def references(function_location, decoding_str):
"""decodes all decoded strings by a given function by applying decoding_str
to every byte.
decoding_str should contain encoded_byte, for example:
decode.references(0x401000, "(encoded_byte ^ 0xA2) + 0x21")"""
for xref in idautils.XrefsTo(function_location):
ea = xref.frm
# The function needs to be defined for get_arg_addrs to work
args = idaapi.get_arg_addrs(ea)
encoded = idc.get_operand_value(args[0], 0)
decoded = idc.get_operand_value(args[1], 0)
decoded_str = ""
i = 0
encoded_byte = ida_bytes.get_wide_byte(encoded)
while encoded_byte != 0:
decoded_byte = eval(decoding_str)
decoded_str += chr(decoded_byte)
ida_bytes.patch_byte(decoded + i, decoded_byte)
i += 1
encoded_byte = ida_bytes.get_wide_byte(encoded + i)
ida_bytes.create_strlit(decoded, i, STRTYPE_C)
idc.set_cmt(ea, f"Decoded: {decoded_str}", 0)
print(f"##At {hex(ea)} decoded: {decoded_str}")
def mark_string(ea, name=None):
strlen = len(idc.get_strlit_contents(ea, -1) or '')
ida_bytes.del_items(
ea, ida_bytes.DELIT_EXPAND | ida_bytes.DELIT_DELNAMES
| ida_bytes.DELIT_NOCMT, strlen + 1)
ida_bytes.create_strlit(ea, strlen + 1, idc.get_inf_attr(idc.INF_STRTYPE))
if name:
ida_name.set_name(ea, name, ida_name.SN_CHECK)
idc.apply_type(ea, idc.parse_decl('char const a[]', 0), idc.TINFO_DEFINITE)
return get_cstring(ea)
def create_and_get_typec_string(ea):
size = ida_bytes.get_max_strlit_length(
ea, ida_nalt.STRTYPE_C, ida_bytes.ALOPT_IGNCLT
| ida_bytes.ALOPT_IGNHEADS | ida_bytes.ALOPT_IGNPRINT)
if size == 0:
return ""
ida_bytes.create_strlit(ea, size, ida_nalt.STRTYPE_C)
string = str(ida_bytes.get_strlit_contents(ea, size, ida_nalt.STRTYPE_C),
encoding="utf-8")
return string
def mark_string(ea, name=None):
strlen = len(idc.GetString(ea, -1))
if strlen == 0:
raise Exception(
'tried marking {} as string, but it isn\'t (len 0)'.format(
hex(ea)))
ida_bytes.del_items(
ea, ida_bytes.DELIT_EXPAND | ida_bytes.DELIT_DELNAMES
| ida_bytes.DELIT_NOCMT, strlen + 1)
ida_bytes.create_strlit(ea, strlen + 1, idc.get_inf_attr(idc.INF_STRTYPE))
if name:
ida_name.set_name(ea, name, ida_name.SN_CHECK)
idc.apply_type(ea, idc.parse_decl('char const a[]', 0), idc.TINFO_DEFINITE)
return idc.GetString(ea, -1)
def create_rom_info_block():
"""
Create ROM information block
"""
idaapi.set_name(256, 'ConsoleName',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(256, 16, 0)
idaapi.set_name(272, 'Copyright',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(272, 16, 0)
idaapi.set_name(288, 'DomesticName',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(288, 48, 0)
idaapi.set_name(336, 'InternationalName',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(336, 48, 0)
idaapi.set_name(384, 'SerialRevision',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(384, 14, 0)
create_word_and_name(398, 'Checksum')
idaapi.set_name(400, 'IoSupport',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(400, 16, 0) # TODO create byte array
create_dword_and_name(416, 'RomStart')
create_dword_and_name(420, 'RomEnd')
create_dword_and_name(424, 'RamStart')
create_dword_and_name(428, 'RamEnd')
idaapi.set_name(432, 'SramInfo',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(432, 12, 0)
idaapi.set_name(444, 'Notes',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(444, 52, 0)
idaapi.set_name(496, 'Region',
idaapi.SN_NOWARN | idaapi.SN_NOLIST | idaapi.SN_NOCHECK)
ida_bytes.create_strlit(496, 16, 0)
def make_string(addr, siz):
print("Creating string at %x %d size" % (addr, siz))
idc.MakeUnknown(addr, siz, idc.DOUNK_SIMPLE)
ida_bytes.create_strlit(addr, siz, -1)
def find_parse_ip(li, ea, parsecode):
