Python idaapi.patch_bytes() Examples
The following are 4
code examples of idaapi.patch_bytes().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
idaapi
, or try the search function
.
.
Example #1
| Source File: data.py From Sark with MIT License | 6 votes |
|
def write_memory(start, data, destructive=False):
if destructive:
idaapi.put_bytes(start, data)
else:
idaapi.patch_bytes(start, data)
Example #2
| Source File: chunk.py From heap-viewer with GNU General Public License v3.0 | 5 votes |
|
def btn_save_on_click(self):
flags = 0
if self.f_prev_inuse.isChecked():
flags |= PREV_INUSE
if self.f_is_mmaped.isChecked():
flags |= IS_MMAPPED
if self.f_non_main_arena.isChecked():
flags |= NON_MAIN_ARENA
try:
size = eval(self.t_size.text())
size |= flags
fd = eval(self.t_fd.text())
bk = eval(self.t_bk.text())
fd_nextsize = eval(self.t_fd_nextsize.text())
bk_nextsize = eval(self.t_bk_nextsize.text())
self.chunk.size = size
self.chunk.fd = fd
self.chunk.bk = bk
self.chunk.fd_nextsize = fd_nextsize
self.chunk.bk_nextsize = bk_nextsize
idaapi.patch_bytes(self.addr, self.chunk.data)
idaapi.info("Chunk saved")
self.done(1)
except Exception as e:
idaapi.warning("ERROR: " + str(e))
# -----------------------------------------------------------------------
Example #3
| Source File: DBGHider.py From DBGHider with Apache License 2.0 | 4 votes |
|
def hook(self, hook_addr = 0):
"""
Args:
hook_addr(int): address for inline hook code, 0 indicates bpt hook.
Returns:
memory size in bytes used for inline hook.
"""
self.hook_addr = hook_addr
self.func_addr = idc.get_name_ea_simple(self.name)
if self.func_addr == 0:
return 0
print("Hooking %s at 0x%x" % (self.name, self.func_addr))
if self.hook_addr == 0:
idc.add_bpt(self.func_addr)
idc.set_bpt_cond(self.func_addr, self.bpt_cond_hook_code)
return 0
else:
# assemble jmp code
jmp_code = "jmp 0x%x" % self.hook_addr
jmp_buf, _ = assemble(jmp_code, self.func_addr)
# read function prologue according to jmp code length
# NOTE: instructions like 'call $+5' in prologue will
# cause problems.
insn = idaapi.insn_t()
move_length = 0
while move_length < len(jmp_buf):
idaapi.decode_insn(insn, self.func_addr + move_length)
move_length += insn.size
prologue = idaapi.get_bytes(self.func_addr, move_length)
# write jmp code
idaapi.patch_bytes(self.func_addr, jmp_buf)
# assmble hook code
hook_buf, _ = assemble(self.inline_hook_code, self.hook_addr)
hook_buf += prologue
jmp_back_code = 'jmp 0x%x' % (self.func_addr + move_length)
jmp_back_buf, _ = assemble(jmp_back_code, self.hook_addr + len(hook_buf))
hook_buf += jmp_back_buf
# wirte hook code
idaapi.patch_bytes(self.hook_addr, hook_buf)
return len(hook_buf)
Example #4
| Source File: code_grafter.py From flare-ida with Apache License 2.0 | 4 votes |
|
def patch_call(va, new_nm):
"""Patch the call at @va to target @new_nm.
Args:
va (numbers.Integral): Address of the call site
new_nm (str): Name of the new call destination
Returns:
bool: True if successful
"""
is_call = idc.print_insn_mnem(va) == 'call'
if is_call:
opno = 0
new_asm = 'call %s' % (new_nm)
else:
logger.warn('Not a call instruction at %s' % (phex(va)))
return False
# Already done?
if idc.print_operand(va, opno) == new_nm:
return True
ok, code = idautils.Assemble(va, new_asm)
if not ok:
logger.warn('Failed assembling %s: %s' % (phex(va), new_asm))
return False
orig_opcode_len = idc.get_item_size(va)
new_code_len = len(code)
if orig_opcode_len < new_code_len:
logger.warn('Not enough room or wrong opcode type to patch %s: %s' %
(phex(va), new_asm))
return False
# If we actually have too much room, then add filler
if orig_opcode_len > new_code_len:
delta = orig_opcode_len - new_code_len
code += '\x90' * delta
idaapi.patch_bytes(va, code)
return True
