Example #1
def load_file(li, neflags, format):
    # Select the PC processor module
    idaapi.set_processor_type("BPF", SETPROC_ALL|SETPROC_FATAL)
    buf = read_whole_file(li, 8)
    if not buf:
        return 0

    start = 0x0
    seg = idaapi.segment_t()
    size = len(buf)
    end  = start + size
    # Create the segment
    seg.startEA = start
    seg.endEA   = end
    seg.bitness = 1 # 32-bit
    idaapi.add_segm_ex(seg, "bpf_c", "CODE", 0)

    # Copy the bytes
    idaapi.mem2base(buf, start, end)

    # add entry point
    idaapi.add_entry(start, start, "start", 1) 

    # add comment to beginning of disassembly
    idaapi.describe(start, True, "BPF bytecode disassembly")

    # Mark for analysis
    AutoMark(start, AU_CODE)

    return 1
Example #2
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok
    if format == RomFormatName:
        jump = dwordAt(li, 0)
        if jump & 0xFF000000 == 0xEA000000: # looks like an ARM branch?
            idaapi.set_processor_type("arm", SETPROC_ALL|SETPROC_FATAL)
        li.seek(0, idaapi.SEEK_END)
        size = li.tell()

        #next dword after signature is a pointer to ROMHDR
        romhdr  = dwordAt(li, ROM_SIGNATURE_OFFSET + 4)
        # let's try to find such imagebase that potential ROMHDR's "physfirst" value matches it
        imgbase = (romhdr-size) & ~0xfff
        bases = []
        maxbase = 0
        while imgbase < romhdr+8:
            physfirst = dwordAt(li, romhdr - imgbase + 8)
            if physfirst == imgbase:
            imgbase += 0x1000

        if len(bases) == 1:
            start = bases[0]
        elif len(bases) > 1:
            print "Warning: several potential imagebases detemined: " + ", ".join("%08X"%i for i in bases)
            start = bases[-1]
            Warning("Unable to determine load image base.")
            start = 0x80000000
        print "Using imagebase %08X" % start
        physlast = dwordAt(li, romhdr - start + 12)
        if physlast <= start:
            Warning("Internal error")
            return 0
        size = physlast - start

        AddSeg(start, start+size, 0, 1, idaapi.saRelPara, idaapi.scPub)

        # copy bytes to the database
        li.file2base(0, start, start+size, 0)

        idaapi.add_entry(start, start, "start", 1)
        print "Load OK"
        return 1

    Warning("Unknown format name: '%s'" % format)
    return 0
Example #3
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    if format == RomFormatName:
        jump = dwordAt(li, 0)
        if jump & 0xFF000000 == 0xEA000000:  # looks like an ARM branch?
            idaapi.set_processor_type("arm", SETPROC_ALL | SETPROC_FATAL)

        li.seek(0, idaapi.SEEK_END)
        size = li.tell()

        #next dword after signature is a pointer to ROMHDR
        romhdr = dwordAt(li, ROM_SIGNATURE_OFFSET + 4)

        # let's try to find such imagebase that potential ROMHDR's "physfirst" value matches it
        imgbase = (romhdr - size) & ~0xfff
        bases = []
        maxbase = 0
        while imgbase < romhdr + 8:
            physfirst = dwordAt(li, romhdr - imgbase + 8)
            if physfirst == imgbase:
            imgbase += 0x1000

        if len(bases) == 1:
            start = bases[0]
        elif len(bases) > 1:
            print "Warning: several potential imagebases detemined: " + ", ".join(
                "%08X" % i for i in bases)
            start = bases[-1]
            Warning("Unable to determine load image base.")
            start = 0x80000000
        print "Using imagebase %08X" % start

        physlast = dwordAt(li, romhdr - start + 12)
        if physlast <= start:
            Warning("Internal error")
            return 0
        size = physlast - start

        AddSeg(start, start + size, 0, 1, idaapi.saRelPara, idaapi.scPub)

        # copy bytes to the database
        li.file2base(0, start, start + size, 0)

        idaapi.add_entry(start, start, "start", 1)
        print "Load OK"
        return 1

    Warning("Unknown format name: '%s'" % format)
    return 0
def load_file_sbl(li, neflags, format):

    # set the processor type and enable 'metaarm' so ida disassembles all instructions
                              idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
    idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')

    # rewind the input file and read its contents
    init_val = li.read(li.size())

    # Load the file data (sans header) into IDA
    rom = SblImage(init_val)

           rom.header.image_dest_ptr + rom.header.image_size, 0, 1,
           idaapi.saRelPara, idaapi.scPub)
    SetSegmentType(rom.header.image_dest_ptr, idaapi.SEG_CODE)
    RenameSeg(rom.header.image_dest_ptr, "CODE")
    # li.file2base(file_offset, seg1, seg1 + code_seg_size, 0)
    # Load the file data (sans header) into IDA
    li.file2base(80, rom.header.image_dest_ptr,
                 rom.header.image_dest_ptr + rom.header.code_size, 0)

    # Define the .text .data and .bss segments
    #AddSegEx(0, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, s, ".code", "CODE", ADDSEG_OR_DIE)
    # AddSegment(0, data_start, data_end, ".data", "DATA")
    # AddSegment(0, data_end, bss_end, ".bss", "BSS")
    image_base = rom.header.image_dest_ptr
    entry = rom.header.image_src
    #if DEBUG:
    #        print "Created File Segments: "
    #        print "\t.text   0x%.8X - 0x%.8X" % (entry, data_start)
    #        print "\t.data   0x%.8X - 0x%.8X" % (data_start, data_end)
    #        print "\t.bss    0x%.8X - 0x%.8X" % (data_end, bss_end)

    # mark the entry point as being the first byte of the loaded image
    idaapi.add_entry(rom.header.image_dest_ptr, rom.header.image_dest_ptr,
                     "HEADER", 1)

    AddIdbComment(image_base, 'Codeword:            ', rom.header.codeword)
    AddIdbComment(image_base, 'Magic No.:           ', rom.header.magic)
    AddIdbComment(image_base, 'Source Location:     ', rom.header.image_src)
    AddIdbComment(image_base, 'Destination Address: ',
    AddIdbComment(image_base, 'Image Size:          ', rom.header.image_size)
    AddIdbComment(image_base, 'Code Size:           ', rom.header.code_size)
    AddIdbComment(image_base, 'Signature Ptr:       ', rom.header.sig_ptr)
    AddIdbComment(image_base, 'Signature Size:      ', rom.header.sig_size)
    AddIdbComment(image_base, 'Cert Chain Ptr:      ',
    AddIdbComment(image_base, 'Cert Chain Size:     ',
    AddIdbComment(image_base, 'OEM Cert Sel:        ',
    AddIdbComment(image_base, 'OEM Cert Num:        ',

    return 1
Example #5
def load_file(li, neflags, format):
    # set the processor type and enable 'metaarm' so ida disassembles all instructions
    idaapi.set_processor_type('arm', idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
    idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')

    # rewind the input file and read its contents
    rom_data = li.read(li.size())
    # for some reason this doesnt work, so we end up with this
    #rom_name = li.filename().split('.')[0]
    rom_name = ''
    while rom_name == '':
        rom_name = AskStr('', "Enter the input file's basename:")
    if rom_name is None: rom_name = 'rom'

    while True:
        rom_name = os.path.basename(rom_name).split('.')[0]

        # read the rom, letting exceptions fall through to ida's exception handler
        rom = MbnRom(rom_data)

        # for convenience
        image_base = rom.header.image_virtual_address

        # create the segments
        AddSegment('%s_code' % rom_name, rom.code_base, rom.code_data)
        if rom.sig_data is not None: AddSegment('%s_sig' % rom_name, rom.sig_base, rom.sig_data)
        if rom.cert_data is not None: AddSegment('%s_cert' % rom_name, rom.cert_base, rom.cert_data)
        if rom.tail_data is not None: AddSegment('%s_tail' % rom_name, rom.tail_base, rom.tail_data)
        if rom.overlay_data is not None: AddSegment('%s_overlay' % rom_name, rom.overlay_base, rom.overlay_data)

        # mark the entry point as being the first byte of the loaded image
        idaapi.add_entry(rom.code_base, rom.code_base, '%s_start' % rom_name, 1)

        # make some comments for usability
        AddIdbComment(image_base, 'ROM: %s' % rom_name)
        AddIdbComment(image_base, '')
        AddIdbComment(image_base, 'Load Index', rom.header.load_index)
        AddIdbComment(image_base, 'Flash Partition Version', rom.header.flash_partition_version)
        AddIdbComment(image_base, 'Image File Offset', rom.header.image_offset + MbnHeader.SBL_HEADER_SIZE)
        AddIdbComment(image_base, 'Image VA', rom.header.image_virtual_address)
        AddIdbComment(image_base, 'Image Size', rom.header.image_size)
        AddIdbComment(image_base, 'Code VA', rom.header.code_size)
        AddIdbComment(image_base, 'Signature VA', rom.header.signature_virtual_address)
        AddIdbComment(image_base, 'Signature Size', rom.header.signature_size)
        AddIdbComment(image_base, 'Cert Chain VA', rom.header.cert_chain_virtual_address)
        AddIdbComment(image_base, 'Cert Chain Size', rom.header.cert_chain_size)

        # give the opportunity to keep loading mbn files into the address space
        rom_name = AskFile(0, '*.mbn', 'Choose the next ROM filename to load, or click Cancel to continue')
        if rom_name is None:
            rom_data = open(rom_name, 'rb').read()

    return 1
Example #6
def load_file(f, neflags, format):
    idaapi.set_processor_type("arm:armv8", idaapi.SETPROC_LOADER)

    f.seek(-0x20, os.SEEK_END)
    nseg, = struct.unpack("<12xI16x", f.read(0x20))
    print(f"Number of segments: {nseg}")

    for sno in range(nseg):
        f.seek(-0x20-0x20*(nseg-sno), os.SEEK_END)
        mem_addr, file_addr, size, name = struct.unpack("<QII8x8s", f.read(0x20))
        name, _, _ = name.partition(b'\0')
        name = name.decode()
        print(f"Segment {sno}: {name} at mem={hex(mem_addr)} file={hex(file_addr)} size={hex(size)}")

        ida_seg_type = None
        if name == "__TEXT":
            ida_seg_type = "CODE"
        if name == "__DATA":
            ida_seg_type = "DATA"

        idaapi.add_segm(0, mem_addr, mem_addr + size, name, ida_seg_type)
        f.file2base(file_addr, mem_addr, mem_addr + size, True)

    f.seek(-0x20-0x20*nseg, os.SEEK_END)
    footer_start = f.tell()
    footer_end = footer_start + 0x20 + 0x20 * nseg
    idaapi.add_segm(0, footer_start, footer_end, "__FOOTER", "DATA")
    f.file2base(footer_start, footer_start, footer_end, True)

    header_start = footer_start + 0x20 * nseg
    idaapi.add_extra_line(header_start, True, "")
    idaapi.add_extra_cmt(header_start, True, f"File Header")
    idaapi.create_strlit(header_start, 4, 0)
    idaapi.set_cmt(header_start, "Magic", False)
    idaapi.create_dword(header_start + 4, 4)
    idaapi.set_cmt(header_start + 4, "Version?", False)
    idaapi.create_dword(header_start + 8, 4)
    idaapi.set_cmt(header_start + 8, "File length minus headers", False)
    idaapi.create_dword(header_start + 12, 4)
    idaapi.set_cmt(header_start + 12, "Section count", False)
    for sno in range(nseg):
        header_start = footer_start + 0x20 * sno
        idaapi.add_extra_line(header_start, True, "")
        idaapi.add_extra_cmt(header_start, True, f"Segment {sno + 1}")
        idaapi.create_qword(header_start, 8)
        idaapi.set_cmt(header_start, "Memory Address", False)
        idaapi.create_dword(header_start + 8, 4)
        idaapi.set_cmt(header_start + 8, "File Offset", False)
        idaapi.create_dword(header_start + 12, 4)
        idaapi.create_qword(header_start + 16, 8)
        idaapi.set_cmt(header_start + 12, "Segment Length", False)
        idaapi.create_strlit(header_start + 24, 8, 0)
        idaapi.set_cmt(header_start + 24, "Segment Name", False)

    idaapi.add_entry(0, 0, "start", 1)

    return 1
Example #7
def load_file(li, neflags, format):

    # Select the PC processor module
    idaapi.set_processor_type("EVM", SETPROC_ALL | SETPROC_FATAL)

    # TODO: detect and emulate contract creation code
    buf = li.read(li.size())
    if not buf:
        return 0

    if buf[0:2] == '0x':
        print "Detected hex"
        new_buf = buf[2:].strip().rstrip()
        buf_set = set()
        for c in new_buf:
        hex_set = set(list('0123456789abcdef'))
        if buf_set <= hex_set:  # subset
            print "Replacing original buffer with hex decoded version"
            buf = new_buf.decode('hex')

    # Load all shellcode into different segments
    start = 0x0
    seg = idaapi.segment_t()
    size = len(buf)
    end = start + size

    # Create the segment
    seg.startEA = start
    seg.endEA = end
    seg.bitness = 1  # 32-bit
    idaapi.add_segm_ex(seg, "evm", "CODE", 0)

