def load_kmdf_types_into_idb():
header_path = idautils.GetIdbDir()
idaapi.idc_parse_types("".join([header_path, "WDFStructs.h"]), idc.PT_FILE)
for idx in range(1, idc.get_ordinal_qty()):
#Fails to add some of the types
print((idx, idc.get_numbered_type_name(idx)))
idc.import_type(idx, idc.get_numbered_type_name(idx))
def add_enums(function):
""" Add standard enums from parsed MSDN documentation for all imported
library calls and their arguments.
Arguments:
function -- function object
"""
enum_count = 0
for argument in function.arguments:
# Add standard enums
if not argument.enums:
g_logger.debug(' No standard constants available for %s' %
argument.name)
else:
for enum in argument.enums:
g_logger.debug(' Importing enum %s for argument %s' %
(enum, argument.name))
if idc.import_type(-1, enum) != idaapi.BADADDR:
g_logger.debug(' ' + enum + ' ' +
hex(idc.get_enum(enum)) +
' added successfully')
enum_count = enum_count + 1
else:
g_logger.debug(' Could not add ' + enum)
if not argument.constants:
# No constants for this argument
continue
argument.name = argument.name
function.name = function.name
# Add constant descriptions
for constant in argument.constants:
if constant.name == 'NULL':
# Create unique name, so we can add descriptive comment to it
constant.name = 'NULL_{}_{}'.format(argument.name,
function.name)
# Add custom enum for NULL values if it does not exist yet
enumid = idc.get_enum(NULL_ENUM_NAME)
if enumid == idaapi.BADADDR:
enumid = idc.add_enum(-1, NULL_ENUM_NAME,
idaapi.hex_flag())
idc.add_enum_member(enumid, constant.name, 0, -1)
constid = idc.get_enum_member_by_name(constant.name)
idc.set_enum_member_cmt(constid,
format_comment(constant.description),
False)
else:
constid = idc.get_enum_member_by_name(constant.name)
if constid:
if idc.set_enum_member_cmt(
constid, format_comment(constant.description),
False):
g_logger.debug(' Description added for %s' %
constant.name)
else:
g_logger.debug(' No description added for %s' %
constant.name)
return enum_count
def __init__(self):
header = get_header_idb()
if not len(header):
header = get_header_file()
self.arch = get_machine_type(header)
self.subsystem = check_subsystem(header)
self.valid = True
if not self.subsystem:
print('[ERROR] Wrong subsystem')
self.valid = False
if not (self.arch == 'x86' or self.arch == 'x64'):
print('[ERROR] Wrong architecture')
self.valid = False
if self.arch == 'x86':
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86
if self.arch == 'x64':
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64
self.base = idaapi.get_imagebase()
idc.import_type(-1, 'EFI_GUID')
idc.import_type(-1, 'EFI_SYSTEM_TABLE')
idc.import_type(-1, 'EFI_RUNTIME_SERVICES')
idc.import_type(-1, 'EFI_BOOT_SERVICES')
self.gBServices = {}
self.gBServices['InstallProtocolInterface'] = []
self.gBServices['ReinstallProtocolInterface'] = []
self.gBServices['UninstallProtocolInterface'] = []
self.gBServices['HandleProtocol'] = []
self.gBServices['RegisterProtocolNotify'] = []
self.gBServices['OpenProtocol'] = []
self.gBServices['CloseProtocol'] = []
self.gBServices['OpenProtocolInformation'] = []
self.gBServices['ProtocolsPerHandle'] = []
self.gBServices['LocateHandleBuffer'] = []
self.gBServices['LocateProtocol'] = []
self.gBServices['InstallMultipleProtocolInterfaces'] = []
self.gBServices['UninstallMultipleProtocolInterfaces'] = []
self.Protocols = {}
self.Protocols['AmiGuids'] = ami_guids.ami_guids
self.Protocols['EdkGuids'] = edk_guids.edk_guids
self.Protocols['Edk2Guids'] = edk2_guids.edk2_guids
self.Protocols['All'] = [
# {
# address: ...
# service: ...
# guid: ...
# protocol_name: ...
# protocol_place: ...
# },
# ...
]
self.Protocols['PropGuids'] = []
self.Protocols['Data'] = []
def __init__(self):
header = get_header_idb()
if not header:
header = get_header_file()
self.arch = get_machine_type(header)
self.subsystem = check_subsystem(header)
self.valid = True
if not self.subsystem:
print("[ERROR] Wrong subsystem")
self.valid = False
if not (self.arch == "x86" or self.arch == "x64"):
print("[ERROR] Wrong architecture")
self.valid = False
if self.arch == "x86":
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86
if self.arch == "x64":
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64
self.base = idaapi.get_imagebase()
idc.import_type(-1, "EFI_GUID")
idc.import_type(-1, "EFI_SYSTEM_TABLE")
idc.import_type(-1, "EFI_RUNTIME_SERVICES")
idc.import_type(-1, "EFI_BOOT_SERVICES")
self.gBServices = dict()
self.gBServices["InstallProtocolInterface"] = list()
self.gBServices["ReinstallProtocolInterface"] = list()
self.gBServices["UninstallProtocolInterface"] = list()
self.gBServices["HandleProtocol"] = list()
self.gBServices["RegisterProtocolNotify"] = list()
self.gBServices["OpenProtocol"] = list()
self.gBServices["CloseProtocol"] = list()
self.gBServices["OpenProtocolInformation"] = list()
self.gBServices["ProtocolsPerHandle"] = list()
self.gBServices["LocateHandleBuffer"] = list()
self.gBServices["LocateProtocol"] = list()
self.gBServices["InstallMultipleProtocolInterfaces"] = list()
self.gBServices["UninstallMultipleProtocolInterfaces"] = list()
self.Protocols = dict()
self.Protocols["ami_guids"] = ami_guids.ami_guids
self.Protocols["asrock_guids"] = asrock_guids.asrock_guids
self.Protocols["dell_guids"] = dell_guids.dell_guids
self.Protocols["edk_guids"] = edk_guids.edk_guids
self.Protocols["edk2_guids"] = edk2_guids.edk2_guids
self.Protocols["lenovo_guids"] = lenovo_guids.lenovo_guids
self.Protocols["all"] = list()
self.Protocols["prop_guids"] = list()
self.Protocols["data"] = list()
def __init__(self):
header = get_header_idb()
if not len(header):
header = get_header_file()
self.arch = get_machine_type(header)
self.subsystem = check_subsystem(header)
self.valid = True
if not self.subsystem:
print('[ERROR] Wrong subsystem')
self.valid = False
if not (self.arch == 'x86' or self.arch == 'x64'):
print('[ERROR] Wrong architecture')
self.valid = False
if self.arch == 'x86':
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x86
if self.arch == 'x64':
self.BOOT_SERVICES_OFFSET = BOOT_SERVICES_OFFSET_x64
self.base = idaapi.get_imagebase()
idc.import_type(-1, 'EFI_GUID')
idc.import_type(-1, 'EFI_SYSTEM_TABLE')
idc.import_type(-1, 'EFI_RUNTIME_SERVICES')
idc.import_type(-1, 'EFI_BOOT_SERVICES')
self.gBServices = dict()
self.gBServices['InstallProtocolInterface'] = list()
self.gBServices['ReinstallProtocolInterface'] = list()
self.gBServices['UninstallProtocolInterface'] = list()
self.gBServices['HandleProtocol'] = list()
self.gBServices['RegisterProtocolNotify'] = list()
self.gBServices['OpenProtocol'] = list()
self.gBServices['CloseProtocol'] = list()
self.gBServices['OpenProtocolInformation'] = list()
self.gBServices['ProtocolsPerHandle'] = list()
self.gBServices['LocateHandleBuffer'] = list()
self.gBServices['LocateProtocol'] = list()
self.gBServices['InstallMultipleProtocolInterfaces'] = list()
self.gBServices['UninstallMultipleProtocolInterfaces'] = list()
self.Protocols = dict()
self.Protocols['ami_guids'] = ami_guids.ami_guids
self.Protocols['asrock_guids'] = asrock_guids.asrock_guids
self.Protocols['dell_guids'] = dell_guids.dell_guids
self.Protocols['edk_guids'] = edk_guids.edk_guids
self.Protocols['edk2_guids'] = edk2_guids.edk2_guids
self.Protocols['lenovo_guids'] = lenovo_guids.lenovo_guids
self.Protocols['all'] = list()
self.Protocols['prop_guids'] = list()
self.Protocols['data'] = list()
def is_structure_type(type):
if type is None or type == "":
return False
sid = get_struc_id(type)
if sid != BADNODE:
return True
sid = import_type(0, type)
if sid != BADNODE:
if get_struc_idx(sid) == BADADDR:
raise Exception("Bad structure type ID")
return True
return False
def __init__(self, name=None, sid=None, create_new=True):
self._create_new = create_new
if name is None or name == "":
raise ValueError("name")
self._sid = get_struc_id(name)
if self._sid == BADNODE:
self._sid = import_type(0, name)
if self._sid == BADNODE:
if not create_new:
raise Exception("Unknown strucure type: %s" % name)
else:
self._sid = add_struc(-1, name, 0)
add_struc_member(self._sid, "Dummy", 0, FF_BYTE | FF_DATA, -1,
1)
if self._sid == BADNODE:
raise Exception("Can't define structure type because of bad "
"structure name: the name is ill-formed "
"or is already used in the program.")
def type_to_struct(name):
idc.del_struc(idc.get_struc_id(name)) # delete existing struct
idc.import_type(-1, name) # -1 = append to end
#
# ida_kernelcache/segment.py
# Brandon Azad
#
# Functions for interacting with the segments of the kernelcache in IDA. No prior initialization is
# necessary.
#
import idc
import ida_utilities as idau
import kernel
_log = idau.make_log(0, __name__)
idc.import_type(-1, 'mach_header_64')
idc.import_type(-1, 'load_command')
idc.import_type(-1, 'segment_command_64')
idc.import_type(-1, 'section_64')
_LC_SEGMENT_64 = 0x19
def _macho_segments_and_sections(ea):
"""A generator to iterate through a Mach-O file's segments and sections.
Each iteration yields a tuple:
(segname, segstart, segend, [(sectname, sectstart, sectend), ...])
"""
hdr = idau.read_struct(ea, 'mach_header_64', asobject=True)
nlc = hdr.ncmds
def register_structs():
str_afu_header = """
struct afu_header {
unsigned short magic;
unsigned short unk_0x100;
unsigned short fw_type;
unsigned short fw_version;
unsigned int fw_len;
unsigned int fw_crc;
unsigned short product_id;
unsigned short hw_revision_id;
};
"""
str_afu_sig_header = """
struct afu_sig_header {
unsigned int magic;
unsigned short unk_0x100;
unsigned short unk_0x120;
unsigned short digest_type; // guess 1 sha256?
unsigned short digest_len;
unsigned int digest_offs;
unsigned short sig_type;
unsigned short sig_len;
unsigned int sig_offs;
};
"""
str_afu_pers_header = """
struct afu_pers_header {
unsigned int magic;
unsigned short unk_0x100;
unsigned char uniqueid[12];
unsigned char reserved[0x1c-0x12];
unsigned int flags;
};
"""
str_afu_full_header = """
struct afu_full_header {
struct afu_header header;
unsigned char reserved1[0x20-0x14];
struct afu_sig_header sig_header;
unsigned char reserved2[0x40-0x38];
struct afu_pers_header pers_header;
unsigned char reserved3[0x7c-0x60];
unsigned int header_crc;
};
"""
sid = idc.get_struc_id("afu_header")
if sid != -1:
idc.del_struc(sid)
r = idc.SetLocalType(-1, str_afu_header, 0)
r = idc.import_type(-1, "afu_header")
sid = idc.get_struc_id("afu_sig_header")
if sid != -1:
idc.del_struc(sid)
r = idc.SetLocalType(-1, str_afu_sig_header, 0)
r = idc.import_type(-1, "afu_sig_header")
sid = idc.get_struc_id("afu_pers_header")
if sid != -1:
idc.del_struc(sid)
r = idc.SetLocalType(-1, str_afu_pers_header, 0)
r = idc.import_type(-1, "afu_pers_header")
sid = idc.get_struc_id("afu_full_header")
if sid != -1:
idc.del_struc(sid)
r = idc.SetLocalType(-1, str_afu_full_header, 0)
r = idc.import_type(-1, "afu_full_header")
def add_struct_to_idb(name):
idc.import_type(-1, name)
