def __init__(self, addr, result=None):
c = connection.cursor()
c.execute('select type, depset, has_switch, suspicious_switch, has_suspicious_instr, has_nop, has_ambig_calls, length from procs where addr=?', (str(addr),))
assert c.rowcount <= 1
result = c.fetchone()
self.addr = addr
if result:
self.type = result[0]
self.depset = depend.decode(result[1])
self.has_switch = result[2]
self.suspicious_switch = result[3]
self.has_suspicious_instr = result[4]
self.has_nop = result[5]
self.has_ambig_calls = result[6]
self.length = result[7]
else:
self.type = "proc"
self.depset = depend.unknown()
self.has_switch = False
self.suspicious_switch = False
self.has_suspicious_instr = False
self.has_nop = False
self.has_ambig_calls = True
self.length = 0
self.calls = set()
self.tail_calls = set()
c.execute('select destination, type from calls where source=?', (str(addr),))
for x in c.fetchall():
if x[1] == 'tail':
self.tail_calls.add(address.fromConventional(x[0]))
else:
self.calls.add(address.fromConventional(x[0]))
self.memreads = set()
self.memwrites = set()
c.execute('select addr, type from memref where proc=?', (str(addr),))
for x in c.fetchall():
if x[1] == 'read':
self.memreads.add(address.fromConventional(x[0]))
else:
self.memwrites.add(address.fromConventional(x[0]))
self.callers = set()
c.execute('select source from calls where destination=?', (str(addr),))
for x in c.fetchall():
self.callers.add(address.fromConventional(x[0]))
c.close()
def getNextOwnedAddress(addr):
c = connection.cursor()
c.execute('select addr from procs where addr > ? order by addr', (str(addr),))
result = c.fetchone()
c.close()
if not result:
return None
return address.fromConventional(result[0])
def getAmbigCalls():
out = set()
c = connection.cursor()
c.execute('select addr from procs where has_ambig_calls=1')
for result in c.fetchall():
addr = address.fromConventional(result[0])
out.add(addr)
return out
def getAll():
c = connection.cursor()
c.execute('select addr from procs order by addr')
out = list()
for result in c.fetchall():
addr = address.fromConventional(result[0])
out.append(addr)
c.close()
return out
def getUnfinished():
c = connection.cursor()
c.execute('select addr from procs where has_ambig_calls=1 and suspicious_switch=0 and has_suspicious_instr=0')
out = list()
for result in c.fetchall():
addr = address.fromConventional(result[0])
out.append(addr)
c.close()
return out
def getDataReferers(data_addr):
reads = set()
writes = set()
c = connection.cursor()
c.execute('select proc, type from memref where addr=?', (str(data_addr),))
for result in c.fetchall():
addr = address.fromConventional(result[0])
if result[1] == 'read':
reads.add(addr)
else:
writes.add(addr)
return reads, writes
def getInteresting():
import operand
out = '<pre>'
c = connection.cursor()
c.execute('select addr from procs where has_ambig_calls=1')
out += 'ambig calls:\n'
for result in c.fetchall():
addr = address.fromConventional(result[0])
out += ' ' + operand.ProcAddress(addr).html() + '\n'
c.execute('select addr from procs where suspicious_switch=1')
out += 'suspicious switch:\n'
for result in c.fetchall():
addr = address.fromConventional(result[0])
out += ' ' + operand.ProcAddress(addr).html() + '\n'
c.execute('select addr from procs where has_suspicious_instr=1')
out += 'suspicious instr:\n'
for result in c.fetchall():
addr = address.fromConventional(result[0])
out += ' ' + operand.ProcAddress(addr).html() + '\n'
c.close()
out += '</pre>'
return out
def produce_map():
romsize = 512*1024
width = 256
height = romsize/width
import Image
img = Image.new('RGB', (width, height))
for i in range(512*1024):
addr = address.fromPhysical(i)
import disasm