    # TODO: make segments for stack, memory, storage

    # Copy the bytes
    idaapi.mem2base(buf, start, end)

    # check for swarm hash and make it data instead of code
    swarm_hash_address = buf.find('ebzzr0')
    if swarm_hash_address != -1:
        print "Swarm hash detected, making it data"
        for i in range(swarm_hash_address - 1, swarm_hash_address + 42):
        ida_bytes.set_cmt(swarm_hash_address - 1, "swarm hash", True)
    # add entry point
    idaapi.add_entry(start, start, "start", 1)

    # add comment to beginning of disassembly
    idaapi.describe(start, True, "EVM bytecode disassembly")

    # Mark for analysis
    AutoMark(start, AU_CODE)

    return 1
Example #8
def load_file(li, neflags, format):
    # pydevd_pycharm.settrace('localhost', port=1234, stdoutToServer=True, stderrToServer=True)

    fname = idaapi.get_input_file_path()
    psx = PsxExe(os.path.basename(fname), ONLY_FIRST, MIN_ENTROPY)
    psx.parse(li, True)

    idaapi.set_processor_type('mipsl', ida_idp.SETPROC_LOADER)

    idaapi.cvar.inf.af = \
        idaapi.AF_CODE | idaapi.AF_JUMPTBL | idaapi.AF_USED | idaapi.AF_UNK | idaapi.AF_PROC | idaapi.AF_STKARG | \
        idaapi.AF_REGARG | idaapi.AF_TRACE | idaapi.AF_VERSP | idaapi.AF_ANORET | idaapi.AF_MEMFUNC | \
        idaapi.AF_TRFUNC | idaapi.AF_FIXUP | idaapi.AF_JFUNC | idaapi.AF_IMMOFF | idaapi.AF_STRLIT | \
        idaapi.AF_MARKCODE | idaapi.AF_LVAR | idaapi.AF_PROCPTR | idaapi.AF_FLIRT


    im = idaapi.compiler_info_t()
    im.id = idaapi.COMP_GNU
    im.cm = idaapi.CM_N32_F48 | idaapi.CM_M_NN | idaapi.CM_CC_CDECL
    im.defalign = 4
    im.size_i = 4
    im.size_b = 1
    im.size_e = 4
    im.size_s = 2
    im.size_l = 4
    im.size_ll = 8
    im.size_ldbl = 8
    # Replace predefined macros and included directories by id
    # from IDA.CFG (see 'CC_PARMS' in Built-in C parser parameters)
    # Resetting new settings :)
    idc.set_inf_attr(idc.INF_COMPILER, im.id)


    detect = DetectPsyQ(psx.get_exe_name(), ONLY_FIRST, MIN_ENTROPY)
    version = detect.get_psyq_version(psx.rom_addr,
                                      psx.rom_addr + psx.rom_size)

    if len(version) > 0:

    idaapi.add_entry(psx.init_pc, psx.init_pc, 'start', 1)



    return 1
Example #9
def load_segment(li, file_ofs, code_size, load_addr, seg_name = "CODE", seg_class = "CODE", entry_name = None):
    load_end = load_addr + code_size

    AddSeg(load_addr, load_end, 0, 1, idaapi.saRelPara, idaapi.scPub)
    SetSegClass(load_addr, seg_class)
    RenameSeg(load_addr, seg_name)

    # copy bytes to the database
    li.file2base(file_ofs, load_addr, load_end, 0)

    if entry_name is not None:
        idaapi.add_entry(load_addr, load_addr, entry_name, 1)

    return 1
def load_segment(li, file_ofs, code_size, load_addr, seg_name="CODE", seg_class="CODE", entry_name=None):
    load_end = load_addr + code_size

    AddSeg(load_addr, load_end, 0, 1, idaapi.saRelPara, idaapi.scPub)
    SetSegClass(load_addr, seg_class)
    RenameSeg(load_addr, seg_name)

    # copy bytes to the database
    li.file2base(file_ofs, load_addr, load_end, 0)

    if entry_name is not None:
        idaapi.add_entry(load_addr, load_addr, entry_name, 1)

    return 1
def load_file_sbl(li, neflags, format):
    # set the processor type and enable 'metaarm' so ida disassembles all instructions
	idaapi.set_processor_type("arm:ARMv7-A&R", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
	idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')
    # rewind the input file and read its contents
	init_val = li.read(li.size())

        # Load the file data (sans header) into IDA
        rom = SblImage(init_val)
        AddSeg(rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.image_size, 0, 1, idaapi.saRelPara, idaapi.scPub)
        SetSegmentType(rom.header.image_dest_ptr, idaapi.SEG_CODE)
        RenameSeg(rom.header.image_dest_ptr, "CODE")        
       # li.file2base(file_offset, seg1, seg1 + code_seg_size, 0)
        # Load the file data (sans header) into IDA
        li.file2base(80, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, 0)

        # Define the .text .data and .bss segments
        #AddSegEx(0, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, s, ".code", "CODE", ADDSEG_OR_DIE)
       # AddSegment(0, data_start, data_end, ".data", "DATA")
       # AddSegment(0, data_end, bss_end, ".bss", "BSS")
        image_base = rom.header.image_dest_ptr
        entry = rom.header.image_src
        #if DEBUG:
        #        print "Created File Segments: "
        #        print "\t.text   0x%.8X - 0x%.8X" % (entry, data_start)
        #        print "\t.data   0x%.8X - 0x%.8X" % (data_start, data_end)
        #        print "\t.bss    0x%.8X - 0x%.8X" % (data_end, bss_end)

        # mark the entry point as being the first byte of the loaded image
        idaapi.add_entry(rom.header.image_dest_ptr, rom.header.image_dest_ptr, "HEADER", 1)
        AddIdbComment(image_base, 'Codeword:            ', rom.header.codeword)
        AddIdbComment(image_base, 'Magic No.:           ', rom.header.magic)
        AddIdbComment(image_base, 'Source Location:     ', rom.header.image_src)
        AddIdbComment(image_base, 'Destination Address: ', rom.header.image_dest_ptr)
        AddIdbComment(image_base, 'Image Size:          ', rom.header.image_size)
        AddIdbComment(image_base, 'Code Size:           ', rom.header.code_size)
        AddIdbComment(image_base, 'Signature Ptr:       ', rom.header.sig_ptr)
        AddIdbComment(image_base, 'Signature Size:      ', rom.header.sig_size)
        AddIdbComment(image_base, 'Cert Chain Ptr:      ', rom.header.cert_chain_ptr)
        AddIdbComment(image_base, 'Cert Chain Size:     ', rom.header.cert_chain_size)
        AddIdbComment(image_base, 'OEM Cert Sel:        ', rom.header.oem_root_cert_sel)
        AddIdbComment(image_base, 'OEM Cert Num:        ', rom.header.oem_num_root_certs)

	return 1
Example #12
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    if format.startswith(RomFormatName):
        header = read_struct(li, image_header)
        c = header.ih_arch
        cname = IDACPUNames[c]
        if cname == "":
            warning("Unsupported CPU")

        if not header.ih_comp in (IH_COMP_NONE, IH_COMP_GZIP):
            warning("Can only handle uncompressed or gzip-compressed images")

        idaapi.set_processor_type(cname, SETPROC_LOADER)

        AddSeg(header.ih_load, header.ih_load + header.ih_size, 0, 1,
               idaapi.saRelPara, idaapi.scPub)

        # copy bytes to the database

        if header.ih_comp == IH_COMP_NONE:
            li.file2base(ctypes.sizeof(header), header.ih_load,
                         header.ih_load + header.ih_size, 0)
            cdata = li.read(header.ih_size)
            d = zlib.decompressobj(zlib.MAX_WBITS | 32)
            udata = d.decompress(cdata)
            udata += d.flush()
            # expand segment to fit uncompressed data
            set_segment_bounds(header.ih_load, header.ih_load,
                               header.ih_load + len(udata), SEGMOD_KEEP)
            idaapi.put_bytes(header.ih_load, udata)

        if cname == "ARM" and (header.ih_ep & 1) != 0:
            # Thumb entry point
            header.ih_ep -= 1
            split_sreg_range(header.ih_ep, "T", 1)
        idaapi.add_entry(header.ih_ep, header.ih_ep, "start", 1)
        print "Load OK"
        return 1
Example #13
def load_file(li, neflags, format):
    Load the SEGA Master System ROM
    :param li: Loader input
    :param neflags:
    :param format:
    :return: 1 on success, otherwise 0

    idaapi.set_processor_type('z80', idaapi.SETPROC_LOADER)
    is_reload = (neflags & idaapi.NEF_RELOAD) != 0
    if is_reload:
        return 1

    # Create ROM segment
    rom_seg = idaapi.segment_t()
    rom_seg.start_ea = 0x0000
    rom_seg.end_ea = 0xbfff
    rom_seg.bitness = 0
    idaapi.add_segm_ex(rom_seg, 'ROM', 'CODE', idaapi.ADDSEG_OR_DIE)

    # Read file into ROM segment
    li.file2base(0, 0, li.size(), False)

    # Create RAM Segment
    ram_seg = idaapi.segment_t()
    ram_seg.start_ea = 0xc000
    ram_seg.end_ea = 0xdfff
    ram_seg.bitness = 0
    idaapi.add_segm_ex(ram_seg, 'RAM', 'DATA', idaapi.ADDSEG_OR_DIE)

    # Create RAM mirror segment
    ram_mirror_seg = idaapi.segment_t()
    ram_mirror_seg.start_ea = 0xe000
    ram_mirror_seg.end_ea = 0xffff
    ram_mirror_seg.bitness = 0
    idaapi.add_segm_ex(ram_mirror_seg, 'RAM_MIRROR', 'DATA',

    # Define the I/O ports

    # Disassemble reset vectors

    # Specify entry
    idaapi.add_entry(0x0000, 0x0000, 'RST0', 1)
    return 1
Example #14
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    vmlinux = li.read(li.size())

    do_get_bits(kallsyms, vmlinux)
    do_kallsyms(kallsyms, vmlinux)
    # print_kallsyms(kallsyms, vmlinux)
    if kallsyms['arch'] == 'arm':
                                  idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
    elif kallsyms['arch'] == 'mips' and not kallsyms['is_big_endian']:
                                  idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
    elif kallsyms['arch'] == 'mips' and not kallsyms['is_big_endian']:
                                  idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
    elif kallsyms['arch'] == 'x86':
        idaapi.set_processor_type('metapc', idaapi.SETPROC_ALL
                                  | idaapi.SETPROC_FATAL)  #NOT tested

    if kallsyms['bits'] == 64:
        idaapi.get_inf_structure().lflags |= idaapi.LFLG_64BIT

    li.file2base(0, kallsyms['_start'], kallsyms['_start'] + li.size(), True)

    s = idaapi.segment_t()
    s.bitness = kallsyms['bits'] / 32
    s.startEA = kallsyms['_start']
    s.endEA = kallsyms['_start'] + li.size()
    idaapi.add_segm_ex(s, ".text", "CODE", idaapi.ADDSEG_OR_DIE)

    for i in xrange(kallsyms['numsyms']):
        if kallsyms['type'][i] in ['t', 'T']:
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i],
                             kallsyms['name'][i], 1)
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i],
                             kallsyms['name'][i], 0)

    print "Android/Linux vmlinux loaded..."
    return 1
Example #15
def load_file(f, neflags, format):

    idaapi.set_processor_type('yara', idaapi.SETPROC_ALL)

    f.seek(0x0, os.SEEK_END)
    flen = f.tell()

    hdr = parse_hdr(f)
    file_hdr = parse_file_hdr(f)
    # mark the proc type, so IDA can invoke the correct disassembler/processor.

    mapsize = hdr.size

    # map 0..mapsize from file at offset 0xc into idb (without relocation data)
    # this makes all pointers relative offsets to this mapping's start
    f.file2base(0xc, 0, flen - 0x0c, True)  # true makes it patchable
    f.seek(hdr.size + 0x0c)

    code_end = find_code_end(file_hdr) or hdr.size

    # list head shoule come right after (except some CC paddings. weirdly  t4.yara compiles some extra garbage between the code and rules_list_head)
    # note specifying CODE since it will force decoding of data that's in the section for padding
    idaapi.add_segm(0, file_hdr.code_start, code_end, ".text", "")
    # this will allow string references to work later
    idaapi.add_segm(0, 0, file_hdr.code_start, ".data", "DATA")
    idaapi.add_segm(0, code_end, mapsize, ".data", "DATA")
    idaapi.add_segm(0, mapsize, flen - 0x0c, ".reloc", "RELOC")

    parse_data_seg(hdr, file_hdr, f)
    # set up entry point
    idaapi.add_entry(file_hdr.code_start, file_hdr.code_start, "start",
                     1)  # 1 means make code
    # some comments
    idaapi.describe(file_hdr.code_start, True,
                    "Compiled YARA rule disassembly")
    yaraver = '(yara {})'.format(YARA_ARENA_TO_VERSION[
        hdr.arena_ver]) if hdr.arena_ver in YARA_ARENA_TO_VERSION else ''
    idaapi.describe(file_hdr.code_start, True, "Arena version {} {}".format(
        yaraver))  # T TODO: check changes between arena versions

    idaapi.describe(file_hdr.code_start, True,
                    "max_threads: {}".format(hdr.max_threads))

    return 1
Example #16
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    # Select the PC processor module
    idaapi.set_processor_type("metapc", ida_idp.SETPROC_LOADER)

