def addSegmentAtLast(segs, segSize):
si = SegmInfo()
si.m_startAddr = segs[-1].m_endAddr
si.m_endAddr = si.m_startAddr + segSize
si.m_name = ".MySeg"
si.m_className = "CODE"
# https://www.hex-rays.com/products/ida/support/idapython_docs/
# startea - linear address of the start of the segment
# endea - linear address of the end of the segment this address will not belong to the segment 'endea' should be higher than 'startea'
# base - base paragraph or selector of the segment. a paragraph is 16byte memory chunk. If a selector value is specified, the selector should be already defined.
# use32 - 0: 16bit segment, 1: 32bit segment, 2: 64bit segment
# align - segment alignment. see below for alignment values
# comb - segment combination. see below for combination values.
ret = idc.AddSeg(si.m_startAddr, si.m_endAddr, 0, 2, 0, 0)
if ret == False:
print "Create segment failed"
return None
# Reset this segment
byte = 0x90
for ea in range(si.m_startAddr, si.m_endAddr, 1):
PatchByte(ea, byte)
# ret = MakeCode(ea)
# if ret == 0:
# print "Make code failed at this section"
# return 0
# Set segment's attribute
# https://reverseengineering.stackexchange.com/questions/2394/how-can-i-change-the-read-write-execute-flags-on-a-segment-in-ida
# idc.SetSegmentAttr(si.m_startAddr, idc.SEGATTR_PERM, idc.SEGPERM_EXEC | idc.SEGPERM_WRITE | idc.SEGPERM_READ)
ret = idc.SetSegmentAttr(si.m_startAddr, idc.SEGATTR_PERM, 1 | 2 | 4)
if ret == 0:
print "Set segment attribute failed"
ret = idc.SetSegClass(si.m_startAddr, si.m_className)
if ret == 0:
print "Set segment class failed"
ret = idc.SetSegmentType(si.m_startAddr, idc.SEG_CODE)
if ret == 0:
print "Set segment type to code failed"
return si
def load_file(li, neflags, format):
if format != ROM_FORMAT_NAME:
Warning("Unknown format name: '%s'" % format)
return 0
jump = dwordAt(li, 0)
# Test ARM branch
if jump & 0xFF000000 != 0xEA000000:
Warning("Unknown format name: '%s'" % format)
return 0
idaapi.set_processor_type("arm", SETPROC_ALL | SETPROC_FATAL)
li.seek(0, idaapi.SEEK_END)
size = li.tell()
# Adding Header Section
idc.AddSeg(ROM_START, ROM_START + SIZE_HEADER, 0, 1, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(ROM_START, "HEADER")
idc.SetSegmentType(ROM_START, idc.SEG_CODE)
li.seek(0)
li.file2base(0, ROM_START, ROM_START + SIZE_HEADER, 0)
# Adding OEP
idaapi.add_entry(ROM_START, ROM_START, "start", 1)
idaapi.cvar.inf.startIP = ROM_START
idaapi.cvar.inf.beginEA = ROM_START
# Adding ROM Section
idc.AddSeg(ROM_START + SIZE_HEADER, ROM_START + (ROM_SIZE - SIZE_HEADER),
0, 1, idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(ROM_START + SIZE_HEADER, "ROM")
idc.SetSegmentType(ROM_START + SIZE_HEADER, idc.SEG_CODE)
li.seek(SIZE_HEADER)
li.file2base(0, ROM_START + SIZE_HEADER, ROM_START + size, 0)
# Adding EWRAM
idc.AddSeg(0x02000000, 0x02040000, 0, 1, idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(0x02000000, "EWRAM")
memset_seg(0x02000000, 0x40000)
# Adding IWRAM
idc.AddSeg(0x03000000, 0x03008000, 0, 1, idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(0x03000000, "IWRAM")
