-
IDA Script
1.dump memory
script command(IDC):
- static main(void)
- {
- auto fp, begin, end, dexbyte;
- fp = fopen("d:/test.so", "wb");
- begin = 0xC006889B80;
- end = begin + 0x3b4
- for ( dexbyte = begin; dexbyte < end; dexbyte ++ )
- fputc(Byte(dexbyte), fp);
- }
2.READ REGISTER(Condition breakpoint+python)
- import ida_dbg
- import idc
- import re
- str_addr = ida_dbg.get_reg_val("RAX")
- str_len = ida_dbg.get_reg_val("RBX")
- yaml_content = idc.read_dbg_memory(str_addr, str_len).decode()
- name = None
- for line in yaml_content.split("\n"):
- if line.startswith("name: "):
- name = line[7:]
- break
- if name is None:
- name = "unknown"
- print("dump yaml {}".format(name))
- name = re.sub(r'[^a-zA-Z0-9\-_]', "", name)
- with open("e:\\store\\{}.yaml".format(name), "ab+") as file:
- file.write(yaml_content.encode())
- file.write(b"\n\n\n")
- file.flush()
-
相关阅读:
Java | Leetcode Java题解之第160题相交链表
Git分支操作
LeetCode——贪心篇(一)
windows安装mysql5.7.35
AutoDWG DWG 转换 PDF 控制组件-ActiveX
张雪峰说网络空间安全专业
一文揭秘育碧等传统游戏大厂的NFT策略
动态内存管理
竞赛选题 深度学习LSTM新冠数据预测
学习【Cesium】第三篇,从Cesium.Viewer查看器开始学习(学不会揍我)
- 原文地址:https://blog.csdn.net/rongyongfeikai2/article/details/134469153
