def start(self): logger.info("YaCo.start()") self.YaCoUI.hook() try: self.ida_hooks.unhook() self.initial_load() idc.Wait() self.ida_hooks.hook() except: traceback.print_exc() self.YaCoUI.unhook() self.ida_hooks.unhook() logger.error('Error during load cache, YaCo is disabled !') idc.set_inf_attr(idc.INFFL_AUTO, False) for menu_item in self.yaco_menus: name = menu_item[0] text = menu_item[1] callback = menu_item[2] shortcut = menu_item[3] handler = YaCoHandler(self, callback) action = idaapi.action_desc_t(name, text, handler, shortcut, "") idaapi.register_action(action) idaapi.attach_action_to_menu("Edit/YaTools/", name, idaapi.SETMENU_APP) if PROFILE_YACO_LOADING: self.pr.disable() f = open("yaco-loading.profile", 'w') ps = pstats.Stats(self.pr, stream=f).sort_stats('time') ps.print_stats() f.close()
def FunctionAppendChunk(function_address, A, B_ex): # CAVEAT this function also adds successor hanging instructions! if idaapi.get_func(A) is not None: fn_print("0x%x-0x%x already in function" % (A, B_ex)) return False fn_print("append chunk 0x%x-0x%x to function 0x%x" % (A, B_ex, function_address)) # watch out with hanging instructions if (idaapi.get_func(A) is None) and (idaapi.get_func(idc.PrevHead(B_ex)) is not None): fn_print("chunk 0x%x-0x%x is part hanging, only moving hanging part" % (A, B_ex)) B_ex = A while idaapi.get_func(B_ex) is None: B_ex = idc.NextHead(B_ex) fn_print(" ... instead moving 0x%x-0x%x" % (A, B_ex)) result = idc.AppendFchunk(function_address, A, B_ex) if do_wait: idc.Wait() fn_print("append-chunk 0x%x-0x%x to 0x%x: %d" % (A, B_ex, function_address, result)) if result: now_address = idc.GetFunctionAttr(A, idc.FUNCATTR_START) f2 = idc.GetFunctionAttr(function_address, idc.FUNCATTR_START) assert f2 == now_address, "0x%x/0x%x/0x%x" % (function_address, now_address, f2) return result
def FunctionRemoveChunk(any_ins_in_chunk): chunk_function = idc.GetFunctionAttr(any_ins_in_chunk, idc.FUNCATTR_START) result = idc.RemoveFchunk(chunk_function, any_ins_in_chunk) if do_wait: idc.Wait() fn_print("remove-chunk 0x%x: %d" % (any_ins_in_chunk, result)) return result
def go(self): idaapi.set_processor_type("arm", idc.SETPROC_ALL | idc.SETPROC_FATAL) inf = idaapi.get_inf_structure() inf.af &= ~idc.AF_MARKCODE # this is so that IDA does not find functions inside .data segments inf.af2 &= ~idc.AF2_FTAIL # don't create function tails inf.af2 |= idc.AF2_PURDAT # control flow to data segment is ignored print "0) Loading NIDs" self.load_nids() print "1) Mapping kernel VA" self.dump_first_level() print "2) Finding module table using heuristic" self.find_module_ptr() print "3) Creating segments" self.process_chunks() print "4) Resolving imports/exports" self.resolve_impexp() print "5) Waiting for IDA to analyze the program, this will take a while..." idc.Wait() print "6) Analyzing system instructions" from highlight_arm_system_insn import run_script run_script() print "7) Adding MOVT/MOVW pair xrefs" add_xrefs()
def request(self, service, output): if service not in self.services: raise ServiceIsNotRegistered(service) idc.Wait() with open(output, 'w') as out: self.services[service](out) idc.Exit(0)
def wait_until_ready(): ''' first thing you should wait until IDA has parsed the executable. ''' print "[+] Waiting for auto-analysis to finish..." # wait for the autoanalysis to finish idc.Wait()
def main(): idc.Wait() if autoIsOk(): classes = run_msvc() print classes else: print "Take it easy, man" print "Done" idc.Exit(0)
