API tools faq
paste
Guest User

Untitled

a guest
May 5th, 2016
57
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.99 KB | None | 0 0
raw download clone embed print report
  1. from idaapi import *
  2. from idc import *
  3.  
  4. def get_stack_arg(arg, base='ebp'):
  5. # find the stack frame
  6. stack = GetFrame(here())
  7. size = GetStrucSize(stack)
  8.  
  9. # figure out all of the variable names
  10. names = []
  11. for i in xrange(size):
  12. n = GetMemberName(stack, i)
  13. if n and not n in names:
  14. names.append(n)
  15.  
  16. # The stack offsets can be negative
  17. # GetFrame and GetStrucSize are not
  18. #-0000000A var_A dw ?
  19. #+00000000 s db 4 dup(?) ; s is always at 0x0
  20. #+00000004 r db 4 dup(?)
  21. #+00000008 arg_0 dd ?
  22. #+0000000C arg_4 dd
  23. # there has got too be a better way (hax)
  24. if ' s' in names and arg in names:
  25. adjusted = size - (size - GetMemberOffset(stack, ' s'))
  26.  
  27. offset = GetMemberOffset(stack, arg) - adjusted
  28. if base:
  29. return GetRegValue(base) + offset
  30. else:
  31. return offset
  32.  
  33. return -1
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!