memset_seg(0x03000000, 0x8000)
# Adding IO / Registers
idc.AddSeg(0x04000000, 0x04000400, 0, 1, idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(0x04000000, "IOregisters")
memset_seg(0x04000000, 0x400)
# Adding BIOS System ROM
idc.AddSeg(0x00000000, 0x00004000, 0, 1, idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(0x00000000, "BIOS")
memset_seg(0x00000000, 0x4000)
idc.SetSegmentType(0x0000000, idc.SEG_CODE)
idaapi.add_long_cmt(ROM_START, True, "ROM HEADER")
li.seek(0xA0)
idc.ExtLinA(ROM_START, 1, "; Game Title : %s" % li.read(12))
idc.ExtLinA(ROM_START, 2, "; Game Code : %s" % li.read(4))
idc.ExtLinA(ROM_START, 3, "; Marker Code : %s" % li.read(2))
idc.ExtLinA(ROM_START, 4,
"; Fixed value : %02X" % struct.unpack("<B", li.read(1))[0])
idc.ExtLinA(ROM_START, 5,
"; Main unit code : %02X" % struct.unpack("<B", li.read(1))[0])
idc.ExtLinA(ROM_START, 6,
"; Device type : %02X" % struct.unpack("<B", li.read(1))[0])
idc.ExtLinA(ROM_START, 7, "; Reserved Area : db 7 dup(0)")
li.read(7)
idc.ExtLinA(ROM_START, 8,
"; Software version %02X" % struct.unpack("<B", li.read(1))[0])
idc.ExtLinA(ROM_START, 9,
"; Complement Check %02X" % struct.unpack("<B", li.read(1))[0])
idc.ExtLinA(ROM_START, 10, "; Reserved Area : db 2 dup(0)")
io_naming()
print("[+] Load OK")
return 1
def load_file(li, neflags, format):
if format != ROM_FORMAT_NAME:
Warning("Unknown format name: '%s'" % format)
return 0
idaapi.set_processor_type("M6502", SETPROC_ALL | SETPROC_FATAL)
li.seek(0, idaapi.SEEK_END)
size = li.tell()
# RAM
idc.AddSeg(RAM_START, RAM_START + RAM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(RAM_START, "RAM")
li.seek(0x6)
CartTypeLSB = struct.unpack("<B", li.read(1))[0]
# SRAM
if (((CartTypeLSB & 0x2) >> 1) == 1):
idc.AddSeg(SRAM_START, SRAM_START + SRAM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(SRAM_START, "SRAM")
# EXPROM
idc.AddSeg(EXPROM_START, EXPROM_START + EXPROM_SIZE, 0, 0,
idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(EXPROM_START, "EXPROM")
# TRAINER
if (((CartTypeLSB & 0x4) >> 2) == 1):
idc.AddSeg(TRAINER_START, TRAINER_START + TRAINER_SIZE, 0, 0,
idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(TRAINER_START, "TRAINER")
# ROM
idc.AddSeg(ROM_START, ROM_START + ROM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(ROM_START, "ROM")
idc.SetSegmentType(ROM_START, idc.SEG_CODE)
CartTypeMSB = struct.unpack("<B", li.read(1))[0]
mapper_version = (((CartTypeLSB & 0xF0) >> 4) | (CartTypeMSB & 0xF0))
if (mapper_version == MAPPER_NONE or mapper_version == MAPPER_MMC1
or mapper_version == MAPPER_UxROM or mapper_version == MAPPER_CNROM
or mapper_version == MAPPER_MMC3 or mapper_version == MAPPER_MMC5
or mapper_version == MAPPER_CAMERIC
or mapper_version == MAPPER_GNROM):
li.seek(0x4)
prg_rom_size = struct.unpack("<B", li.read(1))[0]
if (prg_rom_size != 0):
offset = HEADER_SIZE
if (((CartTypeLSB & 0x4) >> 2) == 1):
offset += TRAINER_SIZE
li.seek(offset)
li.file2base(0, ROM_START, ROM_START + PRG_PAGE_SIZE, 0)