if addr.bank() in (0x08, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x1C, 0x1D):
color = (0, 0, 255)
elif addr.bank() == 0x16 and addr.virtual() >= 0x5700:
color = (0, 0, 255)
elif addr.bank() == 0x09 and addr.virtual() >= 0x6700:
color = (0, 0, 255)
elif disasm.cur_rom.get(addr) == 0xFF:
color = (0, 0, 127)
else:
color = (0, 0, 0)
x = i % width
y = i // width
img.putpixel((x, y), color)
c = connection.cursor()
c.execute('select addr, length from procs order by addr')
for result in c.fetchall():
addr = address.fromConventional(result[0])
length = result[1]
for i in range(length):
byte_addr = addr.offset(i).physical()
x = byte_addr % width
y = byte_addr // width
color = (0, 255, 0)
img.putpixel((x, y), color)
c.close()
img.save('data/ownership.png')
print 'image saved'
def getProcByteOwner(byte_addr, ignore_addr=None):
c = connection.cursor()
c.execute('select addr from procs where addr<=? order by addr desc', (str(byte_addr),))
result = c.fetchone()
if not result:
return None
c.close()
proc_addr = address.fromConventional(result[0])
if proc_addr == ignore_addr:
return None
proc = procedure.at(proc_addr)
if byte_addr not in proc.instructions:
return None
return proc_addr
def manualJumptableLimit(addr):
if addr == address.fromConventional("0001:4187"):
return 5
elif addr == address.fromConventional("0001:633D"):
return 2
elif addr == address.fromConventional("0003:4976"):
return 37 # very weird jumptable...
elif addr == address.fromConventional("0018:7175"):
return 5
elif addr == address.fromConventional("0017:430C"):
return 6
elif addr == address.fromConventional("0002:6C1F"):
return 3
elif addr == address.fromConventional("0006:7383"):
return 3
elif addr == address.fromConventional("0006:5824"):
return 5 # weird jumptable
elif addr == address.fromConventional("0018:65B3"):
return 4
elif addr == address.fromConventional("0019:4942"):
return 4
elif addr == address.fromConventional("0015:78E1"):
return 2
elif addr == address.fromConventional("0005:62CD"):
return 5
elif addr == address.fromConventional("0019:4CB3"):
return 2
elif addr == address.fromConventional("0005:461E"):
return 4
elif addr == address.fromConventional("0005:4169"):
return 5
elif addr == address.fromConventional("0019:5B29"):
return 2
elif addr == address.fromConventional("0004:4B52"):
return 2
elif addr == address.fromConventional("0004:6802"):
return 2
elif addr == address.fromConventional("0004:6081"):
return 4
elif addr == address.fromConventional("0004:6EB6"):
return 13
elif addr == address.fromConventional("0006:74C5"):
return 2
elif addr == address.fromConventional("0004:76B4"):
return 6
elif addr == address.fromConventional("0004:4E8C"):
return 4
elif addr == address.fromConventional("0005:7210"):
return 5
def do_GET(self):
print 'get', self.path
if self.path.startswith('/proc/'):
p = self.path.split('/')
self.ok_html()
self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>")
addr = address.fromConventional(p[2])
self.wfile.write(name_form(addr))
proc_page(addr, self.wfile)
self.wfile.write("</body></html>")
elif self.path.startswith('/home'):
self.ok_html()
self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>")
self.wfile.write(database.getInteresting())
self.wfile.write("</body></html>")
elif self.path.startswith('/data/'):
p = self.path.split('/')
self.ok_html()
self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>")
addr = address.fromConventional(p[2])
self.wfile.write(name_form(addr))
self.wfile.write(data_page(addr))
self.wfile.write("</body></html>")
elif self.path.startswith('/jump/'):
p = self.path.split('/')
self.ok_html()
self.wfile.write("<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" /></head><body>")