def go(self): print "0) Building NID cache..." self.load_nids() # Vita is ARM idaapi.set_processor_type("arm", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL) print "1) Loading ELF segments" self.fin.seek(0) header = ELFHeader(self.fin.read(0x34)) self.fin.seek(header.e_phoff) phdrs = [ ELFphdr(self.fin.read(header.e_phentsize)) for _ in xrange(header.e_phnum) ] for phdr in phdrs: if phdr.p_type == p_type.PT_LOAD: idaapi.add_segm(0, phdr.p_vaddr, phdr.p_vaddr + phdr.p_memsz, ".text" if phdr.x else ".data", "CODE" if phdr.x else "DATA") self.fin.file2base(phdr.p_offset, phdr.p_vaddr, phdr.p_vaddr + phdr.p_filesz, 1) self.seg0_off = phdrs[0].p_offset self.seg0_va = phdrs[0].p_vaddr self.fin.seek(self.seg0_off + header.e_entry) modinfo = Modinfo(self.fin.read(0x34)) print "2) Doing noreturn functions first" self.parse_impexp(modinfo.export_top, modinfo.export_end, Modexport, self.cb_noret) self.parse_impexp(modinfo.import_top, modinfo.import_end, Modimport, self.cb_noret) print "3) Parsing export tables" self.parse_impexp(modinfo.export_top, modinfo.export_end, Modexport, self.cb_exp) print "4) Parsing import tables" self.parse_impexp(modinfo.import_top, modinfo.import_end, Modimport, self.cb_imp) print "5) Waiting for IDA to analyze the program" idc.Wait() print "6) Analyzing system instructions" from highlight_arm_system_insn import run_script run_script() print "6) Adding MOVT/MOVW pair xrefs" add_xrefs()
def init(tests): # workaround ida 6.95 function chunks which should really be functions for ea in [0x6718f260, 0x671a5250]: numrefs = idc.GetFchunkAttr(ea, idc.FUNCATTR_REFQTY) if numrefs <= 1: continue for idx in range(numrefs, 0, -1): idc.RemoveFchunk(idc.GetFchunkReferer(ea, idx - 1), ea) idc.MakeFunction(ea) idc.Wait() YaCo.start_tests()
def pre_hook(self): self.unhook() hooks.idb.unhook() idc.SetCharPrm(idc.INF_AUTO, True) idc.Wait() idaapi.request_refresh(idaapi.IWID_STRUCTS | idaapi.IWID_ENUMS | idaapi.IWID_XREFS) idc.SetCharPrm(idc.INF_AUTO, False) idaapi.request_refresh(idaapi.IWID_STRUCTS | idaapi.IWID_ENUMS | idaapi.IWID_XREFS) self.hook() hooks.idb.hook()
def makeFuncsFromPreamble(funcpreamble, startea=idc.FirstSeg(), endea = idaapi.BADADDR): """ This method makes functions everywhere that the sequence 'funpreamble' is found. NOTE: this method is generally unsafe, because it will attempt to make functions where there may be no function. Use it with caution. """ ea = startea i = 0 while (ea != idaapi.BADADDR and ea < endea): ea = idc.FindBinary(ea, SEARCH_DOWN, funcpreamble) idc.MakeFunction(ea) idc.Wait() ea = ea + 1 # idc.FindBinary(ea) returns ea if ea matches, silly
def find_sscanf_vulns(): idc.Wait() sscanf = idc.LocByName('_sscanf') if sscanf == idc.BADADDR: print("sscanf not found") return for caller in idautils.CodeRefsTo(sscanf, False): process_sscanf_callers(caller, sscanf) if ida_kernwin.cvar.batch: idc.Exit(0)
def pre_hook(self): self.unhook() hooks.idb.unhook() idc.set_inf_attr(idc.INFFL_AUTO, True) idc.Wait() idaapi.request_refresh(idaapi.IWID_STRUCTS | idaapi.IWID_ENUMS | idaapi.IWID_XREFS) idc.set_inf_attr(idc.INFFL_AUTO, False) idaapi.request_refresh(idaapi.IWID_STRUCTS | idaapi.IWID_ENUMS | idaapi.IWID_XREFS) self.hook() hooks.idb.hook()
def _convert_address_to_function(func): """Convert an address that IDA has classified incorrectly into a proper function.""" # If everything goes wrong, we'll try to restore this function. orig = idc.FirstFuncFchunk(func) # If the address is not code, let's undefine whatever it is. if not idc.isCode(idc.GetFlags(func)): if not is_mapped(func): # Well, that's awkward. return False item = idc.ItemHead(func) itemend = idc.ItemEnd(func) if item != idc.BADADDR: _log(1, 'Undefining item {:#x} - {:#x}', item, itemend) idc.MakeUnkn(item, idc.DOUNK_EXPAND) idc.MakeCode(func) # Give IDA a chance to analyze the new code or else we won't be able to create a # function. idc.Wait() idc.AnalyseArea(item, itemend) else: # Just try removing the chunk from its current function. IDA can add it to another function # automatically, so