菜鸟IDA python调试脚本
来源:互联网 发布:python计算机视觉编程 编辑:程序博客网 时间:2024/05/29 16:39
IDA动态调试下断点 还是比较费劲的,写个脚本可能更好一些
import idc
import idaapi
import struct
#idaapi.dbg_write_memory(ea,buf)
idaapi.enable_extlang_python(1)
md={}
add=0
size=0
index=0
cross_refs=0
findname=["MZ","PE"]
for func in findname:
addr=LocByName(func)
if addr!=BADADDR:
cross_refs=CodeRefsTo(addr,0)
print "got it"
for ref in range(cross_refs):
print "%08x"% ref
SetColor(ref,CiC_ITEM,0x0000ff)
def createfile():
global md
#print "code %d \ninput %d" % (GetRegValue("eax") ,GetRegValue("edi"))
ea1=GetRegValue("esp")+4
buf=""
a=idc.Dword(ea1)
#print "s%x\n" % a
for i in range(50):
k=idc.Byte(a+i)
buf=buf+chr(k)
print "filename ___%s_____\n" % buf
#SetRegValue(0x11113333,"edx")
md[ea1]=buf
return 1
print "start"
def readfile():
global add, size,index
index=index+1
if GetRegValue("eip")==0x20095280:
add=Dword(GetRegValue("esp")+8)
size=Dword(GetRegValue("esp")+12)
if GetRegValue("eip")==0x20095338:
b=""
for i in range(size) :
b=b+chr(Byte(add+i))
v="%d" %index
file0=r"c:\hk"+v+"dat"
file1=r"c:\hk"+v+"dat"
f1=open(file0,"wb")
f1.write(b)
f1.close()
f1=open(file1,"w")
f1.write(b)
f1.close()
return 1
ea=0x7c00 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'createfile()')
ea=0x20001000 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'createfile()')
ea=0x20095960 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'createfile()')
ea=0x20095280 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'readfile()')
ea=0x20095338 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'readfile()')
print "end"
import idc
import idaapi
import struct
#idaapi.dbg_write_memory(ea,buf)
idaapi.enable_extlang_python(1)
md={}
add=0
size=0
index=0
cross_refs=0
findname=["MZ","PE"]
for func in findname:
addr=LocByName(func)
if addr!=BADADDR:
cross_refs=CodeRefsTo(addr,0)
print "got it"
for ref in range(cross_refs):
print "%08x"% ref
SetColor(ref,CiC_ITEM,0x0000ff)
def createfile():
global md
#print "code %d \ninput %d" % (GetRegValue("eax") ,GetRegValue("edi"))
ea1=GetRegValue("esp")+4
buf=""
a=idc.Dword(ea1)
#print "s%x\n" % a
for i in range(50):
k=idc.Byte(a+i)
buf=buf+chr(k)
print "filename ___%s_____\n" % buf
#SetRegValue(0x11113333,"edx")
md[ea1]=buf
return 1
print "start"
def readfile():
global add, size,index
index=index+1
if GetRegValue("eip")==0x20095280:
add=Dword(GetRegValue("esp")+8)
size=Dword(GetRegValue("esp")+12)
if GetRegValue("eip")==0x20095338:
b=""
for i in range(size) :
b=b+chr(Byte(add+i))
v="%d" %index
file0=r"c:\hk"+v+"dat"
file1=r"c:\hk"+v+"dat"
f1=open(file0,"wb")
f1.write(b)
f1.close()
f1=open(file1,"w")
f1.write(b)
f1.close()
return 1
ea=0x7c00 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'createfile()')
ea=0x20001000 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'createfile()')
ea=0x20095960 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'createfile()')
ea=0x20095280 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'readfile()')
ea=0x20095338 #fopen
idc.AddBpt(ea)
idc.SetBptAttr(ea, BPTATTR_FLAGS, GetBptAttr(ea, BPTATTR_FLAGS)&0xfffe)
idc.SetBptCnd(ea, 'readfile()')
print "end"
0 0
- 菜鸟IDA python调试脚本
- IDA 教程-脚本化的调试器
- python 脚本处理IDA的Dif文件
- IDA python 脚本编程使用参考资料链接
- 菜鸟Dump Memory python 脚本
- python脚本调试
- pdb调试python脚本
- pdb调试python脚本
- Python脚本调试方法
- pdb调试Python脚本
- IDA 字符串解密脚本
- IDA脚本笔记(一)
- 使用gdb调试python脚本
- 使用pdb调试python脚本
- IDA 远程调试
- IDA 远程调试
- IDA&&BOCHS调试MBR
- IDA调试基础------断点
- signal(SIGPIPE, SIG_IGN)
- dynamic-- web的创建
- 链表操作
- hdu 5371 Hotaru's problem (Manacher算法+枚举)
- UVA onlinejudge 11401 - Triangle Counting
- 菜鸟IDA python调试脚本
- hdu 2041 走楼梯
- LintCode-两个整数相除
- c 语言指针学习
- [UVA 12589]Learning Vector[DP]
- 操作基本像素
- IOS--cell不出图解决方法
- POJ 2349 Arctic Network 最小生成树 prim && kruscal
- leetcode 111: Minimum Depth of Binary Tree