Python idc.GetManyBytes() Examples
The following are 10 code examples for showing how to use idc.GetManyBytes(). These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example.
You may check out the related API usage on the sidebar.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
Example 1
| Project: idasec Author: RobinDavid File: trace.py License: GNU Lesser General Public License v2.1 | 6 votes |
|
def chunk_from_path(path):
assert_ida_available()
import idc
chunk = chunk_t()
for i in xrange(len(path)):
body = chunk.body.add()
body.typeid = body.INSTRUCTION
inst = body.instruction
inst.thread_id = 0
addr = path[i]
inst.address = addr
inst.opcode = idc.GetManyBytes(addr, idc.NextHead(addr)-addr)
try:
next_a = path[i+1]
inf1 = inst.concrete_infos.add()
inf1.next_address = next_a
inf1.typeid = inf1.NEXT_ADDRESS
except IndexError:
pass
inf2 = inst.concrete_infos.add()
inf2.typeid = inf2.NOT_RETRIEVED
return chunk
Example 2
| Project: idasec Author: RobinDavid File: AnalysisWidget.py License: GNU Lesser General Public License v2.1 | 6 votes |
|
def add_initial_state_action(self):
from_addr = self.initial_state_from_field.text()
to_addr = self.initial_state_to_field.text()
if from_addr == "" or to_addr == "":
print "One of the two fields from/to is empty"
return
try:
from_addr = int(from_addr, 16)
to_addr = int(to_addr, 16)
if to_addr <= from_addr:
print "'To' address must be strictly superior than 'from'"
else:
raw = base64.b64encode(idc.GetManyBytes(from_addr, to_addr-from_addr+1))
self.initial_state_list.addItem("%x -> %x: %s" % (from_addr, to_addr, raw))
except ValueError:
print "From or To cannot be converted to address"
Example 3
| Project: ida_kernelcache Author: bazad File: ida_utilities.py License: MIT License | 6 votes |
|
def _read_struct_member_once(ea, flags, size, member_sid, member_size, asobject):
"""Read part of a struct member for _read_struct_member."""
if idc.isByte(flags):
return read_word(ea, 1), 1
elif idc.isWord(flags):
return read_word(ea, 2), 2
elif idc.isDwrd(flags):
return read_word(ea, 4), 4
elif idc.isQwrd(flags):
return read_word(ea, 8), 8
elif idc.isOwrd(flags):
return read_word(ea, 16), 16
elif idc.isASCII(flags):
return idc.GetManyBytes(ea, size), size
elif idc.isFloat(flags):
return idc.Float(ea), 4
elif idc.isDouble(flags):
return idc.Double(ea), 8
elif idc.isStruct(flags):
value = read_struct(ea, sid=member_sid, asobject=asobject)
return value, member_size
return None, size
Example 4
| Project: idasec Author: RobinDavid File: MainWidget.py License: GNU Lesser General Public License v2.1 | 5 votes |
|
def decode_here_clicked(self):
inst = idc.here()
if not idc.isCode(idc.GetFlags(inst)):
print "Not code instruction"
else:
raw = idc.GetManyBytes(inst, idc.NextHead(inst)-inst)
s = to_hex(raw)
self.decode_ir(s)
Example 5
| Project: fcatalog_client Author: xorpd File: ida_ts.py License: GNU General Public License v3.0 | 5 votes |
|
def _get_func_data(func_addr):
"""
Get function's data
"""
logger.debug('_get_func_data: {}'.format(func_addr))
func_length = _get_func_length(func_addr)
if func_length is None:
return None
func_data = idc.GetManyBytes(func_addr,func_length)
if func_data is None:
return None
# raise FCatalogClientError('Failed reading function {:X} data'.\
# format(func_addr))
return str(func_data)
Example 6
| Project: IDAPython_Note Author: ExpLife0011 File: 16_输入与输出.py License: MIT License | 5 votes |
|
def getData(self):
#获取起始地址和结束地址之间的数据,并将它们存入object.buffer中
self.ogLen = self.end - self.start
self.buffer = ''
try:
for byte in idc.GetManyBytes(self.start, self.ogLen):
self.buffer = self.buffer + byte
except:
self.start = False
return
Example 7
| Project: python-idb Author: williballenthin File: yara_fn.py License: Apache License 2.0 | 5 votes |
|
def get_segment_buffer(segstart):
"""
fetch the bytes of the section that starts at the given address.
if the entire section cannot be accessed, try smaller regions until it works.
