def add_initial_state_action(self):
from_addr = self.initial_state_from_field.text()
to_addr = self.initial_state_to_field.text()
if from_addr == "" or to_addr == "":
print "One of the two fields from/to is empty"
return
try:
from_addr = int(from_addr, 16)
to_addr = int(to_addr, 16)
if to_addr <= from_addr:
print "'To' address must be strictly superior than 'from'"
else:
raw = base64.b64encode(idc.GetManyBytes(from_addr, to_addr-from_addr+1))
self.initial_state_list.addItem("%x -> %x: %s" % (from_addr, to_addr, raw))
except ValueError:
print "From or To cannot be converted to address"
python类GetManyBytes()的实例源码
def chunk_from_path(path):
assert_ida_available()
import idc
chunk = chunk_t()
for i in xrange(len(path)):
body = chunk.body.add()
body.typeid = body.INSTRUCTION
inst = body.instruction
inst.thread_id = 0
addr = path[i]
inst.address = addr
inst.opcode = idc.GetManyBytes(addr, idc.NextHead(addr)-addr)
try:
next_a = path[i+1]
inf1 = inst.concrete_infos.add()
inf1.next_address = next_a
inf1.typeid = inf1.NEXT_ADDRESS
except IndexError:
pass
inf2 = inst.concrete_infos.add()
inf2.typeid = inf2.NOT_RETRIEVED
return chunk
def get_data(start, size):
'''
read the given amount of data from the given start address.
better than `idc.GetManyBytes` as it fills in missing bytes with NULLs.
Args:
start (int): start address.
size (int): number of bytes to read.
Returns:
bytes: `size` bytes, filled with NULL when byte not available from database.
'''
# best case, works pretty often.
buf = idc.GetManyBytes(start, size)
if buf:
return buf
# but may fail, when there's no byte defined.
buf = []
for ea in range(start, start+size):
b = idc.GetManyBytes(ea, 1)
if b:
buf.append(b)
else:
buf.append(b'\x00')
return b''.join(buf)
def _get_blocks_codes_per_func_iter():
"""
Iterative function to generate all blocks and opcodes
:return: N/A
"""
all_blocks = {}
all_codes = {}
all_opcodes = []
for func in idautils.Functions():
# blocks_in_func contains
# <idaapi.BasicBlock object at 0x0545F3F0>, ...
blocks_in_func = idaapi.FlowChart(idaapi.get_func(func))
blocks = []
for block in blocks_in_func:
# IDA BUG! block.startEA == block.endEA??
# Should be in the range "block.startEA <= block < block.endEA"
if block.startEA != block.endEA:
blocks.append((block.startEA, block.endEA))
for head in idautils.Heads(block.startEA, block.endEA):
ibytes = idc.GetManyBytes(head, idc.ItemEnd(head) - head)
spd = idc.GetSpd(head)
all_codes[head] = insn.Instruction(head, ibytes, spd)
# IDA BUG! all_codes[head].bytes == 0??
# The size of the code should be positive
if all_codes[head].bytes != 0:
all_opcodes.append((all_codes[head].addr, all_codes[head].addr + len(all_codes[head].bytes)))
all_blocks[func] = blocks
yield (all_blocks, all_opcodes)
def bytes_at(ea, num):
"""Returns num of bytes at the given address."""
return idc.GetManyBytes(ea, num)
def get_segment_buffer(segstart):
'''
fetch the bytes of the section that starts at the given address.
if the entire section cannot be accessed, try smaller regions until it works.
'''
segend = idaapi.getseg(segstart).endEA
buf = None
segsize = segend - segstart
while buf is None:
buf = idc.GetManyBytes(segstart, segsize)
if buf is None:
segsize -= 0x1000
return buf
def decode_here_clicked(self):
inst = idc.here()
if not idc.isCode(idc.GetFlags(inst)):
print "Not code instruction"
else:
raw = idc.GetManyBytes(inst, idc.NextHead(inst)-inst)
s = to_hex(raw)
self.decode_ir(s)
def _getOriginData(self, address, size):
res = []
for offset in xrange(0, size, 64):
tmp = GetManyBytes(address + offset, 64)
if tmp == None:
res.extend([pack("<Q", Qword(address + offset + i)) for i in range(0, 64, 8)])
else:
res.append(tmp)
res = "".join(res)
return res[:size]
def get_code_and_blocks(ea):
"""Extracts the control flow graph for the function at the given address.
Returns a dictionary with the instructions (ea->insn.Instruction) and a list
of the basic blocs (bbl.BasicBlock)."""
code = {}
blocks = {}
ida_blocks = set(idaapi.FlowChart(idaapi.get_func(ea)))
for bb in ida_blocks:
# XXX: it seems that it's not a bug but inter-function jumps!
if bb.startEA == bb.endEA: # skip that .. it's IDA's bug
#print "skipping block %x : %x in func %x"%(bb.startEA, bb.endEA, ea)
continue
blocks[bb.startEA] = bbl.BasicBlock(bb.startEA, bb.endEA, {})
for head in idautils.Heads(bb.startEA, bb.endEA):
ibytes = idc.GetManyBytes(head, idc.ItemEnd(head) - head)
spd = idc.GetSpd(head)
code[head] = insn.Instruction(head, ibytes, spd)
blocks[bb.startEA].instrs.append(code[head])
next_head = idc.NextHead(head, bb.endEA)
if idaapi.isFlow(idc.GetFlags(next_head)):
code[head].succ.add(next_head)
for suc_bb in (s for s in bb.succs() if s.startEA != s.endEA):
#assume head is the last instruction of the block
code[head].succ.add(suc_bb.startEA)
for bb in (b for b in ida_blocks if b.startEA != b.endEA):
for suc_bb in (s for s in bb.succs() if s.startEA != s.endEA):
# a jump with zero offset (like, jz 0) gives two succs to the same bb
if blocks[suc_bb.startEA] not in blocks[bb.startEA].successors:
blocks[bb.startEA].successors.append(blocks[suc_bb.startEA])
blocks[bb.startEA].successors.sort(key=lambda x: x.begin, reverse=True)
#FIXME: find a better way ..
for block in blocks.itervalues():
if block.instrs[0].addr == ea:
#print "found the entry!:", block.instrs
block.instrs[0].f_entry = True
block.type |= bbl.BasicBlock.ENTRY
break
else:
print "BUG: could not find function entry in instrs!!"
#print "blocks:", blocks
return code, blocks.values()
#XXX: good test function in 0x070016E7 (BIB.dll)
