花指令 | Notion

自己找一下规律，然后 IDA Python 自动化 patch 一下
例子来自
import capstone
import keystone

now_ea = 0x4140C0
target_hex = 'E8 00 00 00 00 83 04 24 05 C3'
target_bytes = bytes.fromhex(target_hex)
target_binpat = ida_bytes.compiled_binpat_vec_t()
ida_bytes.parse_binpat_str(target_binpat, now_ea, 'E8 00 00 00 00 83 04 24 05 C3', 16)

while True:
    now_ea = ida_bytes.bin_search(
        now_ea + 1,
        ida_ida.inf_get_max_ea(),
        target_binpat,
        ida_bytes.BIN_SEARCH_FORWARD | ida_bytes.BIN_SEARCH_NOBREAK
    )
    print(now_ea)
    if now_ea == ida_idaapi.BADADDR:
        break
    ida_bytes.patch_bytes(now_ea, b'\\x90'*len(target_bytes))

now_ea = 0x4140C0
target_hex = '0F 84'
target_bytes = bytes.fromhex(target_hex)
target_binpat = ida_bytes.compiled_binpat_vec_t()
ida_bytes.parse_binpat_str(target_binpat, now_ea, '0F 84', 16)

md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
ks = keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_64)

while True:
    now_ea = ida_bytes.bin_search(
        now_ea + 1,
        ida_ida.inf_get_max_ea(),
        target_binpat,
        ida_bytes.BIN_SEARCH_FORWARD | ida_bytes.BIN_SEARCH_NOBREAK
    )
    if now_ea == ida_idaapi.BADADDR:
        break
    print(now_ea)
    try:
        ins1, ins2 = list(md.disasm(ida_bytes.get_bytes(now_ea, 12), 0))
        if set([ins1.mnemonic, ins2.mnemonic]) == set(['je', 'jne']) and ins1.op_str == ins2.op_str:
            data = bytes(ks.asm(f'jmp {ins1.op_str}')[0]).ljust(12, b'\\x90')
            ida_bytes.patch_bytes(now_ea, data)
    except:
        pass

now_ea = 0x4140C0
target_hex = '74'
target_bytes = bytes.fromhex(target_hex)
target_binpat = ida_bytes.compiled_binpat_vec_t()
ida_bytes.parse_binpat_str(target_binpat, now_ea, '74', 16)

md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
ks = keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_64)

while True:
    now_ea = ida_bytes.bin_search(
        now_ea + 1,
        ida_ida.inf_get_max_ea(),
        target_binpat,
        ida_bytes.BIN_SEARCH_FORWARD | ida_bytes.BIN_SEARCH_NOBREAK
    )
    if now_ea == ida_idaapi.BADADDR:
        break
    print(now_ea)
    try:
        ins1, ins2 = list(md.disasm(ida_bytes.get_bytes(now_ea, 4), 0))
        if set([ins1.mnemonic, ins2.mnemonic]) == set(['je', 'jne']) and ins1.op_str == ins2.op_str:
            data = bytes(ks.asm(f'jmp {ins1.op_str}')[0]).ljust(4, b'\\x90')
            ida_bytes.patch_bytes(now_ea, data)
    except:
        pass