当我从事源代码恢复项目时,我通常会留下很多需要手动清理的代码。这可能需要很多时间,而且随着项目越来越大,我正在寻找一种方法来更快地完成这项工作。
示例代码清理前
int __cdecl main(int argc, const char **argv, const char **envp)
{
__int64 v3; // rax
__int64 v4; // r8
__int64 v5; // rax
__int64 v6; // r8
__int64 v7; // rax
__int64 v8; // r8
__int64 v9; // rax
__int64 v10; // r8
__int64 v11; // rax
__int64 v12; // r8
__int64 v13; // rax
__int64 v14; // r8
__int64 v15; // rax
__int64 v16; // rax
Books books; // [rsp+20h] [rbp-E8h]
strcpy(books.title, "Learn C++ Programming");
strcpy(books.author, "Chand Miyan");
strcpy(books.subject, "C++ Programming");
LODWORD(books.id) = 6495407;
v3 = sub_1400011D0(std::cout, "Book 1 title : ", envp);
v5 = sub_1400011D0(v3, &books, v4);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v5, sub_1400013A0);
v7 = sub_1400011D0(std::cout, "Book 1 author : ", v6);
v9 = sub_1400011D0(v7, books.author, v8);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v9, sub_1400013A0);
v11 = sub_1400011D0(std::cout, "Book 1 subject : ", v10);
v13 = sub_1400011D0(v11, books.subject, v12);
std::basic_ostream<char,std::char_traits<char>>::operator<<(v13, sub_1400013A0);
v15 = sub_1400011D0(std::cout, "Book 1 id : ", v14);
v16 = std::basic_ostream<char,std::char_traits<char>>::operator<<(v15, LODWORD(books.id));
std::basic_ostream<char,std::char_traits<char>>::operator<<(v16, sub_1400013A0);
return 0;
}
查看代码我们可以看到 std::cout 只是打印变量。但是这段代码虽然对我们人类有意义,但在它变得有用之前应该更多地清理。
这是在我清理之后。用手...
typedef struct Books {
char title[44];
char author[56];
char subject[100];
int id;
} books;
int main(){
__int64 v3; // rax
__int64 v4; // r8
__int64 v5; // rax
Books books; // [rsp+20h] [rbp-E8h]
strcpy(books.title, "Learn C++ Programming");
strcpy(books.author, "Chand Miyan");
strcpy(books.subject, "C++ Programming");
LODWORD(books.id) = 6495407;
std::cout << "Book 1 title : " << &books.title << std::endl;
std::cout << "Book 1 author : " << &books.author << std::endl;
std::cout << "Book 1 subject : " << books.subject << std::endl;
std::cout << "Book 1 id : " << LODWORD(books.id) << std::endl;
return 0;
}
答案不一定是通过 IDAPython,但我认为这将是一个很好的起点。
到目前为止,我所拥有的是这个,我不确定这些是否是正确的步骤。
c=idaapi.decompile(0x0000000140001000 ) //
for v in c.lvars:
print v.name
不过,这只是打印出变量名称。
我怎样才能更自动化地清理 Ida 生成的代码。Here is a similar question to mine,但我不认为这探讨了其他选项或使用IDAPython的可能性。