假设我有一个任意地址,我想找出与它对应的基本块(即 area_t 结构)。我该怎么做?
编辑:更具体地说,我想知道给定地址所属的基本块的开始/结束。
如何将任意地址映射到 IDA 中相应的基本块?
逆向工程
蟒蛇
艾达
2021-07-03 04:34:46
2个回答
我在File>Python command...对话框中快速地将它们组合在一起:
tgtEA = idaapi.askaddr(0, "Enter target address")
if tgtEA is None:
exit
f = idaapi.get_func(tgtEA)
if not f:
print "No function at 0x%x" % (tgtEA)
exit
fc = idaapi.FlowChart(f)
for block in fc:
if block.startEA <= tgtEA:
if block.endEA > tgtEA:
print "0x%x is part of block [0x%x - 0x%x)" % (tgtEA, block.startEA, block.endEA)
请记住,IDA 的基本块地址是“startEA包含的、endEA排他的”。
正如 DCoder 所建议的,我使用以下帮助程序类来有效地将地址解析为基本块:
# Wrapper to operate on sorted basic blocks.
class BBWrapper(object):
def __init__(self, ea, bb):
self.ea_ = ea
self.bb_ = bb
def get_bb(self):
return self.bb_
def __lt__(self, other):
return self.ea_ < other.ea_
# Creates a basic block cache for all basic blocks in the given function.
class BBCache(object):
def __init__(self, f):
self.bb_cache_ = []
for bb in idaapi.FlowChart(f):
self.bb_cache_.append(BBWrapper(bb.startEA, bb))
self.bb_cache_ = sorted(self.bb_cache_)
def find_block(self, ea):
i = bisect_right(self.bb_cache_, BBWrapper(ea, None))
if i:
return self.bb_cache_[i-1].get_bb()
else:
return None
它可以像这样使用:
bb_cache = BBCache(idaapi.get_func(here()))
found = bb_cache.find_block(here())
if found:
print "found: %X - %X" % (found.startEA, found.endEA)
else:
print "No basic block found that contains %X" % here()