Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Question: IDAPython how to call bin_search ? (https://forum.exetools.com/showthread.php?t=12606)

winndy 01-04-2010 13:19
Question: IDAPython how to call bin_search ?
 
Code:
from idaapi import *
from idautils import *
from idc import *

"""
    bin_search(ea_t startEA, ea_t endEA, uchar image, uchar mask,
        size_t len, int step, int flags) -> ea_t
    """
func = get_func(0x000E2324)
pattern = '123456'
mask = '000000'
ea = bin_search(func.startEA,func.endEA,pattern,mask,len(pattern),BIN_SEARCH_FORWARD,BIN_SEARCH_NOCASE)
#equal_bytes
print '%08lx'%(ea)
I call this script file, but got an error.

Quote:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\Program Files\IDA\python\init.py", line 60, in runscript
execfile(script, globals())
File "F:/test.py", line 12, in <module>
ea = bin_search(func.startEA,func.endEA,pattern,mask,len(pattern),BIN_SEARCH_FORWARD,BIN_SEARCH_NOCASE)
File "c:\Program Files\IDA\python\idaapi.py", line 12140, in bin_search
return _idaapi.bin_search(*args)
TypeError: in method 'bin_search', argument 3 of type 'uchar const *'
Any ideas?

winndy 01-04-2010 21:03
I recompiled IDAPython.
But I change uchar to char in function:
Code:
idaman ea_t ida_export bin_search(
                ea_t startEA,        // area to search
                ea_t endEA,
                const uchar *image,  // string to search
                const uchar *mask,    // comparision mask
                size_t len,          // length of string to search
                int step,            // direction:
                int flags);
it becomes ok.

rox 01-05-2010 04:12
bin_search()? this is how i do search:
Quote:
print '0x%.08X' % FindBinary(INF_BASEADDR, SEARCH_DOWN, 'E9 ? ? ? ? 90 90 90')

winndy 01-05-2010 14:28
bin_search is more powerful, allow using mask bytes.
right now, I use FindBinary too

winndy 01-06-2010 23:23
I think I figured it out.

idaapi.i

change
Code:
%array_class(uchar, uchar_array);
to
Code:
%array_class(unsigned char, uchar_array);
recompile idapython,then call it in python like this:

Code:
func = idaapi.get_func(idaapi.get_screen_ea())

patternlen = 3
pattern = idaapi.uchar_array(patternlen)
pattern[0] = 0x18;
pattern[1] = 0x00;
pattern[2] = 0x89;

print pattern

mask = idaapi.uchar_array(patternlen)
mask[0] = 0xFF
mask[1] = 0xFF
mask[2] = 0xFF

print mask

ea = idaapi.bin_search(func.startEA,func.endEA,pattern,mask,patternlen,idaapi.BIN_SEARCH_FORWARD,idaapi.BIN_SEARCH_NOCASE)

print '%08lx'%(ea)


All times are GMT +8. The time now is 17:42.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX