【原创】IDA中的中文解析插件

赵庆明老师

已于 2022-06-08 09:56:34 修改

阅读量1.4k

点赞数 1

分类专栏： Python IDA 文章标签： python

于 2022-06-07 17:10:56 首次发布

本文链接：https://blog.csdn.net/u013667796/article/details/125169353

版权

Python 同时被 2 个专栏收录

4 篇文章 0 订阅

订阅专栏

IDA

2 篇文章 0 订阅

订阅专栏

Python代码
文件名：set_chinese_comment.py
将其放在ida\plugins之下。
重新启动IDA，打开一个数据库文件
按alt+9，执行

在日志窗口中输出添加注释的信息，同时在.idata、.data段中添加了注释

import ida_idaapi
import idaapi
import idautils
import idc


def set_comment():
    for segment in idautils.Segments():
        seg_name = idc.get_segm_name(segment)
        segments = ['.data', '.idata', '.rdata']
        if seg_name in segments:
            print('add comment for segment ', seg_name)
            set_segment_cmt(segment)


def set_segment_cmt(segment):
    start_ea = segment
    end_ea = idc.get_segm_end(segment)
    temp_ea = start_ea
    comment_ea = start_ea
    comment = ''
    comment_gbk = ''
    comment_utf8 = ''
    comment_utf16 = ''

    byte_data = []
    while temp_ea < end_ea:
        byte_d = idc.get_db_byte(temp_ea)
        if byte_d != 0:
            if comment_ea == 0:
                comment_ea = temp_ea
            byte_data.append(byte_d)
        else:
            if len(byte_data) > 2:
                # 首先使用gbk解析
                try:
                    comment_gbk = bytes(byte_data).decode("GBK")
                    comment = comment_gbk
                except Exception:
                    pass
                # 再使用utf-8解析
                try:
                    comment_utf8 = bytes(byte_data).decode("utf-8")
                    if comment_utf8 != comment_gbk:
                        comment = comment + "\n" + comment_utf8
                except Exception:
                    pass
                # 再使用utf-16le 解析
                try:
                    comment_utf16 = bytes(byte_data).decode("utf-16le")
                    if comment_utf16 != comment_gbk and comment_utf16 != comment_utf8:
                        comment = comment + "\n" + comment_utf16
                except Exception:
                    pass
                idaapi.set_cmt(comment_ea, comment, True)
                print(hex(comment_ea), comment)
            byte_data = []
            comment_ea = 0
        temp_ea = idc.next_addr(temp_ea)


def PLUGIN_ENTRY():
    """
    Required plugin entry point for IDAPython plugins.
    """
    return SetChineseComment()


class SetChineseComment(ida_idaapi.plugin_t):
    """
    The IDA Patching plugin stub.
    """
    flags = ida_idaapi.PLUGIN_PROC | ida_idaapi.PLUGIN_UNL
    comment = "A plugin of ida of setting chinese comment"
    help = ""
    wanted_name = "Set Chinese Comment"
    wanted_hotkey = "alt+9"

    # --------------------------------------------------------------------------
    # IDA Plugin Overloads
    # --------------------------------------------------------------------------

    def __init__(self):
        pass

    def init(self):
        print('*' * 10, self.wanted_name, ' init...')
        return ida_idaapi.PLUGIN_KEEP

    def run(self, arg):
        print('*' * 10, self.wanted_name, ' runing...')
        set_comment()
        print('*' * 10, self.wanted_name, ' run finished...')

    def term(self):
        print('*' * 10, self.wanted_name, ' term...')