Question: IDAPython how to call bin_search ?

winndy · #1 01-04-2010, 13:19

Code:

from idaapi import *
from idautils import *
from idc import *

"""
    bin_search(ea_t startEA, ea_t endEA, uchar image, uchar mask, 
        size_t len, int step, int flags) -> ea_t
    """
func = get_func(0x000E2324)
pattern = '123456'
mask = '000000'
ea = bin_search(func.startEA,func.endEA,pattern,mask,len(pattern),BIN_SEARCH_FORWARD,BIN_SEARCH_NOCASE)
#equal_bytes
print '%08lx'%(ea)

I call this script file, but got an error.

Quote:

Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\Program Files\IDA\python\init.py", line 60, in runscript
execfile(script, globals())
File "F:/test.py", line 12, in <module>
ea = bin_search(func.startEA,func.endEA,pattern,mask,len(pattern),BIN_SEARCH_FORWARD,BIN_SEARCH_NOCASE)
File "c:\Program Files\IDA\python\idaapi.py", line 12140, in bin_search
return _idaapi.bin_search(*args)
TypeError: in method 'bin_search', argument 3 of type 'uchar const *'

Any ideas?

winndy · #2 01-04-2010, 21:03

I recompiled IDAPython.
But I change uchar to char in function:

Code:

idaman ea_t ida_export bin_search(
                 ea_t startEA,         // area to search
                 ea_t endEA,
                 const uchar *image,   // string to search
                 const uchar *mask,    // comparision mask
                 size_t len,           // length of string to search
                 int step,             // direction:
                 int flags);

it becomes ok.

rox · #3 01-05-2010, 04:12

bin_search()? this is how i do search:

Quote:

print '0x%.08X' % FindBinary(INF_BASEADDR, SEARCH_DOWN, 'E9 ? ? ? ? 90 90 90')

winndy · #4 01-05-2010, 14:28

bin_search is more powerful, allow using mask bytes.
right now, I use FindBinary too

winndy · #5 01-06-2010, 23:23

I think I figured it out.

idaapi.i

change

Code:

%array_class(uchar, uchar_array);

to

Code:

%array_class(unsigned char, uchar_array);

recompile idapython,then call it in python like this:

Code:

func = idaapi.get_func(idaapi.get_screen_ea())

patternlen = 3
pattern = idaapi.uchar_array(patternlen)
pattern[0] = 0x18;
pattern[1] = 0x00;
pattern[2] = 0x89;

print pattern

mask = idaapi.uchar_array(patternlen)
mask[0] = 0xFF
mask[1] = 0xFF
mask[2] = 0xFF

print mask

ea = idaapi.bin_search(func.startEA,func.endEA,pattern,mask,patternlen,idaapi.BIN_SEARCH_FORWARD,idaapi.BIN_SEARCH_NOCASE)

print '%08lx'%(ea)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Advanced IdaPython to change details UI cannot change	chants	General Discussion	1	07-31-2019 15:46
the big call >> mov eax,01 ret	crkelbery	General Discussion	3	03-21-2009 06:40
Fixing an EXE to not call a DLL?	Barry	General Discussion	11	06-03-2004 00:37