编辑:
更具体地说,我想知道给定地址所属的基本块的开头/结尾。
#1 楼
我在“文件”>“ Python命令...”对话框中迅速将它们放在一起:tgtEA = idaapi.askaddr(0, "Enter target address")
if tgtEA is None:
exit
f = idaapi.get_func(tgtEA)
if not f:
print "No function at 0x%x" % (tgtEA)
exit
fc = idaapi.FlowChart(f)
for block in fc:
if block.startEA <= tgtEA:
if block.endEA > tgtEA:
print "0x%x is part of block [0x%x - 0x%x)" % (tgtEA, block.startEA, block.endEA)
请记住,IDA的基本块地址是“包括
startEA,包括endEA”。 #2 楼
根据DCoder的建议,我使用以下帮助程序类来有效地将地址解析为基本块:# Wrapper to operate on sorted basic blocks.
class BBWrapper(object):
def __init__(self, ea, bb):
self.ea_ = ea
self.bb_ = bb
def get_bb(self):
return self.bb_
def __lt__(self, other):
return self.ea_ < other.ea_
# Creates a basic block cache for all basic blocks in the given function.
class BBCache(object):
def __init__(self, f):
self.bb_cache_ = []
for bb in idaapi.FlowChart(f):
self.bb_cache_.append(BBWrapper(bb.startEA, bb))
self.bb_cache_ = sorted(self.bb_cache_)
def find_block(self, ea):
i = bisect_right(self.bb_cache_, BBWrapper(ea, None))
if i:
return self.bb_cache_[i-1].get_bb()
else:
return None
它可以像这样使用:
bb_cache = BBCache(idaapi.get_func(here()))
found = bb_cache.find_block(here())
if found:
print "found: %X - %X" % (found.startEA, found.endEA)
else:
print "No basic block found that contains %X" % here()