一个dumpdex的IDA插件

毕业了,暂时用不着了,存起来

import idaapi
import structdef dumpdex(start, len, target):rawdex = idaapi.dbg_read_memory(start, len)fd = open(target, 'wb')fd.write(rawdex)fd.close()def getdexlen(start):pos = start + 0x20mem = idaapi.dbg_read_memory(pos, 4)len = struct.unpack('<I', mem)[0]print 'len is ' + str(hex(len))return int(len)start = AskAddr(0, 'Input DexFile start in hex: ')
print('start is ' + str(hex(start)))len = AskLong(getdexlen(start), 'Input DexFile len in hex: ')
target = AskStr('/users/boyliang/temp/xx.dex', 'Input the dump file path')if len > 0 and start > 0x0 and target and AskYN(1, 'start is 0x%0x, len is %d, dump to %s' % (start, len, target)) == 1:dumpdex(start, len, target)print('Dump Finish')

用法
首先shift + f2，调出IDA，选择import，把本脚本导入
当动态调试的时候，找到dex的始址，比如断点在dvmDexFileOpenPartial，r0即是dex的始址
shift + f2，调出脚本，选择本脚本，按UI提示输入即可
注意: 这个小插件目前只支持连续的Dex文件，非连续性的不支持