Ghidra script 搜索常量字符串/字节串在内存中的使用 单例
- 常量引用: (getReferencesTo)
searchUTF8StringReferences,searchUTF16StringReferences,searchBytesReferencessearchBytes,searchMultiBytesAC
- 传参:
strcat(buffer, 'this is a string')searchStrParamings,searchBytesParamings
from search_string import searchBytesParamings
alphabet = [b'wksun', b'wkmon', b'wktue', b'wkwed', b'wkthu', b'wkfri', b'wksat']
for w, f, site in searchBytesParamings(alphabet):
print(f'{site:08x}: {f.getName()}(\'{w}\')')00441234: stringOut('b'wksun'')
00448246: stringOut('b'wkmon'')
00456476: stringOut('b'wksun'')
00458264: stringOut('b'wksat'')
from search_string import *
alphabet = [b'wksun', b'wkmon', b'wktue', b'wkwed', b'wkthu', b'wkfri', b'wksat']
for w, addr in searchMultiBytesAC(alphabet):
print(f'{addr.getOffset():08x}: {w}')004a1243: b'wktue'
004a1923: b'wkfri'
004c0484: b'wksun'
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent