Exemplo n.º 1
0
def main(argv=None):
    if argv is None:
        argv = sys.argv[:]

    try:
        seg = prompt_for_segment()
    except BadInputError:
        logger.error('bad input, exiting...')
        return -1

    with open(seg.path, 'rb') as f:
        buf = f.read()

    seglen = len(buf)
    if seglen % 0x1000 != 0:
        seglen = seglen + (0x1000 - (seglen % 0x1000))

    if not idc.AddSeg(seg.addr, seg.addr + seglen, 0, 1, 0, idaapi.scPub):
        logger.error('failed to add segment: 0x%x', seg.addr)
        return -1

    if not idc.RenameSeg(seg.addr, seg.name):
        logger.warning('failed to rename segment: %s', seg.name)

    if not idc.SetSegClass(seg.addr, 'CODE'):
        logger.warning('failed to set segment class CODE: %s', seg.name)

    if not idc.SegAlign(seg.addr, idc.saRelPara):
        logger.warning('failed to align segment: %s', seg.name)

    idaapi.patch_many_bytes(seg.addr, buf)
Exemplo n.º 2
0
def append_segment(segment_name):
    """ Add a new segment to the IDB file and return its starting address.
    Information about function arguments will be stored here. Only works if the
    segment name is not used yet. This does not affect the original binary.

    Arguments:
    segment_name -- the name of the segment to be added
    """
    for segment in idautils.Segments():
        if idc.SegName(segment) == segment_name:
            g_logger.warning('Segment ' + segment_name + ' already exists')
            return idc.SegStart(segment)

    new_segment_start = get_end_of_last_segment()
    g_logger.debug('Adding new segment at 0x%08x' % new_segment_start)
    if not idc.AddSeg(new_segment_start,
                      (new_segment_start + NEW_SEGMENT_SIZE), 0, 1, 0,
                      idaapi.scPub) == 1:
        raise FailedToAppendSegmentException('Could not add segment')
    # set new segment's attributes
    if not idc.RenameSeg(new_segment_start, segment_name):
        raise FailedToAppendSegmentException('Could not rename segment')
    if not idc.SetSegClass(new_segment_start, 'DATA'):
        raise FailedToAppendSegmentException('Could not set segment class')
    if not idc.SegAlign(new_segment_start, idc.saRelPara):
        raise FailedToAppendSegmentException('Could not align segment')
    if not idc.SetSegAddressing(new_segment_start, 1):  # 1 -- 32 bit
        raise FailedToAppendSegmentException(
            'Could not set segment addressing')
    return new_segment_start
Exemplo n.º 3
0
    def make_segment(self, offset, size, class_name="DATA", name="pe_map", data=None):
        """Create a new section in the IDB"""
        idc.AddSeg(offset, offset + size, 0, 1, 0, idaapi.scPub)
        idc.RenameSeg(offset, str(name))
        idc.SetSegClass(offset, str(class_name))
        #idc.SegAlign(offset, idc.saRelPara)
        if data:
            idaapi.patch_many_bytes(offset, bytes(data))

        self.ret = None
        return self.ret
Exemplo n.º 4
0
def map_shared_bridges(dsc_file, adrfind):
    """ finds branch islands in a given dyld_shared_cache file,
        maps them to IDA's db and extract its addresses """
    dsc_file.seek(0, 2)
    filesize = dsc_file.tell()
    dsc_file.seek(0)
    ACCESS_READ = 1
    a = mmap.mmap(dsc_file.fileno(), length=filesize, access=ACCESS_READ)
    reexp = re.compile(
        "\xcf\xfa\xed\xfe.{340,360}dyld_shared_cache_branch_islands")
    print "[+] scanning dsc for BRANCH ISLANDS"
    # this list will hold all our branch_islands segments
    branch_islands_segments = []
    jmp_to_code = collections.defaultdict(list)
    for ma in reexp.finditer(a):
        print "[+] WRITING BRANCH ISLAND: 0x%08X" % (ma.start())
        fif = FileInFile(dsc_file, ma.start())
        m = MachO_patched(fif)
        if _IN_IDA:
            for seg in m.segments:
                for sec in seg.sections:
                    idc.AddSegEx(sec.addr, sec.addr + sec.size, 0, 0,
                                 idaapi.saRelPara, idaapi.scPub,
                                 idc.ADDSEG_FILLGAP)
                    name = "branch_islands_%X%s%s" % (ma.start(), seg.segname,
                                                      sec.sectname)
                    idc.RenameSeg(sec.addr, name)
                    idc.SetSegClass(sec.addr, "CODE")
                    idc.SetSegAddressing(sec.addr, 2)
                    dsc_file.seek(sec.offset)
                    memcpy(sec.addr, dsc_file.read(sec.size))
                    branch_islands_segments.append(sec.addr)
                    # make code
                    codeea = sec.addr
                    print "Going through the code!"
                    while codeea < (sec.addr + sec.size):
                        res = idc.MakeCode(codeea)
                        if not res:
                            print "[!] EA:0x%X ERR while making code" % codeea
                            codeea += 4
                            continue

