Python idaapi.get_qword() Examples
The following are 6
code examples of idaapi.get_qword().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: idautils.py From dumpDex with Apache License 2.0 | 6 votes |
|
def GetDataList(ea, count, itemsize=1):
"""
Get data list - INTERNAL USE ONLY
"""
if itemsize == 1:
getdata = idaapi.get_byte
elif itemsize == 2:
getdata = idaapi.get_word
elif itemsize == 4:
getdata = idaapi.get_long
elif itemsize == 8:
getdata = idaapi.get_qword
else:
raise ValueError, "Invalid data size! Must be 1, 2, 4 or 8"
endea = ea + itemsize * count
curea = ea
while curea < endea:
yield getdata(curea)
curea += itemsize
Example #2
| Source File: ps4_module.py From ps4_module_loader with GNU General Public License v3.0 | 6 votes |
|
def pablo(mode, address, end, search):
while address < end:
address = idaapi.find_binary(address, end, search, 0x10, SEARCH_DOWN)
if address > idaapi.get_segm_by_name('CODE').end_ea:
offset = address - 0x3
if idaapi.isUnknown(idaapi.getFlags(offset)):
if idaapi.get_qword(offset) <= end:
idaapi.create_data(offset, FF_QWORD, 0x8, BADNODE)
address = offset + 0x4
else:
address += mode
idaapi.do_unknown(address, 0)
idaapi.create_insn(address)
idaapi.add_func(address, BADADDR)
address += 0x1
# Load Input Binary...
Example #3
| Source File: ida_debugger.py From IDAngr with BSD 2-Clause "Simplified" License | 5 votes |
|
def get_qword(self, addr):
return idaapi.get_qword(addr)
Example #4
| Source File: data.py From Sark with MIT License | 5 votes |
|
def Qwords(start=None, end=None):
start, end = fix_addresses(start, end)
return map(idaapi.get_qword, list(range(start, end, 8)))
Example #5
| Source File: DBGHider.py From DBGHider with Apache License 2.0 | 4 votes |
|
def dbg_process_start(self, pid, tid, ea, name, base, size):
self.mem_for_inline_hooks = 0
self.virtualalloc = 0
ntdll = DllHook('ntdll.dll')
ntdll.add_func( FuncHook('ntdll_NtClose', NtClose_inline_hook_code_32, NtClose_bpt_cond_hook_code_32) )
ntdll.add_func( FuncHook('ntdll_NtQueryInformationProcess', NtQueryInformationProcess_inline_hook_code_32, NtQueryInformationProcess_bpt_cond_hook_code_32) )
self.dlls = [ntdll]
# IDA creates a segment named "TIB[XXXXXXXX]", which points to
# wow_peb64 antually. We can get peb from wow_peb64 with 0x1000 offset.
# peb_addr = wow_peb64_addr + 0x1000
# Note: IDA has not created segment "TIB[XXXXXXXX]" at this point.
# tid = get_current_thread()
# tib_segm_name = "TIB[%08X]" % tid
# print tib_segm_name
# tib_segm = get_segm_by_name(tib_segm_name)
# wow_peb64 = tib_segm.start_ea
# peb = tib_segm.start_ea + 0x1000
# on debugging start, ebx points to peb
# get addrs of peb and wow_peb64
ebx = idc.get_reg_value("ebx")
peb = ebx
wow_peb64 = peb - 0x1000
# patch peb->BeingDebugged
# solving peb->NtGlobalFlag and "Heap Magic" anti-debug method
# at the same time.
idc.patch_byte(peb + 2, 0)
idc.patch_byte(wow_peb64 + 2, 0)
# patching peb process paramters
peb_process_parameters = idaapi.get_dword(peb + 0x10)
flag = idaapi.get_dword(peb_process_parameters + 0x8)
idc.patch_dword(peb_process_parameters + 0x8, flag | 0x4000)
# patching peb64 process paramters
peb64_process_parameters = idaapi.get_qword(wow_peb64 + 0x20)
flag = idaapi.get_dword(peb64_process_parameters + 0x8)
idc.patch_dword(peb64_process_parameters + 0x8, flag | 0x4000)
Example #6
| Source File: ps4_module.py From ps4_module_loader with GNU General Public License v3.0 | 4 votes |
|
def resolve(self, alphabet, nids, symbols, libraries):
if self.INFO > Relocation.R_X86_64_ORBIS_GOTPCREL_LOAD:
self.INDEX = self.INFO >> 32
self.INFO &= 0xFF
symbol = next(value for key, value in enumerate(symbols) if key + 2 == self.INDEX)[1]
# Library
try:
lid1 = alphabet[symbol[12:13]]
# [base64]#
if symbol[13:14] == '#':
library = libraries[lid1]
# [base64][base64]#
elif symbol[14:15] == '#':
lid2 = alphabet[symbol[13:14]]
library = libraries[lid1 + lid2]
else:
raise
# Not a NID
except:
library = ''
# Function Name (Offset) == Symbol Value + AddEnd (S + A)
# Library Name (Offset) == Symbol Value (S)
real = idc.get_qword(self.OFFSET)
idc.add_func(real)
# Hacky way to determine if this is the real function...
real -= 0x6 if idc.print_insn_mnem(real) == 'push' else 0x0
# Resolve the NID...
idc.set_cmt(real, 'NID: ' + symbol, False)
function = nids.get(symbol[:11], symbol)
# Rename the Jump Function...
idc.set_name(self.OFFSET, '__imp_' + function, SN_NOCHECK | SN_NOWARN | SN_FORCE)
# Rename the Real Function...
idc.set_name(real, function, SN_NOCHECK | SN_NOWARN | SN_FORCE)
try:
import_node = idaapi.netnode(library, 0, True)
import_node.supset(ea2node(real), function)
# Requires customized loader.i / ida_loader.py(d)
idaapi.import_module(library, None, import_node.index(), None, 'linux')
except:
pass
return self.type()
