IDA Pro蟒蛇idaapi
[英]IDA Pro python idaapi
问题描述
Hello I have a fast question. 
你好,我有一个快速的问题。
I have been trying to save a full memory dump in IDA Pro in a variable to perform a search with a python script but I did not find the correct function to do it using idaapi. 我一直在尝试将完整的内存转储保存在IDA Pro中的变量中,以便使用python脚本执行搜索,但是我没有找到正确的函数来使用idaapi来执行此操作。
I want to do something like: 我想做类似的事情:
import idaapi
dump=get_memory_dump() # Or whatever function to do it
if "foo" in dump:
print "foo is in dump"
How can I get the dump? 如何获得转储? Like you can see I want to do a script to found pattherns in the memory while I am debugging a application. 就像您看到的那样,在调试应用程序时,我想做一个脚本来在内存中找到模式。
Thank you very much 非常感谢你
1 个解决方案
解决方案1
2 已采纳 2013-05-14 12:14:35
Use idaapi.nextthat() to search for the byte sequence then use dbg_read_memory() to read the memory of the program being debugged. 使用idaapi.nextthat()搜索字节序列,然后使用dbg_read_memory()读取正在调试的程序的内存。 Since the latter appears to make a copy, reading, say, 4GB would be unwise. 由于后者似乎要进行复制,因此,例如读取4GB将是不明智的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.