# a IDAPython script : give two instruction close to each other like move add , it find their binary representation
from idaapi import *
from idc import *
import os
import sys
class Inst_search:
def __init__(self , inst1 , inst2):
self.inst1 = inst1
self.inst2 = inst2
self.openfile()
def printself(self):
print self.inst1,self.inst2
def printAinstr(self,startea, Itemsize):
out = []
strr = '0000000'
for i in range(startea, Itemsize+startea):
strq = str(bin(GetOriginalByte(i)))[2:]
n = len(strq)
strq = strr[0:8 - n] + strq
out.append(strq)
return str(''.join(out))
def searchinfun(self,fun):
it = func_item_iterator_t(fun)
t = True
while t:
ea = it.current()
inst11 = ua_mnem(ea)
if(it.next_code()):
t = True
else:
t = False
break
ea2 = it.current()
inst22 = ua_mnem(ea2)
# print str(inst11),str(inst22)
if (str(inst11) == self.inst1 and str(inst22) == self.inst2):
# print hex(ea),hex(ea2)
# print inst11,inst22
inst1_size = ItemSize(ea); inst2_size = ItemSize(ea2)
# print inst1_size,inst2_size
self.str1 = self.printAinstr(ea,inst1_size)
self.str2 = self.printAinstr(ea2,inst2_size)
self.savefile()
def openfile(self):
filename = str(sys.path[-1])+os.sep
filename += GetInputFile()
filename += "_" + self.inst1 + self.inst2+'.txt'
self.fhandle = open(filename, 'w+')
print filename
def savefile(self):
print ' writing '+self.str1+' '+self.str2
self.fhandle.write(self.str1+' '+self.str2+'\n')
def search(self):
for i in range(get_func_qty()):
fun = getn_func(i)
print 'search in function : ',i, str(GetFunctionName(fun.startEA))
self.searchinfun(fun)
self.fhandle.close()
print idc.ARGV
if( len(idc.ARGV) < 3):
instrsear = Inst_search('mov','mov')
instrsear.search()
else:
arg1 = sys.argv[1]
arg2 = sys.argv[2]
instrsear = Inst_search(arg1,arg2)
instrsear.search()IDAPython 编程之 查找相邻指令
猜你喜欢
转载自blog.csdn.net/qq_21063873/article/details/65445555
今日推荐
周排行