Tuesday, October 23, 2018

MalwareTech IDA Python Cheat Sheet

MalwareTech posted an amazing video for beginner reversing here on youtube

https://youtube.com/watch?v=w_rQJ7u-lpk

My favorite part was the Python debugging portion which I learned a ton from
Here is his cheatsheet he shared, it's amazing, thank you MalwareTech!

https://www.malwaretech.com/Cheatsheet.rtf


Refresh Debugger Memory
RefreshDebuggerMemory()
needed to make sure the debugger memory is up to date when a script breakpoint is hit (debugger memory is only refreshed when application is paused)
Get the value of a register by name
GetRegValue(str)
Str                   =  register name

Read a dword from memory
Dword(address)
address         = start address of dword

Read an array of bytes from memory
GetManyBytes(address, length)
address         = start address of bytes to read
length            = number of bytes

Read a string from memory
GetString(address, length, type)
address         =  start address of string
length            =  length of string (or -1 to read until null terminator)
type                =  ASCSTR_C for ASCII and ASCSTR_UNICODE for Unicode

Add Breakpoint
AddBpt(address)
address         = address to set breakpoint

Set Conditional Breakpoint
SetBptCnd(address, condition)
address         = address for breakpoint
condition      = condition string (or python function)

No comments:

Post a Comment