def _guess_architecture():
"""Try to guess the current architecture."""
reg_names = ida_idp.ph_get_regnames()
inf = ida_idaapi.get_inf_structure()
if "ax" in reg_names and "xmm0" in reg_names:
if inf.is_64bit():
return "amd64"
else:
return "x86"
elif "ARM" in inf.procName:
if inf.is_64bit():
return "aarch64"
else:
raise UnhandledArchitectureType(
"Unrecognized 32-bit ARM architecture: {}".format(inf.procName)
)
elif "sparc" in inf.procName:
if inf.is_64bit():
return "sparc64"
else:
return "sparc32"
else:
raise UnhandledArchitectureType(
"Unrecognized archictecture: {}".format(inf.procName)
)
def ev_out_operand(self, outctx, op):
insn = outctx.insn
if insn.itype in [NewInstructions.NN_ld_hu, NewInstructions.NN_st_h]:
if op.type == o_displ:
outctx.out_value(op, OOF_ADDR)
brackets = insn.ops[op.n].specflag1 & N850F_USEBRACKETS
if brackets:
outctx.out_symbol('[')
outctx.out_register(ph_get_regnames()[op.reg])
if brackets:
outctx.out_symbol(']')
return True
return False
info = idaapi.get_inf_structure()
BITS = None
ARCH = 'arm'
if info.is_64bit():
BITS = 64
elif info.is_32bit():
BITS = 32
else:
BITS = 16
FILE_TYPE = ENUM_FILE_TYPE[info.filetype]
#print FILE_TYPE
if 'PC' in ida_idp.ph_get_regnames() or 'pc' in ida_idp.ph_get_regnames():
ARCH = 'arm'
else:
ARCH = 'x86'
# must be created
idaapi.CompileLine(
'static LoadStrings() { RunPythonStatement("LoadStrings()"); }')
idaapi.CompileLine(
'static LoadMethods() { RunPythonStatement("LoadMethods()"); }')
idaapi.CompileLine('static AutoLoad() { RunPythonStatement("AutoLoad()"); }')
idaapi.CompileLine(
'static LocationHelper() { RunPythonStatement("LocationHelper()"); }')
# Add the hotkey
AddHotkey("Ctrl-Alt-S", 'LoadStrings')
def GetRegisterList():
"""Returns the register list"""
return ida_idp.ph_get_regnames()
def _expand_locations(arch, pfn, ty, argloc, out_locs):
"""Expand the locations referred to by `argloc` into a list of `Location`s
in `out_locs`."""
reg_names = ida_idp.ph_get_regnames()
where = argloc.atype()
if where == ida_typeinf.ALOC_STACK:
sp_adjust_retaddr = int(
ida_frame.frame_off_args(pfn) - ida_frame.frame_off_retaddr(pfn)
)
loc = Location()
loc.set_memory(arch.stack_pointer_name(), argloc.stkoff() + sp_adjust_retaddr)
loc.set_type(ty)
out_locs.append(loc)
# Distributed across two or more locations.
elif where == ida_typeinf.ALOC_DIST:
for part in argloc.scattered():
part_ty = ty.extract(arch, part.off, part.size)
_expand_locations(arch, pfn, part_ty, part, out_locs)
# Located in a single register, possibly in a small part of the register
# itself.
elif where == ida_typeinf.ALOC_REG1:
ty_size = ty.size(arch)
reg_name = reg_names[argloc.reg1()].upper()
try:
reg_offset = argloc.regoff()
family = arch.register_family(reg_name)
# Try to guess the right name for the register based on the size of the
# type that it will contain. For example, IDA will tell us register `ax`
# is used, not specify if it's `al`, `ah`, `eax`, or `rax`.
#
# NOTE: The registers in the family tuple are sorted in descending
# order of size.
found = False
for f_reg_name, f_reg_offset, f_reg_size in family:
if f_reg_offset != reg_offset:
continue
if ty_size == f_reg_size:
found = True
reg_name = f_reg_name
break
if not found:
raise Exception()
except:
reg_name = (
ida_idp.get_reg_name(argloc.reg1(), ty_size) or reg_name
).upper()
loc = Location()
loc.set_register(arch.register_name(reg_name))
loc.set_type(ty)
out_locs.append(loc)
# Located in a pair of registers.
elif where == ida_typeinf.ALOC_REG2:
ty_size = ty.size(arch)
reg_name1 = reg_names[argloc.reg1()].upper()
reg_name2 = reg_names[argloc.reg2()].upper()
ty1 = ty.extract(arch, 0, ty_size / 2)
ty2 = ty.extract(arch, ty_size / 2, ty_size / 2)
try:
found = False
family1 = arch.register_family(reg_name1)
family2 = arch.register_family(reg_name2)
# Try to guess which registers IDA actually meant. For example, for
# an `EDX:EAX` return value, our `ty_size` will be 8 bytes, but IDA will
# report the registers as `ax` and `dx` (due to those being the names in
# `ph_get_regnames`). So, we have to scan through the associated family
# and try to see if we can guess the right version of those registers.
for r1_info, r2_info in itertools.product(family1, family2):
f_reg_name1, f_reg_offset1, f_reg_size1 = r1_info
f_reg_name2, f_reg_offset2, f_reg_size2 = r2_info
if f_reg_offset1 or f_reg_offset2:
continue
if ty_size == (f_reg_size1 + f_reg_size2):
found = True
reg_name1 = f_reg_name1
reg_name2 = f_reg_name2
ty1 = ty.extract(arch, 0, f_reg_size1)
ty2 = ty.extract(arch, f_reg_size1, f_reg_size2)
break
if not found:
raise Exception()
except Exception as e:
reg_name1 = (
ida_idp.get_reg_name(argloc.reg1(), ty_size) or reg_name1
).upper()
reg_name2 = (
ida_idp.get_reg_name(argloc.reg2(), ty_size) or reg_name2
).upper()
loc1 = Location()
loc1.set_register(arch.register_name(reg_name1))
loc1.set_type(ty1)
out_locs.append(loc1)
loc2 = Location()
loc2.set_register(arch.register_name(reg_name2))
loc2.set_type(ty2)
out_locs.append(loc2)
# Memory location computed as value in a register, plus an offset.
#
# TODO(pag): How does this work if the register itself is not
# treated as an argument?
elif where == ida_typeinf.ALOC_RREL:
rrel = argloc.get_rrel()
loc = Location()
loc.set_memory(
_get_address_sized_reg(arch, reg_names[rrel.reg].upper()), rrel.off
)
loc.set_type(ty)
out_locs.append(loc)
# Global variable with a fixed address. We can represent this
# as computing a PC-relative memory address.
elif where == ida_typeinf.ALOC_STATIC:
loc = Location()
loc.set_memory(arch.program_counter_name(), argloc.get_ea() - ea)
loc.set_type(ty)
out_locs.append(loc)
# Unsupported.
else:
raise InvalidLocationException(
"Unsupported location {} with type {}".format(
str(argloc), ty.serialize(arch, {})
)
)