                        d = idc.GetDisasm(codeea)
                        # if it's a "B     0x4dd13550"
                        if d.startswith("B "):
                            addr = d.split()[1]
                            if addr.startswith("0x"):
                                branchaddr = int(addr, 16)
                                jmp_to_code[branchaddr].append(codeea)
                                #   idc.MakeRptCmt(codeea, "0x%X was taken!" % branchaddr)

                        codeea = idc.FindUnexplored(codeea, idc.SEARCH_DOWN)
    label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code)
Exemplo n.º 5
0
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    jump = dwordAt(li, 0)
    # Test ARM branch
    if jump & 0xFF000000 != 0xEA000000:
        Warning("Unknown format name: '%s'" % format)
        return 0
    idaapi.set_processor_type("arm", SETPROC_ALL | SETPROC_FATAL)
    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    # Adding Header Section
    idc.AddSeg(ROM_START, ROM_START + SIZE_HEADER, 0, 1, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(ROM_START, "HEADER")
    idc.SetSegmentType(ROM_START, idc.SEG_CODE)
    li.seek(0)
    li.file2base(0, ROM_START, ROM_START + SIZE_HEADER, 0)

    # Adding OEP
    idaapi.add_entry(ROM_START, ROM_START, "start", 1)
    idaapi.cvar.inf.startIP = ROM_START
    idaapi.cvar.inf.beginEA = ROM_START

    # Adding ROM Section
    idc.AddSeg(ROM_START + SIZE_HEADER, ROM_START + (ROM_SIZE - SIZE_HEADER),
               0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(ROM_START + SIZE_HEADER, "ROM")
    idc.SetSegmentType(ROM_START + SIZE_HEADER, idc.SEG_CODE)
    li.seek(SIZE_HEADER)
    li.file2base(0, ROM_START + SIZE_HEADER, ROM_START + size, 0)

    # Adding EWRAM
    idc.AddSeg(0x02000000, 0x02040000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x02000000, "EWRAM")
    memset_seg(0x02000000, 0x40000)

    # Adding IWRAM
    idc.AddSeg(0x03000000, 0x03008000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x03000000, "IWRAM")
    memset_seg(0x03000000, 0x8000)

    # Adding IO / Registers
    idc.AddSeg(0x04000000, 0x04000400, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x04000000, "IOregisters")
    memset_seg(0x04000000, 0x400)

    # Adding BIOS System ROM
    idc.AddSeg(0x00000000, 0x00004000, 0, 1, idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(0x00000000, "BIOS")
    memset_seg(0x00000000, 0x4000)
    idc.SetSegmentType(0x0000000, idc.SEG_CODE)

    idaapi.add_long_cmt(ROM_START, True, "ROM HEADER")
    li.seek(0xA0)
    idc.ExtLinA(ROM_START, 1, "; Game Title : %s" % li.read(12))
    idc.ExtLinA(ROM_START, 2, "; Game Code : %s" % li.read(4))
    idc.ExtLinA(ROM_START, 3, "; Marker Code : %s" % li.read(2))
    idc.ExtLinA(ROM_START, 4,
                "; Fixed value : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 5,
                "; Main unit code : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 6,
                "; Device type : %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 7, "; Reserved Area : db 7 dup(0)")
    li.read(7)
    idc.ExtLinA(ROM_START, 8,
                "; Software version %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 9,
                "; Complement Check %02X" % struct.unpack("<B", li.read(1))[0])
    idc.ExtLinA(ROM_START, 10, "; Reserved Area : db 2 dup(0)")

    io_naming()
    print("[+] Load OK")
    return 1
Exemplo n.º 6
0
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    idaapi.set_processor_type("M6502", SETPROC_ALL | SETPROC_FATAL)
    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    # RAM
    idc.AddSeg(RAM_START, RAM_START + RAM_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(RAM_START, "RAM")

    li.seek(0x6)
    CartTypeLSB = struct.unpack("<B", li.read(1))[0]
    # SRAM
    if (((CartTypeLSB & 0x2) >> 1) == 1):
        idc.AddSeg(SRAM_START, SRAM_START + SRAM_SIZE, 0, 0, idaapi.saRelPara,
                   idaapi.scPub)
        idc.RenameSeg(SRAM_START, "SRAM")