make sure it's removed from all functions by doing it in loop until it # fails. for i in range(1024): if not idc.RemoveFchunk(func, func): break # Now try making a function. if idc.MakeFunction(func) != 0: return True # This is a stubborn chunk. Try recording the list of chunks, deleting the original function, # creating the new function, then re-creating the original function. if orig != idc.BADADDR: chunks = list(idautils.Chunks(orig)) if idc.DelFunction(orig) != 0: # Ok, now let's create the new function, and recreate the original. if idc.MakeFunction(func) != 0: if idc.MakeFunction(orig) != 0: # Ok, so we created the functions! Now, if any of the original chunks are not # contained in a function, we'll abort and undo. if all(idaapi.get_func(start) for start, end in chunks): return True # Try to undo the damage. for start, _ in chunks: idc.DelFunction(start) # Everything we've tried so far has failed. If there was originally a function, try to restore # it. if orig != idc.BADADDR: _log(0, 'Trying to restore original function {:#x}', orig) idc.MakeFunction(orig) return False
def main(): global WINHE_RESULTS_DIR print "Start analysis" idc.Wait() #wait while ida finish analysis DEPTH_LEVEL = os.getenv('DEPTH_LEVEL') auto_mode = 0 # set WINHE_RESULTS_DIR variable in the cmd in case if you want to run IDA in the # silent mode. WINHE_RESULTS_DIR = os.getenv('WINHE_RESULTS_DIR') if WINHE_RESULTS_DIR == None: WINHE_RESULTS_DIR = os.getcwd() else: auto_mode = 1 print "saving results in ", WINHE_RESULTS_DIR init_analysis() if auto_mode == 1: Exit(0)
def main(): idc.Wait() print ["Check begin-----------------------------------------------------------------"] file_type = idaapi.get_file_type_name() print "It's",[file_type],"file." danger_func_check() #iOS_file = ["Fat Mach-O file, 1. ARMv7","Fat Mach-O file, 2. ARM64","Mach-O file (EXECUTE). ARM64","Mach-O file (EXECUTE). ARMv7","Mach-O file (EXECUTE). ARM","Mach-O file (EXECUTE). ARMv7s","Mach-O file (EXECUTE). ARMv6"] #Android_so_file = [] if ("Mach-O file" in file_type) and ("ARM" in file_type): iOS_check() if "PE" in file_type: CreateProcessAsUserW_check() #if file_type in Android_so_file: #Android_so_check() strcpy_buffer_check() print "-----------------------------------------------------------------" print ["Check over-----------------------------------------------------------------"] idc.Exit(0)
def update(self): memory_exporter = ya.MakeModel() modified_files = self.repo_manager.update_cache() ya.MakeXmlFilesDatabaseModel(modified_files).accept( memory_exporter.visitor) logger.debug("unhook") self.ida_hooks.unhook() logger.debug("export mem->ida") ya.export_to_ida(memory_exporter.model, self.hash_provider) idc.set_inf_attr(idc.INFFL_AUTO, True) idc.Wait() idc.set_inf_attr(idc.INFFL_AUTO, False) idc.Refresh() logger.debug("hook") self.ida_hooks.hook()
def main(): print "Start metrics calculation" idc.Wait() #wait while ida finish analysis if os.getenv('IDAPYTHON') != 'auto': name = AskFile(1, "*.*", "Where is a file with libcalls?") subcalls_mode = 0 #AskYN(1,("HIDECANCEL\nDo you want to instrument subcalls in the routines?\n")) if subcalls_mode == -1: print "Terminated" return 0 init_analysis(name, subcalls_mode, MANUAL) print "done" return 0 #else: #hidden mode #todo: get flag (instrument or don't instrument subcalls and where is a file with a list of libcalls) #init_analysis(name, subcalls_mode, SILENT) if os.getenv('IDAPYTHON') == 'auto': Exit(0) return 1
