模板代码

准备#

# IDA default imports
# ====================================
import sys
sys.path.append("/opt/ida-pro/python")
import ida_bytes
import ida_dbg
import ida_entry
import ida_funcs
import ida_ida
import ida_idaapi
import ida_idd
import ida_idp
import ida_kernwin
import ida_loader
import ida_nalt
import ida_name
import ida_netnode
import ida_segment
import ida_strlist
import ida_typeinf
import ida_ua
import ida_xref

import idc
import types
import os
import sys
# ====================================

找出指定指令#

import idautils

start_ea = 0x100
end_ea = 0x9A0

for head in idautils.Heads(start_ea, end_ea):
    dism = idc.GetDisasm(head)
    if "syscall" in dism:
        print("%08X: %s" % (head, dism))

查找当前地址对应 CFG 块#

import idaapi
import idc

ea = idc.here()  # 当前地址（光标所在位置）
func = idaapi.get_func(ea)
if func:
    fc = idaapi.FlowChart(func)
    for block in fc:
        if block.start_ea <= ea < block.end_ea:
            print(f"当前块起点: 0x{block.start_ea:X}")
            print(f"当前块终点: 0x{block.end_ea:X}")
            break
else:
    print("当前地址不在函数内。")

模板代码

准备#

找出指定指令#

查找当前地址对应 CFG 块#

On This Page