    # read MBR into buffer
    li.seek(0, os.SEEK_SET)
    buf = li.read(li.size())

    seg = idaapi.segment_t()
    start = 0x7C00

    size = len(buf)
    end = start + size

    # Create the segment
    seg.start_ea = start
    seg.end_ea = end
    seg.bitness = 0  # 16-bit
    idaapi.add_segm_ex(seg, "seg0", "CODE", 0)

    # Copy the bytes
    idaapi.mem2base(buf, start, end)

    # add entry point
    idaapi.add_entry(start, start, "start", 1)

    strid = add_struct_def()
    idaapi.set_name(start + 0x1BE, "MBR_PARTITION_TABLE", idaapi.SN_CHECK)
    str_size = idaapi.get_struc_size(strid)
    idaapi.create_struct(start + 0x1BE, str_size, strid)

    idaapi.set_name(510, "MBR_SIGN", idaapi.SN_CHECK)

    # Mark for analysis
    AutoMark(start, AU_CODE)

    load_debugger("bochs", 0)

    return 1
Example #17
def load_file(f, neflags, format):

    magic = f.read(4)
    version = struct.unpack("<I", f.read(4))[0]
    flags = struct.unpack("<I", f.read(4))[0]
    memType = struct.unpack("<I", f.read(4))[0]
    serviceType = struct.unpack("<I", f.read(4))[0]
    numInstances = struct.unpack("<I", f.read(4))[0]
    uuid = struct.unpack("<IIII", f.read(16))
    driverId = struct.unpack("<I", f.read(4))[0]
    numThreads = struct.unpack("<I", f.read(4))[0]
    textVA = struct.unpack("<I", f.read(4))[0]
    textLen = struct.unpack("<I", f.read(4))[0]
    dataVA = struct.unpack("<I", f.read(4))[0]
    dataLen = struct.unpack("<I", f.read(4))[0]
    bssLen = struct.unpack("<I", f.read(4))[0]
    entry = struct.unpack("<I", f.read(4))[0]


    idaapi.set_processor_type("arm", ida_idp.SETPROC_LOADER_NON_FATAL)

    # Set VA for .text and add the segment
    f.file2base(0, textVA, textVA + textLen, True)
    idaapi.add_segm(0, textVA, textVA + textLen, ".text", "CODE")

    # Set VA for .data and add the segment
    f.file2base(textLen, dataVA, dataVA + dataLen, True)
    idaapi.add_segm(0, dataVA, dataVA + dataLen, ".data", "DATA")

    # Add BSS segment after .text and .data
    idaapi.add_segm(0, dataVA + dataLen, dataVA + dataLen + bssLen, ".bss",

    if entry % 4 == 1:
        #Thumb address is always +1 to set the T bit
        idaapi.add_entry(entry - 1, entry - 1, "_entry", 1)
        idc.split_sreg_range(entry - 1, "T", 0x1, ida_segregs.SR_user)
        idaapi.add_entry(entry, entry, "_entry", 1)
        idc.split_sreg_range(entry, "T", 0x0, ida_segregs.SR_user)

    ida_bytes.create_data(tlApiLibEntry, idaapi.FF_DWORD, 4, idaapi.BADADDR)
    idc.set_name(tlApiLibEntry, "tlApiLibEntry", ida_name.SN_CHECK)
    return 1
Example #18
def load_file(f, neflags, format):

    magic = f.read(4)
    version = struct.unpack("<I", f.read(4))[0]
    flags = struct.unpack("<I", f.read(4))[0]
    memType = struct.unpack("<I", f.read(4))[0]
    serviceType = struct.unpack("<I", f.read(4))[0]
    numInstances = struct.unpack("<I", f.read(4))[0]
    uuid = struct.unpack("<IIII", f.read(16))
    driverId = struct.unpack("<I", f.read(4))[0]
    numThreads = struct.unpack("<I", f.read(4))[0]
    textVA = struct.unpack("<I", f.read(4))[0]
    textLen = struct.unpack("<I", f.read(4))[0]
    dataVA = struct.unpack("<I", f.read(4))[0]
    dataLen = struct.unpack("<I", f.read(4))[0]
    bssLen = struct.unpack("<I", f.read(4))[0]
    entry = struct.unpack("<I", f.read(4))[0]


    idaapi.set_processor_type("arm", SETPROC_ALL)

    # Set VA for .text and add the segment
    f.file2base(0, textVA, textVA + textLen, True)
    idaapi.add_segm(0, textVA, textVA + textLen, ".text", "CODE")

    # Set VA for .data and add the segment
    f.file2base(MCLF_HEADER_SIZE_V23 + textLen, dataVA, dataVA + dataLen, True)
    idaapi.add_segm(0, dataVA, dataVA + dataLen, ".data", "DATA")

    # Add BSS segment after .text and .data
    idaapi.add_segm(0, dataVA + dataLen, dataVA + dataLen + bssLen, ".bss",

    if entry % 4 == 1:
        #Thumb address is always +1 to set the T bit
        idaapi.add_entry(entry - 1, entry - 1, "_entry", 1)
        SetRegEx(entry - 1, "T", 0x1, SR_user)
        idaapi.add_entry(entry, entry, "_entry", 1)
        SetRegEx(entry, "T", 0x0, SR_user)

    MakeName(tlApiLibEntry, "tlApiLibEntry")
    return 1
def find_aboot_segs(image_dest):

    inst = DecodeInstruction(image_dest)
    reset_func = image_dest
    if inst.get_canon_mnem() == "B":
        reset_func = inst.Op1.addr

    search_start = reset_func
    search_end = search_start + 0x100

    data_insts = FindBinary(search_start, SEARCH_DOWN, "4C 00 ?? ?? 4C 10 ?? ?? 4C 20 ?? ??")
    if data_insts == BADADDR or data_insts > search_end:
        return False

    data_start = Dword(DecodeInstruction(data_insts + 4).Op2.addr)
    data_end = Dword(DecodeInstruction(data_insts + 8).Op2.addr)
    data_end = (data_end + 3) & ~3

    AddSeg(data_start, data_end, 0, 1, idaapi.saRelPara, idaapi.scPub)
    SetSegClass(data_start, "DATA")
    RenameSeg(data_start, "DATA")

    bss_insts = FindBinary(data_insts, SEARCH_DOWN, "34 00 ?? ?? 34 10 ?? ??")
    if bss_insts == BADADDR or bss_insts > search_end:
        return False

    bss_start = Dword(DecodeInstruction(bss_insts + 0).Op2.addr)
    bss_end = Dword(DecodeInstruction(bss_insts + 4).Op2.addr)

    AddSeg(bss_start, bss_end, 0, 1, idaapi.saRelPara, idaapi.scPub)
    SetSegClass(bss_start, "BSS")
    RenameSeg(bss_start, "BSS")

    kmain_addr = FindBinary(bss_insts, SEARCH_DOWN, "?? ?? 00 FA")
    if kmain_addr == BADADDR or kmain_addr > search_end:
        return False

    kmain_addr = DecodeInstruction(kmain_addr).Op1.addr
    MakeName(kmain_addr, "kmain")
    idaapi.add_entry(kmain_addr, kmain_addr, "kmain", 1)
    return True
Example #20
def find_aboot_segs(image_dest):

    inst = DecodeInstruction(image_dest)
    reset_func = image_dest
    if inst.get_canon_mnem() == 'B':
        reset_func = inst.Op1.addr

    search_start = reset_func
    search_end = search_start + 0x100

    data_insts = FindBinary(search_start, SEARCH_DOWN, "4C 00 ?? ?? 4C 10 ?? ?? 4C 20 ?? ??")
    if data_insts == BADADDR or data_insts > search_end:
        return False

    data_start = Dword(DecodeInstruction(data_insts + 4).Op2.addr)
    data_end = Dword(DecodeInstruction(data_insts + 8).Op2.addr)
    data_end = (data_end + 3) & ~3

    AddSeg(data_start, data_end, 0, 1, idaapi.saRelPara, idaapi.scPub)
    SetSegClass(data_start, "DATA")
    RenameSeg(data_start, "DATA")

    bss_insts = FindBinary(data_insts, SEARCH_DOWN, "34 00 ?? ?? 34 10 ?? ??")
    if bss_insts == BADADDR or bss_insts > search_end:
        return False

    bss_start = Dword(DecodeInstruction(bss_insts + 0).Op2.addr)
    bss_end = Dword(DecodeInstruction(bss_insts + 4).Op2.addr)

    AddSeg(bss_start, bss_end, 0, 1, idaapi.saRelPara, idaapi.scPub)
    SetSegClass(bss_start, "BSS")
    RenameSeg(bss_start, "BSS")

    kmain_addr = FindBinary(bss_insts, SEARCH_DOWN, "?? ?? 00 FA")
    if kmain_addr == BADADDR or kmain_addr > search_end:
        return False

    kmain_addr = DecodeInstruction(kmain_addr).Op1.addr
    MakeName(kmain_addr, "kmain")
    idaapi.add_entry(kmain_addr, kmain_addr, "kmain", 1)
    return True
Example #21
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    vmlinux = li.read(li.size())

    do_get_arch(kallsyms, vmlinux)
    do_kallsyms(kallsyms, vmlinux)
    # print_kallsyms(kallsyms, vmlinux)
    if kallsyms['numsyms'] == 0:
        print '[!]get kallsyms error...'
        return 0
    idaapi.set_processor_type("arm", SETPROC_ALL|SETPROC_FATAL)
    if kallsyms['arch'] == 64:
        idaapi.get_inf_structure().lflags |= idaapi.LFLG_64BIT

    li.file2base(0, kallsyms['_start'], kallsyms['_start']+li.size(), True)

    s = idaapi.segment_t()
    s.bitness = kallsyms['arch'] / 32
    s.startEA = kallsyms['_start']
    s.endEA = kallsyms['_start']+li.size()
    for i in xrange(kallsyms['numsyms']):
        if kallsyms['type'][i] in ['t','T']:
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i], kallsyms['name'][i], 1)
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i], kallsyms['name'][i], 0)

    print "Android vmlinux loaded..."
    return 1
Example #22
def load_file(li, neflags, format):

    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    if format.startswith(RomFormatName):
        header = read_struct(li, image_header)
        c = header.ih_arch
        cname = IDACPUNames[c]
        if cname == "":
          Warning("Unsupported CPU")

        if header.ih_comp != IH_COMP_NONE:
          Warning("Cannot load compressed images")

        idaapi.set_processor_type(cname, SETPROC_ALL|SETPROC_FATAL)

        AddSeg(header.ih_load, header.ih_load + header.ih_size, 0, 1, idaapi.saRelPara, idaapi.scPub)

        # copy bytes to the database
        li.file2base(ctypes.sizeof(header), header.ih_load, header.ih_load + header.ih_size, 0)

        if cname == "ARM" and (header.ih_ep & 1) != 0:
          # Thumb entry point
          header.ih_ep -= 1
          SetReg(header.ih_ep, "T", 1)
        idaapi.add_entry(header.ih_ep, header.ih_ep, "start", 1)
        print "Load OK"
        return 1
Example #23
 def addIDA_entry(self):
     idaapi.add_entry(self.PC, self.PC, '_start', 1)
Example #24
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    idaapi.set_processor_type("M6502", SETPROC_ALL | SETPROC_FATAL)
    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    # RAM
    idc.AddSeg(RAM_START, RAM_START + RAM_SIZE, 0, 0, idaapi.saRelPara,
    idc.RenameSeg(RAM_START, "RAM")

    CartTypeLSB = struct.unpack("<B", li.read(1))[0]
    # SRAM
    if (((CartTypeLSB & 0x2) >> 1) == 1):
        idc.AddSeg(SRAM_START, SRAM_START + SRAM_SIZE, 0, 0, idaapi.saRelPara,
        idc.RenameSeg(SRAM_START, "SRAM")

    # EXPROM
               idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(EXPROM_START, "EXPROM")

    if (((CartTypeLSB & 0x4) >> 2) == 1):
                   idaapi.saRelPara, idaapi.scPub)
        idc.RenameSeg(TRAINER_START, "TRAINER")

    # ROM
    idc.AddSeg(ROM_START, ROM_START + ROM_SIZE, 0, 0, idaapi.saRelPara,
    idc.RenameSeg(ROM_START, "ROM")
    idc.SetSegmentType(ROM_START, idc.SEG_CODE)

