Ejemplo n.º 1
0
    def markSwitchTables(self, sc, aggressive=True):
        """Help IDA by marking all of the needed information from the observed switch tables.

        Args:
            sc (segment): (sark) code segment in which we are interested right now
            aggressive (bool, optional): True iff the marking operation should be aggressive, see notes. (True by default)

        Notes
        -----
            1. Make sure the switch case jump instruction is indeed a code line
            2. Make sure the jump instruction has a code reference to all of the switch cases
            3. (Aggressive) Make sure each switch table entry is a proper code pointer to it's matching case
            4. (Aggressive) Enforce the correct code type over the entire gap between the minimal and maximal case
        """
        for switch_instr, table_start, table_end in [
                x for x in self._switch_case_entries
                if sc.start_ea <= x[0] and x[1] < sc.end_ea
        ]:
            cases = []
            if not sark.Line(switch_instr).is_code:
                ida_bytes.del_items(switch_instr, 0,
                                    self._analyzer.addressSize())
                idc.create_insn(switch_instr)
            for ea in range(table_start, table_end,
                            self._analyzer.addressSize()):
                entry = self._analyzer.parseAdderss(ea)
                if aggressive:
                    self._analyzer.markCodePtr(ea, entry)
                fixed_entry = self._analyzer.cleanPtr(entry)
                cases.append(fixed_entry)
                idc.add_cref(switch_instr, fixed_entry,
                             idc.XREF_USER | idc.dr_O)
            if aggressive:
                self._analyzer.setCodeType(min(cases), max(cases),
                                           self._analyzer.ptrCodeType(entry))
Ejemplo n.º 2
0
def ida_apply_xrefs(xrefs):
    if len(xrefs) == 0:
        print('No indirect XREFS to apply')
    else:
        for src_addr, target_addr, mnemonic in xrefs:
            if mnemonic == 'jmp':
                success = idc.add_cref(src_addr, target_addr, idc.fl_JF)
            elif mnemonic == 'call':
                success = idc.add_cref(src_addr, target_addr, idc.fl_CF)
            else:  # mnemonic == 'ret'
                success = idc.add_cref(src_addr, target_addr, idc.fl_JF)
            if success:
                print('Create {} Xref: {:#x} -> {:#x}'.format(
                    mnemonic, src_addr, target_addr))
            else:
                print('Failed to create {} Xref: {:#x} -> {:#x}'.format(
                    mnemonic, src_addr, target_addr))
Ejemplo n.º 3
0
    def markCodePtr(self, src, dest, aggressive=True):
        """Mark a code pointer from src to dest.

        Args:
            src (int): effective address for the pointer's location
            dest (int): effective address for the pointed code address
            aggressive (bool, optional): True iff should redefine the src & dest (True by default)
        """
        clean_dest = self.cleanPtr(dest)
        if aggressive:
            ida_bytes.del_items(src, 0, self.addressSize())
        if self.makeAddress(src):
            idc.add_dref(src, clean_dest, idc.XREF_USER | idc.dr_O)
            idc.add_cref(src, clean_dest, idc.XREF_USER | idc.dr_O)
            ida_offset.op_offset(src, 0, idc.REF_OFF32)
            if aggressive:
                ida_bytes.del_items(dest, 0, self.addressSize())
                idc.create_insn(self.cleanPtr(dest))