commit dfe1701b69ad93d6377eb2bf05ffc2950232c88a Author: danger Date: Tue Oct 15 10:56:42 2024 +0800 Upload files to "/" diff --git a/extract_c.py b/extract_c.py new file mode 100644 index 0000000..5ab09d8 --- /dev/null +++ b/extract_c.py @@ -0,0 +1,56 @@ +import os +from idaapi import * +from idautils import * +from idc import * + +def export_func_asm(file_name,func_addr): + try: + with open(file_name,"w+") as f: + func_ea=get_func(func_addr)#获取有效函数地址对象 + func_name=get_func_name(func_addr)#获取函数名称 + f.write(f"Assembly for function {func_name} start:0x{func_ea.start_ea:x} end:0x{func_ea.end_ea:x}\n") + for ea in Heads(func_ea.start_ea,func_ea.end_ea):#遍历 + asm_line=generate_disasm_line(ea,GENDSM_REMOVE_TAGS)#提取汇编,去除标签 + f.write(f"0x{ea:x}: {asm_line}\n") + except Exception as msg: + with open("my.log","a+") as f:#报错日志写入 + f.write(f"export_func_asm {func_name} -> {msg}") + +def export_func(extractfile): + if(extractfile is None):exit(-1) + save_dir="result" + asm_file=save_dir+"/"+extractfile + func_file=save_dir+"/"+extractfile+"_extract.c" + try: + with open(func_file,"w") as file: + for func_addr in Functions():#迭代器编译所有函数 + func_name=get_func_name(func_addr)#获取函数名称 + if(func_name in BLACK_LIST):continue#黑名单处理 + func_seg=getseg(func_addr)#获取函数段 + if(func_seg.name!=7 or func_seg.perm !=5):continue #去除其他段函数 + tmp_filename=asm_file+"_"+func_name+".asm" + export_func_asm(tmp_filename,func_addr) #提取函数汇编 + code=decompile(func_addr) #反编译,提取c + if code : + file.write(f"//Function: {func_name} ->0x{func_addr} {func_seg.name} perm->{func_seg.perm}\n") + file.write(str(code)+"\n\n") #写入文件 + except Exception as msg: + with open("my.log","a+") as f: + f.write(f"export_func {func_file} -> {msg}") +#函数黑名单 +BLACK_LIST={ +"_start","_dl_relocate_static_pie", +"deregister_tm_clones","register_tm_clones", +"__do_global_dtors_aux","frame_dummy", +} +def main(): + extractfile="extract.c" + filepath="tmp.txt" + if (os.path.exists(filepath) and os.path.isfile(filepath) ): + with open(filepath,"r") as f: + extractfile=f.read() + export_func(extractfile) + +if __name__ == "__main__": + main() + idaapi.qexit(0) \ No newline at end of file diff --git a/test.py b/test.py new file mode 100644 index 0000000..b06b1d5 --- /dev/null +++ b/test.py @@ -0,0 +1,60 @@ +import subprocess +import sys +import time +import os +RED = '\033[91m' +GREEN = '\033[92m' +YELLOW = '\033[93m' +BLUE = '\033[94m' +RESET = '\033[0m' + +def Extract_Functions(idat64_path,file): #提取伪代码 + cmd=f'''{idat64_path} -A -B -S"extract_c.py" {file} + ''' + save_dir="result" + #cmd执行命令 + try: + old_time=time.time() + if(not os.path.exists(save_dir)):os.mkdir(save_dir)# 结果保存文件夹 + with open("tmp.txt","w") as f: #用于传参的下下策 + f.write(file) + + subprocess.run(cmd,shell=True,check=True,text=True,capture_output=True) #bash执行idat64命令 + + os.remove("tmp.txt") + + new_time=time.time() + run_tim=new_time-old_time + + print(f"{GREEN}Extract_Functions prcoess({run_tim:.4f}s){RESET}") + + except Exception as error: + print(f"{RED}error-> {error}{RESET}") + with open("my.log","a+") as f: + f.write(f"Extract_Functions {file}-> {error}") + exit(-1) +def help(): + help_msg='''python test.py -e idat64_path file +python test.py -h + ''' + print(f"{BLUE}{help_msg}{RESET}") +def check_argvs(length): + if(len(sys.argv)<=length): + help() + exit(-1) +def main(): + check_argvs(1) + flags=sys.argv[1] + if(flags=="-e"): + check_argvs(3) + idat64_path=sys.argv[2] + file=sys.argv[3] + Extract_Functions(idat64_path,file) + + + + + + +if __name__ == "__main__": + main()