Krakz
Malware hunting & Reverse engineering notes

IDA

pbo

Gather IDA notes and Python snippets used during the analysis

Snippets #

Decompile an instruction at a given address ea (below) and print the type of memory if the instruction is a mov.

insn = idaapi.insn_t()
length = idaapi.decode_insn(insn, ea)
if insn.itype == ida_allins.NN_mov:
    if insn.Op1.type == ida_ua.o_reg and insn.Op2.type == ida_ua.o_mem:
      print(f"{insn.Op1.type} is reg and {insn.Op2.type} is mem")
Back to top
back to top
SysWhispers2 analysis 🙊 »