def __process_exports(self):
exports = list()
for i in range(0, ida_entry.get_entry_qty()):
ordinal = ida_entry.get_entry_ordinal(i)
ea = ida_entry.get_entry(ordinal)
flags = ida_bytes.get_full_flags(ea)
type = 'unknown'
if ida_bytes.is_func(flags):
type = 'function'
elif ida_bytes.is_data(flags):
type = 'data'
export = {
'ordinal': ordinal,
'rva': ea - self._base,
'name': ida_entry.get_entry_name(ordinal),
'type': type
}
exports.append(export)
return exports
def iter_exports():
"""
Iterate API exports.
:yield: (ea, name)
"""
for i in range(ida_entry.get_entry_qty()):
ordinal = ida_entry.get_entry_ordinal(i)
ea = ida_entry.get_entry(ordinal)
name = ida_entry.get_entry_name(ordinal)
yield ea, name
def Entries():
"""
Returns a list of entry points
@return: List of tuples (index, ordinal, ea, name)
"""
n = ida_entry.get_entry_qty()
for i in xrange(0, n):
ordinal = ida_entry.get_entry_ordinal(i)
ea = ida_entry.get_entry(ordinal)
name = ida_entry.get_entry_name(ordinal)
yield (i, ordinal, ea, name)
def do_the_magic():
start_time = time.time()
# Turn any known GUIDs found into GUID structures
print("Updating GUIDs...")
tools.update_guids(os.path.join(EfiTools.base_dir, "guids", "db.ini"))
tools.update_guids(
os.path.join(EfiTools.base_dir, "guids", "custom.ini"))
for idx in range(0, get_entry_qty()):
entry = get_entry(get_entry_ordinal(idx))
print(
"Performing initial structure updates starting at entry point ({:#x})..."
.format(entry))
tools.update_structs_from_regs(entry,
rdx=Structure("EFI_SYSTEM_TABLE"))
print("Updating structures from xrefs...")
tools.update_structs_from_xrefs()
print("Searching for EFI protocols...")
protocols = tools.update_protocols()
print("Updating structures from lvars...")
tools.update_structs_from_lvars(protocols)
print("Updating structures from xrefs...")
tools.update_structs_from_xrefs()
print("Searching for EFI protocols...")
protocols = tools.update_protocols()
print("Updating structures from lvars...")
tools.update_structs_from_lvars(protocols)
for protocol in protocols:
print(protocol.name)
print(" GUID : %s" % protocol.guid.as_uuid())
print(" Interface : %s" % protocol.interface)
print(" Introduced at : 0x%X" % protocol.introduced_at)
print(" Class : %s" %
str(protocol.__class__).split(".")[-1])
print("Finished in %f seconds" % (time.time() - start_time))
def main():
print("Waiting for autoanalysis...")
ida_auto.auto_wait()
if init_hexrays():
eqty = ida_entry.get_entry_qty()
if eqty:
idbpath = idc.get_idb_path()
cpath = idbpath[:-4] + ".c"
with open(cpath, "w") as outfile:
print("writing results to '%s'..." % cpath)
for i in range(eqty):
ea = ida_entry.get_entry(ida_entry.get_entry_ordinal(i))
decompile_func(ea, outfile)
else:
print("No known entrypoint. Cannot decompile.")
if ida_kernwin.cvar.batch:
print("All done, exiting.")
ida_pro.qexit(0)
import ida_idp
import ida_entry
ida_auto.auto_wait()
ALL_DECOMPILERS = {
ida_idp.PLFM_386: ("hexrays", "hexx64"),
ida_idp.PLFM_ARM: ("hexarm", "hexarm64"),
ida_idp.PLFM_PPC: ("hexppc", "hexppc64"),
ida_idp.PLFM_MIPS: ("hexmips", "hexmips64"),
}
pair = ALL_DECOMPILERS.get(ida_idp.ph.id, None)
if pair:
decompiler = pair[1 if ida_ida.cvar.inf.is_64bit() else 0]
if ida_loader.load_plugin(
decompiler) and ida_hexrays.init_hexrays_plugin():
eqty = ida_entry.get_entry_qty()
if eqty:
ea = ida_entry.get_entry(ida_entry.get_entry_ordinal(0))
print("Decompiling at: %X" % ea)
cf = ida_hexrays.decompile(ea)
if cf:
print(cf)
else:
print("Decompilation failed")
else:
print("No known entrypoint. Cannot decompile.")
else:
print("Couldn't load or initialize decompiler: \"%s\"" % decompiler)
else:
print("No known decompilers for architecture with ID: %d" % ida_idp.ph.id)
def get_binary_with_functions():
binary = {}
# if rebase == 1:
# rebase_program(-1 * get_imagebase(), 0)
binary_name = get_input_file_path()
binary['name'] = binary_name
binary['sha256'] = get_bin_hash()
binary['base'] = get_imagebase()
binary['entry_points'] = [get_entry(i) for i in range(get_entry_qty())]
info = get_inf_structure()
bits = "b32"
endian = "be"
endian = "be" if info.is_be() else "le"
if info.is_32bit():
bits = "b32"
if info.is_64bit():
bits = "b64"
binary['architecture'] = get_processor()
binary['endian'] = endian
binary['bits'] = bits
binary['disassembler'] = 'ida'
binary['compiler'] = get_compiler_name(info.cc.id)
# binary['description'] = ""
strs = Strings()
strs.setup(strtypes=[i for i in range(11)])
binary['strings'] = {st.ea: str(st) for st in strs if st.length > 1}
binary['data'] = {}
import_modules = set()
import_functions = {}
nimps = get_import_module_qty()
for i in range(0, nimps):
name = get_import_module_name(i)
if not name:
print("Failed to get import module name for #%d" % i)
continue
name = name.lower()
def imp_cb(ea, f_name, ord):
if f_name and ea:
if f_name.startswith("__imp_"):
f_name = f_name[len("__imp_"):]
f_name = str(f_name).strip()
import_functions[ea] = (name, f_name, str(ord))
return True
import_modules.add(name.strip())
enum_import_names(i, imp_cb)
binary['import_modules'] = list(import_modules)
binary['import_functions'] = import_functions
binary['export_functions'] = get_exports()
binary['disassembled_at'] = now_str()
binary['seg'] = {}
for seg_ea in Segments():
binary['seg'][seg_ea] = idc.get_segm_name(seg_ea)
functions = get_functions()
binary['functions_count'] = len(functions)
return binary, functions
import ida_loader
import ida_hexrays
import ida_idp
import ida_entry
ida_auto.auto_wait()
ALL_DECOMPILERS = {
ida_idp.PLFM_386 : ("hexrays", "hexx64"),
ida_idp.PLFM_ARM : ("hexarm", "hexarm64"),
ida_idp.PLFM_PPC : ("hexppc", "hexppc64"),
}
pair = ALL_DECOMPILERS.get(ida_idp.ph.id, None)
if pair:
decompiler = pair[1 if ida_ida.cvar.inf.is_64bit() else 0]
if ida_loader.load_plugin(decompiler) and ida_hexrays.init_hexrays_plugin():
eqty = ida_entry.get_entry_qty()
if eqty:
ea = ida_entry.get_entry(ida_entry.get_entry_ordinal(0))
print("Decompiling at: %X" % ea)
cf = ida_hexrays.decompile(ea)
if cf:
print(cf)
else:
print("Decompilation failed")
else:
print("No known entrypoint. Cannot decompile.")
else:
print("Couldn't load or initialize decompiler: \"%s\"" % decompiler)
else:
print("No known decompilers for architecture with ID: %d" % ida_idp.ph.id)
