Beispiel #1
0
def ports_analisys():
	ports_struc = idc.AddEnum(-1, "ports", (FF_WRD|FF_DATA))
	idc.AddConstEx(ports_struc, "PCI_CONFIG_ADDRESS", PCI_CONFIG_ADDRESS, -1)
	idc.AddConstEx(ports_struc, "PCI_CONFIG_DATA", PCI_CONFIG_DATA, -1)

	for each in idaapi.find_binary(start, stop, "", 0, 0): # find_binary(ea_t startea, ea_t endea, char ubinstr, int radix, int sflag) -> ea_t
		idc.MakeCode(each)
    def createenum(self, symbols):
        """
            Given full symbols and addresses create an enum name with the library name (the string before !)
            Some constants will fail due to weird characters in symbols used by MS. eg( `$)
            symbols: (dict) A set of symbols and addresses that have been cleaned.
        """
        enum_name = symbols.keys()[0].split('!')[0]
        enum = idc.AddEnum(0, enum_name, idaapi.hexflag())
        if enum == idaapi.BADADDR:
            print "[!] Failed to create enum: %s\n" % enum_name
            return 
        for symbol, address in symbols.iteritems():
            # "ADVAPI32!RegCreateKeyExWStub": "0xffff8007be2f89f0"
            org_symb = symbol
            symbol = str(symbol.split('!')[1].encode('utf-8'))
            symbol = symbol.strip()
            symbol = 's_'+symbol 
            address = int(address,16)
            ret = idc.AddConstEx(enum, symbol, address, -1)
            if ret !=0:
                print "[!] Failed to create constant for symbol %s - (%s). %s" % (org_symb,symbol,ENUM_ERRORS[ret])
                continue
            self.enums[address] = enum

        print "[+] Finished adding enum %s\n" % enum_name
Beispiel #3
0
 def yatest_enums(self):
     values = []
     for flag in flags:
         for prefix, enum_width, is_bitfield, num_fields in tests:
             name = '%s_%x_%d_%x' % (prefix, enum_width, is_bitfield, flag)
             ea = None
             eid = idc.AddEnum(-1, name, flag)
             self.assertNotEqual(eid, idaapi.BADADDR)
             if enum_width != 0:
                 idc.SetEnumWidth(eid, enum_width)
             if is_bitfield:
                 self.assertTrue(idc.SetEnumBf(eid, True))
             idc.SetEnumCmt(eid, prefix + 'cmt', False)
             idc.SetEnumCmt(eid, prefix + 'rpt', True)
             for n in range(0, num_fields):
                 field = '%s_%d' % (name , n)
                 cid = None
                 if is_bitfield:
                     self.assertEqual(idc.AddConstEx(eid, field, 1 << n, 1 << n), 0)
                 else:
                     self.assertEqual(idc.AddConst(eid, field, n), 0)
                 if n == 0:
                     ea = get_ea()
                     self.assertNotEqual(idaapi.op_enum(ea, 1, eid, 0), idaapi.BADADDR)
                 cid = idc.GetConstByName(field)
                 self.assertTrue(idc.SetConstCmt(cid, field + 'cmt', False))
                 #self.assertTrue(idc.SetConstCmt(cid, field + 'rpt', True))
             values.append((name, ea))
     yaunit.save('enums', values)
Beispiel #4
0
def add_enums(function):
    """ Add standard enums from parsed MSDN documentation for all imported
    library calls and their arguments.

    Arguments:
    function -- function object
    """
    enum_count = 0
    for argument in function.arguments:
        # Add standard enums
        if not argument.enums:
            g_logger.debug(' No standard constants available for %s' %
                           argument.name)
        else:
            for enum in argument.enums:
                g_logger.debug('  Importing enum %s for argument %s' %
                               (enum, argument.name))
                if idc.Til2Idb(-1, enum) != idaapi.BADADDR:
                    g_logger.debug('  ' + enum + ' ' + hex(idc.GetEnum(enum)) +
                                   ' added successfully')
                    enum_count = enum_count + 1
                else:
                    g_logger.debug('  Could not add ' + enum)

        if not argument.constants:
            # No constants for this argument
            continue

        argument.name = argument.name.encode('utf-8')
        function.name = function.name.encode('utf-8')