offset = HEADER_SIZE + (prg_rom_size - 1) * PRG_PAGE_SIZE
if (((CartTypeLSB & 0x4) >> 2) == 1):
offset += TRAINER_SIZE
li.seek(offset)
li.file2base(0, ROM_START + PRG_PAGE_SIZE,
ROM_START + PRG_PAGE_SIZE + PRG_PAGE_SIZE, 0)
elif (mapper_version == MAPPER_MMC2):
print("Second case mapper")
elif (mapper_version == MAPPER_AxROM
or mapper_version == MAPPER_COLOR_DREAMS
or mapper_version == MAPPER_BxROM):
print("Third case mapper")
else:
print("Mapper %d is not supported" % mapper_version)
naming()
idaapi.add_entry(Word(0xFFFC), Word(0xFFFC), "start", 1)
idaapi.cvar.inf.startIP = Word(0xFFFC)
idaapi.cvar.inf.beginEA = Word(0xFFFC)
header_info(li, 0xFFEF)
print("[+] Load OK")
return 1
def load_file(li, neflags, format):
if format != ROM_FORMAT_NAME:
Warning("Unknown format name: '%s'" % format)
return 0
jump = dwordAt(li, 0)
idaapi.set_processor_type("gb", SETPROC_ALL | SETPROC_FATAL)
li.seek(0, idaapi.SEEK_END)
size = li.tell()
# ROM0
idc.AddSeg(ROM0_START, ROM0_START + ROM0_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(ROM0_START, "ROM0")
idc.SetSegmentType(ROM0_START, idc.SEG_CODE)
li.seek(0)
li.file2base(0, ROM0_START, ROM0_START + ROM0_SIZE, 0)
# ROM1
idc.AddSeg(ROM1_START, ROM1_START + ROM1_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(ROM1_START, "ROM1")
idc.SetSegmentType(ROM1_START, idc.SEG_CODE)
# VRAM
idc.AddSeg(VRAM_START, VRAM_START + VRAM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(VRAM_START, "VRAM")
# RAM1
idc.AddSeg(RAM1_START, RAM1_START + RAM1_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(RAM1_START, "RAM1")
# RAM0
idc.AddSeg(RAM0_START, RAM0_START + RAM0_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(RAM0_START, "RAM0")
# ECHO
idc.AddSeg(ECHO_START, ECHO_START + ECHO_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(ECHO_START, "ECHO")
# OAM
idc.AddSeg(OAM_START, OAM_START + OAM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(OAM_START, "OAM")
# IO
idc.AddSeg(IO_START, IO_START + IO_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(IO_START, "IO")
# HRAM
idc.AddSeg(HRAM_START, HRAM_START + HRAM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(HRAM_START, "HRAM")
header_info(li)
naming()
print("[+] Load OK")
return 1
import idc
import idaapi
import sys
idc.Wait()
if len(idc.ARGV) == 2:
tmp_dir = idc.ARGV[1]
for tmp_file in sorted(os.listdir(tmp_dir)):
if tmp_file.endswith('.dmp'):
with open("{}/{}".format(tmp_dir, tmp_file)) as f:
data = f.read()
start_addr = int(tmp_file.split('.')[0], 16)
stop_addr = (start_addr + len(data)) | 0xfff
idc.SegCreate(start_addr, stop_addr, 0, 1, 0, idaapi.scPub)
idc.SetSegmentType(start_addr, idc.SEG_CODE)
idaapi.put_many_bytes(start_addr, data)
# reanalyze after adding all the new sections
idc.AnalyzeArea(0, idc.BADADDR)
# compresses the DB
idc.SaveBase('{}.idb'.format(idc.GetInputFile()), flags=idaapi.DBFL_COMP)
idc.Exit(0)
def load_file(li, neflags, format):
if format != ROM_FORMAT_NAME:
Warning("Unknown format name: '%s'" % format)
return 0
idaapi.set_processor_type("M6502", SETPROC_ALL | SETPROC_FATAL)
