Python idc.GetManyBytes() Examples
The following are 10
code examples of idc.GetManyBytes().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idc
, or try the search function
.
.
Example #1
| Source File: trace.py From idasec with GNU Lesser General Public License v2.1 | 6 votes |
|
def chunk_from_path(path):
assert_ida_available()
import idc
chunk = chunk_t()
for i in xrange(len(path)):
body = chunk.body.add()
body.typeid = body.INSTRUCTION
inst = body.instruction
inst.thread_id = 0
addr = path[i]
inst.address = addr
inst.opcode = idc.GetManyBytes(addr, idc.NextHead(addr)-addr)
try:
next_a = path[i+1]
inf1 = inst.concrete_infos.add()
inf1.next_address = next_a
inf1.typeid = inf1.NEXT_ADDRESS
except IndexError:
pass
inf2 = inst.concrete_infos.add()
inf2.typeid = inf2.NOT_RETRIEVED
return chunk
Example #2
| Source File: AnalysisWidget.py From idasec with GNU Lesser General Public License v2.1 | 6 votes |
|
def add_initial_state_action(self):
from_addr = self.initial_state_from_field.text()
to_addr = self.initial_state_to_field.text()
if from_addr == "" or to_addr == "":
print "One of the two fields from/to is empty"
return
try:
from_addr = int(from_addr, 16)
to_addr = int(to_addr, 16)
if to_addr <= from_addr:
print "'To' address must be strictly superior than 'from'"
else:
raw = base64.b64encode(idc.GetManyBytes(from_addr, to_addr-from_addr+1))
self.initial_state_list.addItem("%x -> %x: %s" % (from_addr, to_addr, raw))
except ValueError:
print "From or To cannot be converted to address"
Example #3
| Source File: ida_utilities.py From ida_kernelcache with MIT License | 6 votes |
|
def _read_struct_member_once(ea, flags, size, member_sid, member_size, asobject):
"""Read part of a struct member for _read_struct_member."""
if idc.isByte(flags):
return read_word(ea, 1), 1
elif idc.isWord(flags):
return read_word(ea, 2), 2
elif idc.isDwrd(flags):
return read_word(ea, 4), 4
elif idc.isQwrd(flags):
return read_word(ea, 8), 8
elif idc.isOwrd(flags):
return read_word(ea, 16), 16
elif idc.isASCII(flags):
return idc.GetManyBytes(ea, size), size
elif idc.isFloat(flags):
return idc.Float(ea), 4
elif idc.isDouble(flags):
return idc.Double(ea), 8
elif idc.isStruct(flags):
value = read_struct(ea, sid=member_sid, asobject=asobject)
return value, member_size
return None, size
Example #4
| Source File: MainWidget.py From idasec with GNU Lesser General Public License v2.1 | 5 votes |
|
def decode_here_clicked(self):
inst = idc.here()
if not idc.isCode(idc.GetFlags(inst)):
print "Not code instruction"
else:
raw = idc.GetManyBytes(inst, idc.NextHead(inst)-inst)
s = to_hex(raw)
self.decode_ir(s)
Example #5
| Source File: ida_ts.py From fcatalog_client with GNU General Public License v3.0 | 5 votes |
|
def _get_func_data(func_addr):
"""
Get function's data
"""
logger.debug('_get_func_data: {}'.format(func_addr))
func_length = _get_func_length(func_addr)
if func_length is None:
return None
func_data = idc.GetManyBytes(func_addr,func_length)
if func_data is None:
return None
# raise FCatalogClientError('Failed reading function {:X} data'.\
# format(func_addr))
return str(func_data)
Example #6
| Source File: 16_输入与输出.py From IDAPython_Note with MIT License | 5 votes |
|
def getData(self):
#获取起始地址和结束地址之间的数据,并将它们存入object.buffer中
self.ogLen = self.end - self.start
self.buffer = ''
try:
for byte in idc.GetManyBytes(self.start, self.ogLen):
self.buffer = self.buffer + byte
except:
self.start = False
return
Example #7
| Source File: yara_fn.py From python-idb with Apache License 2.0 | 5 votes |
|
def get_segment_buffer(segstart):
"""
fetch the bytes of the section that starts at the given address.
if the entire section cannot be accessed, try smaller regions until it works.
