def test_kallsyms_4_4_223_i686(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-4.4.223.defcon2020.ooofs.i686.gz')))
self.assertEqual(80397, len(addresses_and_names))
self.assertEquals((0xc1000000, 'Tstartup_32'), addresses_and_names[0])
self.assertEquals(
(0xc1e9B000, 'B__brk_limit'), addresses_and_names[-1])
def test_kallsyms_5_1_9_x86_64(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-5.1.9.balsn2019.krazynote.x86_64.gz')))
self.assertEqual(74045, len(addresses_and_names))
self.assertEquals((0, 'Airq_stack_union'), addresses_and_names[0])
self.assertEquals(
(0xffffffff82a2c000, 'B__brk_limit'), addresses_and_names[-1])
def test_kallsyms_4_4_0_arm(self):
addresses_and_names = list(
find_kallsyms_in_rodata(
self._read('kallsyms-4.4.0-1085-raspi2.arm.gz')))
self.assertEqual(78413, len(addresses_and_names))
self.assertEquals((0x80008000, 'Tstext'), addresses_and_names[0])
self.assertEquals((0x80f56454, 'B__bss_stop'), addresses_and_names[-1])
def test_kallsyms_5_1_0_aarch64(self):
addresses_and_names = list(
find_kallsyms_in_rodata(
self._read('kallsyms-5.1.0.tasteless2019.tee.aarch64.gz')))
self.assertEqual(117079, len(addresses_and_names))
self.assertEquals((0, 't_head'), addresses_and_names[0])
self.assertEquals((0x13ce000, 'B_end'), addresses_and_names[-1])
def test_kallsyms_4_16_3_s390x(self):
addresses_and_names = list(
find_kallsyms_in_rodata(
self._read('kallsyms-4.16.3-301.fc28.s390x.gz')))
self.assertEqual(62766, len(addresses_and_names))
self.assertEquals((0, 'T_text'), addresses_and_names[0])
self.assertEquals((0xd31e00, 'B__bss_stop'), addresses_and_names[-1])
def test_kallsyms_3_10_0_x86_64(self):
addresses_and_names = list(
find_kallsyms_in_rodata(
self._read('kallsyms-3.10.0-862.11.6.el7.x86_64.gz')))
self.assertEqual(82619, len(addresses_and_names))
self.assertEquals((0x4161de0, 'Airq_stack_union'),
addresses_and_names[0])
self.assertEquals((0x4cae000, 'B__brk_limit'), addresses_and_names[-1])
def test_kallsyms_4_4_223_i686_v2(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-4.4.223.defconfig.i686.gz')))
self.assertEqual(39874, len(addresses_and_names))
self.assertEquals(
(0xc1000338, 'tsanitize_boot_params.constprop.0'),
addresses_and_names[0],
)
self.assertEquals((0xc1be29bd, 'T_einittext'), addresses_and_names[-1])
def test_kallsyms_5_3_0_x86_64(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-5.3.0.hitcon2019.poe.x86_64.gz')))
self.assertEqual(88612, len(addresses_and_names))
self.assertEquals((0, 'Afixed_percpu_data'), addresses_and_names[0])
self.assertEquals(
(0xffffffff83200000, 'T__init_scratch_end'),
addresses_and_names[-1],
)
def test_kallsyms_3_10_0_x86_64(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-3.10.0-862.11.6.el7.x86_64.gz')))
self.assertEqual(82619, len(addresses_and_names))
self.assertEquals((0, 'Airq_stack_union'), addresses_and_names[0])
dump_stack_address, = [
address
for address, name in addresses_and_names
if name == 'Tdump_stack'
]
self.assertEqual(0xffffffff817135bb, dump_stack_address)
self.assertEquals(
(0xffffffff82657000, 'B__brk_limit'),
addresses_and_names[-1],
)
def test_kallsyms_5_1_9_x86_64(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-5.1.9.balsnctl2019.krazynote.x86_64.gz'),
'<'))
self.assertEquals('Airq_stack_union', addresses_and_names[0][1])
self.assertEquals('B__brk_limit', addresses_and_names[-1][1])
def test_kallsyms_3_10_0_x86_64(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-3.10.0-862.11.6.el7.x86_64.gz'), '<'))
self.assertEquals('Airq_stack_union', addresses_and_names[0][1])
self.assertEquals('B__brk_limit', addresses_and_names[-1][1])
def test_kallsyms_4_16_3_s390x(self):
addresses_and_names = list(find_kallsyms_in_rodata(
self._read('kallsyms-4.16.3-301.fc28.s390x.gz'), '>'))
self.assertEquals('T_text', addresses_and_names[0][1])
self.assertEquals('B__bss_stop', addresses_and_names[-1][1])
from idaapi import get_bytes, get_inf_structure
from ida_name import set_name
from ida_segment import get_segm_by_name
from find_kallsyms import find_kallsyms_in_rodata
rodata_segm = get_segm_by_name('.rodata')
rodata_size = rodata_segm.end_ea - rodata_segm.start_ea + 1
rodata = bytearray(get_bytes(rodata_segm.start_ea, rodata_size))
inf = get_inf_structure()
endianness = '>' if inf.is_be() else '<'
for address, name in find_kallsyms_in_rodata(rodata, endianness):
if name[0] != 'A':
set_name(address, str(name[1:]))
SourceType.ANALYSIS,
)
function.setVarArgs(has_varargs)
program = currentProgram # noqa: F821
memory = program.getMemory()
rodata_block = memory.getBlock('.rodata')
if rodata_block is None:
rodata_block = memory.getBlock('.text')
rodata = jarray.zeros(rodata_block.getSize(), 'b')
rodata_block.getBytes(rodata_block.getStart(), rodata)
rodata = b''.join([chr(x & 0xff) for x in rodata]) # it's py2
ram = program.getAddressFactory().getDefaultAddressSpace()
symbols = program.getSymbolTable()
for address, name in find_kallsyms_in_rodata(rodata):
if name[0] != 'A':
address = ram.getAddress(address)
existing = list(symbols.getSymbols(address))
if len(existing) == 0:
symbols.createLabel(address, name[1:], SourceType.ANALYSIS)
elif len(existing) == 1:
existing[0].setName(name[1:], SourceType.ANALYSIS)
else:
pass
load_like_json(
program=program,
symbols=symbols,
functions=program.getFunctionManager(),
types=program.getDataTypeManager(),
)