FindInfunc.py (Little script to search for a pattern within a function)
It is very common, when involved on the reversing of a big function in IDA, to need to look for some specific instruction, basic block, or even some particular string within the function.
I know we can use Marks (CTRL+M) for this task but, to use that feature, we’d need to be previously there to set a mark (ALT+M).
Sometimes, we want to jump to some piece of code where we’ve never been before. We can not use the “Text Search” command for this task because it will search for the pattern through the whole binary. Well, we can in fact, but its not going to be so optimal.
For that problem i’ve coded a little IDAPython script who searchs for an string within the limits
of a defined function. I wanted to share it with you as another example of the IDA + Python customization
posibilities.
from idautils import *
from idaapi import *
function_start = ScreenEA()
function_end = FindFuncEnd(function_start)
matches = ""
pattern = AskStr("","Search for:")
for head in Heads(function_start, function_end):
if isCode(GetFlags(head)):
code = "%s %s %s" %(GetMnem(head),GetOpnd(head,0),GetOpnd(head,1) )
if pattern in code:
matches += "0x%x - %s\n" % (head ,code)
print "Results:"
print matches
Hope this is useful for you.
[...] i finished the FindInFunc script (you can read my previous post about it here), i faced that situation for the Nth time and i finally managed to get an easy hack to get it [...]
Thanks Brother for your share, nice info, and so usefull for me..
script mlm,script binary
Hey man! Im very glad you find it useful. That is the main reason of having this blog in fact.
Hope to see you around soon.