def load_kmdf_types_into_idb(): header_path = idautils.GetIdbDir() idaapi.idc_parse_types("".join([header_path, "WDFStructs.h"]), idc.PT_FILE) for idx in range(1, idc.get_ordinal_qty()): #Fails to add some of the types print((idx, idc.get_numbered_type_name(idx))) idc.import_type(idx, idc.get_numbered_type_name(idx))
def add_enums(function): """ Add standard enums from parsed MSDN documentation for all imported library calls and their arguments. Arguments: function -- function object """ enum_count = 0 for argument in function.arguments: # Add standard enums if not argument.enums: g_logger.debug(' No standard constants available for %s' % argument.name) else: for enum in argument.enums: g_logger.debug(' Importing enum %s for argument %s' % (enum, argument.name)) if idc.import_type(-1, enum) != idaapi.BADADDR: g_logger.debug(' ' + enum + ' ' + hex(idc.get_enum(enum)) + ' added successfully') enum_count = enum_count + 1 else: g_logger.debug(' Could not add ' + enum) if not argument.constants: # No constants for this argument continue argument.name = argument.name function.name = function.name # Add constant descriptions for constant in argument.constants: if constant.name == 'NULL': # Create unique name, so we can add descriptive comment to it constant.name = 'NULL_{}_{}'.format(argument.name, function.name) # Add custom enum for NULL values if it does not exist yet enumid = idc.get_enum(NULL_ENUM_NAME) if enumid == idaapi.BADADDR: enumid = idc.add_enum(-1, NULL_ENUM_NAME, idaapi.hex_flag()) idc.add_enum_member(enumid, constant.name, 0, -1) constid = idc.get_enum_member_by_name(constant.name) idc.set_enum_member_cmt(constid, format_comment(constant.description), False) else: constid = idc.get_enum_member_by_name(constant.name) if constid: if idc.set_enum_member_cmt( constid, format_comment(constant.description), False): g_logger.debug(' Description added for %s' % constant.name) else: g_logger.debug(' No description added for %s' % constant.name) return enum_count
def __init__(self): header = get_header_idb() if not len(header): header = get_header_file() self.arch = get_machine_type(header) self.subsystem = check_subsystem(header) self.valid = True if not self.subsystem: print('[ERROR] Wrong subsystem') self.valid = False if not (self.arch == 'x86' or self.arch == 'x64'): print('[ERROR] Wrong architecture') self.valid = False if self.arch == 'x86': self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86 if self.arch == 'x64': self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64 self.base = idaapi.get_imagebase() idc.import_type(-1, 'EFI_GUID') idc.import_type(-1, 'EFI_SYSTEM_TABLE') idc.import_type(-1, 'EFI_RUNTIME_SERVICES') idc.import_type(-1, 'EFI_BOOT_SERVICES') self.gBServices = {} self.gBServices['InstallProtocolInterface'] = [] self.gBServices['ReinstallProtocolInterface'] = [] self.gBServices['UninstallProtocolInterface'] = [] self.gBServices['HandleProtocol'] = [] self.gBServices['RegisterProtocolNotify'] = [] self.gBServices['OpenProtocol'] = [] self.gBServices['CloseProtocol'] = [] self.gBServices['OpenProtocolInformation'] = [] self.gBServices['ProtocolsPerHandle'] = [] self.gBServices['LocateHandleBuffer'] = [] self.gBServices['LocateProtocol'] = [] self.gBServices['InstallMultipleProtocolInterfaces'] = [] self.gBServices['UninstallMultipleProtocolInterfaces'] = [] self.Protocols = {} self.Protocols['AmiGuids'] = ami_guids.ami_guids self.Protocols['EdkGuids'] = edk_guids.edk_guids self.Protocols['Edk2Guids'] = edk2_guids.edk2_guids self.Protocols['All'] = [ # { # address: ... # service: ... # guid: ... # protocol_name: ... # protocol_place: ... # }, # ... ] self.Protocols['PropGuids'] = [] self.Protocols['Data'] = []