    # EXPROM
    idc.AddSeg(EXPROM_START, EXPROM_START + EXPROM_SIZE, 0, 0,
               idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(EXPROM_START, "EXPROM")

    # TRAINER
    if (((CartTypeLSB & 0x4) >> 2) == 1):
        idc.AddSeg(TRAINER_START, TRAINER_START + TRAINER_SIZE, 0, 0,
                   idaapi.saRelPara, idaapi.scPub)
        idc.RenameSeg(TRAINER_START, "TRAINER")

    # ROM
    idc.AddSeg(ROM_START, ROM_START + ROM_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(ROM_START, "ROM")
    idc.SetSegmentType(ROM_START, idc.SEG_CODE)

    CartTypeMSB = struct.unpack("<B", li.read(1))[0]
    mapper_version = (((CartTypeLSB & 0xF0) >> 4) | (CartTypeMSB & 0xF0))
    if (mapper_version == MAPPER_NONE or mapper_version == MAPPER_MMC1
            or mapper_version == MAPPER_UxROM or mapper_version == MAPPER_CNROM
            or mapper_version == MAPPER_MMC3 or mapper_version == MAPPER_MMC5
            or mapper_version == MAPPER_CAMERIC
            or mapper_version == MAPPER_GNROM):
        li.seek(0x4)
        prg_rom_size = struct.unpack("<B", li.read(1))[0]
        if (prg_rom_size != 0):
            offset = HEADER_SIZE
            if (((CartTypeLSB & 0x4) >> 2) == 1):
                offset += TRAINER_SIZE
            li.seek(offset)
            li.file2base(0, ROM_START, ROM_START + PRG_PAGE_SIZE, 0)
            offset = HEADER_SIZE + (prg_rom_size - 1) * PRG_PAGE_SIZE
            if (((CartTypeLSB & 0x4) >> 2) == 1):
                offset += TRAINER_SIZE
            li.seek(offset)
            li.file2base(0, ROM_START + PRG_PAGE_SIZE,
                         ROM_START + PRG_PAGE_SIZE + PRG_PAGE_SIZE, 0)

    elif (mapper_version == MAPPER_MMC2):
        print("Second case mapper")
    elif (mapper_version == MAPPER_AxROM
          or mapper_version == MAPPER_COLOR_DREAMS
          or mapper_version == MAPPER_BxROM):
        print("Third case mapper")
    else:
        print("Mapper %d is not supported" % mapper_version)

    naming()
    idaapi.add_entry(Word(0xFFFC), Word(0xFFFC), "start", 1)
    idaapi.cvar.inf.startIP = Word(0xFFFC)
    idaapi.cvar.inf.beginEA = Word(0xFFFC)
    header_info(li, 0xFFEF)

    print("[+] Load OK")
    return 1
Exemplo n.º 7
0
def load_file(li, neflags, format):
    li.seek(0)
    ndsRom = NintendoDSRom(li.read(li.size()))
    retval = 1

    useArm9 = ask_yn(
        1,
        "This ROM potentially contains both ARM9 and ARM7 code\nDo you want to load the ARM9 binary?"
    )
    if (useArm9 == -1):
        useArm9 = 0

    useArm9 = bool(useArm9)

    proc = ""
    startEA = 0
    endEA = 0
    offset = 0
    entryAddr = 0
    size = 0
    name = ""
    rom = ""
    if (useArm9):
        name = "ARM9 ROM"
        proc = "ARM"
        entryAddr = ndsRom.arm9EntryAddress
        startEA = ndsRom.arm9RamAddress
        endEA = ndsRom.arm9RamAddress + ndsRom.arm9Len
        offset = ndsRom.arm9Offset
        size = ndsRom.arm9Len
        rom = ndsRom.arm9
    else:
        name = "ARM7 ROM"
        proc = "ARM710A"
        entryAddr = ndsRom.arm7EntryAddress
        startEA = ndsRom.arm7RamAddress
        endEA = ndsRom.arm7RamAddress + ndsRom.arm7Len
        offset = ndsRom.arm7Offset
        size = ndsRom.arm7Len
        rom = ndsRom.arm7