addr = address.fromConventional(p[2])
self.wfile.write(name_form(addr))
self.wfile.write(jumptable_page(addr))
self.wfile.write("</body></html>")
elif self.path == '/style.css':
self.send_response(200)
self.send_header('Content-type', 'text/css')
self.end_headers()
with open('style.css', 'r') as f:
self.wfile.write(f.read())
elif self.path.startswith('/set-name?'):
q = urlparse(self.path).query
p = parse_qs(q)
print p, q
addr = address.fromConventional(p['addr'][0])
name = p['name'][0]
tag.setNameForAddress(addr, name)
self.redirect(self.headers['Referer'])
else:
self.send_response(404)
self.end_headers()
def search():
"""
input = [
address.fromConventional("0003:6A4B"),
address.fromConventional("0019:4461"),
address.fromConventional("0003:66BF"),
address.fromConventional("0018:7B61"),
address.fromConventional("0003:69C9"),
address.fromConventional("0003:5397"),
address.fromConventional("0003:52BE"),
address.fromConventional("0007:7AE3"),
address.fromConventional("0018:7930"),
address.fromConventional("0003:5844"),
address.fromConventional("0003:6A3D"),
address.fromConventional("0003:5882"),
address.fromConventional("0003:6AE7"),
address.fromConventional("0006:79CD"),
address.fromConventional("0004:7E6B"),
address.fromConventional("0006:7547"),
address.fromConventional("0004:5C04"),
address.fromConventional("0004:5BFF"),
address.fromConventional("0004:5C04"),
#address.fromConventional("0003:5A35"),
address.fromConventional("0007:785E"),
address.fromConventional("0006:797B"),
address.fromConventional("0006:6641"),
address.fromConventional("0006:6641"),
address.fromConventional("0006:7470"),
address.fromConventional("0006:673C"),
address.fromConventional("0006:4ACE"),
address.fromConventional("0006:7CFC"),
address.fromConventional("0006:7CD0"),
address.fromConventional("0015:4EAB"),
address.fromConventional("0006:7F5F"),
address.fromConventional("0006:4F5D"),
address.fromConventional("0006:7727"),
address.fromConventional("0006:65FB"),
address.fromConventional("0006:7EB5"),
address.fromConventional("0003:50B4"),
#address.fromConventional("0003:4D1E"),
#address.fromConventional("0003:4D1E"),
address.fromConventional("0006:760B"),
address.fromConventional("0019:6765"),
address.fromConventional("0004:5A8B"),
address.fromConventional("0004:6C2B"),
address.fromConventional("0015:75E5"),
address.fromConventional("0007:76BC"),
address.fromConventional("0003:5D7F"),
address.fromConventional("0003:60C0"),
address.fromConventional("0003:617D"),
address.fromConventional("0003:5CD0"),
address.fromConventional("0003:5BDC"),
address.fromConventional("0003:5BCB"),
address.fromConventional("0003:5BB0"),
address.fromConventional("0003:5BA0"),
address.fromConventional("0003:5A9C"),
address.fromConventional("0003:5A39"),
address.fromConventional("0003:609D"),
address.fromConventional("0003:5FEE"),
address.fromConventional("0003:5DDA"),
address.fromConventional("0003:5D92"),
address.fromConventional("0003:6083"),
address.fromConventional("0003:6029"),
address.fromConventional("0003:5FFF"),
address.fromConventional("0005:4DE5"),
address.fromConventional("0005:4915"),
address.fromConventional("0005:47E1"),
address.fromConventional("0006:6801"),
address.fromConventional("0018:5E68"),
address.fromConventional("0015:4494"),
address.fromConventional("0015:443F"),
address.fromConventional("0015:4365"),
address.fromConventional("0015:40FD"),
address.fromConventional("0015:41C7"),
address.fromConventional("0015:423A"),
address.fromConventional("0015:42AD"),
address.fromConventional("0003:5395"),
address.fromConventional("0004:7679"),
address.fromConventional("0004:762B"),
address.fromConventional("0004:6E46"),