    CartTypeMSB = struct.unpack("<B", li.read(1))[0]
    mapper_version = (((CartTypeLSB & 0xF0) >> 4) | (CartTypeMSB & 0xF0))
    if (mapper_version == MAPPER_NONE or mapper_version == MAPPER_MMC1
            or mapper_version == MAPPER_UxROM or mapper_version == MAPPER_CNROM
            or mapper_version == MAPPER_MMC3 or mapper_version == MAPPER_MMC5
            or mapper_version == MAPPER_CAMERIC
            or mapper_version == MAPPER_GNROM):
        prg_rom_size = struct.unpack("<B", li.read(1))[0]
        if (prg_rom_size != 0):
            offset = HEADER_SIZE
            if (((CartTypeLSB & 0x4) >> 2) == 1):
                offset += TRAINER_SIZE
            li.file2base(0, ROM_START, ROM_START + PRG_PAGE_SIZE, 0)
            offset = HEADER_SIZE + (prg_rom_size - 1) * PRG_PAGE_SIZE
            if (((CartTypeLSB & 0x4) >> 2) == 1):
                offset += TRAINER_SIZE
            li.file2base(0, ROM_START + PRG_PAGE_SIZE,
                         ROM_START + PRG_PAGE_SIZE + PRG_PAGE_SIZE, 0)

    elif (mapper_version == MAPPER_MMC2):
        print("Second case mapper")
    elif (mapper_version == MAPPER_AxROM
          or mapper_version == MAPPER_COLOR_DREAMS
          or mapper_version == MAPPER_BxROM):
        print("Third case mapper")
        print("Mapper %d is not supported" % mapper_version)

    idaapi.add_entry(Word(0xFFFC), Word(0xFFFC), "start", 1)
    idaapi.cvar.inf.startIP = Word(0xFFFC)
    idaapi.cvar.inf.beginEA = Word(0xFFFC)
    header_info(li, 0xFFEF)

    print("[+] Load OK")
    return 1
Example #25
def load_file(fd, neflags, format):
    global prologues
    global br_flag
    size = 0
    base_addr = 0
    ea = 0
    nfunc = 0

    idaapi.set_processor_type("arm", ida_idp.SETPROC_LOADER_NON_FATAL)
    idaapi.get_inf_structure().lflags |= idaapi.LFLG_64BIT

    if (neflags & idaapi.NEF_RELOAD) != 0:
        return 1

    fd.seek(0, idaapi.SEEK_END)
    size = fd.tell()

    segm = idaapi.segment_t()
    segm.bitness = 2  # 64-bit
    segm.start_ea = 0
    segm.end_ea = size

    if br_flag == false:
        idaapi.add_segm_ex(segm, "iBoot", "CODE", idaapi.ADDSEG_OR_DIE)
        idaapi.add_segm_ex(segm, "SecureROM", "CODE", idaapi.ADDSEG_OR_DIE)

    fd.file2base(0, 0, size, false)

    idaapi.add_entry(0, 0, "start", 1)

    print("[+] Marked as code")

    # heuristic
    while (true):
        mnemonic = idc.print_insn_mnem(ea)

        if "LDR" in mnemonic:
            base_str = idc.print_operand(ea, 1)
            base_addr = int(base_str.split("=")[1], 16)


        ea += 4

    print("[+] Rebasing to address 0x%x" % (base_addr))
    idaapi.rebase_program(base_addr, idc.MSF_NOFIX)

    segment_start = base_addr
    segment_end = idc.get_segm_attr(segment_start, idc.SEGATTR_END)

    ea = segment_start

    print("[+] Searching and defining functions")

    for prologue in prologues:
        while ea != ida_idaapi.BADADDR:
            ea = ida_search.find_binary(ea, segment_end, prologue, 16,

            if ea != ida_idaapi.BADADDR:
                if len(prologue) < 8:
                    ea = ea - 2

                if (ea % 4) == 0 and ida_bytes.get_full_flags(ea) < 0x200:
                    # print("[+] Defining a function at 0x%x" % (ea))
                    nfunc = nfunc + 1

                ea = ea + 4

    idc.plan_and_wait(segment_start, segment_end)

    print("[+] Identified %d new functions" % (nfunc))

    print("[+] Looking for interesting functions")
    find_interesting(segment_start, segment_end)

    return 1
Example #26
def load_file(fd, neflags, format):
    size = 0
    base_addr = 0
    ea = 0

    idaapi.set_processor_type("arm", idaapi.SETPROC_ALL)
    idaapi.get_inf_structure().lflags |= idaapi.LFLG_64BIT

    if (neflags & idaapi.NEF_RELOAD) != 0:
        return 1

    fd.seek(0, idaapi.SEEK_END)
    size = fd.tell()

    segm = idaapi.segment_t()
    segm.bitness = 2  # 64-bit
    segm.start_ea = 0
    segm.end_ea = size
    idaapi.add_segm_ex(segm, "iBoot", "CODE", idaapi.ADDSEG_OR_DIE)

    fd.file2base(0, 0, size, false)

    idaapi.add_entry(0, 0, "start", 1)

    print("[+] Marked as code")

    # heuristic
    while (true):
        mnemonic = idc.GetMnem(ea)

        if "LDR" in mnemonic:
            base_str = idc.GetOpnd(ea, 1)
            base_addr = int(base_str.split("=")[1], 16)


        ea += 4

    print("[+] Rebasing to address 0x%x" % (base_addr))
    idaapi.rebase_program(base_addr, idc.MSF_NOFIX)

    segment_start = base_addr
    segment_end = idc.GetSegmentAttr(segment_start, idc.SEGATTR_END)

    ea = segment_start

    print("[+] Searching and defining functions")

    while ea != idc.BADADDR:
        ea = idc.FindBinary(ea, idc.SEARCH_DOWN, "BF A9", 16)

        if ea != idc.BADADDR:
            ea = ea - 2

            if (ea % 4) == 0 and idc.GetFlags(ea) < 0x200:
                # print("[+] Defining a function at 0x%x" % (ea))

            ea = ea + 4

    idc.AnalyzeArea(segment_start, segment_end)

    return 1

Example #27
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    jump = dwordAt(li, 0)
    # Test ARM branch
    if jump & 0xFF000000 != 0xEA000000:
        Warning("Unknown format name: '%s'" % format)
        return 0
    idaapi.set_processor_type("arm", SETPROC_ALL | SETPROC_FATAL)
    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    # Adding Header Section
    idc.AddSeg(ROM_START, ROM_START + SIZE_HEADER, 0, 1, idaapi.saRelPara,
    idc.RenameSeg(ROM_START, "HEADER")
    idc.SetSegmentType(ROM_START, idc.SEG_CODE)
    li.file2base(0, ROM_START, ROM_START + SIZE_HEADER, 0)

    # Adding OEP
    idaapi.add_entry(ROM_START, ROM_START, "start", 1)
    idaapi.cvar.inf.startIP = ROM_START
    idaapi.cvar.inf.beginEA = ROM_START

    # Adding ROM Section
               0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(ROM_START + SIZE_HEADER, "ROM")
    idc.SetSegmentType(ROM_START + SIZE_HEADER, idc.SEG_CODE)
    li.file2base(0, ROM_START + SIZE_HEADER, ROM_START + size, 0)

    # Adding EWRAM
    idc.AddSeg(0x02000000, 0x02040000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x02000000, "EWRAM")
    memset_seg(0x02000000, 0x40000)

    # Adding IWRAM
    idc.AddSeg(0x03000000, 0x03008000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x03000000, "IWRAM")
    memset_seg(0x03000000, 0x8000)

    # Adding IO / Registers
    idc.AddSeg(0x04000000, 0x04000400, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x04000000, "IOregisters")
    memset_seg(0x04000000, 0x400)

    # Adding BIOS System ROM
    idc.AddSeg(0x00000000, 0x00004000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x00000000, "BIOS")
    memset_seg(0x00000000, 0x4000)
    idc.SetSegmentType(0x0000000, idc.SEG_CODE)

    idaapi.add_long_cmt(ROM_START, True, "ROM HEADER")
    idc.ExtLinA(ROM_START, 1, "; Game Title : %s" % li.read(12))
    idc.ExtLinA(ROM_START, 2, "; Game Code : %s" % li.read(4))
    idc.ExtLinA(ROM_START, 3, "; Marker Code : %s" % li.read(2))
    idc.ExtLinA(ROM_START, 4,
                "; Fixed value : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 5,
                "; Main unit code : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 6,
                "; Device type : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 7, "; Reserved Area : db 7 dup(0)")
    idc.ExtLinA(ROM_START, 8,
                "; Software version %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 9,
                "; Complement Check %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 10, "; Reserved Area : db 2 dup(0)")

    print("[+] Load OK")
    return 1
Example #28
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok
                              idaapi.SETPROC_USER | idaapi.SETPROC_FATAL)
    fileLen = li.size()
    data = convert(li.read(fileLen))
    if len(data) > 0x4000000:
        # program too large
        return 0

    idaname = "ida64" if __EA64__ else "ida"
    if sys.platform == "win32":
        _mod = ctypes.windll[idaname + ".wll"]
    elif sys.platform == "linux2":
        _mod = ctypes.cdll["lib" + idaname + ".so"]
    elif sys.platform == "darwin":
        _mod = ctypes.cdll["lib" + idaname + ".dylib"]
    create_bytearray_linput = _mod.create_bytearray_linput
    create_bytearray_linput.argtypes = (idaapi.POINTER(ctypes.c_ubyte),
    create_bytearray_linput.restype = ctypes.c_int
    bufPointer = idaapi.cast(data, idaapi.POINTER(ctypes.c_ubyte))
    retlinput = create_bytearray_linput(bufPointer,
                                        int(fileLen * 8 / 9 * 16 / 8))
    file2base = _mod.file2base
    file2base.argtypes = (ctypes.c_int, ctypes.c_int, ctypes.c_int,
                          ctypes.c_int, ctypes.c_int)
    file2base.restype = ctypes.c_int
    file2base(retlinput, 0, 0, int(fileLen * 8 / 9), idaapi.FILEREG_PATCHABLE)

    seg = idaapi.segment_t()
    seg.startEA = 0
    seg.endEA = 0x4000000
    # seg.bitness = 1
    idaapi.add_segm_ex(seg, "PROGRAM", "CODE", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x4000000
    seg.endEA = 0x400001e
    idaapi.add_segm_ex(seg, "CLOCKIO", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x4010000
    seg.endEA = 0x4011000
    idaapi.add_segm_ex(seg, "FLAGIO", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5000000
    seg.endEA = 0x5002000
    idaapi.add_segm_ex(seg, "RDATA", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5002000
    seg.endEA = 0x5002003
    idaapi.add_segm_ex(seg, "RDATASZ", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5010000
    seg.endEA = 0x5012000
    idaapi.add_segm_ex(seg, "SDATA", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5012000
    seg.endEA = 0x5012003
    idaapi.add_segm_ex(seg, "SDATASZ", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x6000000
    seg.endEA = 0x6800000
    idaapi.add_segm_ex(seg, "SHMEM", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x6800000
    seg.endEA = 0x7000000
    idaapi.add_segm_ex(seg, "NVRAM", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x7FFFF00
    seg.endEA = 0x7FFFF1C
    idaapi.add_segm_ex(seg, "IVEC", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x7FFFF80
    seg.endEA = 0x8000000
    idaapi.add_segm_ex(seg, "PROCID", "RAM", idaapi.ADDSEG_SPARSE)
    idaapi.add_entry(0, 0, "_start", True)
    # idc.AutoMark( 0, AU_CODE )
    idaapi.cvar.inf.tribyte_order = idaapi.tbo_213
    return 1
Example #29
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    if format == _3DSX_FORMAT_NAME:
        idaapi.set_processor_type("arm", SETPROC_ALL|SETPROC_FATAL)

        (magic, header_size, reloc_header_size, format_ver, flags, code_seg_size, rodata_seg_size, data_seg_size, bss_seg_size) = struct.unpack("<IHHIIIIII", li.read(4*8))
        seg1 = CN_3DSX_LOADADR
        seg1_size = (code_seg_size + 0xFFF) &(~0xFFF)
        file_offset = header_size + reloc_header_size*3
        AddSeg(seg1, seg1 + seg1_size, 0, 1, idaapi.saRelPara, idaapi.scPub)
        SetSegmentType(seg1, idaapi.SEG_CODE)
        RenameSeg(seg1, "CODE")        
        li.file2base(file_offset, seg1, seg1 + code_seg_size, 0)

        seg2 = seg1 + seg1_size
        seg2_size = (rodata_seg_size + 0xFFF) &(~0xFFF)
        file_offset += code_seg_size
        AddSeg(seg2, seg2 + seg2_size, 0, 1, idaapi.saRelPara, idaapi.scPub)
        SetSegmentType(seg2, idaapi.SEG_DATA)
        RenameSeg(seg2, "RODATA")
        li.file2base(file_offset, seg2, seg2 + rodata_seg_size, 0)
        seg3 = seg2 + seg2_size
        seg3_size = (data_seg_size + 0xFFF) &(~0xFFF)
        file_offset += rodata_seg_size
        AddSeg(seg3, seg3 + seg3_size, 0, 1, idaapi.saRelPara, idaapi.scPub)
        SetSegmentType(seg3, idaapi.SEG_DATA)
        RenameSeg(seg3, "DATA")
        li.file2base(file_offset, seg3, seg3 + (data_seg_size - bss_seg_size), 0)
        relocs_ptr = file_offset + (data_seg_size - bss_seg_size)
        segments = [seg1, seg2, seg3]
        for rel_table in range(3):
            li.seek(header_size + rel_table * 8)
            (abs_count, rel_count) = struct.unpack("<II", li.read(4*2))
            relocs_ptr = relocs_ptr + (abs_count * 4 + rel_count * 4)

            pos = segments[rel_table]
            #absolute relocations
            for i in range(abs_count):
                (skip, patches) = struct.unpack("<HH", li.read(2*2))
                pos += skip * 4
                for x in range(patches):
                    addr = Dword(pos)
                    if addr < seg1_size:
                        addr = seg1 + addr
                    elif addr < (seg1_size + seg2_size):
                        addr = seg2 + addr - seg1_size
                        addr = seg3 + addr - (seg1_size + seg2_size)

