FindInfunc.py (Little script to search for a pattern within a function)
It is very common, when involved on the reversing of a big function in IDA, to need to look for some specific instruction, basic block, or even some particular string within the function.
I know we can use Marks (CTRL+M) for this task but, to use that feature, we’d need to be previously there to set a mark (ALT+M).
Sometimes, we want to jump to some piece of code where we’ve never been before. We can not use the “Text Search” command for this task because it will search for the pattern through the whole binary. Well, we can in fact, but its not going to be so optimal.
For that problem i’ve coded a little IDAPython script who searchs for an string within the limits
of a defined function. I wanted to share it with you as another example of the IDA + Python customization
from idautils import * from idaapi import * function_start = ScreenEA() function_end = FindFuncEnd(function_start) matches = "" pattern = AskStr("","Search for:") for head in Heads(function_start, function_end): if isCode(GetFlags(head)): code = "%s %s %s" %(GetMnem(head),GetOpnd(head,0),GetOpnd(head,1) ) if pattern in code: matches += "0x%x - %s\n" % (head ,code) print "Results:" print matches
Hope this is useful for you.