我有一个exe文件,想反汇编它们。逆向工程工具确定该文件由多少个部分和函数组成。
现在我想将这些函数单独作为文件。现在可以是文本文件或任何格式。我只想单独拥有这些文件。
以下脚本应该可以帮助您入门,甚至已经满足您的需求:
//Exports function bodies into separate files
//@author @larsborn
//@category Assembly
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import ghidra.app.script.GhidraScript;
import ghidra.program.model.address.Address;
import ghidra.program.model.address.AddressRange;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.listing.Function;
import ghidra.program.model.listing.Instruction;
import ghidra.program.model.mem.MemoryAccessException;
public class ExportFunctionDisassembly extends GhidraScript {
public void run() throws Exception {
File directory = askDirectory("Select directory for export", "Export!");
for (Function function : currentProgram.getFunctionManager().getFunctions(true)) {
exportBinary(directory, function);
exportDisassembly(directory, function);
}
}
private void exportDisassembly(File directory, Function function) throws FileNotFoundException {
PrintWriter output = new PrintWriter(getFileName(directory, "asm", function));
for (AddressRange ar : function.getBody()) {
for (Address addr : ar) {
Instruction instr = getInstructionAt(addr);
if (instr == null) {
continue;
}
output.write(String.format("%s\n", instr.toString()));
}
}
output.close();
}
private void exportBinary(File directory, Function function) throws MemoryAccessException, IOException {
File output = new File(getFileName(directory, "bin", function));
if (output.createNewFile()) {
Address minAddress = minAddress(function.getBody());
Address maxAddress = maxAddress(function.getBody());
byte[] data = getBytes(minAddress, (int) (maxAddress.getOffset() - minAddress.getOffset()));
FileOutputStream fos = new FileOutputStream(output);
fos.write(data);
fos.close();
}
}
private String getFileName(File directory, String extension, Function function) {
Address minAddress = minAddress(function.getBody());
return String.format("%s%sfun-%08x.%s", directory.getAbsolutePath(), File.separator, minAddress.getOffset(),
extension);
}
private Address minAddress(AddressSetView asv) {
Address ret = null;
for (AddressRange ar : asv) {
if (ret == null) {
ret = ar.getMinAddress();
continue;
}
if (ar.getMinAddress().getOffset() < ret.getOffset()) {
ret = ar.getMinAddress();
}
}
return ret;
}
private Address maxAddress(AddressSetView asv) {
Address ret = null;
for (AddressRange ar : asv) {
if (ret == null) {
ret = ar.getMaxAddress();
continue;
}
if (ar.getMaxAddress().getOffset() > ret.getOffset()) {
ret = ar.getMaxAddress();
}
}
return ret;
}
}