search

danielplohmann / apiscout

This project aims at simplifying Windows API import recovery on arbitrary memory dumps
BSD 2-Clause "Simplified" License
241 stars 41 forks source link

getAllMemoryFromIda returns only data from first segment #2

Closed nazywam closed 7 years ago

nazywam commented 7 years ago

Hey,

https://github.com/danielplohmann/apiscout/blob/master/apiscout/IdaTools.py#L72

end = idc.SegEnd(start) works correctly only if our IDA db has only segment, which is sometimes not true.

I think scanning till getLastAddress() instead of idc.SegEnd() should do the trick.

Cheers!

danielplohmann commented 7 years ago

just implemented what I meant by my proposed solution. :) Now you can even have segments like 0x400000 - 0x410000 0x440000 - 0x450000

and the gap is handled correctly. ;)