idc.    http://www.cnblogs.com/fply/p/8503929.html

获取ida可执行文件路径

GetIdaDirectory()

print GetIdaDirectory()

/Applications/tool/IDA Pro 7.0/ida64.app/Contents/MacOS

获取被反编译文件名

GetInputFile()

获取被反编译文件全路径

GetInputFilePath()

 SetInputFilePath(path):

    Set input file name

    This function updates the file name that is stored in the database

    It is used by the debugger and other parts of IDA

    Use it when the database is moved to another location or when you

    use remote debugging.

    @param path: new input file path

获取idb文件全路径

GetIdbPath()

获取输入文件md5值

GetInputMD5()

从程序idb文件中获取数据

IdbByte(ea)

获取多个字节

GetManyBytes(ea, size, use_dbg = False)

获取程序ea处字节

Byte(ea)

获取多个数据,调试状态

__DbgValue(ea, len)

获取调试内存数据

DbgByte(ea)

DbgWord

DbgDword

DbgQword

读取数据,调试状态,成功返回获取数据的字符串,失败抛出异常

DbgRead(ea,size)

写数据,data为字符串形式,返回写入长度,失败返回-1

DbgWrite(ea, data)

获取原始数据,

GetOriginalByte(ea)

通过名称获取地址

LocByName(name)

print LocByName("start")#获取起始位置

从指定位置通过名称获取地址

LocByNameEx(fromaddr, name)

获取段地址

SegByBase(base)

    """

    Get segment by segment base

    @param base: segment base paragraph or selector

    @return: linear address of the start of the segment or BADADDR

             if no such segment

获取光标地址

ScreenEA()

here()

获取当标处汇编代码

GetCurrentLine()

print GetCurrentLine()

__text:0000000100005318 FD 03 00 91 MOV x29,sp

获取选择区域的起始位置

SelStart()

SelEnd()

 

获取寄存器值

GetReg(ea, reg)

print GetReg(ea,"eax")#错误返回-1

NextAddr(ea)

PrevAddr(ea)

获取下条指令或者数据位置

NextHead(ea)

PrevHead(ea)#前一条

#尾部不显示

NextNotTail(ea)

获取指令或数据起始位置

ItemHead(ea)

获取指令长度

ItemSize(ea)

NameEx(fromaddr, ea)

GetTrueNameEx(fromaddr, ea)
Demangle(name, disable_mask)

获取汇编代码

GetDisasmEx(ea, flags)

GetDisasm(ea)

print GetDisasm(ea)

MOV X19, X1

获取指令助记符

print GetMnem(ea)#MOV

获取操作码
 GetOpnd(ea, n):

    """

    Get operand of an instruction

    @param ea: linear address of instruction

    @param n: number of operand:

        0 - the first operand

        1 - the second operand

    @return: the current text representation of operand or ""

print GetOpnd(ea,1)

获取操作码类型

GetOpType(ea, n)

    """

    Get type of instruction operand

    @param ea: linear address of instruction

    @param n: number of operand:

        0 - the first operand

        1 - the second operand

    @return: any of o_* constants or -1 on error

o_void     = idaapi.o_void      # No Operand                           ----------

o_reg      = idaapi.o_reg       # General Register (al,ax,es,ds...)    reg

o_mem      = idaapi.o_mem       # Direct Memory Reference  (DATA)      addr

o_phrase   = idaapi.o_phrase    # Memory Ref [Base Reg + Index Reg]    phrase

o_displ    = idaapi.o_displ     # Memory Reg [Base Reg + Index Reg + Displacement] phrase+addr

o_imm      = idaapi.o_imm       # Immediate Value                      value

o_far      = idaapi.o_far       # Immediate Far Address  (CODE)        addr

o_near     = idaapi.o_near      # Immediate Near Address (CODE)        addr

o_idpspec0 = idaapi.o_idpspec0  # Processor specific type

o_idpspec1 = idaapi.o_idpspec1  # Processor specific type

o_idpspec2 = idaapi.o_idpspec2  # Processor specific type

o_idpspec3 = idaapi.o_idpspec3  # Processor specific type

o_idpspec4 = idaapi.o_idpspec4  # Processor specific type

o_idpspec5 = idaapi.o_idpspec5  # Processor specific type

                                # There can be more processor specific types

# x86

o_trreg  =       idaapi.o_idpspec0      # trace register

o_dbreg  =       idaapi.o_idpspec1      # debug register

o_crreg  =       idaapi.o_idpspec2      # control register

o_fpreg  =       idaapi.o_idpspec3      # floating point register

o_mmxreg  =      idaapi.o_idpspec4      # mmx register

o_xmmreg  =      idaapi.o_idpspec5      # xmm register

# arm

o_reglist  =     idaapi.o_idpspec1      # Register list (for LDM/STM)