                    PatchDword(pos, addr)
                    SetFixup(pos, idaapi.FIXUP_OFF32 or idaapi.FIXUP_CREATED, 0, addr, 0)
                    pos += 4
            # cross-segment relative relocations
            for i in range(rel_count):
                (skip, patches) = struct.unpack("<HH", li.read(2*2))
                pos += skip * 4
                for x in range(patches):
                    addr = Dword(pos)
                    if addr < seg1_size:
                        addr = seg1 + addr
                    elif addr < (seg1_size + seg2_size):
                        addr = seg2 + addr - seg1_size
                        addr = seg3 + addr - (seg1_size + seg2_size)
                    PatchDword(pos, addr - pos)
                    SetFixup(pos, idaapi.FIXUP_OFF32 or idaapi.FIXUP_CREATED, 0, addr - pos, 0)
                    pos += 4                    
        idaapi.add_entry(CN_3DSX_LOADADR, CN_3DSX_LOADADR, "start", 1)
        idaapi.analyze_area(seg1, seg1 + seg1_size)
        print "Load OK"
        return 1
    return 0
def load_file_mbn(li, neflags, format):
    # set the processor type and enable 'metaarm' so ida disassembles all instructions
	idaapi.set_processor_type("arm:ARMv7-A&R", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
	idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')

    # rewind the input file and read its contents
	init_val = li.read(li.size())

        # Load the file data (sans header) into IDA
        rom = MbnImage(init_val)
        #seg1_size = (rom.header.image_dest_ptr + 0xFFF) &(~0xFFF)
        #file_offset = header_size + reloc_header_size*3
        AddSeg(rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.image_size, 0, 1, idaapi.saRelPara, idaapi.scPub)
        SetSegmentType(rom.header.image_dest_ptr, idaapi.SEG_CODE)
        RenameSeg(rom.header.image_dest_ptr, "CODE")

       # li.file2base(file_offset, seg1, seg1 + code_seg_size, 0)
        # Load the file data (sans header) into IDA
        li.file2base(40, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, 0)
        #AddSegment('%s_code' % rom, rom.code_base, rom.code_data)
        #if rom.sig_data is not None: AddSegment('%s_sig' % rom, rom.sig_base, rom.sig_data) RenameSeg(rom.header.image_dest_ptr, "CODE")
        #if rom.cert_data is not None: AddSegment('%s_cert' % rom, rom.cert_base, rom.cert_data)
        #if rom.tail_data is not None: AddSegment('%s_tail' % rom, rom.tail_base, rom.tail_data)
        #dataseg = rom.header.image_dest_ptr
        #dataseg_size = init_val
        #filofs = rom.header.code_size
        #AddSeg(dataseg, rom.header.image_dest_ptr + rom.header.image_size, 0, 1, idaapi.saRelPara, idaapi.scPub)
        #SetSegmentType(dataseg, idaapi.SEG_DATA)
        #RenameSeg(dataseg, "DATA")
        #li.file2base(rom.header.image_dest_ptr, dataseg, dataseg + rom.header.image_dest_ptr + rom.header.image_size, 0)
        # Define the .text .data and .bss segments
        #AddSegEx(rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, 0, 1, ".code", "CODE", ADDSEG_OR_DIE)
        #AddSegment(0, data_start, data_end, ".data", "DATA")
        #AddSegment(0, data_end, bss_end, ".bss", "BSS")
        image_base = rom.header.image_dest_ptr
        entry = image_base - rom.header.image_src
            #if DEBUG:
            #        print "Created File Segments: "
            #   print "\t.text   0x%.8X - 0x%.8X" % (entry, data_start)
            #   print "\t.data   0x%.8X - 0x%.8X" % (data_start, data_end)
            #   print "\t.bss    0x%.8X - 0x%.8X" % (data_end, bss_end)

        # mark the entry point as being the first byte of the loaded image
        idaapi.add_entry(rom.header.image_dest_ptr, rom.header.image_dest_ptr, "HEADER", 1)
        AddIdbComment(image_base, 'Flash Part Version:  ', rom.header.flash_parti_ver)
        AddIdbComment(image_base, 'Source Location:     ', rom.header.image_src)
        AddIdbComment(image_base, 'Destination Address: ', rom.header.image_dest_ptr)
        AddIdbComment(image_base, 'Image Size:          ', rom.header.image_size)
        AddIdbComment(image_base, 'Code Size:           ', rom.header.code_size)
        AddIdbComment(image_base, 'Signature Ptr:       ', rom.header.sig_ptr)
        AddIdbComment(image_base, 'Signature Size:      ', rom.header.sig_size)
        AddIdbComment(image_base, 'Cert Chain Ptr:      ', rom.header.cert_chain_ptr)
        AddIdbComment(image_base, 'Cert Chain Size:     ', rom.header.cert_chain_size)

	return 1
Example #31
def load_file(li, neflags, format):

    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    if format == FormatName:
        idaapi.set_processor_type("dsp56k", SETPROC_ALL | SETPROC_FATAL)
        s = gets(li)
        minprog = BADADDR
        maxprog = 0
        start_addr = 0
        chunk = ""
        clist = ChunkList()
        while True:
            if s == None:
            s = s.strip()
            if len(s) == 0 or s.startswith(" "):
                s = gets(li)
            words = s.split()
            if s.startswith("_START "):
                # skip
                s = gets(li)
            elif s.startswith("_DATA"):
                # _DATA <Memory space> <Address> <Code/data> ...
                if len(words) < 3:
                    idaapi.error("Bad _DATA record: %s" % s)
                # we handle only P (program) memory
                if not words[1] in ("P", "X", "Y"):
                    idaapi.error("Unhandled _DATA memory space: %s" % words[1])
                if not ishex(words[2]):
                    idaapi.error("Bad _DATA starting address: %s" % words[2])

                if len(chunk):
                    # append current chunk to the list
                    clist.add_chunk(start_addr, chunk, cur_mem)

                # start a new chunk
                cur_mem = words[1]
                start_addr = int(words[2], 16)
                chunk = make_chunk(words[3:], cur_mem)

                s = gets(li)
            elif s.startswith("_END"):
                if len(words) < 2 or not ishex(words[1]):
                    idaapi.error("Bad _END record: %s" % s)

                # append current chunk to the list
                clist.add_chunk(start_addr, chunk, cur_mem)

                # load all

                # add the entrypoint
                entry_ea = int(words[1], 16)
                idaapi.add_entry(entry_ea, entry_ea, "start", 1)
            elif s.startswith("_"):
                idaapi.error("Unhandled record type: %s" % words[0])

            # we're inside a _DATA record
            chunk += make_chunk(words, cur_mem)
            s = gets(li)

        print "Load OK"
        return 1

    Warning("Unknown format name: '%s'" % format)
    return 0
Example #32
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    vmlinux = li.read(li.size())

    do_get_arch(kallsyms, vmlinux)
    do_kallsyms(kallsyms, vmlinux)

    if kallsyms['numsyms'] == 0:
        print_log('[!]get kallsyms error...')
        return 0

    idaapi.set_processor_type("arm", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
    if kallsyms['arch'] == 64:
        idaapi.get_inf_structure().lflags |= idaapi.LFLG_64BIT

    li.file2base(0, kallsyms['_start'], kallsyms['_start'] + li.size(), True)

    sinittext_addr = 0
    max_sym_addr = 0
    for i in range(kallsyms['numsyms']):
        if kallsyms['arch'] == 32:
            if kallsyms['address'][i] > 0xd0000000:

        if kallsyms['name'][i] == '_sinittext':
            sinittext_addr = kallsyms['address'][i]
        if kallsyms['address'][i] > max_sym_addr:
            max_sym_addr = kallsyms['address'][i]
    max_sym_addr = max_sym_addr + 1024
    print_log("max_sym_addr = ", hex(max_sym_addr))

    if (kallsyms['_start'] + li.size()) > max_sym_addr:
        max_sym_addr = kallsyms['_start'] + li.size()

    s = idaapi.segment_t()
    s.bitness = kallsyms['arch'] // 32
    s.startEA = kallsyms['_start']
    if sinittext_addr == 0:
        s.endEA = max_sym_addr
        s.endEA = sinittext_addr
    s.perm = 5
    idaapi.add_segm_ex(s, ".text", "CODE", idaapi.ADDSEG_OR_DIE)

    if sinittext_addr > 0:
        s = idaapi.segment_t()
        s.bitness = kallsyms['arch'] // 32
        s.startEA = sinittext_addr
        s.endEA = max_sym_addr
        s.perm = 7
        idaapi.add_segm_ex(s, ".data", "DATA", idaapi.ADDSEG_OR_DIE)

    for i in range(kallsyms['numsyms']):
        if kallsyms['type'][i] in ['t', 'T']:
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i],
                             kallsyms['name'][i], 1)
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i],
                             kallsyms['name'][i], 0)

    print_log("Android/Linux vmlinux loaded...")
    return 1
Example #33
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    idaapi.set_processor_type("M6502", SETPROC_ALL | SETPROC_FATAL)

    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    li.seek(0, idaapi.SEEK_SET)
    nheader = NES_HEADER.from_buffer_copy(li.read(LEN_NES_HEADER))

    idc.AddSeg(RAM_START, RAM_START + RAM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(RAM_START, "RAM")
    zeromemory(RAM_START, RAM_SIZE)

    idc.AddSeg(IOREG_START, IOREG_START + IOREG_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(IOREG_START, "IOREG")
    zeromemory(IOREG_START, IOREG_SIZE)

    # bit 1 : Cartridge contains battery-backed PRG RAM ($6000-7FFF) or other persistent memory
    if (nheader.rom_control_byte_0 & 0x02) != 0x00:
        idc.AddSeg(SRAM_START, SRAM_START + SRAM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
        idc.RenameSeg(SRAM_START, "SRAM")
        zeromemory(SRAM_START, SRAM_SIZE)

    idc.AddSeg(EXPROM_START, EXPROM_START + EXPROM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(EXPROM_START, "EXPROM")

    # bit 2 : 512-byte trainer at $7000-$71FF (stored before PRG data)
    if (nheader.rom_control_byte_0 & 0x04) != 0x00:
        idc.AddSeg(TRAINER_START, TRAINER_START + TRAINER_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
        idc.RenameSeg(TRAINER_START, "TRAINER")
        zeromemory(TRAINER_START, TRAINER_SIZE)

    idc.AddSeg(ROM_START, ROM_START + ROM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(ROM_START, "ROM")
    idc.SetSegmentType(ROM_START, idc.SEG_CODE | idc.SEG_DATA)
    zeromemory(ROM_START, ROM_SIZE)


    mapper_version = (((nheader.rom_control_byte_0 & 0xF0) >> 4) | (nheader.rom_control_byte_1 & 0xF0))
    if (mapper_version == MAPPER_NONE or
        mapper_version == MAPPER_MMC1 or
        mapper_version == MAPPER_UxROM or
        mapper_version == MAPPER_CNROM or
        mapper_version == MAPPER_MMC3 or
        mapper_version == MAPPER_MMC5 or
        mapper_version == MAPPER_CAMERIC or
        mapper_version == MAPPER_GNROM):
            offset = LEN_NES_HEADER
            if (nheader.rom_control_byte_0 & 0x04) != 0x00:
                offset = offset + TRAINER_SIZE
            offset = offset
            li.file2base(offset, ROM_START, ROM_START + PRG_PAGE_SIZE, 0)
            offset = LEN_NES_HEADER
            if (nheader.rom_control_byte_0 & 0x04) != 0x00:
                offset = offset + TRAINER_SIZE
            offset = offset + (nheader.nb_prg_page_16k - 1) * PRG_PAGE_SIZE
            li.file2base(offset, ROM_START + PRG_PAGE_SIZE, ROM_START + PRG_PAGE_SIZE + PRG_PAGE_SIZE, 0)
            offset = LEN_NES_HEADER
            if (nheader.rom_control_byte_0 & 0x04) != 0x00:
                offset = offset + TRAINER_SIZE
            offset = offset + PRG_PAGE_SIZE * nheader.nb_prg_page_16k
            li.file2base(offset, RAM_START, RAM_START + CHR_PAGE_SIZE, 0)
    elif (mapper_version == MAPPER_MMC2):
        Warning("Second case mapper")
    elif (mapper_version == MAPPER_AxROM or
        mapper_version == MAPPER_COLOR_DREAMS or
        mapper_version == MAPPER_BxROM):
        Warning("Third case mapper")
        Warning("Mapper %d is not supported" % mapper_version)


    idaapi.add_entry(Word(0xFFFC), Word(0xFFFC), "start", 1)
    idaapi.cvar.inf.startIP = Word(0xFFFC)
    idaapi.cvar.inf.beginEA = Word(0xFFFC)
    return 1
Example #34
def pe_load(li):
    global directory_entry_headers
    global base_address
    global entry_point
    global xex_magic

