我在IDApython脚本中使用idaapi.decompile()来获取当前函数的伪代码。它确实在IDA Pro的脚本命令中起作用。
这是我的代码:
def get_pseudocode(ea):
"""
get function's pseudocode
Args:
ea: functions's start address
Returns:
pse_str: pseudocode
"""
print("ea: ", ea)
f = idaapi.get_func(ea)
print("f: ", f)
print("f bb_num: ", len(list(idaapi.FlowChart(f))))
if f is None:
print("Function is None!")
return False
cfunc = idaapi.decompile(f)
if cfunc is None:
print("Failed to decompile!")
return False
pse_str_list = []
pse_code = cfunc.get_pseudocode()
for each_line in pse_code:
line = idaapi.tag_remove(each_line.line)
pse_str_list.append(line)
pse_str = "\n".join(pse_str_list)
return pse_str
但是,当我尝试从命令行运行脚本时:
D://ProgramFiles/IDA/ida64.exe -LD:/mylog.log -c -A -SD://funcpesudo/getPseudocode.py D://transfer/m64-O0/aes-x86_64.o
我收到此错误:
('ea: ', 0L)
('f: ', <ida_funcs.func_t; proxy of <Swig Object of type 'func_t *' at 0x000000E74712E2A0> >)
('f bb_num: ', 3)
Hex-Rays Decompiler got called from Python without being loaded -> OK
D://funcpesudo/getPseudocode.py: Decompilation failed:
Traceback (most recent call last):
File "D:\ProgramFiles\IDA\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
execfile(script, g)
File "D://funcpesudo/getPseudocode.py", line 120, in <module>
main()
File "D://funcpesudo/getPseudocode.py", line 115, in main
analysis()
File "D://funcpesudo/getPseudocode.py", line 71, in analysis
pse_code = get_pseudocode(func) # 伪代码
File "D://funcpesudo/getPseudocode.py", line 36, in get_pseudocode
cfunc = idaapi.decompile(f)
File "D:\ProgramFiles\IDA\python\ida_hexrays.py", line 8852, in decompile
raise DecompilationFailure(hf)
DecompilationFailure: Decompilation failed:
因此,我认为函数f中的函数对象get_pseudocode是正确的,而我只是不知道为什么会发生此错误。
有人可以帮助我吗?非常感谢。英语不是我的母语。请原谅输入错误。