IDA：如何遍历脚本中的段

Question

我试着编写一个简单的循环，它使用GetSegmentAttr来获取当前段的开始和结束，然后假定当前段的结尾将是下一个的开始段，但这个假设是错误的。它适用于几个细分市场，但我发现细分市场之间可能存在差距。

所以，我想知道的是如何可以可靠地遍历所有段的创建？

Answer 1

您可以通过的idautils.Segments()结果迭代：

for seg in idautils.Segments(): 
    # ... 

Answer 2

使用FirstSeg（）和NextSeg（）像这样

#include <idc.idc> 

static main() { 
    auto seg; 
    auto start; 
    auto end; 

    seg = FirstSeg(); 

    while(seg != BADADDR) 
    { 
     start = SegStart(seg); 
     end = SegEnd(seg); 

     Message("Seg: %a Start: %a End: %a\n", seg, start, end); 

     // do looping here 

     seg = NextSeg(seg); 
    } 
} 

然后循环从 '开始' 一个变量，包括 '结束'

对于我目前的项目，上面给出：

Seg: ROM:00000000 Start: ROM:00000000 End: ROM2:00880000 
Seg: ROM2:00880000 Start: ROM2:00880000 End: 0:009FFFFF 
Seg: CHIP:40000000 Start: CHIP:40000000 End: 0:4004FFFF 
Seg: CHIP:40050000 Start: CHIP:40050000 End: 0:4005FFFF 
Seg: CHIP:40070000 Start: CHIP:40070000 End: 0:4007FFFF 
Seg: CHIP:40130000 Start: CHIP:40130000 End: 0:4013FFFF 
Seg: CHIP:40180000 Start: CHIP:40180000 End: 0:4018FFFF 
Seg: CHIP:401D0000 Start: CHIP:401D0000 End: 0:401DFFFF 
Seg: CHIP:50000000 Start: CHIP:50000000 End: 0:5001FFFF 
Seg: s6800:68000000 Start: s6800:68000000 End: 0:6800FFFF 
Seg: CHIP:6F000000 Start: CHIP:6F000000 End: 0:6F00FFFF 
Seg: RAM:8F800000 Start: RAM:8F800000 End: 0:8F9FFFFF 
Seg: RAM:8FB00000 Start: RAM:8FB00000 End: 0:8FFFFFFF 
Seg: RAM:CD000000 Start: RAM:CD000000 End: 0:CEFFFFFF