Python idc.Byte() Examples

The following are 10 code examples of idc.Byte(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module idc , or try the search function .
Example #1
Source File: util.py    From mcsema with Apache License 2.0 6 votes vote down vote up 
def read_leb128(ea, signed):
  """ Read LEB128 encoded data
  """
  val = 0
  shift = 0
  while True:
    byte = idc.Byte(ea)
    val |= (byte & 0x7F) << shift
    shift += 7
    ea += 1
    if (byte & 0x80) == 0:
      break

    if shift > 64:
      DEBUG("Bad leb128 encoding at {0:x}".format(ea - shift/7))
      return idc.BADADDR

  if signed and (byte & 0x40):
    val -= (1<<shift)
  return val, ea
Example #2
Source File: ida_utilities.py    From ida_kernelcache with MIT License 6 votes vote down vote up 
def read_word(ea, wordsize=WORD_SIZE):
    """Get the word at the given address.

    Words are read using Byte(), Word(), Dword(), or Qword(), as appropriate. Addresses are checked
    using is_mapped(). If the address isn't mapped, then None is returned.
    """
    if not is_mapped(ea, wordsize):
        return None
    if wordsize == 1:
        return idc.Byte(ea)
    if wordsize == 2:
        return idc.Word(ea)
    if wordsize == 4:
        return idc.Dword(ea)
    if wordsize == 8:
        return idc.Qword(ea)
    raise ValueError('Invalid argument: wordsize={}'.format(wordsize))
Example #3
Source File: util.py    From mcsema with Apache License 2.0 5 votes vote down vote up 
def read_bytes_slowly(start, end):
  bytestr = []
  for i in xrange(start, end):
    if idc.hasValue(idc.GetFlags(i)):
      bt = idc.Byte(i)
      bytestr.append(chr(bt))
    else:
      bytestr.append("\x00")
  return "".join(bytestr)
Example #4
Source File: 15_补丁.py    From IDAPython_Note with MIT License 5 votes vote down vote up 
def xor(size, key, buff):
    for index in range(0, size):
        cur_addr = buff + index
        temp = idc.Byte(cur_addr) ^ key
        idc.PatchByte(cur_addr, temp)
Example #5
Source File: instruction_hash.py    From rematch with GNU General Public License v3.0 5 votes vote down vote up 
def data(self):
    h = self.keleven
    for ea in idautils.FuncItems(self.offset):
      h = self._cycle(h, idc.Byte(ea))
      # go over all additional bytes of any instruction
      for i in range(ea + 1, ea + idc.ItemSize(ea)):
        h = self._cycle(h, idc.Byte(i))
    return h
Example #6
Source File: identity_hash.py    From rematch with GNU General Public License v3.0 5 votes vote down vote up 
def data(self):
    h = self.keleven
    for ea in idautils.FuncItems(self.offset):
      h = self._cycle(h, idc.Byte(ea))
      # skip additional bytes of any instruction that contains an offset in it
      if idautils.CodeRefsFrom(ea, False) or idautils.DataRefsFrom(ea):
        continue
      for i in range(ea + 1, ea + idc.ItemSize(ea)):
        h = self._cycle(h, idc.Byte(i))
    return h
Example #7
Source File: ida_finfisher_vm.py    From malware-research with BSD 2-Clause "Simplified" License 5 votes vote down vote up 
def append_bytes(instr, addr):
    for j in range(instr.size):
        sig.append(Byte(addr))
        addr += 1
    return addr
Example #8
Source File: IdaProxy.py    From apiscout with BSD 2-Clause "Simplified" License 5 votes vote down vote up 
def getByte(self, ea):
        if idaapi.IDA_SDK_VERSION < 700:
            return idc.Byte(ea)
        else:
            return idc.get_wide_byte(ea)
Example #9
Source File: jayutils.py    From flare-ida with Apache License 2.0 5 votes vote down vote up 
def getString(ea, maxLen=0x200):
    '''Returns up to 0x200 bytes, until a null is found'''
    if using_ida7api:
        return getString_ida7(ea, maxLen)
    i = 0
    retList = []
    while i < maxLen:
        b = idc.Byte(ea+i)
        if b == 0x00:
            break
        retList.append(chr(b))
        i += 1
    return ''.join(retList)
Example #10
Source File: vxhunter_ida.py    From vxhunter with BSD 2-Clause "Simplified" License 4 votes vote down vote up 
def fix_vxworks_idb(load_address, vx_version, symbol_table_start, symbol_table_end):
        current_image_base = idaapi.get_imagebase()
        symbol_interval = 16
        if vx_version == 6:
            symbol_interval = 20
        symbol_table_start += load_address
        symbol_table_end += load_address
        ea = symbol_table_start
        shift_address = load_address - current_image_base
        while shift_address >= 0x70000000:
            idaapi.rebase_program(0x70000000, 0x0008)
            shift_address -= 0x70000000
        idaapi.rebase_program(shift_address, 0x0008)
        while ea < symbol_table_end:
            # for VxWorks 6 unknown symbol format
            if idc.Byte(ea + symbol_table_end - 2) == 3:
                ea += symbol_interval
                continue
            offset = 4
            if idaapi.IDA_SDK_VERSION >= 700:
                idc.create_strlit(idc.Dword(ea + offset), idc.BADADDR)
            else:
                idc.MakeStr(idc.Dword(ea + offset), idc.BADADDR)
            sName = idc.GetString(idc.Dword(ea + offset), -1, idc.ASCSTR_C)
            print("Found %s in symbol table" % sName)
            if sName:
                sName_dst = idc.Dword(ea + offset + 4)
                if vx_version == 6:
                    sName_type = idc.Dword(ea + offset + 12)
                else:
                    sName_type = idc.Dword(ea + offset + 8)
                idc.MakeName(sName_dst, sName)
                if sName_type in need_create_function:
                    # flags = idc.GetFlags(ea)
                    print("Start fix Function %s at %s" % (sName, hex(sName_dst)))
                    idc.MakeCode(sName_dst)  # might not need
                    idc.MakeFunction(sName_dst, idc.BADADDR)
            ea += symbol_interval
        print("Fix function by symbol table finish.")
        print("Start IDA auto analysis, depending on the size of the firmware this might take a few minutes.")
        idaapi.autoWait()