li.seek(0, idaapi.SEEK_END)
size = li.tell()
li.seek(0, idaapi.SEEK_SET)
nheader = NES_HEADER.from_buffer_copy(li.read(LEN_NES_HEADER))
# RAM SEGMENT
idc.AddSeg(RAM_START, RAM_START + RAM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(RAM_START, "RAM")
zeromemory(RAM_START, RAM_SIZE)
# IOREG SEGMENT
idc.AddSeg(IOREG_START, IOREG_START + IOREG_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(IOREG_START, "IOREG")
zeromemory(IOREG_START, IOREG_SIZE)
# SRAM SEGMENT
# bit 1 : Cartridge contains battery-backed PRG RAM ($6000-7FFF) or other persistent memory
if (nheader.rom_control_byte_0 & 0x02) != 0x00:
idc.AddSeg(SRAM_START, SRAM_START + SRAM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(SRAM_START, "SRAM")
zeromemory(SRAM_START, SRAM_SIZE)
# EXPROM SEGMENT
idc.AddSeg(EXPROM_START, EXPROM_START + EXPROM_SIZE, 0, 0,
idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(EXPROM_START, "EXPROM")
zeromemory(EXPROM_START, EXPROM_SIZE)
# TRAINER SEGMENT
# bit 2 : 512-byte trainer at $7000-$71FF (stored before PRG data)
if (nheader.rom_control_byte_0 & 0x04) != 0x00:
idc.AddSeg(TRAINER_START, TRAINER_START + TRAINER_SIZE, 0, 0,
idaapi.saRelPara, idaapi.scPub)
idc.RenameSeg(TRAINER_START, "TRAINER")
zeromemory(TRAINER_START, TRAINER_SIZE)
# ROM SEGMENT
idc.AddSeg(ROM_START, ROM_START + ROM_SIZE, 0, 0, idaapi.saRelPara,
idaapi.scPub)
idc.RenameSeg(ROM_START, "ROM")
idc.SetSegmentType(ROM_START, idc.SEG_CODE | idc.SEG_DATA)
zeromemory(ROM_START, ROM_SIZE)
describe_header_info(li)
mapper_version = (((nheader.rom_control_byte_0 & 0xF0) >> 4) |
(nheader.rom_control_byte_1 & 0xF0))
if (mapper_version == MAPPER_NONE or mapper_version == MAPPER_MMC1
or mapper_version == MAPPER_UxROM or mapper_version == MAPPER_CNROM
or mapper_version == MAPPER_MMC3 or mapper_version == MAPPER_MMC5
or mapper_version == MAPPER_CAMERIC
or mapper_version == MAPPER_GNROM):
offset = LEN_NES_HEADER
if (nheader.rom_control_byte_0 & 0x04) != 0x00:
offset = offset + TRAINER_SIZE
offset = offset
li.file2base(offset, ROM_START, ROM_START + PRG_PAGE_SIZE, 0)
offset = LEN_NES_HEADER
if (nheader.rom_control_byte_0 & 0x04) != 0x00:
offset = offset + TRAINER_SIZE
offset = offset + (nheader.nb_prg_page_16k - 1) * PRG_PAGE_SIZE
li.file2base(offset, ROM_START + PRG_PAGE_SIZE,
ROM_START + PRG_PAGE_SIZE + PRG_PAGE_SIZE, 0)
offset = LEN_NES_HEADER
if (nheader.rom_control_byte_0 & 0x04) != 0x00:
offset = offset + TRAINER_SIZE
offset = offset + PRG_PAGE_SIZE * nheader.nb_prg_page_16k
li.file2base(offset, RAM_START, RAM_START + CHR_PAGE_SIZE, 0)
elif (mapper_version == MAPPER_MMC2):
Warning("Second case mapper")
elif (mapper_version == MAPPER_AxROM
or mapper_version == MAPPER_COLOR_DREAMS
or mapper_version == MAPPER_BxROM):
Warning("Third case mapper")
else:
Warning("Mapper %d is not supported" % mapper_version)
naming()
idaapi.add_entry(Word(0xFFFC), Word(0xFFFC), "start", 1)
idaapi.cvar.inf.startIP = Word(0xFFFC)
idaapi.cvar.inf.beginEA = Word(0xFFFC)
return 1
def set_type(self, value):
return idc.SetSegmentType(self.addr, value)