我们从Python开源项目中,提取了以下10个代码示例,用于说明如何使用idc.MakeComm()。
def AppendComment(ea, s, repeatable=False): # see williutils and http://blogs.norman.com/2011/security-research/improving-ida-analysis-of-x64-exception-handling if repeatable: string = idc.RptCmt(ea) else: string = idc.Comment(ea) if not string: string = s # no existing comment else: if s in string: # ignore duplicates return string = string + "\n" + s if repeatable: idc.MakeRptCmt(ea, string) else: idc.MakeComm(ea, string)
def revise_syscall(rename=False): if not rename: print('Change the function name with `CGCHeler.revise_syscall(True)`.') # visit all instructions start_ea, end_ea = utils.get_seg_range('.text') eax = -1 ip = start_ea while ip < end_ea and ip != idaapi.BADADDR: if 'int' in idc.GetMnem(ip) and '80h' == idc.GetOpnd(ip, 0): if eax != -1: # fix comment and function name print('{}: {}'.format(hex(ip), syscall_table[eax])) idc.MakeComm(ip, 'CGC syscall: {}'.format(syscall_table[eax])) if rename: print('Change {} to {}'.format(idc.GetFunctionName(ip), syscall_table[eax])) idc.MakeName(idc.GetFunctionAttr(ip, idc.FUNCATTR_START), syscall_table[eax]) elif 'mov' in idc.GetMnem(ip) and 'eax' == idc.GetOpnd(ip, 0) and 5 == idc.GetOpType(ip, 1): value = idc.GetOpnd(ip, 1) if re.search('^[0-9]+$', value) != None: eax = int(value) if eax > 7 or eax < 1: eax = -1 ip = idc.NextHead(ip)
def _ApdComm(self, ea, id): # DEBUG_PRINT('_ApdComm') g_mark = ' ' if self._global == 1: idx = self._dbDict[ea]._idx_list[id][0] g_mark = '_g' else: idx = self._dbDict[ea]._idx_list[id][0] - self._dbDict[idaapi.get_func(ea).startEA]._idx_list[0][0] g_mark = '_L' idxcomm = self._dbDict[ea]._idx_list[id][1] comm = self._commMarker + str(idx) + g_mark +' ' +str(idxcomm).strip('{}') oldComm = str(idc.GetCommentEx(ea, 0)) tag = '' for xref in idautils.CodeRefsTo(ea, 0): if xref !=[]: if ea != idaapi.get_func(ea).startEA and oldComm == 'None': comm = '\n' + comm break if(oldComm != 'None'): comm = oldComm + '\n' + comm idc.MakeComm(ea, str(comm)) self._dbDict[ea]._shown = True return
def append_comment(ea, s, repeatable=False): ''' add the given string as a (possibly repeating) comment to the given address. does not add the comment if it already exists. adds the comment on its own line. Args: ea (int): the address at which to add the comment. s (str): the comment text. repeatable (bool): if True, set a repeatable comment. Raises: UnicodeEncodeError: if the given string is not ascii. ''' # see: http://blogs.norman.com/2011/security-research/improving-ida-analysis-of-x64-exception-handling s = s.encode('ascii') if repeatable: string = idc.RptCmt(ea) else: string = idc.Comment(ea) if not string: string = s # no existing comment else: if s in string: # ignore duplicates return string = string + "\\n" + s if repeatable: idc.MakeRptCmt(ea, string) else: idc.MakeComm(ea, string)
def disassemble_from_trace(self): try: index = self.traces_tab.currentIndex() trace = self.core.traces[self.id_map[index]] self.disassemble_button.setFlat(True) found_match = False for k, inst in trace.instrs.items(): if k in trace.metas: for name, arg1, arg2 in trace.metas[k]: if name == "wave": self.parent.log("LOG", "Wave n°%d encountered at (%s,%x) stop.." % (arg1, k, inst.address)) prev_inst = trace.instrs[k-1] idc.MakeComm(prev_inst.address, "Jump into Wave %d" % arg1) self.disassemble_button.setFlat(False) return # TODO: Check that the address is in the address space of the program if not idc.isCode(idc.GetFlags(inst.address)): found_match = True # TODO: Add an xref with the previous instruction self.parent.log("LOG", "Addr:%x not decoded as an instruction" % inst.address) if idc.MakeCode(inst.address) == 0: self.parent.log("ERROR", "Fail to decode at:%x" % inst.address) else: idaapi.autoWait() self.parent.log("SUCCESS", "Instruction decoded at:%x" % inst.address) if not found_match: self.parent.log("LOG", "All instruction are already decoded") self.disassemble_button.setFlat(False) except KeyError: print "No trace found to use"
def make_comment(pos, string): """ Creates a comment with contents `string` at address `pos`. If the address is already commented append the new comment to the existing comment """ current_comment = idc.Comment(pos) if not current_comment: idc.MakeComm(pos, string) elif string not in current_comment: idc.MakeComm(pos, current_comment + " " + string)
def activate(self, ctx): pos = idc.ScreenEA() # Get current comment for this instruction and remove the C define from it, if present comment = idc.Comment(pos) code = get_operand_value(pos) define = ioctl_decoder.get_define(code) comment = comment.replace(define, "") idc.MakeComm(pos, comment) # Remove the ioctl from the valid list and add it to the invalid list to avoid 'find_all_ioctls' accidently re-indexing it. ioctl_tracker.remove_ioctl(pos)
def _RmComm(self, ea): oldComm = str(idc.GetCommentEx(ea, 0)) startIdx = oldComm.find(self._commMarker) if(startIdx != -1): comm = oldComm[0:startIdx] idc.MakeComm(ea, str(comm).strip()) self._dbDict[ea]._shown = False return
def GlobalorLocal(self): origlobal= self._global views = ['1','2','3'] if self._global == 1: tmpglobal = 0 else: tmpglobal = 1 c_ea = idc.ScreenEA() (c_startEA,c_endEA) = self._GetFuncRange(c_ea) indexs = [i for i,item in enumerate(self._tablelist) if item[2] in views] for index in indexs: ea = int(self._tablelist[index][0],16) DEBUG_PRINT( ea) (startEA,endEA) = self._GetFuncRange(ea) if startEA == c_startEA: c_index = index continue self._delComms(startEA,endEA) self._tablelist[index][2] = '0' for ea in range(c_startEA,c_endEA+1): if ea in self._dbDict.keys(): if self._dbDict[ea]._shown == True: idx = self.GetIDX(ea) id = self.GetID(ea, idx) oldComm = str(idc.GetCommentEx(ea, 0)) startIdx = oldComm.find(self._commMarker) if(startIdx != -1): comm = oldComm[0:startIdx] idc.MakeComm(ea, str(comm).strip()) self._global = tmpglobal self._ApdComm(ea,id) self._global = origlobal self._global = tmpglobal return
def print_mcr_op(i, mcr, s): print "%x: %s (using r%d)" %(i.ea, s, mcr['opcode1']) if ADD_COMMENT: idc.MakeComm(i.ea, s)
