assembly 如何在函数级将.exe文件转换为多个程序集文件?

smdnsysy  于 2023-10-19  发布在  其他
关注(0)|答案(1)|浏览(88)

我有一个exe文件,并希望他们反汇编。逆向工程工具确定该文件包含多少节和函数。

现在我想把这些函数作为文件分开。现在,无论是在一个文本文件或任何格式。我只想把这些文件分开。

9avjhtql

9avjhtql1#

下面的脚本应该可以让你开始,甚至已经解决了你的需求:

//Exports function bodies into separate files
//@author @larsborn
//@category Assembly

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;

import ghidra.app.script.GhidraScript;
import ghidra.program.model.address.Address;
import ghidra.program.model.address.AddressRange;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.listing.Function;
import ghidra.program.model.listing.Instruction;
import ghidra.program.model.mem.MemoryAccessException;

public class ExportFunctionDisassembly extends GhidraScript {
    public void run() throws Exception {
        File directory = askDirectory("Select directory for export", "Export!");
        for (Function function : currentProgram.getFunctionManager().getFunctions(true)) {
            exportBinary(directory, function);
            exportDisassembly(directory, function);
        }
    }

    private void exportDisassembly(File directory, Function function) throws FileNotFoundException {
        PrintWriter output = new PrintWriter(getFileName(directory, "asm", function));
        for (AddressRange ar : function.getBody()) {
            for (Address addr : ar) {
                Instruction instr = getInstructionAt(addr);
                if (instr == null) {
                    continue;
                }
                output.write(String.format("%s\n", instr.toString()));
            }
        }
        output.close();
    }

    private void exportBinary(File directory, Function function) throws MemoryAccessException, IOException {
        File output = new File(getFileName(directory, "bin", function));
        if (output.createNewFile()) {
            Address minAddress = minAddress(function.getBody());
            Address maxAddress = maxAddress(function.getBody());
            byte[] data = getBytes(minAddress, (int) (maxAddress.getOffset() - minAddress.getOffset()));
            FileOutputStream fos = new FileOutputStream(output);
            fos.write(data);
            fos.close();
        }
    }

    private String getFileName(File directory, String extension, Function function) {
        Address minAddress = minAddress(function.getBody());
        return String.format("%s%sfun-%08x.%s", directory.getAbsolutePath(), File.separator, minAddress.getOffset(),
                extension);
    }

    private Address minAddress(AddressSetView asv) {
        Address ret = null;

        for (AddressRange ar : asv) {
            if (ret == null) {
                ret = ar.getMinAddress();
                continue;
            }
            if (ar.getMinAddress().getOffset() < ret.getOffset()) {
                ret = ar.getMinAddress();
            }
        }
        return ret;
    }

    private Address maxAddress(AddressSetView asv) {
        Address ret = null;

        for (AddressRange ar : asv) {
            if (ret == null) {
                ret = ar.getMaxAddress();
                continue;
            }
            if (ar.getMaxAddress().getOffset() > ret.getOffset()) {
                ret = ar.getMaxAddress();
            }
        }
        return ret;
    }
}

相关问题