va->offset: ida_loader.get_fileregion_offset(va)
offset->va: ida_loader.get_fileregion_ea(fo)
这个是和编译器相关的,不过业界似乎统一了规则,不用具体指定编译器
ida_name.demangle_name(name, disable_mask, demreq=DQT_FULL) -> str
Python>ida_name.demangle_name('??$WriteByteBuffer@$0EAA@@WriteMessage@network@mg@@QEAAXAEBV$ByteBuffer@$0EAA@@common@2@I@Z', 0)
'public: void mg::network::WriteMessage::WriteByteBuffer<1024>(class mg::common::ByteBuffer<1024> const &,unsigned int)'也可以去这里在线demangle https://demangler.com/
怎么从可读的demangled name转化到decorated name,ida里面好像没这个功能。可以自己写个对应名称的函数然后编译一下,查看pdb.
get_name_ea_simple(‘funcname’). 7.4之前用LocByName
Python>get_name_ea_simple('?WriteDelimiter@WriteMessage@network@mg@@QEAAXG@Z')
0x142df6980向上遍历 idc.prev_head 向下idc.next_head
idc.get_func_attr(addr, 0)