IDA:如何遍历脚本中的段

时间:2013-06-24 17:49:37

标签: ida

我尝试编写一个简单的循环,使用GetSegmentAttr获取当前段的开始和结束,然后假设当前段的结束将是下一个段的开始,但这个假设是错误的。它适用于几个细分市场,但我发现细分市场之间可能存在差距。

那么,我想知道的是如何能够可靠地遍历所有创建的片段?

2 个答案:

答案 0 :(得分:1)

您可以迭代idautils.Segments()的结果:

for seg in idautils.Segments():
    # ...

答案 1 :(得分:0)

像这样使用FirstSeg()和NextSeg()

#include <idc.idc>

static main() {
    auto seg;
    auto start;
    auto end; 

    seg = FirstSeg();

    while(seg != BADADDR)
    {
        start = SegStart(seg);
        end = SegEnd(seg);

        Message("Seg: %a Start: %a End: %a\n", seg, start, end);

        // do looping here

        seg = NextSeg(seg);
    }
}

然后将变量从'start'循环到包含'end'

对于我目前的项目,上面给出了:

Seg: ROM:00000000 Start: ROM:00000000 End: ROM2:00880000
Seg: ROM2:00880000 Start: ROM2:00880000 End: 0:009FFFFF
Seg: CHIP:40000000 Start: CHIP:40000000 End: 0:4004FFFF
Seg: CHIP:40050000 Start: CHIP:40050000 End: 0:4005FFFF
Seg: CHIP:40070000 Start: CHIP:40070000 End: 0:4007FFFF
Seg: CHIP:40130000 Start: CHIP:40130000 End: 0:4013FFFF
Seg: CHIP:40180000 Start: CHIP:40180000 End: 0:4018FFFF
Seg: CHIP:401D0000 Start: CHIP:401D0000 End: 0:401DFFFF
Seg: CHIP:50000000 Start: CHIP:50000000 End: 0:5001FFFF
Seg: s6800:68000000 Start: s6800:68000000 End: 0:6800FFFF
Seg: CHIP:6F000000 Start: CHIP:6F000000 End: 0:6F00FFFF
Seg: RAM:8F800000 Start: RAM:8F800000 End: 0:8F9FFFFF
Seg: RAM:8FB00000 Start: RAM:8FB00000 End: 0:8FFFFFFF
Seg: RAM:CD000000 Start: RAM:CD000000 End: 0:CEFFFFFF