更改 segment 来自动消除死代码(好像没有用)
import ida_segment
import ida_bytes
seg = ida_segment.get_segm_by_name('.bss')
for ea in range(seg.start_ea, seg.end_ea,4):
ida_bytes.patch_bytes(ea, int(2).to_bytes(4,'little'))
'''
seg.perm: 由三位二进制数表示,例如一个segment为可读,不可写,不可执行,则seg.perm = 0b100
(seg.perm >> 2)&1: Read
(seg.perm >> 1)&1: Write
(seg.perm >> 0)&1: Execute
'''
seg.perm = 0b100把比较的对象 mov 到 eax 过程中改成 0 mov 到 eax,批量脚本
import ida_segment
import ida_xref
import ida_idaapi
from ida_bytes import get_bytes, patch_bytes
def do_patch(ea):
if get_bytes(ea, 1) == b"\x8b":
reg = (ord(get_bytes(ea+1, 1)) & 0b00111000) >> 3
patch_bytes(ea, (0xb8+reg).to_bytes(1, 'little') +
b'\x00\x00\x00\x00\x90\x90')
elif get_bytes(ea, 1) == b"\x44":
reg = (ord(get_bytes(ea+2, 1)) & 0b00111000) >> 3
patch_bytes(ea, b"\x41"+(0xb8+reg).to_bytes(1,
'little')+b"\x00\x00\x00\x00\x90\x90")
else:
print("error")
seg = ida_segment.get_segm_by_name('.bss')
start = seg.start_ea
end = seg.end_ea
for addr in range(start, end, 4):
ref = ida_xref.get_first_dref_to(addr)
print(hex(addr).center(20, '-'))
while ref != ida_idaapi.BADADDR:
do_patch(ref)
print('patch at'+hex(ref))
ref = ida_xref.get_next_dref_to(addr, ref)
print('-'*20)
使用 d810 去除 BCF d810 中内置了很多的不透明谓词表达式,它的匹配器也是非常的厉害完全可以做到去除虚假控制流