def read_bytes_slowly(start, end):
bytestr = []
for i in xrange(start, end):
if idc.hasValue(idc.GetFlags(i)):
bt = idc.Byte(i)
bytestr.append(chr(bt))
else:
bytestr.append("\x00")
return "".join(bytestr)
def read_bytes_slowly(start, end):
bytestr = []
for i in xrange(start, end):
if idc.hasValue(idc.GetFlags(i)):
bt = idc.Byte(i)
bytestr.append(chr(bt))
else:
bytestr.append("\x00")
return "".join(bytestr)
def readBytesSlowly(start, end):
bytestr = ""
for i in xrange(start, end):
if idc.hasValue(idc.GetFlags(i)):
bt = idc.Byte(i)
bytestr += chr(bt)
else:
#virtual size may be bigger than size on disk
#pad with nulls
#DEBUG("Failed on {0:x}\n".format(i))
bytestr += "\x00"
return bytestr
def readBytesSlowly(start, end):
bytestr = ""
for i in xrange(start, end):
if idc.hasValue(idc.GetFlags(i)):
bt = idc.Byte(i)
bytestr += chr(bt)
else:
#virtual size may be bigger than size on disk
#pad with nulls
#DEBUG("Failed on {0:x}\n".format(i))
bytestr += "\x00"
return bytestr
def getsize(self):
actual_ea = self.addr
while (True):
# first entry case
f = idc.GetFlags(actual_ea)
if (len(self.entries) == 0):
if (not (idc.isRef(f) and (idc.hasName(f) or (f & FF_LABL)))):
print("[-] Not an entry of vtable")
return 0
elif (idc.isRef(f) and (idc.hasName(f) or (f & FF_LABL))):
# next vtable ?
break
if (not idc.hasValue(f) or not idc.isData(f)):
break
c = idc.Dword(actual_ea)
if c:
f = idc.GetFlags(c)
if (not idc.hasValue(f) or not idc.isCode(f) or idc.Dword(c) == 0):
break
else:
break
self.entries.append(actual_ea)
actual_ea += 4
print("[+] Vtable %08X - %08X, methods : %d" % (self.addr, actual_ea, (actual_ea - self.addr) / 4))
def _patch(address, patch_data, len):
ea = address
orig_data = ''
invalid_value = False
while ea < (address+len):
if not invalid_value:
orig_byte = idc.Byte(ea)
if not idc.hasValue(idc.GetFlags(ea)):
print("Keypatch: WARNING: 0x{:X} has no defined value. ".format(ea))
invalid_value = True
else:
orig_data += chr(orig_byte)
patch_byte = ord(patch_data[ea - address])
if patch_byte != orig_byte:
# patch one byte
if idaapi.patch_byte(ea, patch_byte) != 1:
print("Keypatch: FAILED to patch byte at 0x{:X} [0x{:X}]".format(ea, patch_byte))
break
ea += 1
return (ea-address, orig_data)
def _patch(address, patch_data, len):
ea = address
orig_data = ''
invalid_value = False
while ea < (address+len):
if not invalid_value:
orig_byte = idc.Byte(ea)
if not idc.hasValue(idc.GetFlags(ea)):
print("Keypatch: WARNING: 0x{:X} has no defined value. ".format(ea))
invalid_value = True
else:
orig_data += chr(orig_byte)
patch_byte = ord(patch_data[ea - address])
if patch_byte != orig_byte:
# patch one byte
if idaapi.patch_byte(ea, patch_byte) != 1:
print("Keypatch: FAILED to patch byte at 0x{:X} [0x{:X}]".format(ea, patch_byte))
break
ea += 1
return (ea-address, orig_data)
File name: dump_sections.py ''' import idautils import idc import idaapi SECTION_NAME = '.e1t1_fw' FOUND_FLAG = False for sec in idautils.Segments(): sec_name = idc.SegName(sec) if sec_name == SECTION_NAME: FOUND_FLAG = True start = idc.GetSegmentAttr(sec, idc.SEGATTR_START) end = idc.GetSegmentAttr(sec, idc.SEGATTR_END) with open(SECTION_NAME+".bin", 'wb') as f: while start < end: if not idc.hasValue(idc.GetFlags(start)): continue data = idc.Byte(start) f.write(chr(data)) start += 1 if not FOUND_FLAG: print "[+] Could not found %s section " %(SECTION_NAME) else: print "[+] Done "
def has_value(self):
""" True if object has a defined value
(no interrogation mark in IDA)
"""
return idc.hasValue(self.flags)