def __init__(self): header = get_header_idb() if not header: header = get_header_file() self.arch = get_machine_type(header) self.subsystem = check_subsystem(header) self.valid = True if not self.subsystem: print("[ERROR] Wrong subsystem") self.valid = False if not (self.arch == "x86" or self.arch == "x64"): print("[ERROR] Wrong architecture") self.valid = False if self.arch == "x86": self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86 if self.arch == "x64": self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64 self.base = idaapi.get_imagebase() idc.import_type(-1, "EFI_GUID") idc.import_type(-1, "EFI_SYSTEM_TABLE") idc.import_type(-1, "EFI_RUNTIME_SERVICES") idc.import_type(-1, "EFI_BOOT_SERVICES") self.gBServices = dict() self.gBServices["InstallProtocolInterface"] = list() self.gBServices["ReinstallProtocolInterface"] = list() self.gBServices["UninstallProtocolInterface"] = list() self.gBServices["HandleProtocol"] = list() self.gBServices["RegisterProtocolNotify"] = list() self.gBServices["OpenProtocol"] = list() self.gBServices["CloseProtocol"] = list() self.gBServices["OpenProtocolInformation"] = list() self.gBServices["ProtocolsPerHandle"] = list() self.gBServices["LocateHandleBuffer"] = list() self.gBServices["LocateProtocol"] = list() self.gBServices["InstallMultipleProtocolInterfaces"] = list() self.gBServices["UninstallMultipleProtocolInterfaces"] = list() self.Protocols = dict() self.Protocols["ami_guids"] = ami_guids.ami_guids self.Protocols["asrock_guids"] = asrock_guids.asrock_guids self.Protocols["dell_guids"] = dell_guids.dell_guids self.Protocols["edk_guids"] = edk_guids.edk_guids self.Protocols["edk2_guids"] = edk2_guids.edk2_guids self.Protocols["lenovo_guids"] = lenovo_guids.lenovo_guids self.Protocols["all"] = list() self.Protocols["prop_guids"] = list() self.Protocols["data"] = list()
def __init__(self): header = get_header_idb() if not len(header): header = get_header_file() self.arch = get_machine_type(header) self.subsystem = check_subsystem(header) self.valid = True if not self.subsystem: print('[ERROR] Wrong subsystem') self.valid = False if not (self.arch == 'x86' or self.arch == 'x64'): print('[ERROR] Wrong architecture') self.valid = False if self.arch == 'x86': self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86 if self.arch == 'x64': self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64 self.base = idaapi.get_imagebase() idc.import_type(-1, 'EFI_GUID') idc.import_type(-1, 'EFI_SYSTEM_TABLE') idc.import_type(-1, 'EFI_RUNTIME_SERVICES') idc.import_type(-1, 'EFI_BOOT_SERVICES') self.gBServices = dict() self.gBServices['InstallProtocolInterface'] = list() self.gBServices['ReinstallProtocolInterface'] = list() self.gBServices['UninstallProtocolInterface'] = list() self.gBServices['HandleProtocol'] = list() self.gBServices['RegisterProtocolNotify'] = list() self.gBServices['OpenProtocol'] = list() self.gBServices['CloseProtocol'] = list() self.gBServices['OpenProtocolInformation'] = list() self.gBServices['ProtocolsPerHandle'] = list() self.gBServices['LocateHandleBuffer'] = list() self.gBServices['LocateProtocol'] = list() self.gBServices['InstallMultipleProtocolInterfaces'] = list() self.gBServices['UninstallMultipleProtocolInterfaces'] = list() self.Protocols = dict() self.Protocols['ami_guids'] = ami_guids.ami_guids self.Protocols['asrock_guids'] = asrock_guids.asrock_guids self.Protocols['dell_guids'] = dell_guids.dell_guids self.Protocols['edk_guids'] = edk_guids.edk_guids self.Protocols['edk2_guids'] = edk2_guids.edk2_guids self.Protocols['lenovo_guids'] = lenovo_guids.lenovo_guids self.Protocols['all'] = list() self.Protocols['prop_guids'] = list() self.Protocols['data'] = list()
def is_structure_type(type): if type is None or type == "": return False sid = get_struc_id(type) if sid != BADNODE: return True sid = import_type(0, type) if sid != BADNODE: if get_struc_idx(sid) == BADADDR: raise Exception("Bad structure type ID") return True return False
def __init__(self, name=None, sid=None, create_new=True): self._create_new = create_new if name is None or name == "": raise ValueError("name") self._sid = get_struc_id(name) if self._sid == BADNODE: self._sid = import_type(0, name) if self._sid == BADNODE: if not create_new: raise Exception("Unknown strucure type: %s" % name) else: self._sid = add_struc(-1, name, 0) add_struc_member(self._sid, "Dummy", 0, FF_BYTE | FF_DATA, -1, 1) if self._sid == BADNODE: raise Exception("Can't define structure type because of bad " "structure name: the name is ill-formed " "or is already used in the program.")
