ida python脚本gadget

作者: HAPPYers | 来源:发表于2019-08-11 13:40 被阅读0次

对IDA中加密的函数名进行重命名

src = open('111.txt', 'rb').readlines()

for line in src:
    addr = int(line.split('  ')[0], 16)
    name = 'lp_' + line.split('  ')[2].split('.')[1].strip()
    print hex(addr), '--->',name
    MakeNameEx(addr, name, SN_NOWARN)
print 'finished.'

nop替换

import idaapi 

idaapi.Compileline('static n_key(){ RunPythonStatement("nopIt()");}')

AddHotkey("Alt-N","n_key")

def nopIt():
    start=ScreenEA()
    end=NextHead(start)
    for ea in range(start, end): PatchByte(ea,0x90)
    Jump(end) Refresh()

xor decode

xorkeys = 'BB2FA36AAA9541F0'
 
def XorBytes(start,length):
    for i in range(0,length):
        byte_value = Byte(start+i)  
        byte_value = byte_value^ord(xorkeys[i % 16])   
        PatchByte(start+i,byte_value)
 
XorBytes(0x080B0E60,0xC)