address.fromConventional("0006:7AB3"),
address.fromConventional("0004:6971"),
address.fromConventional("0004:67E6"),
address.fromConventional("0004:67E6"),
address.fromConventional("0004:5F59"),
address.fromConventional("0004:7D80"),
address.fromConventional("0004:7C90"),
address.fromConventional("0004:5DE9"),
address.fromConventional("0004:5EF7"),
address.fromConventional("0004:569D"),
address.fromConventional("0004:5072"),
address.fromConventional("0004:49C1"),
address.fromConventional("0004:4009"),
address.fromConventional("0005:6C41"),
address.fromConventional("0005:7B05"),
address.fromConventional("0007:694D"),
address.fromConventional("0005:67CD"),
address.fromConventional("0019:4216"),
address.fromConventional("0005:6261"),
address.fromConventional("0005:59BB"),
address.fromConventional("0018:5DEF"),
address.fromConventional("0005:54AA"),
address.fromConventional("0015:4324"),
address.fromConventional("0005:549F"),
address.fromConventional("0015:7458"),
address.fromConventional("0018:53C2"),
address.fromConventional("0005:529E"),
address.fromConventional("0018:5D8B"),
address.fromConventional("0005:452E"),
address.fromConventional("0005:4038"),
address.fromConventional("0006:6BB4"),
address.fromConventional("0019:4894"),
address.fromConventional("0006:6248"),
address.fromConventional("0006:60C3"),
address.fromConventional("0006:60C3"),
address.fromConventional("0006:6248"),
address.fromConventional("0018:4DBF"),
address.fromConventional("0018:4CA4"),
address.fromConventional("0018:4B33"),
address.fromConventional("0006:5CE8"),
address.fromConventional("0006:5ABE"),
address.fromConventional("0006:5C4E"),
address.fromConventional("0006:5D5C"),
address.fromConventional("0006:5EFD"),
address.fromConventional("0006:62DE"),
address.fromConventional("0006:63CD"),
address.fromConventional("0006:642A"),
address.fromConventional("0018:72C6"),
address.fromConventional("0006:6A88"),
address.fromConventional("0006:6C58"),
address.fromConventional("0006:6ED4"),
address.fromConventional("0006:7066"),
address.fromConventional("0006:71C9"),
address.fromConventional("0006:7339"),
address.fromConventional("0006:7C19"),
address.fromConventional("0006:56B5"),
address.fromConventional("0006:53A1"),
address.fromConventional("0006:5107"),
address.fromConventional("0006:5049"),
address.fromConventional("0006:5049"),
address.fromConventional("0006:4EBF"),
address.fromConventional("0006:4F36"),
address.fromConventional("0006:4B92"),
address.fromConventional("0019:4777"),
address.fromConventional("0006:4949"),
address.fromConventional("0006:4247"),
address.fromConventional("0006:451B"),
address.fromConventional("0006:4150"),
address.fromConventional("0007:70AD"),
address.fromConventional("0006:4020"),
address.fromConventional("0019:5AFD"),
address.fromConventional("0019:4805"),
address.fromConventional("0007:7503"),
address.fromConventional("0007:7444"),
address.fromConventional("0007:7314"),
address.fromConventional("0007:71B4"),
address.fromConventional("0007:715E"),
address.fromConventional("0019:4022"),
address.fromConventional("0007:7031"),
address.fromConventional("0007:63F1"),
address.fromConventional("0007:6525"),
address.fromConventional("0007:666D"),
address.fromConventional("0007:61FB"),
address.fromConventional("0007:60BD"),
address.fromConventional("0007:60BD"),
address.fromConventional("0007:6198"),
address.fromConventional("0007:5F54"),
address.fromConventional("0007:5B47"),
address.fromConventional("0007:5D87"),
address.fromConventional("0007:597C"),
address.fromConventional("0019:680A"),
address.fromConventional("0019:680A"),
address.fromConventional("0019:687E"),
address.fromConventional("0007:55D5"),
