def _process_offsets_section(segstart, next_offset): """Process all the offsets in a __got section.""" for offset, ea in idau.ReadWords(segstart, idc.SegEnd(segstart), addresses=True): if not offset_name_target(idau.get_ea_name(ea)): # This is not a previously named offset. if idau.is_mapped(offset, value=False): _process_offset(offset, ea, next_offset) else: _log(-1, 'Offset {:#x} at address {:#x} is unmapped', offset, ea)
def initialize_data_offsets(): """Convert offsets in data segments into offsets in IDA. Segment names must be initialized with segments.initialize_segments() first. """ # Normally, for user-space programs, this operation would be dangerous because there's a good # chance that a valid userspace address would happen to show up in regular program data that is # not actually an address. However, since kernel addresses are numerically much larger, the # chance of this happening is much less. for seg in idautils.Segments(): name = idc.SegName(seg) if not (name.endswith('__DATA_CONST.__const') or name.endswith('__got') or name.endswith('__DATA.__data')): continue for word, ea in idau.ReadWords(seg, idc.SegEnd(seg), addresses=True): if idau.is_mapped(word, value=False): idc.OpOff(ea, 0, 0)
def _process_stub_template_1(stub): """A template to match the following stub pattern: ADRP X<reg>, #<offset>@PAGE LDR X<reg>, [X<reg>, #<offset>@PAGEOFF] BR X<reg> """ adrp, ldr, br = idau.Instructions(stub, count=3) if (adrp.itype == idaapi.ARM_adrp and adrp.Op1.type == idaapi.o_reg and adrp.Op2.type == idaapi.o_imm and ldr.itype == idaapi.ARM_ldr and ldr.Op1.type == idaapi.o_reg and ldr.Op2.type == idaapi.o_displ and ldr.auxpref == 0 and br.itype == idaapi.ARM_br and br.Op1.type == idaapi.o_reg and adrp.Op1.reg == ldr.Op1.reg == ldr.Op2.reg == br.Op1.reg): offset = adrp.Op2.value + ldr.Op2.addr target = idau.read_word(offset) if target and idau.is_mapped(target): return target
def process_gap(segname, gapno, start, end): mapped = idau.is_mapped(start) log_gap(gapno, start, end, mapped) if mapped: name = 'HEADER' if start == mach_header else '__gap_' + str(gapno) process_region(segname, name, start, end)
def is_tagged_pointer(value): return is_tagged_pointer_format(value) and \ idau.is_mapped(tagged_pointer_untag(value), value=False)