IDA python 脚本
2019-10-23 本文已影响0人
炫子_260f
import idautils
import idaapi
补丁为nop
# 补丁为nop
def patch_nop(start, end):
# ea = 0x0000000100FF4934
nop = 0xD503201F
for i in range((end - start) / 4):
addr = start + (i * 4)
idc.PatchDword(addr, nop)
return
解析为code
# 解析为code
def make_code(start, end):
for i in range((end - start) / 4):
addr = start + (i * 4)
idaapi.do_unknown_range(addr, 4, 0)
idaapi.auto_make_code(addr)
return
解析为无指令
# 解析为无指令
def make_unknown(start, end):
for i in range((end - start) / 4):
addr = start + (i * 4)
idaapi.do_unknown_range(addr, 4, 0)
return
查找替换指令
# 查找替换指令
def find_replace_hex(hex_value, number, replaceHex):
addr = MinEA()
# addr = 0x100FF494c
for x in range(number):
addr = idc.FindBinary(addr, SEARCH_DOWN | SEARCH_NEXT, hex_value)
if addr != idc.BADADDR:
idc.PatchDword(addr, replaceHex)
print(hex(addr), idc.GetDisasm(addr))
else:
break
从addr开始,打印内容
# 从addr开始,打印内容
def get_string(addr):
out = ""
while True:
if Byte(addr) != 0:
out += chr(Byte(addr))
else:
break
addr += 1
return out
从addr开始,向上查找是同一字符串的地址
# 从addr开始,向上查找是同一字符串的地址
def get_addr(addr):
out = ""
while True:
if Byte(addr) != 0:
out = addr
else:
break
addr -= 1
return out
查找替换指令
# 查找替换指令
def find_hex(hex_value, number):
addr = 0x9E9B6000
number = 0x00079000
# addr = MinEA()
# addr = 0x100FF494c
for x in range(number):
addr = idc.FindBinary(addr, SEARCH_DOWN | SEARCH_NEXT, hex_value)
if addr != idc.BADADDR:
return addr
else:
break
return 0
#find_hex 例子
.text:0003D910 80 B5 PUSH {R7,LR}
.text:0003D912 6F 46 MOV R7, SP
.text:0003D914 82 B0 SUB SP, SP, #8
.text:0003D916 D7 F8 08 C0 LDR.W R12, [R7,#8]
.text:0003D91A F9 68 LDR R1, [R7,#0xC]
.text:0003D91C 00 91 STR R1, [SP,#0x10+var_10]
.text:0003D91E 11 46 MOV R1, R2
.text:0003D920 1A 46 MOV R2, R3
.text:0003D922 63 46 MOV R3, R12
.text:0003D924 D9 F7 82 FF BL sub_1782C
.text:0003D928 02 B0 ADD SP, SP, #8
.text:0003D92A 80 BD POP {R7,PC}
.text:0003D92A ; } //
addr = find_hex('80 B5 6F 46 82 B0 D7 F8 08 C0', MaxEA())
print(hex(addr))
