def kiwidog(address, end, search):
magic = idaapi.find_binary(address, end, search, 0x0, SEARCH_DOWN)
function = idaapi.get_func(idaapi.get_first_dref_to(magic))
idaapi.set_name(function.start_ea, '__stack_chk_fail', SN_NOCHECK | SN_NOWARN)
function.flags |= FUNC_NORET
idaapi.update_func(function)
def load_file(f, neflags, format):
print('# PS4 Module Loader')
ps = Binary(f)
# PS4 Processor, Compiler, Library
bitness = ps.procomp('metapc', CM_N64 | CM_M_NN | CM_CC_FASTCALL,
'gnulnx_x64')
# Load Aerolib...
nids = load_nids(idc.idadir() + '/loaders/aerolib.csv')
# Segment Loading...
for segm in ps.E_SEGMENTS:
# Process Loadable Segments...
if segm.name() in [
'CODE', 'DATA', 'SCE_RELRO', 'DYNAMIC', 'GNU_EH_FRAME',
'SCE_DYNLIBDATA'
]:
address = segm.MEM_ADDR if segm.name() not in [
'DYNAMIC', 'SCE_DYNLIBDATA'
] else segm.OFFSET + 0x1000000
size = segm.MEM_SIZE if segm.name() not in [
'DYNAMIC', 'SCE_DYNLIBDATA'
] else segm.FILE_SIZE
print('# Processing %s Segment...' % segm.name())
f.file2base(segm.OFFSET, address, address + segm.FILE_SIZE,
FILEREG_PATCHABLE)
if segm.name() not in ['DYNAMIC', 'GNU_EH_FRAME']:
idaapi.add_segm(0, address, address + size, segm.name(),
segm.type(), ADDSEG_NOTRUNC | ADDSEG_FILLGAP)
# Processor Specific Segment Details
idc.set_segm_addressing(address, bitness)
idc.set_segm_alignment(address, segm.alignment())
idc.set_segm_attr(address, SEGATTR_PERM, segm.flags())
# Process Dynamic Segment....
elif segm.name() == 'DYNAMIC':
stubs = {}
modules = {}
libraries = {}
f.seek(segm.OFFSET)
offset = segm.OFFSET
dynamic = address
dynamicsize = size
for entry in xrange(size / 0x10):
idc.set_cmt(address + (entry * 0x10),
Dynamic(f).process(stubs, modules, libraries),
False)
'''
# Process Exception Handling Segment...
elif segm.name() == 'GNU_EH_FRAME':
# Exception Handling Frame Header Structure
members = [('version', 'Version', 0x1),
('eh_frame_ptr_enc', 'Encoding of Exception Handling Frame Pointer', 0x1),
('fde_count_enc', 'Encoding of Frame Description Entry Count', 0x1),
('table_enc', 'Encoding of Table Entries', 0x1)]
struct = segm.struct('EHFrame', members)
idaapi.create_struct(address, 0x4, struct)
# Exception Handling Structure
members = [('exception', 'value', 0x8)]
struct = segm.struct('Exception', members)
for entry in xrange(size / 0x8):
idaapi.create_struct(address + (entry * 0x8), 0x8, struct)
'''
# Process SCE 'Special' Shared Object Segment...
if segm.name() == 'SCE_DYNLIBDATA':
# SCE Fingerprint
idc.make_array(address, 0x14)
idc.set_name(address, 'SCE_FINGERPRINT',
SN_NOCHECK | SN_NOWARN | SN_FORCE)
idc.set_cmt(
address, ' '.join(
x.encode('hex')
for x in idc.get_bytes(address, 0x14)).upper(), False)
# Dynamic Symbol Table
try:
# --------------------------------------------------------------------------------------------------------
# Dynamic Symbol Entry Structure
members = [('name', 'Name (String Index)', 0x4),
('info', 'Info (Binding : Type)', 0x1),
('other', 'Other', 0x1),
('shtndx', 'Section Index', 0x2),
('value', 'Value', 0x8), ('size', 'Size', 0x8)]
struct = segm.struct('Symbol', members)
# Dynamic Symbol Table
location = address + Dynamic.SYMTAB
f.seek(segm.OFFSET + Dynamic.SYMTAB)
symbols = {}
for entry in xrange(Dynamic.SYMTABSZ / 0x18):
idaapi.create_struct(location + (entry * 0x18), 0x18,
struct)
idc.set_cmt(location + (entry * 0x18),
Symbol(f).process(symbols), False)
except:
pass
# Dynamic String Table
try:
# --------------------------------------------------------------------------------------------------------
# Dynamic String Table
location = address + Dynamic.STRTAB
f.seek(segm.OFFSET + Dynamic.STRTAB)
# Stubs
for key in stubs:
idc.create_strlit(location + key, BADADDR)
stubs[key] = idc.get_strlit_contents(
location + key, BADADDR)
idc.set_cmt(location + key, 'Stub', False)
#print('Stubs: %s' % stubs)
# Modules
for key in modules:
idc.create_strlit(location + key, BADADDR)
modules[key] = idc.get_strlit_contents(
location + key, BADADDR)
idc.set_cmt(location + key, 'Module', False)
#print('Modules: %s' % modules)
# Libraries and LIDs
lids = {}
for key, value in libraries.iteritems():
idc.create_strlit(location + key, BADADDR)
lids[value] = idc.get_strlit_contents(