def type_to_struct(name): idc.del_struc(idc.get_struc_id(name)) # delete existing struct idc.import_type(-1, name) # -1 = append to end
# # ida_kernelcache/segment.py # Brandon Azad # # Functions for interacting with the segments of the kernelcache in IDA. No prior initialization is # necessary. # import idc import ida_utilities as idau import kernel _log = idau.make_log(0, __name__) idc.import_type(-1, 'mach_header_64') idc.import_type(-1, 'load_command') idc.import_type(-1, 'segment_command_64') idc.import_type(-1, 'section_64') _LC_SEGMENT_64 = 0x19 def _macho_segments_and_sections(ea): """A generator to iterate through a Mach-O file's segments and sections. Each iteration yields a tuple: (segname, segstart, segend, [(sectname, sectstart, sectend), ...]) """ hdr = idau.read_struct(ea, 'mach_header_64', asobject=True) nlc = hdr.ncmds
def register_structs(): str_afu_header = """ struct afu_header { unsigned short magic; unsigned short unk_0x100; unsigned short fw_type; unsigned short fw_version; unsigned int fw_len; unsigned int fw_crc; unsigned short product_id; unsigned short hw_revision_id; }; """ str_afu_sig_header = """ struct afu_sig_header { unsigned int magic; unsigned short unk_0x100; unsigned short unk_0x120; unsigned short digest_type; // guess 1 sha256? unsigned short digest_len; unsigned int digest_offs; unsigned short sig_type; unsigned short sig_len; unsigned int sig_offs; }; """ str_afu_pers_header = """ struct afu_pers_header { unsigned int magic; unsigned short unk_0x100; unsigned char uniqueid[12]; unsigned char reserved[0x1c-0x12]; unsigned int flags; }; """ str_afu_full_header = """ struct afu_full_header { struct afu_header header; unsigned char reserved1[0x20-0x14]; struct afu_sig_header sig_header; unsigned char reserved2[0x40-0x38]; struct afu_pers_header pers_header; unsigned char reserved3[0x7c-0x60]; unsigned int header_crc; }; """ sid = idc.get_struc_id("afu_header") if sid != -1: idc.del_struc(sid) r = idc.SetLocalType(-1, str_afu_header, 0) r = idc.import_type(-1, "afu_header") sid = idc.get_struc_id("afu_sig_header") if sid != -1: idc.del_struc(sid) r = idc.SetLocalType(-1, str_afu_sig_header, 0) r = idc.import_type(-1, "afu_sig_header") sid = idc.get_struc_id("afu_pers_header") if sid != -1: idc.del_struc(sid) r = idc.SetLocalType(-1, str_afu_pers_header, 0) r = idc.import_type(-1, "afu_pers_header") sid = idc.get_struc_id("afu_full_header") if sid != -1: idc.del_struc(sid) r = idc.SetLocalType(-1, str_afu_full_header, 0) r = idc.import_type(-1, "afu_full_header")
def add_struct_to_idb(name): idc.import_type(-1, name)