o_creglist  =    idaapi.o_idpspec2      # Coprocessor register list (for CDP)

o_creg  =        idaapi.o_idpspec3      # Coprocessor register (for LDC/STC)

o_fpreg_arm  =   idaapi.o_idpspec4      # Floating point register

o_fpreglist  =   idaapi.o_idpspec5      # Floating point register list

o_text  =        (idaapi.o_idpspec5+1)  # Arbitrary text stored in the operand

# ppc

o_spr  =         idaapi.o_idpspec0      # Special purpose register

o_twofpr  =      idaapi.o_idpspec1      # Two FPRs

o_shmbme  =      idaapi.o_idpspec2      # SH & MB & ME

o_crf  =         idaapi.o_idpspec3      # crfield      x.reg

o_crb  =         idaapi.o_idpspec4      # crbit        x.reg

o_dcr  =         idaapi.o_idpspec5      # Device control register
GetOperandValue(ea, n):

    """

    Get number used in the operand

    This function returns an immediate number used in the operand

    @param ea: linear address of instruction

    @param n: the operand number

    @return: value

        operand is an immediate value  => immediate value

        operand has a displacement     => displacement

        operand is a direct memory ref => memory address

        operand is a register          => register number

        operand is a register phrase   => phrase number

        otherwise                      => -1

LineA(ea, num)

LineB(ea, num)

获取注释

GetCommentEx(ea, repeatable)

@param repeatable: 1 to get the repeatable comment, 0 to get the normal comment

同上

CommentEx(ea, repeatable)

获取手动修改的指令参数

AltOp(ea, n)

print AltOp(ea,0)

获取指定地址字符串

GetString(ea, length = -1, strtype = ASCSTR_C)

FindVoid        (ea, flag)FindCode        (ea, flag)#找到下一个代码位置FindData        (ea, flag)FindUnexplored  (ea, flag)FindExplored    (ea, flag)FindImmediate   (ea, flag, value)

SEARCH_UP       = idaapi.SEARCH_UP       # search backward

SEARCH_DOWN     = idaapi.SEARCH_DOWN     # search forward

SEARCH_NEXT     = idaapi.SEARCH_NEXT     # start the search at the next/prev item

                                            # useful only for FindText() and FindBinary()

SEARCH_CASE     = idaapi.SEARCH_CASE     # search case-sensitive

                                            # (only for bin&txt search)

SEARCH_REGEX    = idaapi.SEARCH_REGEX    # enable regular expressions (only for text)

SEARCH_NOBRK    = idaapi.SEARCH_NOBRK    # don't test ctrl-break

SEARCH_NOSHOW   = idaapi.SEARCH_NOSHOW   # don't display the search progress
#查找字符串
FindText(ea, flag, y, x, searchstr)

    """

    @param ea: start address

    @param flag: combination of SEARCH_* flags

    @param y: number of text line at ea to start from (0..MAX_ITEM_LINES)

    @param x: coordinate in this line

    @param searchstr: search string

    @return: ea of result or BADADDR if not found
 FindBinary(ea, flag, searchstr, radix=16)

@param ea: start address
@param flag: combination of SEARCH_* flags
@param searchstr: a string as a user enters it for Search Text in Core
@param radix: radix of the numbers (default=16)

@return: ea of result or BADADDR if not found

@note: Example: "41 42" - find 2 bytes 41h,42h (radix is 16)

ida信息获取函数的更多相关文章

  1. Delphi 版本信息获取函数 GetFileVersionInfo、GetFileVersionInfoSize、VerFindFile、VerInstallFile和VerQueryValue

    一.版本信息获取函数简介和作用 获取文件版本信息的作用: 1. 避免在新版本的组件上安装旧版本的相同组件: 2. 在多语言系统环境中,操作系统根据文件版本信息里提供的语言信息在启动程序时决定使用的正确 ...

  2. PHP文件信息获取函数

    知识点: basename():获取文件名,传入第二个参数则只显示文件名,不显示后缀 dirname():获取文件路径 pathinfo():将文件信息存入一个数组,通过索引basename,dirn ...

