Python idaapi.get_bytes() Examples

The following are 9 code examples of idaapi.get_bytes(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module idaapi , or try the search function .
Example #1
Source File: instruction.py    From ida-minsc with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up 
def memory(ea, op):
        '''Operand type decoder for returning a memory reference on either the AArch32 or AArch64 architectures.'''
        get_dtype_attribute = operator.attrgetter('dtyp' if idaapi.__version__ < 7.0 else 'dtype')
        get_dtype_size = idaapi.get_dtyp_size if idaapi.__version__ < 7.0 else idaapi.get_dtype_size
        get_bytes = idaapi.get_many_bytes if idaapi.__version__ < 7.0 else idaapi.get_bytes

        # get the address and the operand size
        addr, size = op.addr, get_dtype_size(get_dtype_attribute(op))
        maxval = 1<<size*8

        # dereference the address and return its integer.
        res = get_bytes(addr, size) or ''
        res = reversed(res) if database.config.byteorder() == 'little' else iter(res)
        res = reduce(lambda agg, n: (agg*0x100)|n, six.iterbytes(res), 0)
        sf = bool(res & maxval>>1)

        return armops.memory(long(addr), long(res-maxval) if sf else long(res))
Example #2
Source File: ptmalloc.py    From heap-viewer with GNU General Public License v3.0 5 votes vote down vote up 
def get_struct(self, address, struct_type):
        assert idaapi.is_loaded(address) == True, "Can't access memory at 0x%x" % address
        sbytes = idaapi.get_bytes(address, sizeof(struct_type))
        return struct_type.from_buffer_copy(sbytes)
Example #3
Source File: misc.py    From heap-viewer with GNU General Public License v3.0 5 votes vote down vote up 
def get_struct(address, struct_type):
    assert idaapi.is_loaded(address) == True, "Can't access memory at 0x%x" % address
    sbytes = idaapi.get_bytes(address, sizeof(struct_type))
    struct = struct_type.from_buffer_copy(sbytes)
    struct._addr = address
    return struct

# --------------------------------------------------------------------------
Example #4
Source File: line.py    From Sark with MIT License 5 votes vote down vote up 
def bytes(self):
        return idaapi.get_bytes(self.ea, self.size)
Example #5
Source File: data.py    From Sark with MIT License 5 votes vote down vote up 
def read_memory(start, end):
    size = end - start
    return idaapi.get_bytes(start, size)
Example #6
Source File: mkyara_plugin.py    From mkYARA with GNU General Public License v3.0 5 votes vote down vote up 
def generate_yara_rule(self, mode, is_data=False):
        start, end = get_selection()
        size = end - start
        data = idaapi.get_bytes(start, size)
        ins_set, ins_mode = get_arch_info()
        yr_gen = YaraGenerator(mode, ins_set, ins_mode)
        yr_gen.add_chunk(data, offset=start, is_data=is_data)
        rule_obj = yr_gen.generate_rule()
        file_hash = get_input_file_hash()
        rule_obj.metas["hash"] = "\"{}\"".format(file_hash)
        rule = rule_obj.get_rule_string()
        self.dialog = YaraRuleDialog(None, start, end, rule)
        self.dialog.show()
Example #7
Source File: segment.py    From ida-minsc with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up 
def read():
    '''Return the contents of the current segment.'''
    get_bytes = idaapi.get_many_bytes if idaapi.__version__ < 7.0 else idaapi.get_bytes

    seg = ui.current.segment()
    if seg is None:
        raise E.SegmentNotFoundError(u"{:s}.read() : Unable to locate the current segment.".format(__name__))
    return get_bytes(interface.range.start(seg), interface.range.size(seg))
Example #8
Source File: segment.py    From ida-minsc with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up 
def read(segment):
    '''Return the contents of the segment identified by `segment`.'''
    get_bytes = idaapi.get_many_bytes if idaapi.__version__ < 7.0 else idaapi.get_bytes

    seg = by(segment)
    return get_bytes(interface.range.start(seg), interface.range.size(seg))
Example #9
Source File: DBGHider.py    From DBGHider with Apache License 2.0 4 votes vote down vote up 
def hook(self, hook_addr = 0):
        """
        Args:
            hook_addr(int): address for inline hook code, 0 indicates bpt hook.

        Returns:
            memory size in bytes used for inline hook.
        """

        self.hook_addr = hook_addr
        self.func_addr = idc.get_name_ea_simple(self.name)

        if self.func_addr == 0:
            return 0

        print("Hooking %s at 0x%x" % (self.name, self.func_addr))
        if self.hook_addr == 0:
            idc.add_bpt(self.func_addr)
            idc.set_bpt_cond(self.func_addr, self.bpt_cond_hook_code)
            return 0
        else:
            # assemble jmp code
            jmp_code = "jmp 0x%x" % self.hook_addr
            jmp_buf, _ = assemble(jmp_code, self.func_addr)

            # read function prologue according to jmp code length
            # NOTE: instructions like 'call $+5' in prologue will
            # cause problems.
            insn = idaapi.insn_t()
            move_length = 0
            while move_length < len(jmp_buf):
                idaapi.decode_insn(insn, self.func_addr + move_length)
                move_length += insn.size
            prologue = idaapi.get_bytes(self.func_addr, move_length)

            # write jmp code
            idaapi.patch_bytes(self.func_addr, jmp_buf)

            # assmble hook code
            hook_buf, _ = assemble(self.inline_hook_code, self.hook_addr)
            hook_buf += prologue
            jmp_back_code = 'jmp 0x%x' % (self.func_addr + move_length)
            jmp_back_buf, _ = assemble(jmp_back_code, self.hook_addr + len(hook_buf))
            hook_buf += jmp_back_buf

            # wirte hook code
            idaapi.patch_bytes(self.hook_addr, hook_buf)
            return len(hook_buf)