IDA：如何遍歷腳本中的段

Question

我試着編寫一個簡單的循環，它使用GetSegmentAttr來獲取當前段的開始和結束，然後假定當前段的結尾將是下一個的開始段，但這個假設是錯誤的。它適用於幾個細分市場，但我發現細分市場之間可能存在差距。

所以，我想知道的是如何可以可靠地遍歷所有段的創建？

Answer 1

您可以通過的idautils.Segments()結果迭代：

for seg in idautils.Segments(): 
    # ... 

Answer 2

使用FirstSeg（）和NextSeg（）像這樣

#include <idc.idc> 

static main() { 
    auto seg; 
    auto start; 
    auto end; 

    seg = FirstSeg(); 

    while(seg != BADADDR) 
    { 
     start = SegStart(seg); 
     end = SegEnd(seg); 

     Message("Seg: %a Start: %a End: %a\n", seg, start, end); 

     // do looping here 

     seg = NextSeg(seg); 
    } 
} 

然後循環從 '開始' 一個變量，包括 '結束'

對於我目前的項目，上面給出：

Seg: ROM:00000000 Start: ROM:00000000 End: ROM2:00880000 
Seg: ROM2:00880000 Start: ROM2:00880000 End: 0:009FFFFF 
Seg: CHIP:40000000 Start: CHIP:40000000 End: 0:4004FFFF 
Seg: CHIP:40050000 Start: CHIP:40050000 End: 0:4005FFFF 
Seg: CHIP:40070000 Start: CHIP:40070000 End: 0:4007FFFF 
Seg: CHIP:40130000 Start: CHIP:40130000 End: 0:4013FFFF 
Seg: CHIP:40180000 Start: CHIP:40180000 End: 0:4018FFFF 
Seg: CHIP:401D0000 Start: CHIP:401D0000 End: 0:401DFFFF 
Seg: CHIP:50000000 Start: CHIP:50000000 End: 0:5001FFFF 
Seg: s6800:68000000 Start: s6800:68000000 End: 0:6800FFFF 
Seg: CHIP:6F000000 Start: CHIP:6F000000 End: 0:6F00FFFF 
Seg: RAM:8F800000 Start: RAM:8F800000 End: 0:8F9FFFFF 
Seg: RAM:8FB00000 Start: RAM:8FB00000 End: 0:8FFFFFFF 
Seg: RAM:CD000000 Start: RAM:CD000000 End: 0:CEFFFFFF