Python idc.get_strlit_contents() Examples

The following are 9 code examples of idc.get_strlit_contents(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module idc , or try the search function .
Example #1
Source File: strings.py    From Karta with MIT License 5 votes vote down vote up 
def getAsciiString(self, ea):
        """Fetch the best ascii string that starts at the given address, according to IDA.

        Args:
            ea (int): effective address of the wanted string

        Return Value:
            IDA's best ascii string that starts at the given address
        """
        return idc.get_strlit_contents(ea, -1, -1)
Example #2
Source File: strings.py    From Karta with MIT License 5 votes vote down vote up 
def defineAsciiString(self, ea):
        r"""Define an ascii string at the given address.

        Args:
            ea (int): effective start address of the wanted ascii string

        Return Value:
            The length of the defined string + 1 for the '\0' terminator
        """
        content = idc.get_strlit_contents(ea, -1, -1)
        if not sark.Line(ea).is_string:
            self._analyzer.logger.debug("Defined a unique ascii string at: 0x%x (Length of %d)", ea, len(content) + 1)
        ida_bytes.del_items(ea, 0, len(content) + 1)
        idc.create_strlit(ea, ea + len(content) + 1)
        return len(content) + 1
Example #3
Source File: exception.py    From mcsema with Apache License 2.0 5 votes vote down vote up 
def read_string(ea):
  s = idc.get_strlit_contents(ea, -1, idc.ASCSTR_C)
  if s:
    slen = len(s)+1
    idc.del_items(ea, idc.DOUNK_SIMPLE, slen)
    idaapi.make_ascii_string(ea, slen, idc.ASCSTR_C)
    return s, ea + slen
  else:
    return s, ea
Example #4
Source File: data.py    From Sark with MIT License 5 votes vote down vote up 
def get_string(ea):
    """Read the string at the given ea.

    This function uses IDA's string APIs and does not implement any special logic.
    """
    # We get the item-head because the `GetStringType` function only works on the head of an item.
    string_type = idc.get_str_type(idaapi.get_item_head(ea))

    if string_type is None:
        raise exceptions.SarkNoString("No string at 0x{:08X}".format(ea))

    string = idc.get_strlit_contents(ea, strtype=string_type)

    if not string:
        raise exceptions.SarkNoString("No string at 0x{:08X}".format(ea))

    return string
Example #5
Source File: as3.py    From ActionScript3 with GNU General Public License v3.0 5 votes vote down vote up 
def find(self):

        ea = idc.get_first_seg()

        tags = []
        while (ea != ida_idaapi.BADADDR):
            if (idc.get_segm_name(ea) == "DoABC"):
                name = idc.get_strlit_contents(ea + 0xA)
                tags.append("%d - %s" % (ea, name))

            ea = idc.get_next_seg(ea)
        
        if (tags == []):
            return False

        if (len(tags) > 1):
            app = QtWidgets.QWidget()
            ea, ok = QtWidgets.QInputDialog.getItem(app, "Select DoABC tag", 
                                                    "List of DoABC tags", 
                                                    tags, 0, False)

            if (ea and ok):
                ea = long(ea.split()[0])
            else:
                return False

        else:
            ea = long(tags[0].split()[0])

        Reader.pos = ea

        return True
Example #6
Source File: as3.py    From ActionScript3 with GNU General Public License v3.0 5 votes vote down vote up 
def parse(self):
    
        self.start = Reader.pos

        tag_code_and_length = idc.get_wide_word(Reader.pos)
        Reader.pos += 2
        
        self.tag_code = tag_code_and_length >> 6
        self.tag_length = tag_code_and_length & 0x3F
        
        self.data_length = idc.get_wide_dword(Reader.pos)
        Reader.pos += 4
        
        if (self.tag_code != 0x48): # DoABC1

            self.flags = idc.get_wide_dword(Reader.pos)
            Reader.pos += 4
            
            self.name = idc.get_strlit_contents(Reader.pos)
    
            if (self.name is not None):
                Reader.pos += len(self.name)
    
            Reader.pos += 1
        
        self.minor_version = idc.get_wide_word(Reader.pos)
        Reader.pos += 2
        
        self.major_version = idc.get_wide_word(Reader.pos)
        Reader.pos += 2
Example #7
Source File: klfdb.py    From ActionScript3 with GNU General Public License v3.0 5 votes vote down vote up 
def get_method_name(self, esp):

		stringp = self.get_method_name_func(idc.get_wide_dword(esp + 4), 0)
		address = idc.get_wide_dword(stringp + 0x8)
		return idc.get_strlit_contents(address, -1, idc.STRTYPE_C)
Example #8
Source File: colorizer.py    From deREferencing with GNU General Public License v3.0 5 votes vote down vote up 
def get_string(self, ea):
        res = idc.get_strlit_contents(ea)
        if res and len(res) == 1:
            res = idc.get_strlit_contents(ea, -1, idc.STRTYPE_C_16)
        return res
Example #9
Source File: ida_api.py    From Karta with MIT License 4 votes vote down vote up 
def stringAt(self, ea):
        """Return the string that was found on the given address, regardless of it's type.

        Args:
            ea (int): effective address of the wanted string

        Return Value:
            A python string that contains the found string (or None on error)
        """
        str_type = idc.get_str_type(ea)
        if str_type is None:
            return None
        return idc.get_strlit_contents(ea, -1, str_type).decode("utf-8")

    # Overridden base function