Last active
May 27, 2016 10:39
-
-
Save thngkaiyuan/e445ee1defcabc4d1e880e3d2e9f4275 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| idaapi.CompileLine('static run() { RunPythonStatement("run()"); }') | |
| AddHotkey("Alt-L", "run") | |
| def print_fn_calls(fn_names): | |
| for name in fn_names: | |
| print name | |
| def run_n_times(n): | |
| fn_calls = [] | |
| for i in range(n): | |
| GetDebuggerEvent(WFNE_SUSP, -1) | |
| fn_name = run() | |
| GetDebuggerEvent(WFNE_SUSP, -1) | |
| fn_calls.append(fn_name) | |
| print_fn_calls(fn_calls) | |
| def run(): | |
| add_bps() | |
| ResumeProcess() | |
| GetDebuggerEvent(WFNE_SUSP, -1) | |
| remove_bps() | |
| fn_name = GetFunctionName(GetRegValue("eip")) | |
| if not fn_name: | |
| ea = GetRegValue("eip") | |
| fn_name = NameEx(ea, ea) | |
| if not fn_name: | |
| return | |
| print "CALL: " + fn_name | |
| StepUntilRet() | |
| GetDebuggerEvent(WFNE_SUSP, -1) | |
| StepInto() | |
| return fn_name | |
| def add_bps(): | |
| for ea, size in bpts: | |
| AddBptEx(ea, size, 8) | |
| def remove_bps(): | |
| for ea, size in bpts: | |
| DelBpt(ea) | |
| def enum_all_modules(): | |
| mods, mod = [], GetFirstModule() | |
| blacklist = [0x400000, 0x1100000] # process' own modules | |
| while mod: | |
| if mod not in blacklist: | |
| size = GetModuleSize(mod) | |
| mods.append((mod, size)) | |
| mod = GetNextModule(mod) | |
| return mods | |
| bpts = enum_all_modules() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment