def __init__(self, addr, result=None): c = connection.cursor() c.execute('select type, depset, has_switch, suspicious_switch, has_suspicious_instr, has_nop, has_ambig_calls, length from procs where addr=?', (str(addr),)) assert c.rowcount <= 1 result = c.fetchone() self.addr = addr if result: self.type = result[0] self.depset = depend.decode(result[1]) self.has_switch = result[2] self.suspicious_switch = result[3] self.has_suspicious_instr = result[4] self.has_nop = result[5] self.has_ambig_calls = result[6] self.length = result[7] else: self.type = "proc" self.depset = depend.unknown() self.has_switch = False self.suspicious_switch = False self.has_suspicious_instr = False self.has_nop = False self.has_ambig_calls = True self.length = 0 self.calls = set() self.tail_calls = set() c.execute('select destination, type from calls where source=?', (str(addr),)) for x in c.fetchall(): if x[1] == 'tail': self.tail_calls.add(address.fromConventional(x[0])) else: self.calls.add(address.fromConventional(x[0])) self.memreads = set() self.memwrites = set() c.execute('select addr, type from memref where proc=?', (str(addr),)) for x in c.fetchall(): if x[1] == 'read': self.memreads.add(address.fromConventional(x[0])) else: self.memwrites.add(address.fromConventional(x[0])) self.callers = set() c.execute('select source from calls where destination=?', (str(addr),)) for x in c.fetchall(): self.callers.add(address.fromConventional(x[0])) c.close()
def getNextOwnedAddress(addr): c = connection.cursor() c.execute('select addr from procs where addr > ? order by addr', (str(addr),)) result = c.fetchone() c.close() if not result: return None return address.fromConventional(result[0])
def getAmbigCalls(): out = set() c = connection.cursor() c.execute('select addr from procs where has_ambig_calls=1') for result in c.fetchall(): addr = address.fromConventional(result[0]) out.add(addr) return out
def getAll(): c = connection.cursor() c.execute('select addr from procs order by addr') out = list() for result in c.fetchall(): addr = address.fromConventional(result[0]) out.append(addr) c.close() return out
def getUnfinished(): c = connection.cursor() c.execute('select addr from procs where has_ambig_calls=1 and suspicious_switch=0 and has_suspicious_instr=0') out = list() for result in c.fetchall(): addr = address.fromConventional(result[0]) out.append(addr) c.close() return out
def getDataReferers(data_addr): reads = set() writes = set() c = connection.cursor() c.execute('select proc, type from memref where addr=?', (str(data_addr),)) for result in c.fetchall(): addr = address.fromConventional(result[0]) if result[1] == 'read': reads.add(addr) else: writes.add(addr) return reads, writes
def getInteresting(): import operand out = '<pre>' c = connection.cursor() c.execute('select addr from procs where has_ambig_calls=1') out += 'ambig calls:\n' for result in c.fetchall(): addr = address.fromConventional(result[0]) out += ' ' + operand.ProcAddress(addr).html() + '\n' c.execute('select addr from procs where suspicious_switch=1') out += 'suspicious switch:\n' for result in c.fetchall(): addr = address.fromConventional(result[0]) out += ' ' + operand.ProcAddress(addr).html() + '\n' c.execute('select addr from procs where has_suspicious_instr=1') out += 'suspicious instr:\n' for result in c.fetchall(): addr = address.fromConventional(result[0]) out += ' ' + operand.ProcAddress(addr).html() + '\n' c.close() out += '</pre>' return out
def produce_map(): romsize = 512*1024 width = 256 height = romsize/width import Image img = Image.new('RGB', (width, height)) for i in range(512*1024): addr = address.fromPhysical(i) import disasm if addr.bank() in (0x08, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x1C, 0x1D): color = (0, 0, 255) elif addr.bank() == 0x16 and addr.virtual() >= 0x5700: color = (0, 0, 255) elif addr.bank() == 0x09 and addr.virtual() >= 0x6700: color = (0, 0, 255) elif disasm.cur_rom.get(addr) == 0xFF: color = (0, 0, 127) else: color = (0, 0, 0) x = i % width y = i // width img.putpixel((x, y), color) c = connection.cursor() c.execute('select addr, length from procs order by addr') for result in c.fetchall(): addr = address.fromConventional(result[0]) length = result[1] for i in range(length): byte_addr = addr.offset(i).physical() x = byte_addr % width y = byte_addr // width color = (0, 255, 0) img.putpixel((x, y), color) c.close() img.save('data/ownership.png') print 'image saved'
def getProcByteOwner(byte_addr, ignore_addr=None): c = connection.cursor() c.execute('select addr from procs where addr<=? order by addr desc', (str(byte_addr),)) result = c.fetchone() if not result: return None c.close() proc_addr = address.fromConventional(result[0]) if proc_addr == ignore_addr: return None proc = procedure.at(proc_addr) if byte_addr not in proc.instructions: return None return proc_addr
def manualJumptableLimit(addr): if addr == address.fromConventional("0001:4187"): return 5 elif addr == address.fromConventional("0001:633D"): return 2 elif addr == address.fromConventional("0003:4976"): return 37 # very weird jumptable... elif addr == address.fromConventional("0018:7175"): return 5 elif addr == address.fromConventional("0017:430C"): return 6 elif addr == address.fromConventional("0002:6C1F"): return 3 elif addr == address.fromConventional("0006:7383"): return 3 elif addr == address.fromConventional("0006:5824"): return 5 # weird jumptable elif addr == address.fromConventional("0018:65B3"): return 4 elif addr == address.fromConventional("0019:4942"): return 4 elif addr == address.fromConventional("0015:78E1"): return 2 elif addr == address.fromConventional("0005:62CD"): return 5 elif addr == address.fromConventional("0019:4CB3"): return 2 elif addr == address.fromConventional("0005:461E"): return 4 elif addr == address.fromConventional("0005:4169"): return 5 elif addr == address.fromConventional("0019:5B29"): return 2 elif addr == address.fromConventional("0004:4B52"): return 2 elif addr == address.fromConventional("0004:6802"): return 2 elif addr == address.fromConventional("0004:6081"): return 4 elif addr == address.fromConventional("0004:6EB6"): return 13 elif addr == address.fromConventional("0006:74C5"): return 2 elif addr == address.fromConventional("0004:76B4"): return 6 elif addr == address.fromConventional("0004:4E8C"): return 4 elif addr == address.fromConventional("0005:7210"): return 5
def do_GET(self): print 'get', self.path if self.path.startswith('/proc/'): p = self.path.split('/') self.ok_html() self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>") addr = address.fromConventional(p[2]) self.wfile.write(name_form(addr)) proc_page(addr, self.wfile) self.wfile.write("</body></html>") elif self.path.startswith('/home'): self.ok_html() self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>") self.wfile.write(database.getInteresting()) self.wfile.write("</body></html>") elif self.path.startswith('/data/'): p = self.path.split('/') self.ok_html() self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>") addr = address.fromConventional(p[2]) self.wfile.write(name_form(addr)) self.wfile.write(data_page(addr)) self.wfile.write("</body></html>") elif self.path.startswith('/jump/'): p = self.path.split('/') self.ok_html() self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>") addr = address.fromConventional(p[2]) self.wfile.write(name_form(addr)) self.wfile.write(jumptable_page(addr)) self.wfile.write("</body></html>") elif self.path == '/style.css': self.send_response(200) self.send_header('Content-type', 'text/css') self.end_headers() with open('style.css', 'r') as f: self.wfile.write(f.read()) elif self.path.startswith('/set-name?'): q = urlparse(self.path).query p = parse_qs(q) print p, q addr = address.fromConventional(p['addr'][0]) name = p['name'][0] tag.setNameForAddress(addr, name) self.redirect(self.headers['Referer']) else: self.send_response(404) self.end_headers()
def search(): """ input = [ address.fromConventional("0003:6A4B"), address.fromConventional("0019:4461"), address.fromConventional("0003:66BF"), address.fromConventional("0018:7B61"), address.fromConventional("0003:69C9"), address.fromConventional("0003:5397"), address.fromConventional("0003:52BE"), address.fromConventional("0007:7AE3"), address.fromConventional("0018:7930"), address.fromConventional("0003:5844"), address.fromConventional("0003:6A3D"), address.fromConventional("0003:5882"), address.fromConventional("0003:6AE7"), address.fromConventional("0006:79CD"), address.fromConventional("0004:7E6B"), address.fromConventional("0006:7547"), address.fromConventional("0004:5C04"), address.fromConventional("0004:5BFF"), address.fromConventional("0004:5C04"), #address.fromConventional("0003:5A35"), address.fromConventional("0007:785E"), address.fromConventional("0006:797B"), address.fromConventional("0006:6641"), address.fromConventional("0006:6641"), address.fromConventional("0006:7470"), address.fromConventional("0006:673C"), address.fromConventional("0006:4ACE"), address.fromConventional("0006:7CFC"), address.fromConventional("0006:7CD0"), address.fromConventional("0015:4EAB"), address.fromConventional("0006:7F5F"), address.fromConventional("0006:4F5D"), address.fromConventional("0006:7727"), address.fromConventional("0006:65FB"), address.fromConventional("0006:7EB5"), address.fromConventional("0003:50B4"), #address.fromConventional("0003:4D1E"), #address.fromConventional("0003:4D1E"), address.fromConventional("0006:760B"), address.fromConventional("0019:6765"), address.fromConventional("0004:5A8B"), address.fromConventional("0004:6C2B"), address.fromConventional("0015:75E5"), address.fromConventional("0007:76BC"), address.fromConventional("0003:5D7F"), address.fromConventional("0003:60C0"), address.fromConventional("0003:617D"), address.fromConventional("0003:5CD0"), address.fromConventional("0003:5BDC"), address.fromConventional("0003:5BCB"), address.fromConventional("0003:5BB0"), address.fromConventional("0003:5BA0"), address.fromConventional("0003:5A9C"), address.fromConventional("0003:5A39"), address.fromConventional("0003:609D"), address.fromConventional("0003:5FEE"), address.fromConventional("0003:5DDA"), address.fromConventional("0003:5D92"), address.fromConventional("0003:6083"), address.fromConventional("0003:6029"), address.fromConventional("0003:5FFF"), address.fromConventional("0005:4DE5"), address.fromConventional("0005:4915"), address.fromConventional("0005:47E1"), address.fromConventional("0006:6801"), address.fromConventional("0018:5E68"), address.fromConventional("0015:4494"), address.fromConventional("0015:443F"), address.fromConventional("0015:4365"), address.fromConventional("0015:40FD"), address.fromConventional("0015:41C7"), address.fromConventional("0015:423A"), address.fromConventional("0015:42AD"), address.fromConventional("0003:5395"), address.fromConventional("0004:7679"), address.fromConventional("0004:762B"), address.fromConventional("0004:6E46"), address.fromConventional("0006:7AB3"), address.fromConventional("0004:6971"), address.fromConventional("0004:67E6"), address.fromConventional("0004:67E6"), address.fromConventional("0004:5F59"), address.fromConventional("0004:7D80"), address.fromConventional("0004:7C90"), address.fromConventional("0004:5DE9"), address.fromConventional("0004:5EF7"), address.fromConventional("0004:569D"), address.fromConventional("0004:5072"), address.fromConventional("0004:49C1"), address.fromConventional("0004:4009"), address.fromConventional("0005:6C41"), address.fromConventional("0005:7B05"), address.fromConventional("0007:694D"), address.fromConventional("0005:67CD"), address.fromConventional("0019:4216"), address.fromConventional("0005:6261"), address.fromConventional("0005:59BB"), address.fromConventional("0018:5DEF"), address.fromConventional("0005:54AA"), address.fromConventional("0015:4324"), address.fromConventional("0005:549F"), address.fromConventional("0015:7458"), address.fromConventional("0018:53C2"), address.fromConventional("0005:529E"), address.fromConventional("0018:5D8B"), address.fromConventional("0005:452E"), address.fromConventional("0005:4038"), address.fromConventional("0006:6BB4"), address.fromConventional("0019:4894"), address.fromConventional("0006:6248"), address.fromConventional("0006:60C3"), address.fromConventional("0006:60C3"), address.fromConventional("0006:6248"), address.fromConventional("0018:4DBF"), address.fromConventional("0018:4CA4"), address.fromConventional("0018:4B33"), address.fromConventional("0006:5CE8"), address.fromConventional("0006:5ABE"), address.fromConventional("0006:5C4E"), address.fromConventional("0006:5D5C"), address.fromConventional("0006:5EFD"), address.fromConventional("0006:62DE"), address.fromConventional("0006:63CD"), address.fromConventional("0006:642A"), address.fromConventional("0018:72C6"), address.fromConventional("0006:6A88"), address.fromConventional("0006:6C58"), address.fromConventional("0006:6ED4"), address.fromConventional("0006:7066"), address.fromConventional("0006:71C9"), address.fromConventional("0006:7339"), address.fromConventional("0006:7C19"), address.fromConventional("0006:56B5"), address.fromConventional("0006:53A1"), address.fromConventional("0006:5107"), address.fromConventional("0006:5049"), address.fromConventional("0006:5049"), address.fromConventional("0006:4EBF"), address.fromConventional("0006:4F36"), address.fromConventional("0006:4B92"), address.fromConventional("0019:4777"), address.fromConventional("0006:4949"), address.fromConventional("0006:4247"), address.fromConventional("0006:451B"), address.fromConventional("0006:4150"), address.fromConventional("0007:70AD"), address.fromConventional("0006:4020"), address.fromConventional("0019:5AFD"), address.fromConventional("0019:4805"), address.fromConventional("0007:7503"), address.fromConventional("0007:7444"), address.fromConventional("0007:7314"), address.fromConventional("0007:71B4"), address.fromConventional("0007:715E"), address.fromConventional("0019:4022"), address.fromConventional("0007:7031"), address.fromConventional("0007:63F1"), address.fromConventional("0007:6525"), address.fromConventional("0007:666D"), address.fromConventional("0007:61FB"), address.fromConventional("0007:60BD"), address.fromConventional("0007:60BD"), address.fromConventional("0007:6198"), address.fromConventional("0007:5F54"), address.fromConventional("0007:5B47"), address.fromConventional("0007:5D87"), address.fromConventional("0007:597C"), address.fromConventional("0019:680A"), address.fromConventional("0019:680A"), address.fromConventional("0019:687E"), address.fromConventional("0007:55D5"), address.fromConventional("0007:53DC"), address.fromConventional("0007:52C6"), address.fromConventional("0007:5109"), address.fromConventional("0007:4F03"), address.fromConventional("0015:751C"), address.fromConventional("0007:4A88"), address.fromConventional("0007:4CA8"), address.fromConventional("0007:49A3"), address.fromConventional("0007:480D"), address.fromConventional("0007:44D3"), address.fromConventional("0007:4272"), address.fromConventional("0018:772B"), address.fromConventional("0018:77EA"), address.fromConventional("0007:4015"), address.fromConventional("0018:6FA8"), address.fromConventional("0018:69C7"), address.fromConventional("0018:64A7"), address.fromConventional("0018:6362"), address.fromConventional("0018:627D"), address.fromConventional("0018:6176"), address.fromConventional("0018:5EB6"), address.fromConventional("0018:4000"), address.fromConventional("0018:54F7"), address.fromConventional("0015:73C9"), address.fromConventional("0015:734E"), address.fromConventional("0018:451D"), address.fromConventional("0018:5298"), address.fromConventional("0018:50FC"), address.fromConventional("0018:4E40"), address.fromConventional("0018:49F5"), address.fromConventional("0015:44BD"), address.fromConventional("0019:6B97"), address.fromConventional("0018:4957"), address.fromConventional("0019:6E13"), #address.fromConventional("0018:5132"), # #address.fromConventional("0018:5180"), # cannot be included until 0018:5168 problems resolved #address.fromConventional("0018:525D"), # address.fromConventional("0018:51CA"), address.fromConventional("0019:5D58"), address.fromConventional("0019:5918"), address.fromConventional("0019:5817"), address.fromConventional("0019:55F3"), address.fromConventional("0019:56E8"), address.fromConventional("0019:54C1"), address.fromConventional("0019:5344"), address.fromConventional("0019:52E4"), address.fromConventional("0019:518A"), address.fromConventional("0019:4C9A"), address.fromConventional("0019:4A1C"), address.fromConventional("0019:4527"), address.fromConventional("0015:768A"), address.fromConventional("0015:78AC"), address.fromConventional("0015:4D58"), address.fromConventional("0015:4BF5"), address.fromConventional("0015:46BE"), address.fromConventional("0006:7C19"), address.fromConventional("0015:5096"), address.fromConventional("0015:409A"), address.fromConventional("0017:7547"), address.fromVirtual(0x100), address.fromVirtual(0x40), address.fromVirtual(0x48) ] #input = [address.fromVirtual(0x100), address.fromVirtual(0x40), address.fromVirtual(0x48)] """ input = [ # in 0000:0C40 address.fromConventional("0002:5023"), address.fromConventional("0002:4D92"), address.fromConventional("0002:490E"), address.fromConventional("0002:4D00"), address.fromConventional("0002:4F30"), address.fromConventional("0002:50A2"), address.fromConventional("0002:4EFF"), # in 0000:0B53 address.fromConventional("0002:5DD5"), address.fromConventional("0002:5731"), ] import database #database.setInitial(input) input = database.getAll() #input = database.getUnfinished() procs = set(input) callers = defaultdict(set) to_update = list(input) for i in range(5000): if not to_update: break x = to_update.pop() #if x.bank() in (0x1E, 0x1F, 0x1B): # continue print i, 'updating', x import flow flow.refresh(x) calls = flow.at(x).calls() | flow.at(x).tailCalls() for c in calls: callers[c].add(x) if c not in procs: #print 'found new proc:', c database.reportProc(c) #procs.add(c) #to_update.insert(0, c) #affected = set() #for c in callers[x]: # if database.procInfo(x).has_ambig_calls: # affected.add(x) #to_update = list(affected - set(to_update)) + to_update print 'saving dot' save_dot(procs) print 'saved dot'