location + key, BADADDR)
libraries[key] = idc.get_strlit_contents(
location + key, BADADDR)
idc.set_cmt(location + key, 'Library', False)
#print('LIDs: %s' % lids)
# Symbols
for key in symbols:
idc.create_strlit(location + key, BADADDR)
symbols[key] = idc.get_strlit_contents(
location + key, BADADDR)
idc.set_cmt(location + key, 'Symbol', False)
#print('Symbols: %s' % symbols)
except:
pass
# Resolve Export Symbols
try:
symbols = sorted(symbols.iteritems())
location = address + Dynamic.SYMTAB + 0x30
f.seek(segm.OFFSET + Dynamic.SYMTAB + 0x30)
for entry in xrange((Dynamic.SYMTABSZ - 0x30) / 0x18):
Symbol(f).resolve(location + (entry * 0x18), nids,
symbols[entry][1])
except:
pass
# Jump Table
try:
# --------------------------------------------------------------------------------------------------------
# Jump Entry Structure
members = [('offset', 'Offset (String Index)', 0x8),
('info', 'Info (Symbol Index : Relocation Code)',
0x8), ('addend', 'AddEnd', 0x8)]
struct = segm.struct('Jump', members)
# PS4 Base64 Alphabet
base64 = list(
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-'
)
alphabet = {
character: index
for index, character in enumerate(base64)
}
#print('Base64 Table: %s' % alphabet)
# Jump Table
location = address + Dynamic.JMPTAB
f.seek(segm.OFFSET + Dynamic.JMPTAB)
for entry in xrange(Dynamic.JMPTABSZ / 0x18):
idaapi.create_struct(location + (entry * 0x18), 0x18,
struct)
idc.set_cmt(
location + (entry * 0x18),
Relocation(f).resolve(alphabet, nids, symbols, lids),
False)
except:
pass
# Relocation Table
try:
# --------------------------------------------------------------------------------------------------------
# Relocation Entry Structure (with specific addends)
members = [('offset', 'Offset (String Index)', 0x8),
('info', 'Info (Symbol Index : Relocation Code)',
0x8), ('addend', 'AddEnd', 0x8)]
struct = segm.struct('Relocation', members)
# Relocation Table (with specific addends)
location = address + Dynamic.RELATAB
f.seek(segm.OFFSET + Dynamic.RELATAB)
for entry in xrange(Dynamic.RELATABSZ / 0x18):
idaapi.create_struct(location + (entry * 0x18), 0x18,
struct)
idc.set_cmt(location + (entry * 0x18),
Relocation(f).process(nids, symbols), False)
except:
pass
# Hash Table
try:
# --------------------------------------------------------------------------------------------------------
# Hash Entry Structure
members = [('bucket', 'Bucket', 0x2), ('chain', 'Chain', 0x2),
('buckets', 'Buckets', 0x2),
('chains', 'Chains', 0x2)]
struct = segm.struct('Hash', members)
# Hash Table
location = address + Dynamic.HASHTAB
f.seek(segm.OFFSET + Dynamic.HASHTAB)
for entry in xrange(Dynamic.HASHTABSZ / 0x8):
idaapi.create_struct(location + (entry * 0x8), 0x8, struct)
except:
pass
# Dynamic Tag Table
try:
# --------------------------------------------------------------------------------------------------------
# Dynamic Tag Entry Structure
members = [('tag', 'Tag', 0x8), ('value', 'Value', 0x8)]
struct = segm.struct('Tag', members)
f.seek(offset)
for entry in xrange(dynamicsize / 0x10):
idaapi.create_struct(dynamic + (entry * 0x10), 0x10,
struct)
idc.set_cmt(
dynamic + (entry * 0x10),
Dynamic(f).comment(address, stubs, modules, libraries),
False)
except:
pass
# Start Function
idc.add_entry(ps.E_START_ADDR, ps.E_START_ADDR, 'start', True)
print('# Waiting for the AutoAnalyzer to Complete...')
idaapi.auto_wait()
# Set No Return for __stack_chk_fail...
try:
function = idc.get_name_ea_simple('__stack_chk_fail')
function = idaapi.get_func(function)
function.flags |= FUNC_NORET
idaapi.update_func(function)
except:
pass
# Missed Function Creation...
try:
code = idaapi.get_segm_by_name('CODE')
address = code.start_ea
end = code.end_ea
# Final Pass
print('# Performing Final Pass...')
while address < end:
address = idaapi.find_not_func(address, SEARCH_DOWN)
if idaapi.is_unknown(idaapi.get_flags(address)):
idaapi.create_insn(address)
else:
idc.add_func(address)
address += 4
except:
pass
print('# Done!')
return 1
def set_func_library(addr):
func = idaapi.get_func(addr)
if func:
func.flags |= idaapi.FUNC_LIB
idaapi.update_func(func)
def color_write(fn, bgr):
fn = by(fn)
fn.color = 0xffffffff if bgr is None else bgr
return bool(idaapi.update_func(fn))