Last active
September 21, 2021 18:59
-
-
Save darkarnium/55dcfefbe409badcd70069bbe245a74e to your computer and use it in GitHub Desktop.
IDA - Bind a hotkey to find the next address marked as Unknown (F3)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| def find_next_unknown(): | |
| ''' | |
| Attempts to find the next unknown section from the cursor. This will only | |
| look a maximum of 0xFFFF bytes into the future to prevent infinite loops. | |
| ''' | |
| s_addr = ScreenEA() | |
| e_addr = s_addr + 0xFFFF # Maximum look ahead | |
| c_addr = s_addr | |
| while c_addr < e_addr: | |
| if isUnknown(GetFlags(c_addr)): | |
| # Skip NULLs. | |
| if Byte(c_addr) == 0x0 and Byte(c_addr + 0x1) == 0x0: | |
| c_addr += 0x2 | |
| continue | |
| # Mark NOPs automatically. | |
| if Byte(c_addr) == 0x1F and \ | |
| Byte(c_addr + 1) == 0x20 and \ | |
| Byte(c_addr + 2) == 0x03 and \ | |
| Byte(c_addr + 3) == 0xD5: | |
| print('[+] NOP found at 0x{0:0x}, marking.'.format(c_addr)) | |
| ida_auto.auto_make_code(c_addr) | |
| ida_auto.auto_wait() | |
| c_addr += 0x4 | |
| continue | |
| break | |
| c_addr += 0x1 | |
| if c_addr < e_addr: | |
| print('[+] Jumping to 0x{0:0x}'.format(c_addr)) | |
| Jump(c_addr) | |
| else: | |
| print('[!] Maximum look ahead exceeded') | |
| # Bind to F3. | |
| idaapi.CompileLine( | |
| 'static key_F3() { RunPythonStatement("find_next_unknown()"); }' | |
| ) | |
| AddHotkey('F3', 'key_F3') |
Author
darkarnium
commented
Apr 23, 2021
•
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment