import os
import sys
def Getasm(ea_from, ea_to, range1, range2):
fp = open("code.txt","w")
ea = ea_from
while ea < ea_to:
cmd = GetMnem(ea)
if cmd == "mov" or cmd == "lea":
opcode = Dword(NextNotTail(ea)-4)
if opcode < 0: #opcode < 0,处理 mov edx, [ebp-350]指令,否则处理mov edx, [ebp+350]
opcode = (~opcode + 1)
Message("-> %08X %08X\n" % (ea, opcode))
if range1 <= opcode <= range2:
delta = opcode - range1
MakeComm(ea, "// +0x%04X" % delta) # 加注释到IDA中
fp.write("%08X %s\n" % (ea, GetDisasm(ea)))
ea = NextNotTail(ea)
fp.close()
Message("OK!")
Getasm(0x401000,0x40F951,0x41AE68,0x0041AEC1);
小弟我没学过Python
Message("-> %08X %08X\n" % (ea, opcode)) 这句 不是应该是 Message("-> %08X %08X\n" ,ea,opcode)
opcode = (~opcode + 1) 这句是取反加一吧 为何输出的是原字节?
我用.idc实现了一遍 能实现一样的功能
Message("-> %08X %08X\n" ,ea,opcode) 能正常输出取反+1的结果
这个
Message()函数为什么格式会不一样?
#include<idc.idc>
static Getasm(ea_from, ea_to, range1, range2)
{
auto fp,opcode,ea,delta;
fp = fopen("code.txt","w");
ea = ea_from;
while(ea < ea_to)
{
auto cmd = GetMnem(ea);
if(cmd == "mov"|cmd == "lea")
{
opcode = Dword(NextNotTail(ea)-4);
if(opcode < 0)
opcode = (~opcode + 1);
Message("-> %08X %08X\n" ,ea,opcode);
if(range1 <= opcode&&opcode <= range2)
{
delta = opcode - range1;
delta=sprintf("//+0x%04X",delta);
MakeComm(ea,delta);
delta=sprintf("%08X %s\n",ea,GetDisasm(ea));
writestr(fp,delta);
}
}
ea = NextNotTail(ea);
}
fclose(fp);
Message("OK!");
}
static main()
{
Getasm(0x401000,0x40F951,0x41AE68,0x0041AEC1);
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
