This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os.path | |
from zipfile import ZipFile | |
from struct import unpack | |
from os import walk | |
CONSTANT_POOL_COUNT_INDEX = 8 | |
CONSTANT_Utf8_info = 1 | |
CONSTANT_Methodref_info = 0x0A | |
CONSTANT_ITEM_SIZE = 0x13 | |
CONSTANT_ITEM_LENGTH = (0, 0, 0, 5, 5, 9, 9, 3, 3, 5, 5, 5, 5, 0, 0, 4, 3, 0, 5) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import marshal | |
import logging | |
import os | |
import sys | |
import re | |
from types import CodeType | |
from zipfile import ZipFile | |
logging.basicConfig( | |
level=logging.DEBUG, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import tempfile | |
from binascii import b2a_hex | |
from functools import partial | |
import ida_struct | |
import idaapi | |
from ida_bytes import get_dword, get_word, get_byte, get_flags, is_code | |
from ida_nalt import get_imagebase | |
from idc import get_strlit_contents, get_qword, parse_decl, apply_type, TINFO_GUESSED, find_imm, SEARCH_DOWN, BADADDR, \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
hexdump_path=hexdump | |
cache_path=.symbol_cache | |
key_word="$1" | |
function process_one() { | |
file_path=$1 | |
if $hexdump_path -n 4 "$file_path" | grep -i '457f 464c' &>/dev/null; then | |
readelf -s "$file_path" | awk "\$4 ~ /FUNC/ && \$7 ~ /[0-9]+/ {print \"$file_path:\" \$8}" >>$cache_path |