"""
segend = idaapi.getseg(segstart).endEA
buf = None
segsize = segend - segstart
while buf is None:
buf = idc.GetManyBytes(segstart, segsize - 1)
if buf is None:
segsize -= 0x1000
return buf
Example 8
| Project: flare-ida Author: fireeye File: argtracker_example2.py License: Apache License 2.0 | 5 votes |
|
def decodeString(strLoc, count, const1):
buff = idc.GetManyBytes(strLoc, count)
decString = decodeSoguBytes20100921_strings(buff, 0, count, const1)
return decString
Example 9
| Project: grap Author: AirbusCyber File: Node.py License: MIT License | 4 votes |
|
def __init__(self, ea, info, cs):
"""Initialization function."""
# Init the node structure
node_t.__init__(self)
# Check if it's a code instruction
try:
is_c = is_code(get_flags(ea))
except:
is_c = isCode(GetFlags(ea))
if not is_c:
raise CodeException
#
# fill node_t struct
#
# NodeInfo
self.info = NodeInfo()
inst_elements = []
try:
size = create_insn(ea)
bytes = get_bytes(ea, size)
except:
size = MakeCode(ea)
bytes = GetManyBytes(ea, size)
(address, size, mnemonic, op_str) = next(cs.disasm_lite(bytes, ea, count=1))
self.info.opcode = mnemonic
self.info.inst_str = self.info.opcode + " " + op_str
splitted = op_str.split(", ")
self.info.nargs = 0
if len(splitted) >= 1:
self.info.arg1 = splitted[0]
self.info.nargs += 1
if len(splitted) >= 2:
self.info.arg2 = splitted[1]
self.info.nargs += 1
if len(splitted) >= 3:
self.info.arg3 = splitted[2]
self.info.nargs += 1
# No node will be root but this is acceptable for CFGs
self.info.is_root = False
self.info.address = ea
self.info.has_address = True
# node_t
self.node_id = self._genid()
Example 10
| Project: ida-images Author: rr- File: memory_reader.py License: MIT License | 4 votes |
|
def get_padded_bytes(self, size):
result = "\x00" * size
ranges_left = [MemoryRange(self.address, self.address + size)]
segment_count = idaapi.get_segm_qty()
valid_memory_ranges = []
for i in range(segment_count):
segment = idaapi.getnseg(i)
# Skip segments with unstable data
if segment.type == idaapi.SEG_XTRN:
continue
valid_memory_ranges.append(
MemoryRange(segment.startEA, segment.endEA)
)
while len(ranges_left) > 0:
# Get a requested memory range and remove it from the list
current_range = ranges_left.pop()
intersection = None
for memory_range in valid_memory_ranges:
start = max(current_range.start, memory_range.start)
end = min(current_range.end, memory_range.end)
if end > start:
intersection = MemoryRange(start, end)
break
# No segment can satisfy any part of requested range
if intersection is None:
continue
chunk = idc.GetManyBytes(
intersection.start, intersection.end - intersection.start
)
if chunk is None:
print(
"[librgb] Some bytes are unreadable in %s..%s"
% (
idc.atoa(intersection.start),
idc.atoa(intersection.end),
)
)
continue
result = (
result[0 : intersection.start - self.address]
+ chunk
+ result[intersection.end - self.address :]
)
assert len(result) == size
# If necessary, enqueue ranges unsatisfied by chosen mem segment
range1 = MemoryRange(current_range.start, intersection.start)
range2 = MemoryRange(intersection.end, current_range.end)
if range1.length > 0:
ranges_left.append(range1)
if range2.length > 0:
ranges_left.append(range2)
assert len(result) == size
return result
