本文介绍了两个IDAPython脚本,一个是使用`dumpmemory`函数将二进制文件中的内存区域写入磁盘,另一个是通过`READREGISTER`读取RAX和RBX寄存器的值,并将其内容保存到YAML文件中。这些脚本用于调试和二进制分析目的。
1.dump memory
script command(IDC):
static main(void)
{
auto fp, begin, end, dexbyte;
fp = fopen("d:/test.so", "wb");
begin = 0xC006889B80;
end = begin + 0x3b4
for ( dexbyte = begin; dexbyte < end; dexbyte ++ )
fputc(Byte(dexbyte), fp);
}2.READ REGISTER(Condition breakpoint+python)
import ida_dbg
import idc
import re
str_addr = ida_dbg.get_reg_val("RAX")
str_len = ida_dbg.get_reg_val("RBX")
yaml_content = idc.read_dbg_memory(str_addr, str_len).decode()
name = None
for line in yaml_content.split("\n"):
if line.startswith("name: "):
name = line[7:]
break
if name is None:
name = "unknown"
print("dump yaml {}".format(name))
name = re.sub(r'[^a-zA-Z0-9\-_]', "", name)
with open("e:\\store\\{}.yaml".format(name), "ab+") as file:
file.write(yaml_content.encode())
file.write(b"\n\n\n")
file.flush()
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
