python 脚本处理IDA的Dif文件

dif文件例子：

This difference file has been created by IDAarmhookThis difference file has been created by IDAarmhook000001CC: 04 53000001CD: B0 A8000001CE: 2D 01000001CF: E5 EB0006A320: 02 F00006A321: 02 470006A322: 02 2D0006A323: 02 E90006A324: 02 300006A325: 02 000006A326: 02 9F0006A327: 02 E50006A328: 02 DA0006A329: 02 620006A32A: 02 FE0006A32B: 02 EB0006A32C: 02 040006A32D: 02 B00006A32E: 02 2D0006A32F: 02 E50006A330: 02 F00006A331: 02 870006A332: 02 BD0006A333: 02 E80006A350: 02 680006A351: 02 690006A352: 02 200006A353: 02 610006A354: 02 720006A355: 02 6D0006A356: 0C 200006A357: 02 680006A358: 02 6F0006A359: 02 6F0006A35A: 02 6B0006A35B: 03 000006A35C: 02 500006A35D: 02 230006A35E: 02 070006A35F: 02 00

对应的idadiff.py脚本代码

#!/usr/bin/env python# coding=cp936 # 将ida导出的.dif 补丁到程序中import refrom sys import argv,exitdef patch(file, dif, revert=False):  code = open(file,'rb').read()  dif = open(dif,'r').read()  m = re.findall('([0-9a-fA-F]+): ([0-9a-fA-F]+) ([0-9a-fA-F]+)', dif)  for offset,orig,new in m:    o, orig, new = int(offset,16), orig.decode('hex'), new.decode('hex')    if revert:      if code[o]==new:        code = code[:o]+orig+code[o+1:]      else:        raise Exception("patched byte at %s is not %02X" % (offset, ord(new)))    else:      if code[o]==orig:        code = code[:o]+new+code[o+1:]      else:        raise Exception("original byte at %s is not %02X" % (offset, ord(orig)))  open(file,'wb').write(code)def main():  if len(argv)<3:    print "Usage: %s <binary> <IDA.dif file> [revert]" % (argv[0])    print "For example: idadif executable.exe executable.dif"    print "Applies given IDA .dif file to patch binary; use revert to revert patch."    exit(0)    file, dif, revert = argv[1], argv[2], False  if len(argv)>3:    revert = True    print "Reverting patch %r on file %r" % (dif, file)  else:    print "Patching file %r with %r" % (file, dif)    try:    patch(file, dif, revert)    print "Done"  except Exception, e:    print "Error: %s" % str(e)    exit(1)if __name__ == "__main__":  main()