我们从Python开源项目中,提取了以下9个代码示例,用于说明如何使用idc.MinEA()。
def get_bad_addresses(verbose=True): """ gets all the unmapped addressed from IDA's database """ ret = [] curEa = idc.MinEA() while True: if verbose: print "[+] getting more bad addresses 0x%08X" % (curEa) # the regex "(DC[DQ]| B.*) +0x" will retrieve the following: # 1. DCD 0x... # 2. DCQ 0x... # 3. B 0x..... # 4. BL 0x.... curEa = get_next_bad_addr(curEa, "(DC[DQ]| B.*) +0x") if curEa == idc.BADADDR: break if verbose: print "[+] found bad address at 0x%08X" % (curEa) dcd = idc.GetDisasm(curEa) res = re.findall("0x\w{8,}", dcd) for r in res: ret.append(int(r, 16)) if verbose: print "[+] found %d bad addresses" % len(ret) return ret
def reset(): idc.MakeUnknown(idc.MinEA(), 0x1000, 0) for i in range(0x1000): idc.PatchByte(idc.MinEA() + i, 0)
def tst(): reset() midap.here(idc.MinEA()).write(s.get_code()) idc.MakeFunction(idc.MinEA()) # tst()
def tst(): reset() midap.here(idc.MinEA()).write(s.get_code()) idc.MakeFunction(idc.MinEA())
def renamed(self, *args): g_logger.debug("[IDB Hook] Something is renamed") ea, new_name, is_local_name = args if ea >= idc.MinEA() and ea <= idc.MaxEA(): if is_local_name: g_logger.warning("Local names are unimplemented") pass else: if not SkelUtils.name_blacklist(new_name): self.skel_conn.push_name(ea, new_name) else: g_logger.warning("ea outside program...") return idaapi.IDP_Hooks.renamed(self, *args)
def sample_source(): global full_hash full_hash = "" c = 0 for addr in idautils.Functions(idc.MinEA(),idc.MaxEA()): fname = idc.GetFunctionName(addr) full_hash += normalize_fname(fname)+":"+calc_hash(addr)+":"+shexst(addr)+"|" c = c+1 if c > 1000: print "Too many subs. Plz run:" print "SRC SAMPLE : open('lame_ipc.txt','wb').write(full_hash)" print "DST SAMPLE : src_data = open('lame_ipc.txt','rb').read(full_hash)" else: print 'src_data = "' + full_hash + '"' return
def sample_dest(): global src_data if src_data is None: print "run the src_data = ... first" return src_hashes = {} for i in src_data.split("|"): z = i.split(":") if len(z) < 2: continue if src_hashes.has_key(z[1]): src_hashes[z[1]] = "baadf00d" else: src_hashes[z[1]] = z[0] dst_hashes = {} for addr in idautils.Functions(idc.MinEA(),idc.MaxEA()): fname = idc.GetFunctionName(addr) z = calc_hash(addr) if dst_hashes.has_key(z): dst_hashes[z] = "baadf00d" else: dst_hashes[z] = addr c = 0 for tmp in dst_hashes: if dst_hashes[tmp] == "baadf00d": continue if src_hashes.has_key(tmp): if src_hashes[tmp] != "baadf00d": idc.MakeNameEx(dst_hashes[tmp],"SHARED_"+src_hashes[tmp], SN_NOWARN) c = c+1 print "%d subs have been renamed" % (c) return
def main(): if _IN_IDA: # # get dyld_shared_cache path from IDA's openFile dialog print "[+] Please choose the original dyld_shared_cache_arm64" dsc_path = idc.AskFile(0, "*.*", "dyld shared cache file") else: dsc_path = sys.argv[1] if not dsc_path or not os.path.exists(dsc_path): raise RuntimeError("Couldn't find the dyld shared cache file..") print "[+] about to parse %s.." % (dsc_path) dsc_file = open(dsc_path, "rb") adrfind = AddrFinder(dsc_file, cache_symbols=False) map_shared_bridges(dsc_file, adrfind) if _IN_IDA: addresses = sorted(set(get_bad_addresses())) else: addresses = sorted(set(eval(open("addrs.txt", "rb").read()))) segments, exports = get_segments_and_exports_for_addresses(addresses, adrfind) # segments = join_neighbors(segments, threshold=0x1000) if _IN_IDA: map_segments(segments, dsc_file) map_exports(exports) idaapi.analyze_area(idc.MinEA(), idc.MaxEA())