nh)):
        return True

    return False