OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: April 13, 2007 09:14 CDT by stahl .

Hi everybody,

currently I am starting to dive into IDAPython.

I have worked with the SDK before, but now I am struggeling to get things going.

I am trying to figure out basics...

How can I access the "inf" object, that is created and populated by the sdk automatically from IDAPython?

I want to check if the openend file is of type f_PE.

So you see, I hang in the beginning...

Thanks for your help

Greetings
stahl

stahl		April 13, 2007 10:07.46 CDT
I found the solution myself. inf = get_inf_structure() does the trick. How can I stop my script, when some boundary condition isn�t fulfilled (here: file needs to be of type f_PE?) When I use sys.exit() IDA Pro exists roughly ,too!

PSUJobu		April 13, 2007 14:02.07 CDT
Just return from the script and IDA will continue. If you want to exit "cleanly" (e.g., for an IDAPython script launched from the command line to do batch analysis), use idaapi.qexit(). For example, `def myAnalysis(): if some_condition: return if __name__ == '__main__': myAnalysis()`

stahl		April 16, 2007 03:04.46 CDT
thank you! that�s great! i tried that by defining a main function. well that didn�t work! thanks!

stahl		April 17, 2007 04:10.17 CDT
Hello again, I have one more question: i want to work with a python script, that includes other auxiliary pithon files. it works. but it doesn�t work to change something in an imported file while ida pro and -python are runinng and make these changes available to ida without restarteing ida. to make it a bit more clear, an example: i have two files: main_script.py help_script.py main_script imports * from help_script help_script (needs to explicitly) imports * from idaapi and idautils so changes to help_script are not reflected in an running ida pro. Is there a way to make changes available without restarting ida? Till then I have to work with one monolitic script... thanks in advance...!

PSUJobu		April 17, 2007 09:54.03 CDT
Yep, been there, too! This is what I do: `import xyz reload(xyz)` The reload() function is built into Python, and forces an already-imported module to be reloaded from its source file. The import directive is essentially ignored if such a module already exists in the current namespace. Since IDAPython seems to reuse a single namespace, this behavior becomes a problem when debugging your scripts...

stahl		April 17, 2007 13:26.16 CDT
Thank you! I will try that! Does this have any negative affects, or does it behave differentlty compared to a monolistic (if thats the word) script?

PSUJobu		April 17, 2007 21:10.33 CDT
From what I've seen, this is equivalent to a monolithic script except for the obvious benefits of segmenting your code intelligently. I actually started doing the same thing you did at first, but when I wanted to reuse another script I had already written, I figured it was time to look for a better solution. :) The only downside is some overhead when the reload()ed script has not changed, but on any modern processor it really makes no difference. Besides, the reload() only happens once per script invocation, so it's really a non-issue.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit