def yatest_enums(self): values = [] for flag in flags: for prefix, enum_width, is_bitfield, num_fields in tests: name = '%s_%x_%d_%x' % (prefix, enum_width, is_bitfield, flag) ea = None eid = idc.AddEnum(-1, name, flag) self.assertNotEqual(eid, idaapi.BADADDR) if enum_width != 0: idc.SetEnumWidth(eid, enum_width) if is_bitfield: self.assertTrue(idc.SetEnumBf(eid, True)) idc.SetEnumCmt(eid, prefix + 'cmt', False) idc.SetEnumCmt(eid, prefix + 'rpt', True) for n in range(0, num_fields): field = '%s_%d' % (name , n) cid = None if is_bitfield: self.assertEqual(idc.AddConstEx(eid, field, 1 << n, 1 << n), 0) else: self.assertEqual(idc.AddConst(eid, field, n), 0) if n == 0: ea = get_ea() self.assertNotEqual(idaapi.op_enum(ea, 1, eid, 0), idaapi.BADADDR) cid = idc.GetConstByName(field) self.assertTrue(idc.SetConstCmt(cid, field + 'cmt', False)) #self.assertTrue(idc.SetConstCmt(cid, field + 'rpt', True)) values.append((name, ea)) yaunit.save('enums', values)
def createenum(self, symbols): """ Given full symbols and addresses create an enum name with the library name (the string before !) Some constants will fail due to weird characters in symbols used by MS. eg( `$) symbols: (dict) A set of symbols and addresses that have been cleaned. """ enum_name = symbols.keys()[0].split('!')[0] enum = idc.AddEnum(0, enum_name, idaapi.hexflag()) if enum == idaapi.BADADDR: print "[!] Failed to create enum: %s\n" % enum_name return for symbol, address in symbols.iteritems(): # "ADVAPI32!RegCreateKeyExWStub": "0xffff8007be2f89f0" org_symb = symbol symbol = str(symbol.split('!')[1].encode('utf-8')) symbol = symbol.strip() symbol = 's_'+symbol address = int(address,16) ret = idc.AddConstEx(enum, symbol, address, -1) if ret !=0: print "[!] Failed to create constant for symbol %s - (%s). %s" % (org_symb,symbol,ENUM_ERRORS[ret]) continue self.enums[address] = enum print "[+] Finished adding enum %s\n" % enum_name
def ports_analisys(): ports_struc = idc.AddEnum(-1, "ports", (FF_WRD|FF_DATA)) idc.AddConstEx(ports_struc, "PCI_CONFIG_ADDRESS", PCI_CONFIG_ADDRESS, -1) idc.AddConstEx(ports_struc, "PCI_CONFIG_DATA", PCI_CONFIG_DATA, -1) for each in idaapi.find_binary(start, stop, "", 0, 0): # find_binary(ea_t startea, ea_t endea, char ubinstr, int radix, int sflag) -> ea_t idc.MakeCode(each)
def add_enums(function): """ Add standard enums from parsed MSDN documentation for all imported library calls and their arguments. Arguments: function -- function object """ enum_count = 0 for argument in function.arguments: # Add standard enums if not argument.enums: g_logger.debug(' No standard constants available for %s' % argument.name) else: for enum in argument.enums: g_logger.debug(' Importing enum %s for argument %s' % (enum, argument.name)) if idc.Til2Idb(-1, enum) != idaapi.BADADDR: g_logger.debug(' ' + enum + ' ' + hex(idc.GetEnum(enum)) + ' added successfully') enum_count = enum_count + 1 else: g_logger.debug(' Could not add ' + enum) if not argument.constants: # No constants for this argument continue argument.name = argument.name.encode('utf-8') function.name = function.name.encode('utf-8') # Add constant descriptions for constant in argument.constants: constant.name = constant.name.encode('utf-8') if constant.name == 'NULL': # Create unique name, so we can add descriptive comment to it constant.name = 'NULL_{}_{}'.format(argument.name, function.name) # Add custom enum for NULL values if it does not exist yet enumid = idc.GetEnum(NULL_ENUM_NAME) if enumid == idaapi.BADADDR: enumid = idc.AddEnum(-1, NULL_ENUM_NAME, idaapi.hexflag()) idc.AddConstEx(enumid, constant.name, 0, -1) constid = idc.GetConstByName(constant.name) idc.SetConstCmt(constid, format_comment(constant.description), False) else: constid = idc.GetConstByName(constant.name) if constid: if idc.SetConstCmt(constid, format_comment(constant.description), False): g_logger.debug(' Description added for %s' % constant.name) else: g_logger.debug(' No description added for %s' % constant.name) return enum_count