    idaapi.set_processor_type(
        proc, idaapi.SETPROC_LOADER_NON_FATAL | idaapi.SETPROC_LOADER)

    memory =  \
    [
        [ startEA, endEA, "RAM" ],
        [ 0x04000000, 0x04001056, "General_Regs" ],
        [ 0x05000000, 0x05000600, "VMEM_Regs" ],
    ]

    if ((startEA < memory[0][0] or endEA > memory[0][1])
            and (startEA < memory[1][0] or endEA > memory[1][1])
            and (startEA < memory[2][0] or endEA > memory[2][1])):
        raise Exception("ROM not mapped into valid mem!")

    for segment in memory:
        idc.AddSeg(segment[0], segment[1], 0, 1, idaapi.saRelPara,
                   idaapi.scPub)
        idc.RenameSeg(segment[0], segment[2])

        if "RAM" not in segment[2]:
            for i in xrange(segment[0], segment[1]):
                idc.PatchByte(i, 0)

    idaapi.add_entry(entryAddr, entryAddr, "start", 1)
    idc.MakeNameEx(entryAddr, "start", idc.SN_NOCHECK | idc.SN_NOWARN)
    idaapi.cvar.inf.startIP = entryAddr
    idaapi.cvar.inf.beginEA = entryAddr
    ida_segment.set_selector(1, 0)
    idaapi.cvar.inf.startCS = 1

    li.seek(0)
    li.file2base(offset, startEA, endEA, 1)

    idaapi.cvar.inf.startCS = 0
    idaapi.cvar.inf.startIP = entryAddr

    idc.ExtLinA(startEA, 1, "; Title : " + str(ndsRom.name))
    idc.ExtLinA(startEA, 1, "; Software Version: " + str(ndsRom.version))

    # Add TwlHdr
    MakeVideoRegs()
    MakeVMemRegs()
    MakeJoypadRegs()
    MakeSystemRegs()
    if name == "ARM7 ROM":
        MakeARM7Regs()
    else:
        MakeARM9Regs()

    print("Done! Entry point @ " + hex(entryAddr))
    return 1
Exemplo n.º 8
0
    def __to_native(self, function, is_recursive_mode=False, fixupfile=None):
        """
            Process translating VM byte code to native machine code
            :param function: Function descriptor
            :param is_recursive_mode: Enable recursive mode
            :param fixupfile: Path to fixup file
            :return:  Address of new segment where were native code wrote
        """
        print "[+] Translate begin. Function %s" % hex(function.begin_ea)
        ks = None

        if self.mode == 32:
            ks = Ks(KS_ARCH_X86, KS_MODE_32)
        else:
            ks = Ks(KS_ARCH_X86, KS_MODE_64)

        locs = {
            function.graph.nodes[na].begin_ea
            for na in function.graph.nodes
        }
        func_addresses = []
        for x in function.graph.nodes:
            for y in range(
                    function.graph.nodes[x].begin_ea,
                    function.graph.nodes[x].end_ea + self.instruction_size,
                    self.instruction_size):
                func_addresses.append(y)

        func_ins = {x: self.instructions[x] for x in func_addresses}

        vr0x86_blocks = self.get_vr0blocks(func_ins)

        print "[+] Blocks for %s" % hex(function.begin_ea).replace("L", "")
        i = 0
        for pc in vr0x86_blocks.keys():
            c_vr0, c_end_vr0_block = vr0x86_blocks[pc]
            print "----BLOCK %s----" % i
            print "   -> [?] Block begin: %s" % hex(pc).replace("L", "")
            print "   -> [?] Block end: %s" % hex(c_end_vr0_block).replace(
                "L", "")
            print "   -> [?] Block vr0: %s" % c_vr0
            i += 1

        labels = {}
        li = 0
        for loc in locs:
            labels[loc] = "label_%s" % li
            li += 1

        function_real_base = function.machine_handler
        print "[+] Real function base: %s" % hex(function_real_base).replace(
            "L", "")

        if self.mode == 32:
            asm_text = self._asm_creator_x86(
                func_ins,
                labels,
                vr0x86_blocks,
                function.machine_handler,
                is_recursive_mode=is_recursive_mode,
                fixupfile=fixupfile)
        else:
            asm_text = self._asm_creator_x64(
                func_ins,
                labels,
                vr0x86_blocks,
                function.machine_handler,
                is_recursive_mode=is_recursive_mode,
                fixupfile=fixupfile)

        print asm_text

        segs = list(idautils.Segments())
        last_seg_ea = idc.SegEnd(segs[len(segs) - 1])

        encoding, count = ks.asm(asm_text, addr=last_seg_ea)

        seg_name = ".devirt_%s" % function.name
        seg_size = len(encoding) + self.machine_word_size
        if not idc.AddSeg(last_seg_ea, last_seg_ea + seg_size, 0, 1, 0,
                          idaapi.scPub):
            print "[~] Can't create segment at address %s" % hex(last_seg_ea)
            return

        if not idc.RenameSeg(last_seg_ea, seg_name):
            print "[!] Failed rename segment. Segment name %s" % seg_name

        if not idc.SetSegClass(last_seg_ea, 'CODE'):
            print "[!] Failed set CODE class. Segment name %s" % seg_name

        if not idc.SegAlign(last_seg_ea, idc.saRelPara):
            print "[!] Failed set align. Segment name %s" % seg_name

        bitness = 1
        if self.mode == 64:
            bitness = 2

        if not idc.SetSegAddressing(last_seg_ea, bitness):
            print "[!] Failed set bitness. Segment name %s" % seg_name

        if self.mode == 32:
            idc.PatchDword(last_seg_ea, 0)
        else:
            idc.PatchQword(last_seg_ea, 0)

        last_seg_ea += self.machine_word_size

        waddr = last_seg_ea
        for b in encoding:
            idc.PatchByte(waddr, b)
            waddr += 1

        print "[+] Write binary to: %s" % hex(last_seg_ea).replace("L", "")
        self.devirtualized_functions[function.begin_ea] = (last_seg_ea,
                                                           len(encoding) + 4)
        return last_seg_ea
Exemplo n.º 9
0
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    jump = dwordAt(li, 0)
    idaapi.set_processor_type("gb", SETPROC_ALL | SETPROC_FATAL)
    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    # ROM0
    idc.AddSeg(ROM0_START, ROM0_START + ROM0_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(ROM0_START, "ROM0")
    idc.SetSegmentType(ROM0_START, idc.SEG_CODE)
    li.seek(0)
    li.file2base(0, ROM0_START, ROM0_START + ROM0_SIZE, 0)

    # ROM1
    idc.AddSeg(ROM1_START, ROM1_START + ROM1_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(ROM1_START, "ROM1")
    idc.SetSegmentType(ROM1_START, idc.SEG_CODE)

    # VRAM
    idc.AddSeg(VRAM_START, VRAM_START + VRAM_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(VRAM_START, "VRAM")

    # RAM1
    idc.AddSeg(RAM1_START, RAM1_START + RAM1_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(RAM1_START, "RAM1")

    # RAM0
    idc.AddSeg(RAM0_START, RAM0_START + RAM0_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(RAM0_START, "RAM0")

    # ECHO
    idc.AddSeg(ECHO_START, ECHO_START + ECHO_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(ECHO_START, "ECHO")

    # OAM
    idc.AddSeg(OAM_START, OAM_START + OAM_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(OAM_START, "OAM")

    # IO
    idc.AddSeg(IO_START, IO_START + IO_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(IO_START, "IO")

    # HRAM
    idc.AddSeg(HRAM_START, HRAM_START + HRAM_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(HRAM_START, "HRAM")

    header_info(li)
    naming()
    print("[+] Load OK")
    return 1
Exemplo n.º 10
0
def load_file(li, neflags, format):
    if format != ROM_FORMAT_NAME:
        Warning("Unknown format name: '%s'" % format)
        return 0
    idaapi.set_processor_type("M6502", SETPROC_ALL | SETPROC_FATAL)

    li.seek(0, idaapi.SEEK_END)
    size = li.tell()

    li.seek(0, idaapi.SEEK_SET)
    nheader = NES_HEADER.from_buffer_copy(li.read(LEN_NES_HEADER))

    # RAM SEGMENT
    idc.AddSeg(RAM_START, RAM_START + RAM_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(RAM_START, "RAM")
    zeromemory(RAM_START, RAM_SIZE)