    # Get size of the PE
    li.seek(0, 2)  # seek to end
    pe_size = li.tell()

    # Read DOS & NT headers
    dos_header = read_struct(li, ImageDOSHeader)
    if dos_header.MZSignature != 0x5A4D:
        print("[+] PE has invalid ImageDOSHeader.MZSignature! (0x%x)" %
        return 0

    nt_header = read_struct(li, ImageNTHeaders)
    if nt_header.Signature != 0x4550:
        print("[+] PE has invalid ImageNTHeaders.Signature! (0x%x)" %
        return 0

    # Skip past PE data directories (for now? will we ever need them?)
    li.seek(nt_header.OptionalHeader.NumberOfRvaAndSizes * 8, os.SEEK_CUR)

    # Use base address from optionalheader if we don't already have one
    if base_address <= 0:
        base_address = nt_header.OptionalHeader.ImageBase

    # If no EP passed we'll use EP from the optionalheader
    if entry_point <= 0:
        entry_point = base_address + nt_header.OptionalHeader.AddressOfEntryPoint

    # Read in & map our section headers
    # (todo: fix loading more sections than needed, seems sections like .reloc shouldn't be loaded in?)
    section_headers = []
    for i in range(0, nt_header.FileHeader.NumberOfSections):
        section_headers.append(read_struct(li, ImageSectionHeader))

    for section in section_headers:
        sec_addr = section.VirtualAddress if xex_magic != _MAGIC_XEX3F else section.PointerToRawData
        sec_size = min(section.VirtualSize, section.SizeOfRawData)

        if sec_addr + sec_size > pe_size:
            sec_size = pe_size - sec_addr

        # Load em if you got em
        if sec_size <= 0:


        # Load data into IDB
                            base_address + section.VirtualAddress)

    # Name the EP if we have one
    if entry_point > 0:
        idaapi.add_entry(entry_point, entry_point, "start", 1)

    # PE load complete :)
    return 1
Example #35
def addEntry(name, ea, ordinal=None):
    '''addEntry(name, ea, index?) -> adds an entry point to the database'''
    return idaapi.add_entry(idaapi.get_entry_qty() if ordinal is None else ordinal, ea, name, 0)
Example #36
def load_cro(li, is_crs):
    if is_crs:
        base = 0
        base = 0x00100000 # arbitrary





    StaticPatchNum) = struct.unpack("<IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII", li.read(0x138 - 0x80))

    if not is_crs:
        li.file2base(0, base, base + FileSize, 0)

    # set segments
    segmentDic = [
        ("CODE", ".text"),
        ("DATA", ".rodata"),
        ("DATA", ".data"),
        ("BSS", ".bss")
    segmentAddress = []
    for i in range(SegmentNum):
        SegmentOffset, SegmentSize, SegmentType = struct.unpack("<III", li.read(12))
        if SegmentType == 3:
            SegmentOffset = 0x08000000
            idaapi.enable_flags(base + SegmentOffset, base + SegmentOffset + SegmentSize, idaapi.STT_VA)

        segmentAddress.append(base + SegmentOffset)
        if SegmentSize :
            idaapi.add_segm(0, segmentAddress[i], segmentAddress[i] + SegmentSize, segmentDic[SegmentType][1], segmentDic[SegmentType][0])

    # do internal relocations
    for i in range(InternalPatchNum):
        target, patch_type, source, _, _, shift = struct.unpack("<IBBBBI", li.read(12))
        target_offset = DecodeTag(segmentAddress, target)
        source_offset = segmentAddress[source] + shift
        if patch_type == 2:
            value = source_offset
        elif patch_type == 3:
            rel = source_offset - target_offset
            if rel < 0:
                rel += 0x100000000
            value = rel
        idaapi.patch_long(target_offset, value)
        f = idaapi.fixup_data_t()
        f.type = idaapi.FIXUP_OFF32
        f.off = value
        idaapi.set_fixup(target_offset, f)

    # import
    importNamedSymbolTable = []
    for i in range(ImportNamedSymbolNum):
        importNamedSymbolTable.append(struct.unpack('<II', li.read(8)))

    for importNamedSymbol in importNamedSymbolTable:
        nameOffset, batchOffset = importNamedSymbol
        name = ""
        while True:
            c = li.read(1)
            if c == '\0':
            name += c
        do_import_batch(li, segmentAddress, batchOffset, name)

    module = []
    for i in range(ImportModuleNum):
        module.append(struct.unpack('<IIIII', li.read(20)))

    for m in module:
        moduleNameOffset, indexed, indexedNum, anonymous, anonymousNum = m
        mname = ""
        while True:
            c = li.read(1)
            if c == '\0':
            mname += c

        indexeds = []
        for i in range(indexedNum):
            indexeds.append(struct.unpack('<II', li.read(8)))

        anonymouses = []
        for i in range(anonymousNum):
            anonymouses.append(struct.unpack('<II', li.read(8)))

        for i in indexeds:
            index, batchOffset = i
            do_import_batch(li, segmentAddress, batchOffset, "%s_%d"%(mname, index))

        for i in anonymouses:
            tag, batchOffset = i
            do_import_batch(li, segmentAddress, batchOffset, "%s_%08X"%(mname, tag))

    # export
    exportNamedSymbolTable = []
    for i in range(ExportNamedSymbolNum):
        exportNamedSymbolTable.append(struct.unpack('<II', li.read(8)))

    for exportNamedSymbol in exportNamedSymbolTable:
        nameOffset, target = exportNamedSymbol
        target_offset = DecodeTag(segmentAddress, target)
        name = ""
        while True:
            c = li.read(1)
            if c == '\0':
            name += c
        idaapi.add_entry(target_offset, target_offset, name, idaapi.segtype(target_offset) == idaapi.SEG_CODE)

    for i in range(ExportIndexedSymbolNum):
        target, = struct.unpack('<I', li.read(4))
        target_offset = DecodeTag(segmentAddress, target)
        idaapi.add_entry(i, target_offset, "indexedExport_%d" % i, idaapi.segtype(target_offset) == idaapi.SEG_CODE)
Example #37
    def load_one_file(li, options, idx, basename=None):
        bypass_plt = OPT_BYPASS_PLT in options

        f = load_nxo(li)

        if idx == 0:
            if f.armv7:
                idc.SetShortPrm(idc.INF_LFLAGS, idc.GetShortPrm(idc.INF_LFLAGS) | idc.LFLG_PC_FLAT)
                idc.SetShortPrm(idc.INF_LFLAGS, idc.GetShortPrm(idc.INF_LFLAGS) | idc.LFLG_64BIT)

            idc.SetCharPrm(idc.INF_DEMNAMES, idaapi.DEMNAM_GCC3)
            idaapi.add_til2('gnulnx_arm' if f.armv7 else 'gnulnx_arm64', 1)
            # don't create tails
            idc.set_inf_attr(idc.INF_AF, idc.get_inf_attr(idc.INF_AF) & ~idc.AF_FTAIL)

        if OPT_LOAD_31_BIT in options:
            loadbase = 0x8000000
            step = 0x1000000
        elif f.armv7:
            loadbase = 0x60000000
            step = 0x10000000
            loadbase = 0x7100000000
            step = 0x100000000
        loadbase += idx * step

        as_string = f.binfile.read(f.bssoff)
        idaapi.mem2base(as_string, loadbase)

        seg_prefix = basename if basename is not None else ''
        for start, end, name, kind in f.sections:
            if name.startswith('.got'):
                kind = 'CONST'
            idaapi.add_segm(0, loadbase+start, loadbase+end, seg_prefix+name, kind)
            segm = idaapi.get_segm_by_name(seg_prefix+name)
            if kind == 'CONST':
                segm.perm = idaapi.SEGPERM_READ
            elif kind == 'CODE':
                segm.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_EXEC
            elif kind == 'DATA':
                segm.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_WRITE
            elif kind == 'BSS':
                segm.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_WRITE
            idaapi.set_segm_addressing(segm, 1 if f.armv7 else 2)

        # do imports
        # TODO: can we make imports show up in "Imports" window?
        undef_count = 0
        for s in f.symbols:
            if not s.shndx and s.name:
                undef_count += 1
        last_ea = max(loadbase + end for start, end, name, kind in f.sections)
        undef_entry_size = 8
        undef_ea = ((last_ea + 0xFFF) & ~0xFFF) + undef_entry_size # plus 8 so we don't end up on the "end" symbol

        undef_seg = basename + '.UNDEF' if basename is not None else 'UNDEF'
        idaapi.add_segm(0, undef_ea, undef_ea+undef_count*undef_entry_size, undef_seg, 'XTRN')
        segm = idaapi.get_segm_by_name(undef_seg)
        segm.type = idaapi.SEG_XTRN
        for i,s in enumerate(f.symbols):
            if not s.shndx and s.name:
                idaapi.do_name_anyway(undef_ea, s.name)
                s.resolved = undef_ea
                undef_ea += undef_entry_size
            elif i != 0:
                assert s.shndx
                s.resolved = loadbase + s.value
                if s.name:
                    if s.type == STT_FUNC:
                        idaapi.add_entry(s.resolved, s.resolved, s.name, 0)
                        idaapi.do_name_anyway(s.resolved, s.name)

                # NULL symbol
                s.resolved = 0

        funcs = set()
        for s in f.symbols:
            if s.name and s.shndx and s.value:
                if s.type == STT_FUNC:
                    symend = loadbase+s.value+s.size
                    if Dword(symend) != 0:

        got_name_lookup = {}
        for offset, r_type, sym, addend in f.relocations:
            target = offset + loadbase
            if r_type in (R_ARM_GLOB_DAT, R_ARM_JUMP_SLOT, R_ARM_ABS32):
                if not sym:
                    print 'error: relocation at %X failed' % target
                    idaapi.put_long(target, sym.resolved)
            elif r_type == R_ARM_RELATIVE:
                idaapi.put_long(target, idaapi.get_long(target) + loadbase)
            elif r_type in (R_AARCH64_GLOB_DAT, R_AARCH64_JUMP_SLOT, R_AARCH64_ABS64):
                idaapi.put_qword(target, sym.resolved + addend)
                if addend == 0:
                    got_name_lookup[offset] = sym.name
            elif r_type == R_AARCH64_RELATIVE:
                idaapi.put_qword(target, loadbase + addend)
                if addend < f.textsize:
                    funcs.add(loadbase + addend)
                print 'TODO r_type %d' % (r_type,)
            ida_make_offset(f, target)

        for func, target in f.plt_entries:
            if target in got_name_lookup:
                addr = loadbase + func
                idaapi.do_name_anyway(addr, got_name_lookup[target])

        if not f.armv7:
            funcs |= find_bl_targets(loadbase, loadbase+f.textsize)

            if bypass_plt:
                plt_lookup = f.plt_lookup
                for pco in xrange(0, f.textsize, 4):
                    pc = loadbase + pco
                    d = Dword(pc)
                    if (d & 0x7c000000) == (0x94000000 & 0x7c000000):
                        imm = d & 0x3ffffff
                        if imm & 0x2000000:
                            imm |= ~0x1ffffff
                        if 0 <= imm <= 2:
                        target = (pc + imm * 4) - loadbase
                        if target in plt_lookup:
                            new_target = plt_lookup[target] + loadbase
                            new_instr = (d & ~0x3ffffff) | (((new_target - pc) / 4) & 0x3ffffff)
                            idaapi.put_long(pc, new_instr)

            for pco in xrange(0, f.textsize, 4):
                pc = loadbase + pco
                d = Dword(pc)
                if d == 0x14000001:
                    funcs.add(pc + 4)

        for pc, _ in f.eh_table:
            funcs.add(loadbase + pc)

        for addr in sorted(funcs, reverse=True):

        return 1
Example #38
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    jump = dwordAt(li, 0)
    # Test ARM branch
    if jump & 0xFF000000 != 0xEA000000:
        Warning("Unknown format name: '%s'" % format)
        return 0
    idaapi.set_processor_type("arm", SETPROC_ALL | SETPROC_FATAL)
    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    # Adding Header Section
    idc.AddSeg(ROM_START, ROM_START + SIZE_HEADER, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(ROM_START, "HEADER")
    idc.SetSegmentType(ROM_START, idc.SEG_CODE)
    li.file2base(0, ROM_START, ROM_START + SIZE_HEADER, 0)

    # Adding OEP
    idaapi.add_entry(ROM_START, ROM_START, "start", 1)
    idaapi.cvar.inf.startIP = ROM_START
    idaapi.cvar.inf.beginEA = ROM_START

    # Adding ROM Section
    idc.AddSeg(ROM_START + SIZE_HEADER, ROM_START + (ROM_SIZE - SIZE_HEADER), 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(ROM_START + SIZE_HEADER, "ROM")
    idc.SetSegmentType(ROM_START + SIZE_HEADER, idc.SEG_CODE)
    li.file2base(0, ROM_START + SIZE_HEADER, ROM_START + size, 0)

    # Adding EWRAM
    idc.AddSeg(0x02000000, 0x02040000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x02000000, "EWRAM")
    memset_seg(0x02000000, 0x40000)

    # Adding IWRAM
    idc.AddSeg(0x03000000, 0x03008000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x03000000, "IWRAM")
    memset_seg(0x03000000, 0x8000)