def update(self): # pydevd.settrace() logger.debug("Yaco.update()") (modified_object_ids_str, deleted_object_ids_str, modified_files, _deleted_files) = self.repo_manager.update_cache() modified_object_ids = [] deleted_object_ids = [] for obj_id in modified_object_ids_str: modified_object_ids.append(ya.YaToolObjectId_From_String(obj_id)) for obj_id in deleted_object_ids_str: deleted_object_ids.append(ya.YaToolObjectId_From_String(obj_id)) logger.debug("delete objects") # fixme do something logger.debug("invalidate objects") # fixme do something logger.debug("loading XML") logger.debug("modified files : %r", modified_files) memory_exporter = ya.MakeModel() logger.debug("exporting XML to memory") ya.MakeXmlFilesDatabaseModel(modified_files).accept( memory_exporter.visitor) logger.debug("unhook") self.ida_hooks.unhook() logger.debug("export mem->ida") ya.export_to_ida(memory_exporter.model, self.hash_provider, ya.UseFrames) idc.SetCharPrm(idc.INF_AUTO, True) idc.Wait() idc.SetCharPrm(idc.INF_AUTO, False) idc.Refresh() logger.debug("hook") self.ida_hooks.hook()
def run(self, *args, **kwargs): try: print("YaCo: waiting for auto analysis to finish\n") idc.Wait() print("YaCo: saving base in current state\n") idc.SaveBase("") import_yaco_paths() import YaCo if not YaCo.start(): idc.Warning("YaCo: already started") except Exception, e: print("YaCo: error during run") print(traceback.format_exc()) logger = logging.getLogger("YaCo") if logger is not None: try: logger.error("YaCo: error during run") logger.error(traceback.format_exc()) except: pass raise e
def main(): global DEPTH_LEVEL, WINHE_RESULTS_DIR print "Start analysis" idc.Wait() #wait while ida finish analysis DEPTH_LEVEL = os.getenv('DEPTH_LEVEL') auto_mode = 0 if DEPTH_LEVEL == None: DEPTH_LEVEL = 1 #default DEPTH_LEVEL else: DEPTH_LEVEL = int(DEPTH_LEVEL) auto_mode = 1 # set WINHE_RESULTS_DIR variable in the cmd in case if you want to run IDA in the # silent mode. WINHE_RESULTS_DIR = os.getenv('WINHE_RESULTS_DIR') if WINHE_RESULTS_DIR == None: WINHE_RESULTS_DIR = os.getcwd() print "saving results in ", WINHE_RESULTS_DIR print "depth level = ", DEPTH_LEVEL init_analysis() if auto_mode == 1: Exit(0)
def MbrLoader(): """ This small routine loads the MBR into IDA It acts as a custom file loader (written with a script) """ import idaapi; import idc; global SECTOR_SIZE, BOOT_START, BOOT_SIZE, BOOT_END, SECTOR2, MBRNAME # wait till end of analysis idc.Wait() # adjust segment idc.SetSegBounds(BOOT_START, BOOT_START, BOOT_START + BOOT_SIZE, idaapi.SEGMOD_KEEP) # load the rest of the MBR idc.loadfile(MBRNAME, SECTOR_SIZE, SECTOR2, SECTOR_SIZE) # Make code idc.AnalyzeArea(BOOT_START, BOOT_END)
def make_stackframe(self, object_version, address): object_id = object_version.get_id() parent_object_id = object_version.get_parent_object_id() # associate stack frame id to function id self.stackframes_functions[object_id] = parent_object_id # association stackframe id to internal struc id eaFunc = object_version.get_object_address() logger.debug("stackframe[%s] : address of function is 0x%08X" % (self.hash_provider.hash_to_string(object_id), eaFunc)) attributes = object_version.get_attributes() stack_lvars = None stack_regvars = None stack_args = None try: stack_lvars = self.yatools.hex_string_to_address( attributes["stack_lvars"]) stack_regvars = self.yatools.hex_string_to_address( attributes["stack_regvars"]) stack_args = self.yatools.hex_string_to_address( attributes["stack_args"]) except KeyError: logger.warning("Stackframe at %s has missing attribute" % self.yatools.address_to_hex_string(eaFunc)) stack_frame = idaapi.get_frame(eaFunc) if stack_frame is None: logger.error( "No function found for stackframe[%s] at 0x%08X" % (self.hash_provider.hash_to_string(object_id), eaFunc)) self.analyze_function(eaFunc) stack_frame = idaapi.get_frame(eaFunc) if stack_frame is None: logger.error( "No function found for stackframe[%s] at 0x%08X after reanalysis" % (self.hash_provider.hash_to_string(object_id), eaFunc)) idc.SetCharPrm(idc.INF_AUTO, 