Python command-line functions for IDA (The Interactive Disassembler) to aid in finding identical symbols and their addresses across different builds of an executable
Import the plugin into IDA, e.g. by placing the folder portaddr
into the subdirectory python
in the IDA install
directory.
Import the package from the IDAPython command-line with
>>> import portaddr as pa
Run the functions from command-line.
The functions are useful, when porting a set of addresses from one build executable to another.
Find the symbol of a specific address in memory in executable A.
>>> pa.find.name(0x7A2F44)
Info(name='_printf', uid='_printf', addr='0x7A2F44', offset='8')
(Using pa.find.encode
instead, copies "_printf+8" into the clipboard for convenience)
Find the corresponding address in memory in executable B.
>>> pa.find.decode('_printf+8', clipboard=False)
_printf = 8007492; //0x7A2F44
For a collection of addresses, the batch functions pa.find.batch_encode
and pa.find.batch_decode
are useful.
- IDA with the IDAPython plugin (Python 2.7.18), specifically the Python package
idaapi
- pyperclip (1.8.2)