Ida Pro Gragh输出批处理模式

Question

Can anyone let me know how we are going to output all the subroutine's graphs in batch mode suing IDC . ie I have 447 subroutine's and wanna be output them all and I would like to make sure I first retrieve all the routines address automatically, cuz by knowing the address I can simply use GenFuncCall . PS: Is this the only cfg that I can get from Ida Pro given a binary dis-assembled file?

Answer 1

I needed a CFG of my whole program,the base example I started from was: https://code.google.com/p/idapython/source/browse/trunk/examples/ex_gdl_qflow_chart.py

It uses the flow chart class: https://www.hex-rays.com/products/ida/support/idapython_docs/idaapi.FlowChart-class.html

also worth noting to trigger in batch mode, you'll want something like this

idal64 -A -S{yourscriptname}.py {yourbinary}

Tips:

• Prototype the script in the IDAPro gui first

• Opening of the graph processor can cause timing issues, its hacky, but something like delaying execution of the script seemed to help, eg

  idaapi.autoWait() Timer(2, idacfg).start()

  where idacfg is your python function from the example

• print to stdout doesn't seem to work in batch mode, so you'll want to set stdout to a file for your debugging.

• Closing the GUI in batch mode is still an issue for me.

Hope that helps.

Answer 2

If you just want the address of all known functions in the IDB, you could use something like this using IDAPython (just an example):

def main():
    for count, func_ea in enumerate(Functions()):
        if func_ea == BADADDR:
            break
        func_name = GetFunctionName(funcea)
        func_start = func_ea

        print("[{:4}] name: {}; start address: {:#x}".format(count, func_name, func_start))

if __name__ == "__main__":
    main()