1) idc.Wait() idc.SetCharPrm(idc.INF_AUTO, 0) stack_frame = idaapi.get_frame(eaFunc) if stack_frame is None: logger.error( "No function found for stackframe[%s] at 0x%08X after full reanalysis" % (self.hash_provider.hash_to_string(object_id), eaFunc)) idc.MakeFrame(eaFunc, stack_lvars, stack_regvars, stack_args) stack_frame = idaapi.get_frame(eaFunc) if stack_frame is None: logger.error( "No function found for stackframe[%s] at 0x%08X after idc.MakeFrame" % (self.hash_provider.hash_to_string(object_id), eaFunc)) else: self.struc_ids[object_id] = stack_frame.id _yatools_ida_exporter.set_struct_id(object_id, stack_frame.id) stack_lvars = None try: stack_lvars = self.yatools.hex_string_to_address( object_version.get_attributes()["stack_lvars"]) except KeyError: logger.warning( "Stackframe at %s has no stack_lvars attribute" % self.yatools.address_to_hex_string(eaFunc)) if stack_lvars is not None: logger.debug( "Clearing everything for stackframe at 0x%08X, with stack_lvars=0x%04X", eaFunc, stack_lvars) self.clear_struc_fields( stack_frame.id, object_version.get_size(), object_version.get_xrefed_id_map().iterkeys(), member_type=ya.OBJECT_TYPE_STACKFRAME_MEMBER, name_offset=stack_lvars)
def autoanalyze(): print 'Waiting for IDA autoanalysis...' idc.Wait()
output_file = open(info_filename,'w') asm_file = open(asm_filename,'r') asmplus_file = open(asm_filename,'r') funcs = idautils.Functions() funcs_iterator = idautils.Functions() # scan all functions to extract number of functions and add them to the funcs_id for i in funcs_iterator: func_name = GetFunctionName(i) funcs_id.update({func_name:func_id}) func_num += 1 func_id += 1 cg_adjmat.append([]) for f in funcs: func_name = GetFunctionName(f) function_extract(output_file, f, cg_adjmat, funcs_id, callees, asm_filename) # extract functions data BB_extract(output_file, f, asmplus_filename) # extract basic blocks data, CFG and CFG adjacency matrices cg_extract(output_file, cg_adjmat, funcs_id, callees, func_num) # extract CG and CG adjacency matrix # end of controller #------------------------------------------------------------------------------------------------------------------------ q = None f = None idc.Wait() controller()
def make_data(self, object_version, address): size = 0 try: size = object_version.get_size() except KeyError: pass flags = None try: flags = object_version.get_object_flags() except KeyError: pass if size == 0: idc.MakeUnkn(address, idc.DOUNK_EXPAND) else: if flags is not None: if idc.isASCII(flags): try: str_type = object_version.get_string_type() YaToolIDATools.check_and_set_str_type(str_type) except KeyError: pass idc.MakeStr(address, address + size) idc.SetFlags(address, flags) if idc.isStruct(flags): found = False for xref_offset_operand, xref_id_attr in object_version.get_xrefed_id_map( ).iteritems(): (xref_offset, xref_operand) = xref_offset_operand for xref_hash, xref_attrs in xref_id_attr: if xref_hash in self.struc_ids: struc_id = self.struc_ids[xref_hash] if DEBUG_EXPORTER: logger.debug( "making unknown from 0x%08X to 0x%08X" % (address, address + size)) idaapi.do_unknown_range( address, size, idc.DOUNK_DELNAMES) # idc.MakeUnkn(address, DOUNK_SIMPLE | idc.DOUNK_DELNAMES) # for i in xrange(1, size): # MakeName(address + i, "") # idc.MakeUnkn(address + i, DOUNK_SIMPLE | idc.DOUNK_DELNAMES) # idc.MakeStructEx uses idaapi.doStruct (but asks for name while # we already have the struc id) if DEBUG_EXPORTER: logger.debug( "Making struc at %s : %s (sizeof(%s)=0x%08X, size=0x%08X, flags=0x%08X" % (self.yatools.address_to_hex_string( address), self.yatools.address_to_hex_string( struc_id), idaapi.get_struc_name(struc_id), idc.GetStrucSize(struc_id), size, flags)) idc.SetCharPrm(idc.INF_AUTO, True) idc.Wait() if idaapi.doStruct(address, size, struc_id) == 