    # IOREG SEGMENT
    idc.AddSeg(IOREG_START, IOREG_START + IOREG_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(IOREG_START, "IOREG")
    zeromemory(IOREG_START, IOREG_SIZE)

    # SRAM SEGMENT
    # bit 1 : Cartridge contains battery-backed PRG RAM ($6000-7FFF) or other persistent memory
    if (nheader.rom_control_byte_0 & 0x02) != 0x00:
        idc.AddSeg(SRAM_START, SRAM_START + SRAM_SIZE, 0, 0, idaapi.saRelPara,
                   idaapi.scPub)
        idc.RenameSeg(SRAM_START, "SRAM")
        zeromemory(SRAM_START, SRAM_SIZE)

    # EXPROM SEGMENT
    idc.AddSeg(EXPROM_START, EXPROM_START + EXPROM_SIZE, 0, 0,
               idaapi.saRelPara, idaapi.scPub)
    idc.RenameSeg(EXPROM_START, "EXPROM")
    zeromemory(EXPROM_START, EXPROM_SIZE)

    # TRAINER SEGMENT
    # bit 2 : 512-byte trainer at $7000-$71FF (stored before PRG data)
    if (nheader.rom_control_byte_0 & 0x04) != 0x00:
        idc.AddSeg(TRAINER_START, TRAINER_START + TRAINER_SIZE, 0, 0,
                   idaapi.saRelPara, idaapi.scPub)
        idc.RenameSeg(TRAINER_START, "TRAINER")
        zeromemory(TRAINER_START, TRAINER_SIZE)

    # ROM SEGMENT
    idc.AddSeg(ROM_START, ROM_START + ROM_SIZE, 0, 0, idaapi.saRelPara,
               idaapi.scPub)
    idc.RenameSeg(ROM_START, "ROM")
    idc.SetSegmentType(ROM_START, idc.SEG_CODE | idc.SEG_DATA)
    zeromemory(ROM_START, ROM_SIZE)

    describe_header_info(li)

    mapper_version = (((nheader.rom_control_byte_0 & 0xF0) >> 4) |
                      (nheader.rom_control_byte_1 & 0xF0))
    if (mapper_version == MAPPER_NONE or mapper_version == MAPPER_MMC1
            or mapper_version == MAPPER_UxROM or mapper_version == MAPPER_CNROM
            or mapper_version == MAPPER_MMC3 or mapper_version == MAPPER_MMC5
            or mapper_version == MAPPER_CAMERIC
            or mapper_version == MAPPER_GNROM):
        offset = LEN_NES_HEADER
        if (nheader.rom_control_byte_0 & 0x04) != 0x00:
            offset = offset + TRAINER_SIZE
        offset = offset
        li.file2base(offset, ROM_START, ROM_START + PRG_PAGE_SIZE, 0)
        offset = LEN_NES_HEADER
        if (nheader.rom_control_byte_0 & 0x04) != 0x00:
            offset = offset + TRAINER_SIZE
        offset = offset + (nheader.nb_prg_page_16k - 1) * PRG_PAGE_SIZE
        li.file2base(offset, ROM_START + PRG_PAGE_SIZE,
                     ROM_START + PRG_PAGE_SIZE + PRG_PAGE_SIZE, 0)
        offset = LEN_NES_HEADER
        if (nheader.rom_control_byte_0 & 0x04) != 0x00:
            offset = offset + TRAINER_SIZE
        offset = offset + PRG_PAGE_SIZE * nheader.nb_prg_page_16k
        li.file2base(offset, RAM_START, RAM_START + CHR_PAGE_SIZE, 0)
    elif (mapper_version == MAPPER_MMC2):
        Warning("Second case mapper")
    elif (mapper_version == MAPPER_AxROM
          or mapper_version == MAPPER_COLOR_DREAMS
          or mapper_version == MAPPER_BxROM):
        Warning("Third case mapper")
    else:
        Warning("Mapper %d is not supported" % mapper_version)

    naming()

    idaapi.add_entry(Word(0xFFFC), Word(0xFFFC), "start", 1)
    idaapi.cvar.inf.startIP = Word(0xFFFC)
    idaapi.cvar.inf.beginEA = Word(0xFFFC)
    return 1
Exemplo n.º 11
0
 def set_name(self, value):
     return idc.RenameSeg(self.addr, value)