#include <idc.idc>
static main(){
auto addr, end, args, locals, frame, firstArg, name, ret;
addr = 0;
for (addr = NextFunction(addr); addr != BADADDR; addr = NextFunction(addr)){
name = Name(addr);
end = GetFunctionAttr(addr,FUNCATTR_END);
locals = GetFunctionAttr(addr,FUNCATTR_FRSIZE);
frame = GetFrame(addr);//retrive a handle to the function's stack frame
ret = GetMemberOffset(frame, "r");// "r" is the name of thr return address
if (ret == -1) continue;
firstArg = ret + 4;
args = GetStrucSize(frame) - firstArg;
Warning("Function: %s, starts at %x, ends at %x\n", name, addr, end);
Warning(" Local variable area is %d bytes\n", locals);
Warning(" Arguments occupy %d bytes (%d args)\n", args, args / 4);
}
}
遍历数据库中的每一个函数,并打印出每个函数的基本信息,包括函数的起始地址结束地址、函数参数大小、函数的局部变量的大小。在IDA中运行此程序没反应,应该修改下哪里啊,这个r需要改成"retn"? 主要的这句不明白
addr = 0;
for (addr = NextFunction(addr); addr != BADADDR; addr = NextFunction(addr)){
。
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
