I notice that a char buffer has been allocated on the stack in a function. It goes like this:
.text:00401xxx Buffer= byte ptr -24h
I know that I can read Dwords at memory addresses by going:
Dword(0x<address>)
But, how do I do the same for stack variables? Specifically here, I'd like to be able to read the whole character buffer...
Yuo could use the idc IDA module, there are many interesting functions.
If you want print dword, this is correct:
Dword(0x<address>)
For memory dumping as suggest above you could use follow function:
**GetManyBytes(ea, size, use_dbg=False)<br>**
Parameters:
ea - linear address
size - size of buffer in normal 8-bit bytes
use_dbg - if True, use debugger memory, otherwise just the database
An example:
GetManyBytes(0x<address>, 50, True)
You can call the function runtime, you could use also a simple script like:
from idc import GetManyBytes
from struct import unpack
def simple_dump():
arr = []
for i in xrange(0, 2*SIZE_TO_DUMP, 2):
bytes = GetManyBytes(0x<address>+i,2)
arr.append(unpack("h", bytes)[0])
return arr
def main():
values = simple_dump()
You can also use the IDA Hex-View windows