    # Adding IO / Registers
    idc.AddSeg(0x04000000, 0x04000400, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x04000000, "IOregisters")
    memset_seg(0x04000000, 0x400)

    # Adding BIOS System ROM
    idc.AddSeg(0x00000000, 0x00004000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x00000000, "BIOS")
    memset_seg(0x00000000, 0x4000)
    idc.SetSegmentType(0x0000000, idc.SEG_CODE)

    idaapi.add_long_cmt(ROM_START, True, "ROM HEADER")
    idc.ExtLinA(ROM_START, 1, "; Game Title : %s" % li.read(12))
    idc.ExtLinA(ROM_START, 2, "; Game Code : %s" % li.read(4))
    idc.ExtLinA(ROM_START, 3, "; Marker Code : %s" % li.read(2))
    idc.ExtLinA(ROM_START, 4, "; Fixed value : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 5, "; Main unit code : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 6, "; Device type : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 7, "; Reserved Area : db 7 dup(0)")
    idc.ExtLinA(ROM_START, 8, "; Software version %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 9, "; Complement Check %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 10, "; Reserved Area : db 2 dup(0)")

    print("[+] Load OK")
    return 1
Example #39
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok
    if format == AtariSTTOSImageName:
        idaapi.set_processor_type('68K', ida_idp.SETPROC_LOADER)

        header = read_struct(li, tos_image_header)

        li.seek(0, idaapi.SEEK_END)
        filesize = li.tell()

        idc.add_segm_ex(header.os_beg, header.os_beg + filesize, 0, 1,
                        idaapi.saRelPara, idaapi.scPub, idc.ADDSEG_NOSREG)
        idc.set_segm_name(header.os_beg, 'TOS')

        li.file2base(0, header.os_beg, header.os_beg + filesize, 0)

        idaapi.add_entry(header.os_beg, header.os_beg, "ostext", 1)
        idc.set_cmt(header.os_beg, 'branch to reset handler', 0)
        idc.set_name(header.os_beg + 2, 'os_version')
        idc.create_word(header.os_beg + 2)
        idc.set_cmt(header.os_beg + 2, 'OS version number', 0)
        idc.set_cmt(header.os_beg + 4, '-> system reset handler', 0)
        reseth = ida_bytes.get_dword(header.os_beg + 4)
        idc.set_name(reseth, 'reseth')
        idc.set_name(header.os_beg + 8, 'os_beg')
        idc.set_cmt(header.os_beg + 8, '-> base of OS', 0)
        idc.set_name(header.os_beg + 12, 'os_end')
        idc.set_cmt(header.os_beg + 12, '-> end of OS memory usage', 0)
        os_end = ida_bytes.get_dword(header.os_beg + 12)
        idc.add_segm_ex(0x0, os_end, 0, 1, idaapi.saRelPara, idaapi.scPub,
        idc.set_segm_name(0x0, 'DOSRAM')
        idc.set_name(os_end, 'endos')
        idc.set_name(header.os_beg + 16, 'os_exec')
        idc.set_cmt(header.os_beg + 16, '-> default shell', 0)
        idc.set_name(header.os_beg + 20, 'os_magic')
        idc.set_cmt(header.os_beg + 20, '-> GEM magic (or NULL)', 0)
        idc.set_name(header.os_beg + 24, 'os_date')
        idc.create_dword(header.os_beg + 24)
        idc.set_cmt(header.os_beg + 24, 'date the system was built', 0)
        idc.set_name(header.os_beg + 28, 'os_conf')
        idc.create_word(header.os_beg + 28)
        idc.set_cmt(header.os_beg + 28, 'configuration bits', 0)
        idc.set_name(header.os_beg + 30, 'os_dosdate')
        idc.create_word(header.os_beg + 30)
        idc.set_cmt(header.os_beg + 30, 'DOS-format date the system was built',
        addr = header.os_beg + 32
        while addr < reseth:
            if addr == header.os_beg + 0x20:
                idc.set_cmt(addr, 'base of GEMDOS pool', 0)
                idc.set_name(ida_bytes.get_dword(addr), '_root')
            elif addr == header.os_beg + 0x24:
                idc.set_cmt(addr, '-> keyboard shift-state byte', 0)
                idc.set_name(ida_bytes.get_dword(addr), 'kbshift')
            elif addr == header.os_beg + 0x28:
                idc.set_cmt(addr, '-> current process', 0)
                idc.set_name(ida_bytes.get_dword(addr), '_run')
            elif addr == header.os_beg + 0x2c:
                idc.set_cmt(addr, 'reserved for future use', 0)
            addr += 4

        the_magic = ida_bytes.get_dword(header.os_beg + 20)
        gem_end = ida_bytes.get_dword(the_magic + 4)
        aes_init = ida_bytes.get_dword(the_magic + 8)
        idc.add_segm_ex(os_end, gem_end + 1, 0, 1, idaapi.saRelPara,
                        idaapi.scPub, idc.ADDSEG_NOSREG)
        idc.set_segm_name(os_end, 'GEMRAM')

        idc.set_name(the_magic, 'the_magic')
        idc.set_cmt(the_magic, '$87654321 if GEM present', 0)
        idc.create_dword(the_magic + 4)
        idc.set_cmt(the_magic + 4, 'End address of OS RAM usage', 0)
        idc.create_dword(the_magic + 8)
        idc.set_cmt(the_magic + 8, 'Execution address of GEM', 0)
        idaapi.add_entry(aes_init, aes_init, "gem_entry", 1)
        idc.set_name(gem_end, 'gem_end')

        return 1

    elif format == AtariSTProgramName:
        idaapi.set_processor_type('68K', ida_idp.SETPROC_LOADER)

        header = read_struct(li, gemdos_executable_header)

        base_addr = AtariSTBaseAddress

        text_addr = base_addr
        data_addr = text_addr + header.PRG_tsize
        bss_addr = data_addr + header.PRG_dsize
        idc.add_segm_ex(text_addr, text_addr + header.PRG_tsize, 0, 1,
                        idaapi.saRelPara, idaapi.scPub, idc.ADDSEG_NOSREG)
        idc.set_segm_name(text_addr, 'tseg')
        idc.add_segm_ex(data_addr, data_addr + header.PRG_dsize, 0, 1,
                        idaapi.saRelPara, idaapi.scPub, idc.ADDSEG_NOSREG)
        idc.set_segm_name(data_addr, 'dseg')
        idc.add_segm_ex(bss_addr, bss_addr + header.PRG_bsize, 0, 1,
                        idaapi.saRelPara, idaapi.scPub, idc.ADDSEG_SPARSE)
        idc.set_segm_name(bss_addr, 'bseg')
        li.file2base(ctypes.sizeof(gemdos_executable_header), text_addr,
                     text_addr + header.PRG_tsize + header.PRG_dsize, 0)

        # relocate the application
        li.seek(0, idaapi.SEEK_END)
        filesize = li.tell()
        li.seek(0, idaapi.SEEK_SET)
        relocDataOffset = ctypes.sizeof(
        ) + header.PRG_tsize + header.PRG_dsize + header.PRG_ssize
        relocData = li.read(filesize - relocDataOffset)
        roffset = 4
        rea = struct.unpack('>I', relocData[:roffset])[0]
        if rea != 0:
            rea = rea + base_addr
            idc.patch_dword(rea, ida_bytes.get_dword(rea) + base_addr)
            if rea >= data_addr:  # in the DATA segment, make sure it is an actual pointer
            while True:
                offset = ord(relocData[roffset])
                roffset += 1
                if offset == 0:  # end of the relocation table
                if offset == 1:  # odd numbers are not valid, 1 is a special case to skip 254 bytes without relocating
                    rea += 254
                rea += offset
                idc.patch_dword(rea, ida_bytes.get_dword(rea) + base_addr)
                if rea >= data_addr:  # in the DATA segment, make sure it is an actual pointer

        # apply a symbol table, if part of the file
        if header.PRG_ssize:
            symboltableDataOffset = ctypes.sizeof(
                gemdos_executable_header) + header.PRG_tsize + header.PRG_dsize
            symboltableData = li.read(header.PRG_ssize)
            soffset = 0
            while soffset < header.PRG_ssize:
                entry = symboltableData[soffset:soffset + 14]
                soffset += 14
                name = entry[:8]
                flags, value = struct.unpack('>HL', entry[8:])
                if (
                        flags & 0x0048
                ) and soffset + 14 < header.PRG_ssize:  # GST extended DRI symbol format?
                    entry = symboltableData[soffset:soffset + 14]
                    soffset += 14
                    name += entry[:8]
                if (
                        flags & 0xf000
                ) == 0xa000:  # global defined symbol? (registers, etc are not supported)
                    value += text_addr  # relocate the value
                    if (flags & 0xf00) == 0x0100:  # BSS
                        idc.set_name(value, name)
                    elif (flags & 0xf00) == 0x0200:  # TEXT
                        idaapi.add_entry(value, value, name, 1)
                    elif (flags & 0xf00) == 0x0400:  # DATA
                        idc.set_name(value, name)

        idaapi.add_entry(text_addr, text_addr, "start", 1)
        idaapi.plan_and_wait(text_addr, text_addr + header.PRG_tsize)
        return 1

    return 0
Example #40
def load_file(li, neflags, format):
    ndsRom = NintendoDSRom(li.read(li.size()))
    retval = 1

    useArm9 = ask_yn(
        "This ROM potentially contains both ARM9 and ARM7 code\nDo you want to load the ARM9 binary?"
    if (useArm9 == -1):
        useArm9 = 0

    useArm9 = bool(useArm9)

    proc = ""
    startEA = 0
    endEA = 0
    offset = 0
    entryAddr = 0
    size = 0
    name = ""
    rom = ""
    if (useArm9):
        name = "ARM9 ROM"
        proc = "ARM"
        entryAddr = ndsRom.arm9EntryAddress
        startEA = ndsRom.arm9RamAddress
        endEA = ndsRom.arm9RamAddress + ndsRom.arm9Len
        offset = ndsRom.arm9Offset
        size = ndsRom.arm9Len
        rom = ndsRom.arm9
        name = "ARM7 ROM"
        proc = "ARM710A"
        entryAddr = ndsRom.arm7EntryAddress
        startEA = ndsRom.arm7RamAddress
        endEA = ndsRom.arm7RamAddress + ndsRom.arm7Len
        offset = ndsRom.arm7Offset
        size = ndsRom.arm7Len
        rom = ndsRom.arm7

        proc, idaapi.SETPROC_LOADER_NON_FATAL | idaapi.SETPROC_LOADER)

    memory =  \
        [ startEA, endEA, "RAM" ],
        [ 0x04000000, 0x04001056, "General_Regs" ],
        [ 0x05000000, 0x05000600, "VMEM_Regs" ],

    if ((startEA < memory[0][0] or endEA > memory[0][1])
            and (startEA < memory[1][0] or endEA > memory[1][1])
            and (startEA < memory[2][0] or endEA > memory[2][1])):
        raise Exception("ROM not mapped into valid mem!")

    for segment in memory:
        idc.AddSeg(segment[0], segment[1], 0, 1, idaapi.saRelPara,
        idc.RenameSeg(segment[0], segment[2])

        if "RAM" not in segment[2]:
            for i in xrange(segment[0], segment[1]):
                idc.PatchByte(i, 0)

    idaapi.add_entry(entryAddr, entryAddr, "start", 1)
    idc.MakeNameEx(entryAddr, "start", idc.SN_NOCHECK | idc.SN_NOWARN)
    idaapi.cvar.inf.startIP = entryAddr
    idaapi.cvar.inf.beginEA = entryAddr
    ida_segment.set_selector(1, 0)
    idaapi.cvar.inf.startCS = 1

    li.file2base(offset, startEA, endEA, 1)

    idaapi.cvar.inf.startCS = 0
    idaapi.cvar.inf.startIP = entryAddr

    idc.ExtLinA(startEA, 1, "; Title : " + str(ndsRom.name))
    idc.ExtLinA(startEA, 1, "; Software Version: " + str(ndsRom.version))

    # Add TwlHdr
    if name == "ARM7 ROM":

    print("Done! Entry point @ " + hex(entryAddr))
    return 1
Example #41
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok

    vmlinux = li.read(li.size())

    do_get_arch(kallsyms, vmlinux)
    do_kallsyms(kallsyms, vmlinux)
    if kallsyms['numsyms'] == 0:
        print_log('[!]get kallsyms error...')
        return 0
    idaapi.set_processor_type("arm", idaapi.SETPROC_ALL|idaapi.SETPROC_FATAL)
    if kallsyms['arch'] == 64:
        idaapi.get_inf_structure().lflags |= idaapi.LFLG_64BIT

    li.file2base(0, kallsyms['_start'], kallsyms['_start']+li.size(), True)

    sinittext_addr = 0
    max_sym_addr = 0
    for i in range(kallsyms['numsyms']):
        if kallsyms['arch'] == 32:
            if kallsyms['address'][i] > 0xd0000000:

        if kallsyms['name'][i] == '_sinittext':
            sinittext_addr = kallsyms['address'][i]
        if kallsyms['address'][i] > max_sym_addr:
            max_sym_addr = kallsyms['address'][i]
    max_sym_addr = max_sym_addr + 1024
    print_log("max_sym_addr = ", hex(max_sym_addr))

    if (kallsyms['_start']+li.size()) > max_sym_addr:
        max_sym_addr = kallsyms['_start']+li.size()

    s = idaapi.segment_t()
    s.bitness = kallsyms['arch'] // 32
    s.startEA = kallsyms['_start']
    if sinittext_addr == 0:
        s.endEA = max_sym_addr
        s.endEA = sinittext_addr
    s.perm = 5
    if sinittext_addr > 0:
        s = idaapi.segment_t()
        s.bitness = kallsyms['arch'] // 32
        s.startEA = sinittext_addr
        s.endEA = max_sym_addr
        s.perm = 7

    for i in range(kallsyms['numsyms']):
        if kallsyms['type'][i] in ['t','T']:
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i], kallsyms['name'][i], 1)
            idaapi.add_entry(kallsyms['address'][i], kallsyms['address'][i], kallsyms['name'][i], 0)

    print_log("Android/Linux vmlinux loaded...")
    return 1
Example #42
def load_file(li, neflags, format):
    Load the SG/SMD ROM