0: if DEBUG_EXPORTER: logger.warning("Making struc failed") idc.SetCharPrm(idc.INF_AUTO, False) # idc.SetFlags(address, flags) found = True else: logger.error( "bad struc flags : idc.isStruct is true but no xref available for object %s" % self.hash_provider.hash_to_string( object_version.get_id())) if not found: logger.error( "bad struc flags : idc.isStruct is true " "but no struc available for object %s (%s)" % (self.hash_provider.hash_to_string( object_version.get_id()), object_version.get_name())) else: idc.MakeData(address, flags & (idc.DT_TYPE | idc.MS_0TYPE), size, 0) else: idc.MakeData(address, idc.FF_BYTE, size, 0) self.make_name(object_version, address, False) self.set_type(object_version, address)
def dump_exp_gadgets(): import gadget exp_gadgets = gadget.find_exp_gadgets() with open("%s.payload.gadgets" % get_input_file_path(), "wb") as f: pickle.dump(exp_gadgets, f) return def load_exp_gadgets(dump_file): with open(dump_file, "rb") as f: exp_gadgets = pickle.load(f) return exp_gadgets def disasm(ea): return idc.GetDisasm(ea) """ if __name__ == "__main__": import sys sys.setrecursionlimit(40000) idc.Wait() # Wait for IDA to complete its auto analysis print '-------- DUMP start -----------' dump_data() print '-------- DUMP end -----------' ''' (all_blocks, all_opcodes) = load_codes_blocks(target_file) show_blocks(all_blocks) print all_opcodes ''' idc.Exit(0) # Exit IDA when done;
def autoanalyze(): idc.Wait()
def run(self, arg): global MKBundleManagerInstance idc.Wait() MKBundleManagerInstance.Show_BundledAssemblyManagerView()
def go(self): print "0) Building cache..." self.load_nids() # Vita is ARM idaapi.set_processor_type("arm", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL) # Set compiler info cinfo = idaapi.compiler_info_t() cinfo.id = idaapi.COMP_GNU cinfo.cm = idaapi.CM_CC_CDECL | idaapi.CM_N32_F48 cinfo.size_s = 2 cinfo.size_i = cinfo.size_b = cinfo.size_e = cinfo.size_l = cinfo.defalign = 4 cinfo.size_ll = cinfo.size_ldbl = 8 idaapi.set_compiler(cinfo, 0) # Import types self.import_types() self.load_proto() print "1) Loading ELF segments" self.fin.seek(0) header = Ehdr(self.fin.read(Ehdr.SIZE)) self.fin.seek(header.e_phoff) phdrs = [Phdr(self.fin.read(header.e_phentsize)) for _ in xrange(header.e_phnum)] phdr_text = phdrs[0] for phdr in phdrs: if phdr.p_type == Phdr.PT_LOAD: idaapi.add_segm(0, phdr.p_vaddr, phdr.p_vaddr + phdr.p_memsz, ".text" if phdr.x else ".data", "CODE" if phdr.x else "DATA") seg = idaapi.getseg(phdr.p_vaddr) if phdr.x: seg.perm = idaapi.SEGPERM_EXEC | idaapi.SEGPERM_READ phdr_text = phdr else: seg.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_WRITE self.fin.file2base(phdr.p_offset, phdr.p_vaddr, phdr.p_vaddr + phdr.p_filesz, 1) if header.e_type == Ehdr.ET_SCE_EXEC: self.phdr_modinfo = phdr_text modinfo_off = phdr_text.p_offset + header.e_entry else: self.phdr_modinfo = phdrs[(header.e_entry & (0b11 << 30)) >> 30] modinfo_off = self.phdr_modinfo.p_offset + (header.e_entry & 0x3FFFFFFF) self.fin.seek(modinfo_off) modinfo = SceModuleInfo(self.fin.read(SceModuleInfo.SIZE)) modinfo_ea = idaapi.get_fileregion_ea(modinfo_off) apply_struct(modinfo_ea, SceModuleInfo._find_or_create_struct()) print "" print " Module: " + str(modinfo.name) print " NID: 0x{:08X}".format(modinfo.nid) print "" print "2) Parsing export tables" self.parse_impexp(modinfo.export_top, modinfo.export_end, SceModuleExports, self.cb_exp) print "3) Parsing import tables" self.parse_impexp(modinfo.import_top, modinfo.import_end, SceModuleImports, self.cb_imp) print "4) Waiting for IDA to analyze the program" idc.Wait() print "5) Analyzing system instructions" from highlight_arm_system_insn import run_script run_script() print "6) Adding MOVT/MOVW pair xrefs" add_xrefs()