"""
segend = idaapi.getseg(segstart).endEA
buf = None
segsize = segend - segstart
while buf is None:
buf = idc.GetManyBytes(segstart, segsize - 1)
if buf is None:
segsize -= 0x1000
return buf
Example #8
| Source File: argtracker_example2.py From flare-ida with Apache License 2.0 | 5 votes |
|
def decodeString(strLoc, count, const1):
buff = idc.GetManyBytes(strLoc, count)
decString = decodeSoguBytes20100921_strings(buff, 0, count, const1)
return decString
Example #9
| Source File: Node.py From grap with MIT License | 4 votes |
|
def __init__(self, ea, info, cs):
"""Initialization function."""
# Init the node structure
node_t.__init__(self)
# Check if it's a code instruction
try:
is_c = is_code(get_flags(ea))
except:
is_c = isCode(GetFlags(ea))
if not is_c:
raise CodeException
#
# fill node_t struct
#
# NodeInfo
self.info = NodeInfo()
inst_elements = []
try:
size = create_insn(ea)
bytes = get_bytes(ea, size)
except:
size = MakeCode(ea)
bytes = GetManyBytes(ea, size)
(address, size, mnemonic, op_str) = next(cs.disasm_lite(bytes, ea, count=1))
self.info.opcode = mnemonic
self.info.inst_str = self.info.opcode + " " + op_str
splitted = op_str.split(", ")
self.info.nargs = 0
if len(splitted) >= 1:
self.info.arg1 = splitted[0]
self.info.nargs += 1
if len(splitted) >= 2:
self.info.arg2 = splitted[1]
self.info.nargs += 1
if len(splitted) >= 3:
self.info.arg3 = splitted[2]
self.info.nargs += 1
# No node will be root but this is acceptable for CFGs
self.info.is_root = False
self.info.address = ea
self.info.has_address = True
# node_t
self.node_id = self._genid()
Example #10
| Source File: memory_reader.py From ida-images with MIT License | 4 votes |
|
def get_padded_bytes(self, size):
result = "\x00" * size
ranges_left = [MemoryRange(self.address, self.address + size)]
segment_count = idaapi.get_segm_qty()
valid_memory_ranges = []
for i in range(segment_count):
segment = idaapi.getnseg(i)
# Skip segments with unstable data
if segment.type == idaapi.SEG_XTRN:
continue
valid_memory_ranges.append(
MemoryRange(segment.startEA, segment.endEA)
)
while len(ranges_left) > 0:
# Get a requested memory range and remove it from the list
current_range = ranges_left.pop()
intersection = None
for memory_range in valid_memory_ranges:
start = max(current_range.start, memory_range.start)
end = min(current_range.end, memory_range.end)
if end > start:
intersection = MemoryRange(start, end)
break
# No segment can satisfy any part of requested range
if intersection is None:
continue
chunk = idc.GetManyBytes(
intersection.start, intersection.end - intersection.start
)
if chunk is None:
print(
"[librgb] Some bytes are unreadable in %s..%s"
% (
idc.atoa(intersection.start),
idc.atoa(intersection.end),
)
)
continue
result = (
result[0 : intersection.start - self.address]
+ chunk
+ result[intersection.end - self.address :]
)
assert len(result) == size
# If necessary, enqueue ranges unsatisfied by chosen mem segment
range1 = MemoryRange(current_range.start, intersection.start)
range2 = MemoryRange(intersection.end, current_range.end)
if range1.length > 0:
ranges_left.append(range1)
if range2.length > 0:
ranges_left.append(range2)
assert len(result) == size
return result
