Showing posts with label print. Show all posts
Showing posts with label print. Show all posts

Friday, November 9, 2018

IDA Get String pointed to by Address

Related to this blog post
https://neonprimetime.blogspot.com/2018/10/malwaretech-ida-python-cheatsheet.html
and this
https://neonprimetime.blogspot.com/2018/11/ida-python-print-string-in-register.html

If you're in IDA and you have a address that you know points to a string

0018FB7C db 6Dh ; m
0018FB7D db 73h ; s
0018FB7E db 63h ; c
0018FB7F db 6Fh ; o
0018FB80 db 72h ; r
0018FB81 db 6Ah ; j
0018FB82 db 69h ; i
0018FB83 db 74h ; t
0018FB84 db 2Eh ; .
0018FB85 db 64h ; d
0018FB86 db 6Ch ; l
0018FB87 db 6Ch ; l
0018FB88 db 0 ; 0

And you want to print out that string go to
File -> Script Command

Choose Python as your scripting language

type in this command and hit run

print(GetString(0x0018FB7C))

which displays in the Output Window
mscorjit.dll

Posted by at 4 comments:
Labels: , , ,

IDA Python Get String pointed to by Register

Related to this blog post
https://neonprimetime.blogspot.com/2018/10/malwaretech-ida-python-cheatsheet.html

If you're in IDA and you have a register, say EAX pointing to a location

RAX 000000000018FB7C

0018FB7C db 6Dh ; m
0018FB7D db 73h ; s
0018FB7E db 63h ; c
0018FB7F db 6Fh ; o
0018FB80 db 72h ; r
0018FB81 db 6Ah ; j
0018FB82 db 69h ; i
0018FB83 db 74h ; t
0018FB84 db 2Eh ; .
0018FB85 db 64h ; d
0018FB86 db 6Ch ; l
0018FB87 db 6Ch ; l
0018FB88 db 0 ; 0

And you want to print out that string go to
File -> Script Command

Choose Python as your scripting language

type in this command and hit run

print(GetString(GetRegValue("EAX")))

which displays in the Output Window
mscorjit.dll

Posted by at 6 comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)