def createEnum(self, enum): eid = idc.AddEnum(-1, enum[0], 0x1100000) #what is this flag? idc.SetEnumBf(eid, 1) val = 0 mask = 0x1f idc.SetEnumWidth(eid, 1) for i in enum[1]: idc.AddConstEx(eid, i, val, mask) val += 1
def import_data_dumps(): key_value_regex = re.compile(r"^\s*(?P<key>[^ =]+)\s*=\s*" r"(?P<value>.+)\s*$", re.MULTILINE) is_intel = True is_amd = False # dmesg parse # CPU Vendor/Model if is_intel: # inteltool output parse # GPIOBASE ; PMBASE ; MCHBAR ; EPBAR ; DMIBAR ; PCIEXBAR try: log = open(filename, encoding="utf8") self.clear() for match in key_value_regex.finditer(log.read()): data = {} data[match.group("key")] = int(match.group("value")) return True except (RuntimeError) as err: print "import error" return False finally: if log is not None: log.close() BASE_GPIO = data["GPIOBASE"] BASE_PM = data["PMBASE"] BASE_MCH = data["MCHBAR"] BASE_EP = data["EPBAR"] BASE_DMI = data["DMIBAR"] BASE_PCIE = data["PCIEXBAR"] # BASE_SMBUS = data["SMBUSBAR"] bases_struc = idc.AddEnum(-1, "bases", (FF_DWRD|FF_DATA)) idc.AddConstEx(bases_struc, "BASE_GPIO", BASE_GPIO, -1) idc.AddConstEx(bases_struc, "BASE_PM", BASE_PM, -1) idc.AddConstEx(bases_struc, "BASE_MCH", BASE_MCH, -1) idc.AddConstEx(bases_struc, "BASE_EP", BASE_EP, -1) idc.AddConstEx(bases_struc, "BASE_DMI", BASE_DMI, -1) idc.AddConstEx(bases_struc, "BASE_PCIE", BASE_PCIE, -1) # idc.AddConstEx(bases_struc, "BASE_SMBUS", BASE_SMBUS, -1) elif is_amd: #other outputs parse else print "Error: Unknown CPU"
def __init__(self, name, canCreate=False): if isinstance(name, (int, long)): name = str(name) self.name = name self.id = idc.GetEnum(name) self._vals = None self._names = None if self.id == idc.BADADDR: try: self.id = int(name) self.name = idc.GetEnumName(self.id) except Exception: self.name = None self.id = None if not self.name: if not canCreate: raise Enum.EnumNotFoundError(name) self.id = idc.AddEnum(idc.GetEnumQty(), name, 0)
def make_enum(self, object_version, address): enum_name = object_version.get_name() object_id = object_version.get_id() # build flags bitfield = False flags = object_version.get_object_flags() if flags & 0x1 == 0x1: bitfield = True flags = flags & ~0x1 try: enum_width = object_version.get_size() except KeyError: enum_width = None # check if enum already exists enum_id = idc.GetEnum(enum_name) enum_xrefs_ids = object_version.get_xrefed_ids() logger.debug( "%s:%d : Check here that enum_xrefs_ids is a set(YaToolObjectId) and correctly used" % (__file__, inspect.currentframe().f_lineno)) if enum_id != idc.BADADDR: # enum already exists, deleting all members for (const_id, const_value, bmask) in YaToolIDATools.enum_member_iterate_all(enum_id): if bmask == idc.BADADDR: bmask = -1 const_name = idc.GetConstName(const_id) if (enum_name, const_name, const_value) not in self.enum_member_ids: idc.DelConstEx(enum_id, const_value, 0, bmask) elif self.hash_provider.get_enum_member_id( enum_id, enum_name, const_id, const_name, const_value) not in enum_xrefs_ids: logger.debug("deleting not found constant : %s/%s" % (enum_name, const_name)) idc.DelConstEx(enum_id, const_value, 0, bmask) """ if the enum "bitfield" state has changed : change it! We can't access the functions """ if idc.IsBitfield(enum_id) != bitfield: idaapi.set_enum_bf(enum_id, bitfield) else: # create enum # SetEnumFlag return "'module' object has no attribute 'set_enum_flag'". enum_id = idc.AddEnum(address, enum_name, flags) if enum_width is not None: idc.SetEnumWidth(enum_id, enum_width) if bitfield: idc.SetEnumBf(enum_id, 1) # process comment try: repeatable_headercomment = self.sanitize_comment_to_ascii( object_version.get_header_comment(True)) idc.SetEnumCmt(enum_id, repeatable_headercomment, 1) except KeyError: pass try: nonrepeatable_headercomment = self.sanitize_comment_to_ascii( object_version.get_header_comment(False)) idc.SetEnumCmt(enum_id, nonrepeatable_headercomment, 0) except KeyError: pass self.enum_ids[object_id] = enum_id self.hash_provider.put_hash_struc_or_enum(enum_id, object_id) logger.debug("adding enum id %s : '0x%.016X'" % (self.hash_provider.hash_to_string(object_id), enum_id))
def implement(self): idc.AddEnum(self._id, self._name, 0)