search

doronz88 / ida-scripts

46 stars 3 forks source link

module 'idc' has no attribute 'find_binary' on IDA 9.0 #1

Closed Kyle-Ye closed 1 month ago

Kyle-Ye commented 1 month ago

IDA version: 9.0

See https://hex-rays.com/blog/ida-9-0-sdk-idapython-porting-guides/ and https://github.com/VoidSec/DriverBuddyReloaded/issues/4

0xepsil0n commented 1 month ago

Just had the same issue. I'm looking at it too. For now, it seems like the replacement should be

An image of the porting guide (left side is 8.4 right side 9.0):

image

I'll update this once I get it working

0xepsil0n commented 1 month ago

UPDATED:

I've changed the ida_find_all() function following the porting guides (they are wrong. bin_search does not work, you have to call bin_search3)

def ida_find_all(expression: str, start_ea: int, end_ea: int) -> Generator[int, None, None]:
    patterns = ida_bytes.compiled_binpat_vec_t()
    encoding = ida_nalt.get_default_encoding_idx(ida_nalt.BPU_1B)
    pattern = idc.BADADDR
    zero_ea = 0
    err = ida_bytes.parse_binpat_str(patterns, zero_ea, expression, 16, encoding)
    ea = ida_bytes.bin_search3(start_ea, end_ea, patterns, SEARCH_DOWN | SEARCH_REGEX)[0]
    while ea != idc.BADADDR and ea < end_ea:
        yield ea
        ea = ida_bytes.bin_search(ea + 1, end_ea, patterns, SEARCH_DOWN | SEARCH_REGEX)[0]

I left it like this but does not seem to be working when running in it in IDA. Any ideas?

Used this example as an inspiration: https://github.com/Coldzer0/IDA-For-Delphi/blob/master/Delphi.py

doronz88 commented 1 month ago

I just installed IDA 9.0 and had no problem triggering idc.find_bytes. It seems latest release restored that API

doronz88 commented 2 weeks ago

Apparently I was mistaken and the API was the same only on specific IDA 9 builds. Sorry for the mishap 🙏 It is now fixed :)

0xepsil0n commented 1 week ago

Cool! Thank you for the update :)