idc. http://www.cnblogs.com/fply/p/8503929.html
获取ida可执行文件路径
GetIdaDirectory() print GetIdaDirectory() /Applications/tool/IDA Pro 7.0/ida64.app/Contents/MacOS
获取被反编译文件名
GetInputFile()
获取被反编译文件全路径
GetInputFilePath()
SetInputFilePath(path): Set input file name This function updates the file name that is stored in the database It is used by the debugger and other parts of IDA Use it when the database is moved to another location or when you use remote debugging. @param path: new input file path
获取idb文件全路径
GetIdbPath()
获取输入文件md5值
GetInputMD5()
从程序idb文件中获取数据
IdbByte(ea)
获取多个字节
GetManyBytes(ea, size, use_dbg = False)
获取程序ea处字节
Byte(ea)
获取多个数据,调试状态
__DbgValue(ea, len)
获取调试内存数据
DbgByte(ea)
DbgWord
DbgDword
DbgQword
读取数据,调试状态,成功返回获取数据的字符串,失败抛出异常
DbgRead(ea,size)
写数据,data为字符串形式,返回写入长度,失败返回-1
DbgWrite(ea, data)
获取原始数据,
GetOriginalByte(ea)
通过名称获取地址
LocByName(name)
print LocByName("start")#获取起始位置
从指定位置通过名称获取地址
LocByNameEx(fromaddr, name)
获取段地址 SegByBase(base) """ Get segment by segment base @param base: segment base paragraph or selector @return: linear address of the start of the segment or BADADDR if no such segment
获取光标地址
ScreenEA()
here()
获取当标处汇编代码
GetCurrentLine()
print GetCurrentLine()
__text:0000000100005318 FD 03 00 91 MOV x29,sp
获取选择区域的起始位置
SelStart()
SelEnd()
获取寄存器值
GetReg(ea, reg)
print GetReg(ea,"eax")#错误返回-1
NextAddr(ea)
PrevAddr(ea)
获取下条指令或者数据位置
NextHead(ea)
PrevHead(ea)#前一条
#尾部不显示
NextNotTail(ea)
获取指令或数据起始位置
ItemHead(ea)
获取指令长度
ItemSize(ea)
NameEx(fromaddr, ea)
GetTrueNameEx(fromaddr, ea)
Demangle(name, disable_mask)
获取汇编代码
GetDisasmEx(ea, flags)
GetDisasm(ea)
print GetDisasm(ea)
MOV X19, X1
获取指令助记符
print GetMnem(ea)#MOV
获取操作码
GetOpnd(ea, n): """ Get operand of an instruction @param ea: linear address of instruction @param n: number of operand: 0 - the first operand 1 - the second operand @return: the current text representation of operand or ""
print GetOpnd(ea,1)
获取操作码类型 GetOpType(ea, n) """ Get type of instruction operand @param ea: linear address of instruction @param n: number of operand: 0 - the first operand 1 - the second operand @return: any of o_* constants or -1 on error o_void = idaapi.o_void # No Operand ---------- o_reg = idaapi.o_reg # General Register (al,ax,es,ds...) reg o_mem = idaapi.o_mem # Direct Memory Reference (DATA) addr o_phrase = idaapi.o_phrase # Memory Ref [Base Reg + Index Reg] phrase o_displ = idaapi.o_displ # Memory Reg [Base Reg + Index Reg + Displacement] phrase+addr o_imm = idaapi.o_imm # Immediate Value value o_far = idaapi.o_far # Immediate Far Address (CODE) addr o_near = idaapi.o_near # Immediate Near Address (CODE) addr o_idpspec0 = idaapi.o_idpspec0 # Processor specific type o_idpspec1 = idaapi.o_idpspec1 # Processor specific type o_idpspec2 = idaapi.o_idpspec2 # Processor specific type o_idpspec3 = idaapi.o_idpspec3 # Processor specific type o_idpspec4 = idaapi.o_idpspec4 # Processor specific type o_idpspec5 = idaapi.o_idpspec5 # Processor specific type # There can be more processor specific types # x86 o_trreg = idaapi.o_idpspec0 # trace register o_dbreg = idaapi.o_idpspec1 # debug register o_crreg = idaapi.o_idpspec2 # control register o_fpreg = idaapi.o_idpspec3 # floating point register o_mmxreg = idaapi.o_idpspec4 # mmx register o_xmmreg = idaapi.o_idpspec5 # xmm register # arm o_reglist = idaapi.o_idpspec1 # Register list (for LDM/STM) o_creglist = idaapi.o_idpspec2 # Coprocessor register list (for CDP) o_creg = idaapi.o_idpspec3 # Coprocessor register (for LDC/STC) o_fpreg_arm = idaapi.o_idpspec4 # Floating point register o_fpreglist = idaapi.o_idpspec5 # Floating point register list o_text = (idaapi.o_idpspec5+1) # Arbitrary text stored in the operand # ppc o_spr = idaapi.o_idpspec0 # Special purpose register o_twofpr = idaapi.o_idpspec1 # Two FPRs o_shmbme = idaapi.o_idpspec2 # SH & MB & ME o_crf = idaapi.o_idpspec3 # crfield x.reg o_crb = idaapi.o_idpspec4 # crbit x.reg o_dcr = idaapi.o_idpspec5 # Device control register
GetOperandValue(ea, n): """ Get number used in the operand This function returns an immediate number used in the operand @param ea: linear address of instruction @param n: the operand number @return: value operand is an immediate value => immediate value operand has a displacement => displacement operand is a direct memory ref => memory address operand is a register => register number operand is a register phrase => phrase number otherwise => -1
LineA(ea, num)
LineB(ea, num)
获取注释
GetCommentEx(ea, repeatable)
@param repeatable: 1 to get the repeatable comment, 0 to get the normal comment
同上
CommentEx(ea, repeatable)
获取手动修改的指令参数
AltOp(ea, n)
print AltOp(ea,0)
获取指定地址字符串
GetString(ea, length = -1, strtype = ASCSTR_C)
FindVoid (ea, flag)FindCode (ea, flag)#找到下一个代码位置FindData (ea, flag)FindUnexplored (ea, flag)FindExplored (ea, flag)FindImmediate (ea, flag, value) SEARCH_UP = idaapi.SEARCH_UP # search backward SEARCH_DOWN = idaapi.SEARCH_DOWN # search forward SEARCH_NEXT = idaapi.SEARCH_NEXT # start the search at the next/prev item # useful only for FindText() and FindBinary() SEARCH_CASE = idaapi.SEARCH_CASE # search case-sensitive # (only for bin&txt search) SEARCH_REGEX = idaapi.SEARCH_REGEX # enable regular expressions (only for text) SEARCH_NOBRK = idaapi.SEARCH_NOBRK # don't test ctrl-break SEARCH_NOSHOW = idaapi.SEARCH_NOSHOW # don't display the search progress
#查找字符串
FindText(ea, flag, y, x, searchstr) """ @param ea: start address @param flag: combination of SEARCH_* flags @param y: number of text line at ea to start from (0..MAX_ITEM_LINES) @param x: coordinate in this line @param searchstr: search string @return: ea of result or BADADDR if not found
FindBinary(ea, flag, searchstr, radix=16)
@param ea: start address
@param flag: combination of SEARCH_* flags
@param searchstr: a string as a user enters it for Search Text in Core
@param radix: radix of the numbers (default=16)
@return: ea of result or BADADDR if not found
@note: Example: "41 42" - find 2 bytes 41h,42h (radix is 16)