    :param li: Loader input
    :param neflags:
    :param format:
    :return: 1 on success, otherwise 0

    idaapi.set_processor_type('68000', idaapi.SETPROC_LOADER)
    is_reload = (neflags & idaapi.NEF_RELOAD) != 0
    if is_reload:
        return 1

    # Get ROM end
    rom_end = struct.unpack('>I', li.read(4))[0]

    # Create ROM segment
    rom_seg = idaapi.segment_t()
    rom_seg.start_ea = 0
    rom_seg.end_ea = rom_end
    rom_seg.bitness = 1
    idaapi.add_segm_ex(rom_seg, 'ROM', 'CODE', idaapi.ADDSEG_OR_DIE)

    # Get RAM start/end
    ram_start = struct.unpack('>I', li.read(4))[0]
    ram_end = struct.unpack('>I', li.read(4))[0]

    # Create RAM segment
    ram_seg = idaapi.segment_t()
    ram_seg.start_ea = ram_start
    ram_seg.end_ea = ram_end
    ram_seg.bitness = 1
    idaapi.add_segm_ex(ram_seg, 'RAM', 'DATA', idaapi.ADDSEG_OR_DIE)

    # Read file into ROM segment
    li.file2base(0, 0, rom_end, False)

    # Create Z80 memory segment
    z80_seg = idaapi.segment_t()
    z80_seg.start_ea = 0xa00000
    z80_seg.end_ea = 0xa1ffff  # Actually ends at 0xa0ffff, but for the sake of applying labels we make it 0xa1ffff
    z80_seg.bitness = 0  # 16 bit
    idaapi.add_segm_ex(z80_seg, 'Z80', 'DATA', idaapi.ADDSEG_OR_DIE)

    # Create a segment so we can create labels for VDP ports and debug registers
    misc_ports_regs = idaapi.segment_t()
    misc_ports_regs.start_ea = 0xc00000
    misc_ports_regs.end_ea = 0xc00020
    misc_ports_regs.bitness = 1
    idaapi.add_segm_ex(misc_ports_regs, 'MISC', 'DATA', idaapi.ADDSEG_OR_DIE)

    # Create interrupt vector table
    create_dword_and_name(0, 'StackOffset')
    create_dword_and_name(4, 'ProgramStart')

    # Create ROM info

    # Set entry
    program_start = get_dword_at(li, 4)
    idaapi.add_entry(program_start, program_start, '_start', 1)
    return 1
Example #43
def load_file(li, neflags, format):
	if format != ROM_FORMAT_NAME:
		Warning("Unknown format name: '%s'" % format)
    		return 0
	idaapi.set_processor_type("M6502", SETPROC_ALL | SETPROC_FATAL)
	li.seek(0, idaapi.SEEK_END)
	size = li.tell()

	# RAM
	idc.AddSeg(RAM_START, RAM_START + RAM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
	idc.RenameSeg(RAM_START, "RAM")

	CartTypeLSB = struct.unpack("<B", li.read(1))[0]
	if (((CartTypeLSB & 0x2) >> 1) == 1):
		idc.AddSeg(SRAM_START, SRAM_START + SRAM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
		idc.RenameSeg(SRAM_START, "SRAM")

	idc.AddSeg(EXPROM_START, EXPROM_START + EXPROM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
	idc.RenameSeg(EXPROM_START, "EXPROM")

	if (((CartTypeLSB & 0x4) >> 2) == 1):
		idc.AddSeg(TRAINER_START, TRAINER_START + TRAINER_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)

	# ROM
	idc.AddSeg(ROM_START, ROM_START + ROM_SIZE, 0, 0, idaapi.saRelPara, idaapi.scPub)
	idc.RenameSeg(ROM_START, "ROM")	
	idc.SetSegmentType(ROM_START, idc.SEG_CODE)

	CartTypeMSB = struct.unpack("<B", li.read(1))[0]
	mapper_version = (((CartTypeLSB & 0xF0) >> 4) | (CartTypeMSB & 0xF0))
	if (mapper_version == MAPPER_NONE or
		mapper_version == MAPPER_MMC1 or
		mapper_version == MAPPER_UxROM or
		mapper_version == MAPPER_CNROM or
		mapper_version == MAPPER_MMC3 or
		mapper_version == MAPPER_MMC5 or
		mapper_version == MAPPER_CAMERIC or
		mapper_version == MAPPER_GNROM):
		prg_rom_size = struct.unpack("<B", li.read(1))[0]
		if (prg_rom_size != 0):
			offset = HEADER_SIZE
			if (((CartTypeLSB & 0x4) >> 2) == 1):
				offset += TRAINER_SIZE
			li.file2base(0, ROM_START, ROM_START + PRG_PAGE_SIZE, 0)
			offset = HEADER_SIZE + (prg_rom_size - 1) * PRG_PAGE_SIZE
			if (((CartTypeLSB & 0x4) >> 2) == 1):
				offset += TRAINER_SIZE

	elif (mapper_version == MAPPER_MMC2):
		print("Second case mapper")
	elif (mapper_version == MAPPER_AxROM or
		mapper_version == MAPPER_COLOR_DREAMS or
		mapper_version == MAPPER_BxROM):
		print("Third case mapper")
		print("Mapper %d is not supported" % mapper_version)

	idaapi.add_entry(Word(0xFFFC), Word(0xFFFC), "start", 1)
	idaapi.cvar.inf.startIP = Word(0xFFFC)
	idaapi.cvar.inf.beginEA = Word(0xFFFC)	
	header_info(li, 0xFFEF)

	print("[+] Load OK")
	return 1
Example #44
    def load_file(li, neflags, format):
                                  idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
        f = load_nxo(li)
        if f.armv7:
            SetShortPrm(INF_LFLAGS, GetShortPrm(INF_LFLAGS) | LFLG_PC_FLAT)
            SetShortPrm(INF_LFLAGS, GetShortPrm(INF_LFLAGS) | LFLG_64BIT)

        SetCharPrm(INF_DEMNAMES, idaapi.DEMNAM_GCC3)
        idaapi.add_til2('gnulnx_arm' if f.armv7 else 'gnulnx_arm64', 1)

        loadbase = 0x60000000 if f.armv7 else 0x7100000000

        as_string = f.binfile.read(f.bssoff)
        idaapi.mem2base(as_string, loadbase)
        if f.text[1] != None:
            li.file2base(f.text[1], loadbase + f.text[2],
                         loadbase + f.text[2] + f.text[3], True)
        if f.ro[1] != None:
            li.file2base(f.ro[1], loadbase + f.ro[2],
                         loadbase + f.ro[2] + f.ro[3], True)
        if f.data[1] != None:
            li.file2base(f.data[1], loadbase + f.data[2],
                         loadbase + f.data[2] + f.data[3], True)

        for start, end, name, kind in f.sections:
            if name.startswith('.got'):
                kind = 'CONST'
            idaapi.add_segm(0, loadbase + start, loadbase + end, name, kind)
            segm = idaapi.get_segm_by_name(name)
            if kind == 'CONST':
                segm.perm = idaapi.SEGPERM_READ
            elif kind == 'CODE':
                segm.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_EXEC
            elif kind == 'DATA':
                segm.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_WRITE
            elif kind == 'BSS':
                segm.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_WRITE
            idaapi.set_segm_addressing(segm, 1 if f.armv7 else 2)

        # do imports
        # TODO: can we make imports show up in "Imports" window?
        undef_count = 0
        for s in f.symbols:
            if not s.shndx and s.name:
                undef_count += 1
        last_ea = max(loadbase + end for start, end, name, kind in f.sections)
        undef_entry_size = 8
        undef_ea = (
            (last_ea + 0xFFF) & ~0xFFF
        ) + undef_entry_size  # plus 8 so we don't end up on the "end" symbol
        idaapi.add_segm(0, undef_ea, undef_ea + undef_count * undef_entry_size,
                        "UNDEF", "XTRN")
        segm = idaapi.get_segm_by_name("UNDEF")
        segm.type = idaapi.SEG_XTRN
        for i, s in enumerate(f.symbols):
            if not s.shndx and s.name:
                idaapi.do_name_anyway(undef_ea, s.name)
                s.resolved = undef_ea
                undef_ea += undef_entry_size
            elif i != 0:
                assert s.shndx
                s.resolved = loadbase + s.value
                if s.name:
                    if s.type == STT_FUNC:
                        print hex(s.resolved), s.name
                        idaapi.add_entry(s.resolved, s.resolved, s.name, 0)
                        idaapi.do_name_anyway(s.resolved, s.name)

                # NULL symbol
                s.resolved = 0

        funcs = set()
        for s in f.symbols:
            if s.name and s.shndx and s.value:
                if s.type == STT_FUNC:
                    funcs.add(loadbase + s.value)

        got_name_lookup = {}
        for offset, r_type, sym, addend in f.relocations:
            target = offset + loadbase
            if r_type in (R_ARM_GLOB_DAT, R_ARM_JUMP_SLOT, R_ARM_ABS32):
                if not sym:
                    print 'error: relocation at %X failed' % target
                    idaapi.put_long(target, sym.resolved)
            elif r_type == R_ARM_RELATIVE:
                idaapi.put_long(target, idaapi.get_long(target) + loadbase)
            elif r_type in (R_AARCH64_GLOB_DAT, R_AARCH64_JUMP_SLOT,
                idaapi.put_qword(target, sym.resolved + addend)
                if addend == 0:
                    got_name_lookup[offset] = sym.name
            elif r_type == R_AARCH64_RELATIVE:
                idaapi.put_qword(target, loadbase + addend)
                if addend < f.textsize:
                    funcs.add(loadbase + addend)
                print 'TODO r_type %d' % (r_type, )
            ida_make_offset(f, target)

        for func, target in f.plt_entries:
            if target in got_name_lookup:
                addr = loadbase + func
                idaapi.do_name_anyway(addr, got_name_lookup[target])

        funcs |= find_bl_targets(loadbase, loadbase + f.textsize)

        for addr in sorted(funcs, reverse=True):
            AutoMark(addr, AU_CODE)
            AutoMark(addr, AU_PROC)

        return 1
Example #45
def load_file(li, neflags, format):
    Load the file into database

    @param li: a file-like object which can be used to access the input data
    @param neflags: options selected by the user, see loader.hpp
    @return: 0-failure, 1-ok
                              idaapi.SETPROC_USER | idaapi.SETPROC_FATAL)
    data = convert(li.read(li.size()))
    if len(data) > 0x4000000:
        # program too large
        return 0

    idaapi.mem2base(data, 0, len(data))
    seg = idaapi.segment_t()
    seg.startEA = 0
    seg.endEA = 0x4000000
    # seg.bitness = 1
    idaapi.add_segm_ex(seg, "PROGRAM", "CODE", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x4000000
    seg.endEA = 0x400001e
    idaapi.add_segm_ex(seg, "CLOCKIO", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x4010000
    seg.endEA = 0x4011000
    idaapi.add_segm_ex(seg, "FLAGIO", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5000000
    seg.endEA = 0x5002000
    idaapi.add_segm_ex(seg, "RDATA", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5002000
    seg.endEA = 0x5002003
    idaapi.add_segm_ex(seg, "RDATASZ", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5010000
    seg.endEA = 0x5012000
    idaapi.add_segm_ex(seg, "SDATA", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x5012000
    seg.endEA = 0x5012003
    idaapi.add_segm_ex(seg, "SDATASZ", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x6000000
    seg.endEA = 0x6800000
    idaapi.add_segm_ex(seg, "SHMEM", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x6800000
    seg.endEA = 0x7000000
    idaapi.add_segm_ex(seg, "NVRAM", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x7FFFF00
    seg.endEA = 0x7FFFF1C
    idaapi.add_segm_ex(seg, "IVEC", "RAM", idaapi.ADDSEG_SPARSE)
    seg = idaapi.segment_t()
    seg.startEA = 0x7FFFF80
    seg.endEA = 0x8000000
    idaapi.add_segm_ex(seg, "PROCID", "RAM", idaapi.ADDSEG_SPARSE)
    idaapi.add_entry(0, 0, "_start", True)
    # idc.AutoMark( 0, AU_CODE )

    return 1