Analyze stack with IDAPython
Reverse Engineering Asked by func on January 27, 2021
In Ida pseudo-code when I press at stack’s variable I can see the place of this variable in stack.
char buffer[XXX]; // [sp+YYh]
How can I get that information (buffer size and place of this buffer in stack) in IDAPython?
One Answer
You can do this using idapython - using ida_hexrays api:
ida_hexrays.init_hexrays_plugin()
for var in ida_hexrays.decompile(ea).get_lvars():
# offset
offset = -stack_size + var.get_stkoff()
# variable size
size = var.width
# variable type
type = var.tif
And in ida gui, you can see the comments beside declarations.
Answered by R4444 on January 27, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?
Recent Answers
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?