def go(self):
idaapi.set_processor_type("arm", idc.SETPROC_ALL | idc.SETPROC_FATAL)
inf = idaapi.get_inf_structure()
inf.af &= ~idc.AF_MARKCODE # this is so that IDA does not find functions inside .data segments
inf.af2 &= ~idc.AF2_FTAIL # don't create function tails
inf.af2 |= idc.AF2_PURDAT # control flow to data segment is ignored
print "0) Loading NIDs"
self.load_nids()
print "1) Mapping kernel VA"
self.dump_first_level()
print "2) Finding module table using heuristic"
self.find_module_ptr()
print "3) Creating segments"
self.process_chunks()
print "4) Resolving imports/exports"
self.resolve_impexp()
print "5) Waiting for IDA to analyze the program, this will take a while..."
idc.Wait()
print "6) Analyzing system instructions"
from highlight_arm_system_insn import run_script
run_script()
print "7) Adding MOVT/MOVW pair xrefs"
add_xrefs()
def go(self):
print "0) Building NID cache..."
self.load_nids()
# Vita is ARM
idaapi.set_processor_type("arm",
idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
print "1) Loading ELF segments"
self.fin.seek(0)
header = ELFHeader(self.fin.read(0x34))
self.fin.seek(header.e_phoff)
phdrs = [
ELFphdr(self.fin.read(header.e_phentsize))
for _ in xrange(header.e_phnum)
]
for phdr in phdrs:
if phdr.p_type == p_type.PT_LOAD:
idaapi.add_segm(0, phdr.p_vaddr, phdr.p_vaddr + phdr.p_memsz,
".text" if phdr.x else ".data",
"CODE" if phdr.x else "DATA")
self.fin.file2base(phdr.p_offset, phdr.p_vaddr,
phdr.p_vaddr + phdr.p_filesz, 1)
self.seg0_off = phdrs[0].p_offset
self.seg0_va = phdrs[0].p_vaddr
self.fin.seek(self.seg0_off + header.e_entry)
modinfo = Modinfo(self.fin.read(0x34))
print "2) Doing noreturn functions first"
self.parse_impexp(modinfo.export_top, modinfo.export_end, Modexport,
self.cb_noret)
self.parse_impexp(modinfo.import_top, modinfo.import_end, Modimport,
self.cb_noret)
print "3) Parsing export tables"
self.parse_impexp(modinfo.export_top, modinfo.export_end, Modexport,
self.cb_exp)
print "4) Parsing import tables"
self.parse_impexp(modinfo.import_top, modinfo.import_end, Modimport,
self.cb_imp)
print "5) Waiting for IDA to analyze the program"
idc.Wait()
print "6) Analyzing system instructions"
from highlight_arm_system_insn import run_script
run_script()
print "6) Adding MOVT/MOVW pair xrefs"
add_xrefs()
def go(self):
print "0) Loading NIDs"
self.load_nids()
print "1) Finding modules"
self.find_modules()
print "2) Resolving imports/exports"
self.resolve_impexp()
print "3) Waiting for IDA to analyze the program, this will take a while..."
idc.Wait()
print "4) Analyzing system instructions"
from highlight_arm_system_insn import run_script
run_script()
print "5) Adding MOVT/MOVW pair xrefs"
add_xrefs()
def go(self):
print "0) Building cache..."
self.load_nids()
# Vita is ARM
idaapi.set_processor_type("arm", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
# Set compiler info
cinfo = idaapi.compiler_info_t()
cinfo.id = idaapi.COMP_GNU
cinfo.cm = idaapi.CM_CC_CDECL | idaapi.CM_N32_F48
cinfo.size_s = 2
cinfo.size_i = cinfo.size_b = cinfo.size_e = cinfo.size_l = cinfo.defalign = 4
cinfo.size_ll = cinfo.size_ldbl = 8
idaapi.set_compiler(cinfo, 0)
# Import types
self.import_types()
self.load_proto()
print "1) Loading ELF segments"
self.fin.seek(0)
header = Ehdr(self.fin.read(Ehdr.SIZE))
self.fin.seek(header.e_phoff)
phdrs = [Phdr(self.fin.read(header.e_phentsize)) for _ in xrange(header.e_phnum)]
phdr_text = phdrs[0]
for phdr in phdrs:
if phdr.p_type == Phdr.PT_LOAD:
idaapi.add_segm(0, phdr.p_vaddr, phdr.p_vaddr + phdr.p_memsz,
".text" if phdr.x else ".data",
"CODE" if phdr.x else "DATA")
seg = idaapi.getseg(phdr.p_vaddr)
if phdr.x:
seg.perm = idaapi.SEGPERM_EXEC | idaapi.SEGPERM_READ
phdr_text = phdr
else:
seg.perm = idaapi.SEGPERM_READ | idaapi.SEGPERM_WRITE
self.fin.file2base(phdr.p_offset, phdr.p_vaddr, phdr.p_vaddr + phdr.p_filesz, 1)
if header.e_type == Ehdr.ET_SCE_EXEC:
self.phdr_modinfo = phdr_text
modinfo_off = phdr_text.p_offset + header.e_entry
else:
self.phdr_modinfo = phdrs[(header.e_entry & (0b11 << 30)) >> 30]
modinfo_off = self.phdr_modinfo.p_offset + (header.e_entry & 0x3FFFFFFF)
self.fin.seek(modinfo_off)
modinfo = SceModuleInfo(self.fin.read(SceModuleInfo.SIZE))
modinfo_ea = idaapi.get_fileregion_ea(modinfo_off)
apply_struct(modinfo_ea, SceModuleInfo._find_or_create_struct())
print ""
print " Module: " + str(modinfo.name)
print " NID: 0x{:08X}".format(modinfo.nid)
print ""
print "2) Parsing export tables"
self.parse_impexp(modinfo.export_top, modinfo.export_end, SceModuleExports, self.cb_exp)
print "3) Parsing import tables"
self.parse_impexp(modinfo.import_top, modinfo.import_end, SceModuleImports, self.cb_imp)
print "4) Waiting for IDA to analyze the program"
idc.Wait()
print "5) Analyzing system instructions"
from highlight_arm_system_insn import run_script
run_script()
print "6) Adding MOVT/MOVW pair xrefs"
add_xrefs()