我需要转换成op码字节的指令,我已经反汇编,但我找不到一个函数,让我这样做,我已经尝试过idc。Get_bytes,但似乎不工作。
这是我的python脚本:import sys
import idc
import idautils
f = open(idc.ARGV[1], 'w') if len(idc.ARGV) > 1 else sys.stdout
log = f.write
# log current file path
log(idc.get_input_file_path() + 'n')
# wait for auto-analysis to complete
idc.auto_wait()
# count functions
log( 'count %dn' % len(list(idautils.Functions())) )
for func in idautils.Functions():
flags = idc.get_func_attr(func, FUNCATTR_FLAGS)
if flags & FUNC_LIB or flags & FUNC_THUNK:
continue
dism_addr = list(idautils.FuncItems(func))
for line in dism_addr:
#log(idc.print_insn_mnem(line) + 'n' )
disass = idc.generate_disasm_line(line, 0)
log(disass + 'n' )
# if logging to a file, close it and exit IDA Pro
if f != sys.stdout:
f.close()
idc.qexit(0)
我用IDA Pro 7.7sp1的批处理模式使用这个脚本,你能给我一个建议吗?提前谢谢你。
就像这样?
def GetFuncHeads(funcea=None):
"""
Get all heads in a function
@param funcea: any address in the function
"""
func = ida_funcs.get_func(funcea)
if not func:
return []
else:
funcea = func.start_ea
ea = funcea
heads = []
for start, end in idautils.Chunks(funcea):
heads.extend([head for head in idautils.Heads(start, end)])
return heads
def GetInsnLen(ea):
insn = ida_ua.insn_t()
inslen = ida_ua.decode_insn(insn, ea)
if inslen:
return inslen
return 0
opcodes = [idc.get_bytes(ea, GetInsnLen(ea)) for ea in GetFuncHeads(here())]