我想知道是否有可能的方法将字符串从带有 idc 脚本的可执行文件中列出到文件中?我还没有找到任何好的功能。或者有没有其他方法可以用 IDA Pro 做到这一点?
问问题
4243 次
1 回答
3
为此,我有一个 IDA python 片段:
import idautils
string_type_map = {
0 : "ASCSTR_C", # C-string, zero terminated
1 : "ASCSTR_PASCAL", # Pascal-style ASCII string (length byte)
2 : "ASCSTR_LEN2", # Pascal-style, length is 2 bytes
3 : "ASCSTR_UNICODE", # Unicode string
4 : "ASCSTR_LEN4", # Delphi string, length is 4 bytes
5 : "ASCSTR_ULEN2", # Pascal-style Unicode, length is 2 bytes
6 : "ASCSTR_ULEN4", # Pascal-style Unicode, length is 4 bytes
}
def main():
#Do not use default set up, we'll call setup().
s = idautils.Strings(default_setup = False)
# we want C & Unicode strings, and *only* existing strings.
s.setup(strtypes=Strings.STR_C | Strings.STR_UNICODE, ignore_instructions = True, display_only_existing_strings = True)
#loop through strings
for i, v in enumerate(s):
if not v:
print("Failed to retrieve string at index {}".format(i))
else:
print("[{}] ea: {:#x} ; length: {}; type: {}; '{}'".format(i, v.ea, v.length, string_type_map.get(v.type, None), str(v)))
if __name__ == "__main__":
main()
于 2013-09-15T15:26:32.867 回答