  3. 【转】windows c++获取文件信息——_stat函数的使用

    _stat函数的功能 _stat函数用来获取指定路径的文件或者文件夹的信息. 函数声明 int _stat( const char *path, struct _stat *buffer ); 参数: ...

  4. python装饰器内获取函数有用信息方法

    装饰器内获取函数有用信息方法 .__doc__用于得到函数注释信息 .__name_用于得到函数名 在函数引用装饰器的时候,函数名会变为装饰器内部执行该函数的名字,所有在直接执行函数名加.__doc_ ...

  5. PE文件信息获取工具-PEINFO

    能实现基本的信息获取 区段信息 数据目录信息 导入表函数分析 导出表函数分析,能同时解析只序号导出和以函数名序号同时导出的函数 FLC计算 需要源码的可以留邮箱.

  6. C++ crash 堆栈信息获取(三篇文章)

    最近在做程序异常时堆栈信息获取相关工作,上一篇文章成功的在程序creash时写下了dump文件,而有些情况写dump文件是 不可以的,比如在jni开发时,C++只做底层处理,而整个项目是android ...

  7. C++ crash 堆栈信息获取

    最近在做程序异常时堆栈信息获取相关工作,上一篇文章成功的在程序creash时写下了dump文件,而有些情况写dump文件是 不可以的,比如在jni开发时,C++只做底层处理,而整个项目是android ...

  8. Java获取函数参数名称

    原理 编译之后的class文件默认是不带有参数名称信息的,使用 IDE 时,反编译jar包得到的源代码函数参数名称是 arg0,arg1......这种形式,这是因为编译 jar 包的时候没有把符号表 ...

  9. windows主机网络信息获取程序设计

    掌握windows系统获取网络信息的各种API函数的功能与调用方法,掌握设计程序显示获取到相关网络信息的方法,掌握网络字节数据与主机字节数据之间的转换.掌握这些API函数调用的错误处理方法. 利用本地 ...

随机推荐

  1. pl-svo代码解读

    pl-svo是在svo的基础上结合点和线特征的半直接法视觉里程计 程序启动通过app文件夹下的run_pipeline.cpp主程序启动,其它的函数文件统一放在src文件夹下,我们先从run_pipe ...

  2. LeetCode 29 - 两数相除 - [位运算]

    题目链接:https://leetcode-cn.com/problems/divide-two-integers/description/ 给定两个整数,被除数 dividend 和除数 divis ...

  3. [No0000112]ComputerInfo,C#获取计算机信息(cpu使用率,内存占用率,硬盘,网络信息)

    github地址:https://github.com/charygao/SmsComputerMonitor 软件用于实时监控当前系统资源等情况,并调用接口,当资源被超额占用时,发送警报到个人手机: ...

  4. weakSelf 运用 strongSelf来解决block的循环引用

    SDWebImage 中有一段源码: #if SD_UIKIT Class UIApplicationClass = NSClassFromString(@"UIApplication&qu ...

  5. rsync定时同步文件

    rsync服务器 ip:192.168.1.198 操作系统:centos7.2 rsync客户端 ip:192.168.1.16 操作系统:centos7.2 服务器配置 1.yum -y inst ...

  6. en-zh(社会问题)social problems

    The world's richest man, Amazon founder Jeff Bezos, and his wife MacKenzie have agreed a record-brea ...

  7. 最佳实践:腾讯HTAP数据库TBase助力某省核心IT架构升级

    https://mp.weixin.qq.com/s/56NHPyzx5F6QeCjuOq5IRQ 资源隔离能力: 在HTAP系统中,OLTP和OLAP业务要同时运行,两者都会消耗巨量的资源都,如果不 ...

  8. phpstorm之ssh链接远程Linux服务器

    save ssh session inPHPstorm. open PHPstorm,open File,> Settings >search for 'Deployment' > ...

  9. 《HTTP - 状态码》

    推荐一首歌 - 那吾克热<儿子娃娃> 非常喜欢前奏 1:状态码的作用? - 职责是当客户端发起请求时候,描述请求返回结果.根据状态码,客户端可以知道服务端是正确处理了请求,还是返回了错误. ...

  10. 用Eclipse构建Maven项目

    Eclipse中m2eclipse插件的安装 Help>Install New Software Click Add Name: m2e Location: http://download.ec ...