address.fromConventional("0007:53DC"),
address.fromConventional("0007:52C6"),
address.fromConventional("0007:5109"),
address.fromConventional("0007:4F03"),
address.fromConventional("0015:751C"),
address.fromConventional("0007:4A88"),
address.fromConventional("0007:4CA8"),
address.fromConventional("0007:49A3"),
address.fromConventional("0007:480D"),
address.fromConventional("0007:44D3"),
address.fromConventional("0007:4272"),
address.fromConventional("0018:772B"),
address.fromConventional("0018:77EA"),
address.fromConventional("0007:4015"),
address.fromConventional("0018:6FA8"),
address.fromConventional("0018:69C7"),
address.fromConventional("0018:64A7"),
address.fromConventional("0018:6362"),
address.fromConventional("0018:627D"),
address.fromConventional("0018:6176"),
address.fromConventional("0018:5EB6"),
address.fromConventional("0018:4000"),
address.fromConventional("0018:54F7"),
address.fromConventional("0015:73C9"),
address.fromConventional("0015:734E"),
address.fromConventional("0018:451D"),
address.fromConventional("0018:5298"),
address.fromConventional("0018:50FC"),
address.fromConventional("0018:4E40"),
address.fromConventional("0018:49F5"),
address.fromConventional("0015:44BD"),
address.fromConventional("0019:6B97"),
address.fromConventional("0018:4957"),
address.fromConventional("0019:6E13"),
#address.fromConventional("0018:5132"), #
#address.fromConventional("0018:5180"), # cannot be included until 0018:5168 problems resolved
#address.fromConventional("0018:525D"), #
address.fromConventional("0018:51CA"),
address.fromConventional("0019:5D58"),
address.fromConventional("0019:5918"),
address.fromConventional("0019:5817"),
address.fromConventional("0019:55F3"),
address.fromConventional("0019:56E8"),
address.fromConventional("0019:54C1"),
address.fromConventional("0019:5344"),
address.fromConventional("0019:52E4"),
address.fromConventional("0019:518A"),
address.fromConventional("0019:4C9A"),
address.fromConventional("0019:4A1C"),
address.fromConventional("0019:4527"),
address.fromConventional("0015:768A"),
address.fromConventional("0015:78AC"),
address.fromConventional("0015:4D58"),
address.fromConventional("0015:4BF5"),
address.fromConventional("0015:46BE"),
address.fromConventional("0006:7C19"),
address.fromConventional("0015:5096"),
address.fromConventional("0015:409A"),
address.fromConventional("0017:7547"),
address.fromVirtual(0x100), address.fromVirtual(0x40), address.fromVirtual(0x48)
]
#input = [address.fromVirtual(0x100), address.fromVirtual(0x40), address.fromVirtual(0x48)]
"""
input = [
# in 0000:0C40
address.fromConventional("0002:5023"),
address.fromConventional("0002:4D92"),
address.fromConventional("0002:490E"),
address.fromConventional("0002:4D00"),
address.fromConventional("0002:4F30"),
address.fromConventional("0002:50A2"),
address.fromConventional("0002:4EFF"),
# in 0000:0B53
address.fromConventional("0002:5DD5"),
address.fromConventional("0002:5731"),
]
import database
#database.setInitial(input)
input = database.getAll()
#input = database.getUnfinished()
procs = set(input)
callers = defaultdict(set)
to_update = list(input)
for i in range(5000):
if not to_update:
break
x = to_update.pop()
#if x.bank() in (0x1E, 0x1F, 0x1B):
# continue
print i, 'updating', x
import flow
flow.refresh(x)
calls = flow.at(x).calls() | flow.at(x).tailCalls()
for c in calls:
callers[c].add(x)
if c not in procs:
#print 'found new proc:', c
database.reportProc(c)
#procs.add(c)
#to_update.insert(0, c)
#affected = set()
#for c in callers[x]:
# if database.procInfo(x).has_ambig_calls:
# affected.add(x)
#to_update = list(affected - set(to_update)) + to_update
print 'saving dot'
save_dot(procs)
print 'saved dot'
