{"id":13755443,"url":"https://github.com/patois/mrspicky","last_synced_at":"2025-05-10T01:31:08.565Z","repository":{"id":60612827,"uuid":"186706683","full_name":"patois/mrspicky","owner":"patois","description":"MrsPicky - An IDAPython decompiler script that helps auditing memcpy() and memmove() calls","archived":false,"fork":false,"pushed_at":"2024-03-14T07:21:37.000Z","size":1476,"stargazers_count":105,"open_issues_count":0,"forks_count":22,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-03-14T08:34:15.049Z","etag":null,"topics":["automated","binary-auditing","decompiler","hex-rays","hexrays","ida-pro","idapython","memcpy","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/patois.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-14T22:00:15.000Z","updated_at":"2024-08-03T10:02:33.185Z","dependencies_parsed_at":"2024-01-13T03:01:03.850Z","dependency_job_id":"b49bfd07-766d-47ce-a3df-e4b2d9e92364","html_url":"https://github.com/patois/mrspicky","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patois%2Fmrspicky","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patois%2Fmrspicky/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patois%2Fmrspicky/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patois%2Fmrspicky/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patois","download_url":"https://codeload.github.com/patois/mrspicky/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253349963,"owners_count":21894810,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automated","binary-auditing","decompiler","hex-rays","hexrays","ida-pro","idapython","memcpy","vulnerability"],"created_at":"2024-08-03T10:00:54.339Z","updated_at":"2025-05-10T01:31:07.987Z","avatar_url":"https://github.com/patois.png","language":"Python","readme":"# MrsPicky\n\nMrsPicky - An IDAPython decompiler script that helps auditing memcpy() and memmove() calls.\n\n![mrspicky animated gif](/rsrc/picky.gif?raw=true)\n\nThis example code shows how the HexRays decompiler can be scripted in\norder to identify potentially dangerous calls to memcpy() function calls.\nIt is in no way meant to be a fully working script covering all possible\nuse cases but just a few instead.\n\nIt will display a list of identified calls that can be and is meant to\nbe searched, sorted and filtered interactively using IDA's built-in\nfiltering features. Double clicking an entry will jump to the respective\ncall within the currently active IDA or Decompiler view.\n\nIn cases where the \"n\" argument that is passed to memcpy() calls can be\nresolved statically, the resulting list's \"max n\" tab reflects the maximum\nnumber of bytes that the destination buffer \"dst\" can be written to (in\nother words: any number larger than that will corrupt whatever follows\nthe current stack frame, which usually is a return address.\n\nThe \"problems\" tab may contain the following keywords:\n\n  * \"memcorr\" - indicates a confirmed memory corruption\n  * \"argptr\"  - the \"dst\" pointer points beyond the local stack frame\n                (this may not actually be a problem per se but...)\n\nFeel free to adjust the script to suit your personal preferences.\nRelevant code is commented and explained below so that hopefully it will\nbe easy to adapt the code to cover more use-cases as well as further\nfunctions such as malloc() whatsoever.\n\n## Requirements\n\nThis script is based on Python3 and requires IDA 7.3 to work. Python2\nversion is available ![here](https://github.com/patois/mrspicky/tree/mrspicky-python2).\n\nFor further help, check out vds5.py that comes with the HexRays SDK.\n\nThis script is licensed under the \"THE BEER-WARE LICENSE\" (Revision 42) license.\n","funding_links":[],"categories":["\u003ca id=\"1ded622dca60b67288a591351de16f8b\"\u003e\u003c/a\u003e漏洞"],"sub_categories":["功能"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatois%2Fmrspicky","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpatois%2Fmrspicky","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatois%2Fmrspicky/lists"}