1. 首頁
  2. 問答
  3. IDA PRO和BOCHS不執行我的代碼

IDA PRO和BOCHS不執行我的代碼

2014-03-12 51 views
0

我想用IDA Pro中的插件Bochs調試程序。 我有IDA Pro 6.4和Bochs 2.5.1。IDA PRO和BOCHS不執行我的代碼

用我的所有可執行文件,當我啓動的Bochs(與PE模式),我有這樣的執行:

bochsys:E0001810 bochsys_R3Entry: 
bochsys:E0001810 mov  eax, [esp+8] 
bochsys:E0001814 mov  dword_E0002004, eax 
bochsys:E0001819 cmp  eax, 1 
bochsys:E000181C mov  eax, [esp+4] 
bochsys:E0001820 jnz  short **loc_E000182C** 
bochsys:E0001822 push 0 
bochsys:E0001824 push eax 
bochsys:E0001825 call near ptr unk_E0001A50 
bochsys:E000182A jmp  short loc_E0001890 
bochsys:E000182C ; --------------- 
bochsys:E000182C 
bochsys:E000182C **loc_E000182C:**   ; CODE XREF: bochsys:bochsys_R3Entry+10j 
bochsys:E000182C mov  dword_E00022D8, eax 
bochsys:E0001831 mov  ecx, [eax+3Ch] 
bochsys:E0001834 add  ecx, eax 
bochsys:E0001836 lea  edx, [ecx+0C0h] 
bochsys:E000183C mov  dword_E0003638, ecx 
bochsys:E0001842 mov  dword_E00022D4, edx 
bochsys:E0001848 mov  ecx, [ecx+28h] 
bochsys:E000184B add  ecx, eax 
bochsys:E000184D push 1 
bochsys:E000184F mov  dword_E0002630, ecx 
bochsys:E0001855 mov  dword_E00022E0, 0 
bochsys:E000185F mov  dword_E0002634, eax 
bochsys:E0001864 call near ptr unk_E0001770 
bochsys:E0001869 push offset aExitprocess    ; "ExitProcess" 
bochsys:E000186E push offset aKernel32_dll_0   ; "kernel32.dll" 
bochsys:E0001873 call near ptr bochsys_BxGetModuleHandleA 
bochsys:E0001878 push eax 
bochsys:E0001879 call near ptr bochsys_BxGetProcAddress 
bochsys:E000187E mov  edx, dword_E0002630 
bochsys:E0001884 push eax 
bochsys:E0001885 push edx 
bochsys:E0001886 call **near ptr unk_E0001A50** 
bochsys:E000188B jmp  short loc_E0001890

在E0001820程序跳轉到功能loc_E000182C。 當程序執行近PTR unk_E0001A50它與消息停止:

Debugger: process has exited (exit code 0) 
Bochs debugger has been terminated.

它從來沒有在我的代碼去。我嘗試過用Visual C++ 2010製作的各種程序。

一個想法? 謝謝! 此致敬禮。

來源

2014-03-12 user3410945

回答

0

我找到了一個解決方案:

如果您正在調試一個MSVCRT鏈接的二進制文件,你甚至不會能達到應用程序的主因爲MSVCRT初始化代碼崩潰的()。 與MSVCRT的問題自帶___ tmainCRTStartup()函數裏面的一些代碼,試圖調用main之前初始化環境變量(): 您需要激活Python作爲默認解釋在IDA

將這個腳本〜/。 idapro /或C:\%USER%\應用程序數據\漫遊\六角光芒\ IDA Pro的

#--------------------------------------------------------------------- 
# script: idapythonrc.py 
#--------------------------------------------------------------------- 

import idaapi 

idaapi.enable_extlang_python(1)
在IdaFolder

然後\插件\ Bochs的\ startup.py 替換:

def bochs_startup(): 
    print "[Python] Bochs debugger has been initialized!\n" 
    return 0 


def bochs_startup(): 
    print "[Python] Bochs debugger has been initialized!\n" 
    ienv = idc.LocByName('__initenv') 
    ienv_loc = idc.Dword(ienv) 
    ep = idc.LocByName('start') 
    idc.AddBpt(ep) 
    idc.SetBptCnd(ep, "bochs_late_startup()") 
    auto_bps.append(ep) 
    first_ref = list(idautils.XrefsTo(ienv, idaapi.XREF_ALL))[0] 
    write_p = {first_ref.frm:("BochsVirtProtect(SegStart(0x%x), SegEnd(0x%x)-SegStart(0x%x), 1)" % (ienv_loc, ienv_loc, ienv_loc))} 
    for ea in write_p.keys(): 
    if idc.GetBptAttr(ea, BPTATTR_COND) not in [-1, '']: 
    print "[Python] Skipping BP at %08x\n" % ea 
    continue 
    idc.AddBpt(ea) 
    auto_bps.append(ea) 
    cond = write_p[ea] 
    print "[Python] Adding bp at %08x with cond %s\n" % (ea, cond) 
    idc.SetBptCnd(ea, cond) 
    return 1

編號:https://tuts4you.com/download.php?view.3136

(它不與IDA 6.4完美,我居然更新腳本)

來源

2014-03-20 09:41:35 user3410945

相關問題

 相關問題