# TODO check memory for SEGA SATURN string
# segaSaturn = li.read(16)
# warning(segaSaturn+' '+str(li.tell()))
ida_bytes.create_strlit(ea, 16, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x10, 16, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x20, 10, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x2A, 6, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x30, 8, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x38, 8, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x40, 10, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x4A, 6, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x50, 16, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(ea + 0x60, 0x70, ida_nalt.STRTYPE_C)
ida_bytes.create_byte(ea + 0xD0, 16)
ida_bytes.create_dword(ea + 0xE0, 4)
ida_bytes.create_dword(ea + 0xE4, 4)
ida_bytes.create_dword(ea + 0xE8, 4)
ida_bytes.create_dword(ea + 0xEC, 4)
ida_bytes.create_dword(ea + 0xF0, 4)
ida_funcs.add_func(ida_bytes.get_dword(ea + 0xF0), ida_idaapi.BADADDR)
ida_bytes.create_dword(ea + 0xF4, 4)
ida_bytes.create_dword(ea + 0xF8, 4)
ida_bytes.create_dword(ea + 0xFC, 4)
if parsecode:
ida_funcs.add_func(ea + 0x100, ida_idaapi.BADADDR)
return 1
def find_bios_funcs():
ida_bytes.create_strlit(0x06000200, 16, ida_nalt.STRTYPE_C)
ida_bytes.create_byte(0x06000210, 36)
make_vector(0x06000234, "")
make_vector(0x06000238, "")
make_vector(0x0600023C, "")
ida_bytes.create_strlit(0x06000240, 4, ida_nalt.STRTYPE_C)
ida_bytes.create_strlit(0x06000244, 4, ida_nalt.STRTYPE_C)
ida_bytes.create_dword(0x06000248, 4)
ida_bytes.create_dword(0x0600024C, 4)
make_vector(0x06000250, "")
ida_bytes.create_dword(0x06000264, 4)
make_vector(0x06000268, "")
make_vector(0x0600026C, "bios_run_cd_player")
make_vector(0x06000270, "")
make_vector(0x06000274, "bios_is_mpeg_card_present")
ida_bytes.create_dword(0x06000278, 4)
ida_bytes.create_dword(0x0600027C, 4)
make_vector(0x06000280, "")
make_vector(0x06000284, "")
make_vector(0x06000288, "")
make_vector(0x0600028C, "")
ida_bytes.create_dword(0x06000290, 4)
ida_bytes.create_dword(0x06000294, 4)
make_vector(0x06000298, "bios_get_mpeg_rom")
make_vector(0x0600029C, "")
ida_bytes.create_dword(0x060002A0, 4)
ida_bytes.create_dword(0x060002A4, 4)
ida_bytes.create_dword(0x060002A8, 4)
ida_bytes.create_dword(0x060002AC, 4)
make_vector(0x060002B0, "")
ida_bytes.create_dword(0x060002B4, 4)
ida_bytes.create_dword(0x060002B8, 4)
ida_bytes.create_dword(0x060002BC, 4)
ida_bytes.create_dword(0x060002C0, 4)
# for (i = 0x060002C4; i < 0x06000324; i+=4)
for i in range(0x060002C4, 0x06000324, 4):
make_vector(i, "")
idc.set_name(0x06000300, "bios_set_scu_interrupt")
idc.set_name(0x06000304, "bios_get_scu_interrupt")
idc.set_name(0x06000310, "bios_set_sh2_interrupt")
idc.set_name(0x06000314, "bios_get_sh2_interrupt")
idc.set_name(0x06000320, "bios_set_clock_speed")
ida_bytes.create_dword(0x06000324, 4)
idc.set_name(0x06000324, "bios_get_clock_speed")
# for (i = 0x06000328; i < 0x06000348; i+=4)
for i in range(0x06000328, 0x06000348, 4):
make_vector(i, "")
idc.set_name(0x06000340, "bios_set_scu_interrupt_mask")
idc.set_name(0x06000344, "bios_change_scu_interrupt_mask")
ida_bytes.create_dword(0x06000348, 4)
idc.set_name(0x06000348, "bios_get_scu_interrupt_mask")
make_vector(0x0600034C, "")
ida_bytes.create_dword(0x06000350, 4)
ida_bytes.create_dword(0x06000354, 4)
ida_bytes.create_dword(0x06000358, 4)
ida_bytes.create_dword(0x0600035C, 4)
for i in range(0x06000360, 0x06000380, 4):
make_vector(i, "")
ida_bytes.create_byte(0x06000380, 16)
ida_bytes.create_word(0x06000390, 16)
ida_bytes.create_dword(0x060003A0, 32)
ida_bytes.create_strlit(0x060003C0, 0x40, ida_nalt.STRTYPE_C)
ida_funcs.add_func(0x06000600, ida_idaapi.BADADDR)
ida_funcs.add_func(0x06000646, ida_idaapi.BADADDR)
ida_bytes.create_strlit(0x0600065C, 0x4, ida_nalt.STRTYPE_C)
ida_funcs.add_func(0x06000678, ida_idaapi.BADADDR)
ida_funcs.add_func(0x0600067C, ida_idaapi.BADADDR)
ida_funcs.add_func(0x06000690, ida_idaapi.BADADDR)
ida_bytes.create_dword(0x06000A80, 0x80)
return 1
def makePASSTR(ea):
len = ida_bytes.get_byte(ea)
ida_bytes.create_strlit(ea, len + 1, ida_bytes.STRTYPE_PASCAL)
return len
def make_string(addr, siz):
print("Creating string at %x %d size" % (addr, siz))
ida_bytes.del_items(addr, siz)
ida_bytes.create_strlit(addr, siz, -1)