        # Add constant descriptions
        for constant in argument.constants:
            constant.name = constant.name.encode('utf-8')

            if constant.name == 'NULL':
                # Create unique name, so we can add descriptive comment to it
                constant.name = 'NULL_{}_{}'.format(argument.name,
                                                    function.name)
                # Add custom enum for NULL values if it does not exist yet
                enumid = idc.GetEnum(NULL_ENUM_NAME)
                if enumid == idaapi.BADADDR:
                    enumid = idc.AddEnum(-1, NULL_ENUM_NAME, idaapi.hexflag())
                idc.AddConstEx(enumid, constant.name, 0, -1)
                constid = idc.GetConstByName(constant.name)
                idc.SetConstCmt(constid, format_comment(constant.description),
                                False)
            else:
                constid = idc.GetConstByName(constant.name)
                if constid:
                    if idc.SetConstCmt(constid,
                                       format_comment(constant.description),
                                       False):
                        g_logger.debug('    Description added for %s' %
                                       constant.name)
                    else:
                        g_logger.debug('    No description added for %s' %
                                       constant.name)
    return enum_count
Beispiel #5
0
 def createEnum(self, enum):
     eid = idc.AddEnum(-1, enum[0], 0x1100000)  #what is this flag?
     idc.SetEnumBf(eid, 1)
     val = 0
     mask = 0x1f
     idc.SetEnumWidth(eid, 1)
     for i in enum[1]:
         idc.AddConstEx(eid, i, val, mask)
         val += 1
Beispiel #6
0
    def make_enum_member(self, object_version, value):
        name = object_version.get_name()
        object_id = object_version.get_id()

        enum_object_id = object_version.get_parent_object_id()

        enum_id = 0
        try:
            enum_id = self.enum_ids[enum_object_id]
        except:
            return

        self.hash_provider.put_hash_enum_member(idc.GetEnumName(enum_id), name,
                                                value, object_id)

        # create member
        if not idc.IsBitfield(enum_id):
            bmask = -1
        else:
            bmask = object_version.get_object_flags()

        member_id = idc.GetConstEx(enum_id, value, 0, bmask)
        if member_id == idc.BADADDR:
            idc.AddConstEx(enum_id, name, value, bmask)
            member_id = idc.GetConstEx(enum_id, value, 0, bmask)
        else:
            if idc.SetConstName(member_id, name) == 0:
                logger.error("Failed to set const name for enum_id")

        # apply comments
        try:
            repeatable_headercomment = self.sanitize_comment_to_ascii(
                object_version.get_header_comment(True))
            idc.SetConstCmt(member_id, repeatable_headercomment, 1)
        except KeyError:
            pass

        try:
            nonrepeatable_headercomment = self.sanitize_comment_to_ascii(
                object_version.get_header_comment(True))
            idc.SetConstCmt(member_id, nonrepeatable_headercomment, 0)
        except KeyError:
            pass

        self.enum_member_ids[(idc.GetEnumName(enum_id), name,
                              value)] = (member_id, object_id)
Beispiel #7
0
def import_data_dumps():
	key_value_regex = re.compile(r"^\s*(?P<key>[^ =]+)\s*=\s*"
								 r"(?P<value>.+)\s*$", re.MULTILINE)
	
	is_intel = True
	is_amd = False
	# dmesg parse

	# CPU Vendor/Model

	if is_intel:
		# inteltool output parse
		# GPIOBASE ; PMBASE ; MCHBAR ; EPBAR ; DMIBAR ; PCIEXBAR
		try:
			log = open(filename, encoding="utf8")
			self.clear()
			for match in key_value_regex.finditer(log.read()):
				data = {}
				data[match.group("key")] = int(match.group("value"))
			return True
		except (RuntimeError) as err:
			print "import error"
			return False
		finally:
			if log is not None:
				log.close()

		BASE_GPIO = data["GPIOBASE"]
		BASE_PM	  = data["PMBASE"]
		BASE_MCH  = data["MCHBAR"]
		BASE_EP   = data["EPBAR"]
		BASE_DMI  = data["DMIBAR"]
		BASE_PCIE = data["PCIEXBAR"]
		# BASE_SMBUS = data["SMBUSBAR"]
		
		bases_struc = idc.AddEnum(-1, "bases", (FF_DWRD|FF_DATA))
		idc.AddConstEx(bases_struc, "BASE_GPIO", BASE_GPIO, -1)
		idc.AddConstEx(bases_struc, "BASE_PM", BASE_PM, -1)
		idc.AddConstEx(bases_struc, "BASE_MCH", BASE_MCH, -1)
		idc.AddConstEx(bases_struc, "BASE_EP", BASE_EP, -1)
		idc.AddConstEx(bases_struc, "BASE_DMI", BASE_DMI, -1)
		idc.AddConstEx(bases_struc, "BASE_PCIE", BASE_PCIE, -1)
		# idc.AddConstEx(bases_struc, "BASE_SMBUS", BASE_SMBUS, -1)



	elif is_amd:
		#other outputs parse
	
	else
		print "Error: Unknown CPU"
Beispiel #8
0
 def setMember(self, name, val, maskVal=None):
     const = idc.GetConstByName(name)
     if const and const != idc.BADADDR:
         # remove constant
         self.deleteConst(const)
     idc.AddConstEx(self.id, name, val, maskVal if maskVal else idc.BADADDR)