idc. http://www.cnblogs.com/fply/p/8503929.html
獲取ida可執行文件路徑
GetIdaDirectory() print GetIdaDirectory() /Applications/tool/IDA Pro 7.0/ida64.app/Contents/MacOS
獲取被反編譯文件名
GetInputFile()
獲取被反編譯文件全路徑
GetInputFilePath()
SetInputFilePath(path): Set input file name This function updates the file name that is stored in the database It is used by the debugger and other parts of IDA Use it when the database is moved to another location or when you use remote debugging. @param path: new input file path
獲取idb文件全路徑
GetIdbPath()
獲取輸入文件md5值
GetInputMD5()
從程序idb文件中獲取數據
IdbByte(ea)
獲取多個字節
GetManyBytes(ea, size, use_dbg = False)
獲取程序ea處字節
Byte(ea)
獲取多個數據,調試狀態
__DbgValue(ea, len)
獲取調試內存數據
DbgByte(ea)
DbgWord
DbgDword
DbgQword
讀取數據,調試狀態,成功返回獲取數據的字符串,失敗拋出異常
DbgRead(ea,size)
寫數據,data為字符串形式,返回寫入長度,失敗返回-1
DbgWrite(ea, data)
獲取原始數據,
GetOriginalByte(ea)
通過名稱獲取地址
LocByName(name)
print LocByName("start")#獲取起始位置
從指定位置通過名稱獲取地址
LocByNameEx(fromaddr, name)
獲取段地址 SegByBase(base) """ Get segment by segment base @param base: segment base paragraph or selector @return: linear address of the start of the segment or BADADDR if no such segment
獲取光標地址
ScreenEA()
here()
獲取當標處匯編代碼
GetCurrentLine()
print GetCurrentLine()
__text:0000000100005318 FD 03 00 91 MOV x29,sp
獲取選擇區域的起始位置
SelStart()
SelEnd()
獲取寄存器值
GetReg(ea, reg)
print GetReg(ea,"eax")#錯誤返回-1
NextAddr(ea)
PrevAddr(ea)
獲取下條指令或者數據位置
NextHead(ea)
PrevHead(ea)#前一條
#尾部不顯示
NextNotTail(ea)
獲取指令或數據起始位置
ItemHead(ea)
獲取指令長度
ItemSize(ea)
NameEx(fromaddr, ea)
GetTrueNameEx(fromaddr, ea)
Demangle(name, disable_mask)
獲取匯編代碼
GetDisasmEx(ea, flags)
GetDisasm(ea)
print GetDisasm(ea)
MOV X19, X1
獲取指令助記符
print GetMnem(ea)#MOV
獲取操作碼
GetOpnd(ea, n): """ Get operand of an instruction @param ea: linear address of instruction @param n: number of operand: 0 - the first operand 1 - the second operand @return: the current text representation of operand or ""
print GetOpnd(ea,1)
獲取操作碼類型 GetOpType(ea, n) """ Get type of instruction operand @param ea: linear address of instruction @param n: number of operand: 0 - the first operand 1 - the second operand @return: any of o_* constants or -1 on error o_void = idaapi.o_void # No Operand ---------- o_reg = idaapi.o_reg # General Register (al,ax,es,ds...) reg o_mem = idaapi.o_mem # Direct Memory Reference (DATA) addr o_phrase = idaapi.o_phrase # Memory Ref [Base Reg + Index Reg] phrase o_displ = idaapi.o_displ # Memory Reg [Base Reg + Index Reg + Displacement] phrase+addr o_imm = idaapi.o_imm # Immediate Value value o_far = idaapi.o_far # Immediate Far Address (CODE) addr o_near = idaapi.o_near # Immediate Near Address (CODE) addr o_idpspec0 = idaapi.o_idpspec0 # Processor specific type o_idpspec1 = idaapi.o_idpspec1 # Processor specific type o_idpspec2 = idaapi.o_idpspec2 # Processor specific type o_idpspec3 = idaapi.o_idpspec3 # Processor specific type o_idpspec4 = idaapi.o_idpspec4 # Processor specific type o_idpspec5 = idaapi.o_idpspec5 # Processor specific type # There can be more processor specific types # x86 o_trreg = idaapi.o_idpspec0 # trace register o_dbreg = idaapi.o_idpspec1 # debug register o_crreg = idaapi.o_idpspec2 # control register o_fpreg = idaapi.o_idpspec3 # floating point register o_mmxreg = idaapi.o_idpspec4 # mmx register o_xmmreg = idaapi.o_idpspec5 # xmm register # arm o_reglist = idaapi.o_idpspec1 # Register list (for LDM/STM) o_creglist = idaapi.o_idpspec2 # Coprocessor register list (for CDP) o_creg = idaapi.o_idpspec3 # Coprocessor register (for LDC/STC) o_fpreg_arm = idaapi.o_idpspec4 # Floating point register o_fpreglist = idaapi.o_idpspec5 # Floating point register list o_text = (idaapi.o_idpspec5+1) # Arbitrary text stored in the operand # ppc o_spr = idaapi.o_idpspec0 # Special purpose register o_twofpr = idaapi.o_idpspec1 # Two FPRs o_shmbme = idaapi.o_idpspec2 # SH & MB & ME o_crf = idaapi.o_idpspec3 # crfield x.reg o_crb = idaapi.o_idpspec4 # crbit x.reg o_dcr = idaapi.o_idpspec5 # Device control register
GetOperandValue(ea, n): """ Get number used in the operand This function returns an immediate number used in the operand @param ea: linear address of instruction @param n: the operand number @return: value operand is an immediate value => immediate value operand has a displacement => displacement operand is a direct memory ref => memory address operand is a register => register number operand is a register phrase => phrase number otherwise => -1
LineA(ea, num)
LineB(ea, num)
獲取注釋
GetCommentEx(ea, repeatable)
@param repeatable: 1 to get the repeatable comment, 0 to get the normal comment
同上
CommentEx(ea, repeatable)
獲取手動修改的指令參數
AltOp(ea, n)
print AltOp(ea,0)
獲取指定地址字符串
GetString(ea, length = -1, strtype = ASCSTR_C)
FindVoid (ea, flag)FindCode (ea, flag)#找到下一個代碼位置FindData (ea, flag)FindUnexplored (ea, flag)FindExplored (ea, flag)FindImmediate (ea, flag, value) SEARCH_UP = idaapi.SEARCH_UP # search backward SEARCH_DOWN = idaapi.SEARCH_DOWN # search forward SEARCH_NEXT = idaapi.SEARCH_NEXT # start the search at the next/prev item # useful only for FindText() and FindBinary() SEARCH_CASE = idaapi.SEARCH_CASE # search case-sensitive # (only for bin&txt search) SEARCH_REGEX = idaapi.SEARCH_REGEX # enable regular expressions (only for text) SEARCH_NOBRK = idaapi.SEARCH_NOBRK # don't test ctrl-break SEARCH_NOSHOW = idaapi.SEARCH_NOSHOW # don't display the search progress
#查找字符串
FindText(ea, flag, y, x, searchstr) """ @param ea: start address @param flag: combination of SEARCH_* flags @param y: number of text line at ea to start from (0..MAX_ITEM_LINES) @param x: coordinate in this line @param searchstr: search string @return: ea of result or BADADDR if not found
FindBinary(ea, flag, searchstr, radix=16)
@param ea: start address
@param flag: combination of SEARCH_* flags
@param searchstr: a string as a user enters it for Search Text in Core
@param radix: radix of the numbers (default=16)
@return: ea of result or BADADDR if not found
@note: Example: "41 42" - find 2 bytes 41h,42h (radix is 16)