我想获得一个使用IDA Pro进行反汇编的asm文件,并使用脚本一次制作大量的asm文件。
我尝试了两种获取asm文件的方法
第一个是idapython:
idc.GenerateFile(idc.OFILE_ASM, idc.GetInputFile()+".asm", 0, idc.BADADDR, 0)
成功生成了asm文件,但该文件有一些被隐藏的功能
像这样:; [0000000C BYTES: COLLAPSED FUNCTION j__UIAccessibilityPostNotification. PRESS KEYPAD CTRL-"+" TO EXPAND]
第二个被更改为批处理模式以获取asm文件:
~/.ida-6.5/idal -c -parm:ARMv7 -B myFilePath/myFile
也成功生成了asm文件,但我遇到了一些隐藏的功能
有没有办法选择取消隐藏所有内容然后从IDA导出asm文件?
答案 0 :(得分:0)
您可以定义一个取消隐藏所有折叠函数的宏
假设您正在使用gui版本打开idagui.cfg
导航到键盘快捷键定义并找到"取消隐藏全部"输入并定义键序列
我在ctrl+2
ida free 5.0定义为以下关键字
\IDA_FRE_5\cfg>cat idagui.cfg | grep -i unhide
"Unhide" = "Numpad+"
"UnhideAll" = "Ctrl+2"
"GraphUnhideGroup" = 0 // Unhide group
"GraphUnhideAllGroups" = 0 // Unhide all groups
关闭并打开ida以使其生效
从现在开始,如果你点击ctrl + 2并运行idc命令,你将得到一个不包含折叠函数的asm
foo.asm是在按下ctrl + 2后ctrl + 2 blah.asm之前生成的
auto fp;
fp = fopen("c:\\blah.asm","w");
GenerateFile(OFILE_ASM,fp,0x10127a4,0x10127aa,0x0);
fclose(fp);
下面两个文件的内容
C:\>type foo.asm blah.asm
foo.asm
;
; ╔═════════════════════════════════════════════════════════════════════════╗
; ║ This file is generated by The Interactive Disassembler (IDA) ║
; ║ Copyright (c) 2010 by Hex-Rays SA, <support@hex-rays.com> ║
; ║ Licensed to: Freeware version ║
; ╚═════════════════════════════════════════════════════════════════════════╝
;
; [00000006 BYTES: COLLAPSED FUNCTION _XcptFilter. PRESS KEYPAD "+" TO EXPAND]
blah.asm
;
; ╔═════════════════════════════════════════════════════════════════════════╗
; ║ This file is generated by The Interactive Disassembler (IDA) ║
; ║ Copyright (c) 2010 by Hex-Rays SA, <support@hex-rays.com> ║
; ║ Licensed to: Freeware version ║
; ╚═════════════════════════════════════════════════════════════════════════╝
;
; ███████████████ S U B R O U T I N E ███████████████████████████████████████
; Attributes: thunk
_XcptFilter proc near ; CODE XREF: start+199↑p
jmp ds:__imp__XcptFilter
_XcptFilter endp