├── CNAME ├── README.md └── _config.yml /CNAME: -------------------------------------------------------------------------------- 1 | ida.geeksonsecurity.com -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## IDAPython >= 7.4 2 | 3 | ### Clear output window 4 | 5 | ```python 6 | form = ida_kernwin.find_widget("Output window") 7 | ida_kernwin.activate_widget(form, True) 8 | idaapi.process_ui_action("msglist:Clear") 9 | ``` 10 | 11 | ### Compute function length 12 | ```python 13 | def compute_function_length(ea): 14 | return idc.get_func_attr(ea, idc.FUNCATTR_END) - ea 15 | ``` 16 | 17 | ### C++ Name demangling 18 | ```python 19 | func_name = idc.get_func_name(f) 20 | demangled_name = idc.demangle_name(func_name, idc.get_inf_attr(idc.INF_SHORT_DN)) 21 | ``` 22 | 23 | ### Jump to from QModelIndex 24 | 25 | ```python 26 | # where 1 is the column with the address 27 | idaapi.jumpto(int(item.sibling(item.row(), 1).data(), 16)) 28 | ``` 29 | 30 | ### Get all subcalls from a function 31 | ```python 32 | def get_function_called(ea): 33 | funcs = [] 34 | for h in idautils.FuncItems(ea): 35 | for r in idautils.XrefsFrom(h, 0): 36 | if r.type == idautils.ida_xref.fl_CF or r.type == idautils.ida_xref.fl_CN: 37 | funcs.append(r.to) 38 | return funcs 39 | ``` 40 | 41 | ### Search for pattern across whole binary 42 | ```python 43 | sequence = "83 F8 01" 44 | found_ea = ida_ida.inf_get_min_ea()-1 45 | end_ea = ida_ida.inf_get_max_ea() 46 | print(f"Looking for pattern in {hex(found_ea+1)}-{hex(end_ea)}") 47 | while True: 48 | found_ea = idaapi.find_binary(found_ea+1, end_ea, needle, 16, idaapi.SEARCH_DOWN) 49 | if found_ea == idaapi.BADADDR: break 50 | print(f"Found at {hex(found_ea)}") 51 | ``` 52 | 53 | ### Verify if address is mapped/valid 54 | ```python 55 | addr = 0xdeadbeef 56 | if addr >= ida_ida.inf_get_min_ea() and addr <= ida_ida.inf_get_max_ea(): 57 | print("Valid address!") 58 | ``` 59 | 60 | ### Start 61 | 62 | ```python 63 | from ida_dbg import start_process 64 | start_process() 65 | ``` 66 | 67 | ## Debugging 68 | 69 | ### Attach to a process 70 | 71 | ```python 72 | target = "Process.exe" 73 | pis = ida_idd.procinfo_vec_t() 74 | count = ida_dbg.get_processes(pis) 75 | print(f"Found {count}") 76 | for p in pis: 77 | print(f"{p.pid}: {p.name}") 78 | if target in p.name: 79 | print(f"Attaching to process {p.name}") 80 | ida_dbg.attach_process(p.pid) 81 | ``` 82 | 83 | ### Add breakpoint 84 | ```python 85 | from ida_dbg import add_bpt 86 | add_bpt(address) 87 | ``` 88 | 89 | ### Refresh memory of debugger 90 | ```python 91 | from ida_dbg import refresh_debugger_memory 92 | refresh_debugger_memory() 93 | ``` 94 | ### Read memory 95 | ```python 96 | from ida_bytes import * 97 | get_byte(ea, size) 98 | get_dword(ea) 99 | get_qword(ea) 100 | ``` 101 | 102 | ### Read register 103 | ```python 104 | from ida_dbg import get_reg_val 105 | rcx = get_reg_val("rcx") 106 | ``` 107 | 108 | ## PyQt5 related 109 | 110 | ### Add QIcon without including a file (base64 encoded) 111 | ```python 112 | toolbar = QtWidgets.QToolBar() 113 | saveImg = QtGui.QPixmap() 114 | saveImg.loadFromData(base64.b64decode("BASE64ENCODEDICON)) 115 | saveAction = QtWidgets.QAction(QtGui.QIcon(saveImg), "Save", parent) 116 | toolbar.addAction(saveAction) 117 | ``` 118 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-hacker --------------------------------------------------------------------------------