-
Notifications
You must be signed in to change notification settings - Fork 26
/
XORCheck.py
30 lines (24 loc) · 824 Bytes
/
XORCheck.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import idautils
import idaapi
import idc
def main():
print "\n\n\n---------------- XORCheck ---------------"
print "Interesting XORs:"
ea = MinEA()
while ea < MaxEA():
ea = FindText(ea, SEARCH_DOWN, 0, 0, "xor")
eCode = idc.isCode(idc.GetFlags(ea))
if not eCode or ea == idc.BADADDR:
break
if idc.GetOpnd(ea, 0) == idc.GetOpnd(ea, 1):
ea = idc.NextHead(ea)
continue
func = idaapi.get_func(ea)
if func.flags & FUNC_LIB:
ea = idc.NextHead(ea)
continue
print "loc: ", hex(ea), "dis: ", idc.GetDisasm(ea), "func: ", idc.get_func_name(ea)
idc.MakeComm(ea, "XORs: check it!")
ea = idc.NextHead(ea)
print "\n--------------- XORCheck EOF --------------\n"
main()