def markSwitchTables(self, sc, aggressive=True):
"""Help IDA by marking all of the needed information from the observed switch tables.
Args:
sc (segment): (sark) code segment in which we are interested right now
aggressive (bool, optional): True iff the marking operation should be aggressive, see notes. (True by default)
Notes
-----
1. Make sure the switch case jump instruction is indeed a code line
2. Make sure the jump instruction has a code reference to all of the switch cases
3. (Aggressive) Make sure each switch table entry is a proper code pointer to it's matching case
4. (Aggressive) Enforce the correct code type over the entire gap between the minimal and maximal case
"""
for switch_instr, table_start, table_end in [
x for x in self._switch_case_entries
if sc.start_ea <= x[0] and x[1] < sc.end_ea
]:
cases = []
if not sark.Line(switch_instr).is_code:
ida_bytes.del_items(switch_instr, 0,
self._analyzer.addressSize())
idc.create_insn(switch_instr)
for ea in range(table_start, table_end,
self._analyzer.addressSize()):
entry = self._analyzer.parseAdderss(ea)
if aggressive:
self._analyzer.markCodePtr(ea, entry)
fixed_entry = self._analyzer.cleanPtr(entry)
cases.append(fixed_entry)
idc.add_cref(switch_instr, fixed_entry,
idc.XREF_USER | idc.dr_O)
if aggressive:
self._analyzer.setCodeType(min(cases), max(cases),
self._analyzer.ptrCodeType(entry))
def ida_apply_xrefs(xrefs):
if len(xrefs) == 0:
print('No indirect XREFS to apply')
else:
for src_addr, target_addr, mnemonic in xrefs:
if mnemonic == 'jmp':
success = idc.add_cref(src_addr, target_addr, idc.fl_JF)
elif mnemonic == 'call':
success = idc.add_cref(src_addr, target_addr, idc.fl_CF)
else: # mnemonic == 'ret'
success = idc.add_cref(src_addr, target_addr, idc.fl_JF)
if success:
print('Create {} Xref: {:#x} -> {:#x}'.format(
mnemonic, src_addr, target_addr))
else:
print('Failed to create {} Xref: {:#x} -> {:#x}'.format(
mnemonic, src_addr, target_addr))
def markCodePtr(self, src, dest, aggressive=True):
"""Mark a code pointer from src to dest.
Args:
src (int): effective address for the pointer's location
dest (int): effective address for the pointed code address
aggressive (bool, optional): True iff should redefine the src & dest (True by default)
"""
clean_dest = self.cleanPtr(dest)
if aggressive:
ida_bytes.del_items(src, 0, self.addressSize())
if self.makeAddress(src):
idc.add_dref(src, clean_dest, idc.XREF_USER | idc.dr_O)
idc.add_cref(src, clean_dest, idc.XREF_USER | idc.dr_O)
ida_offset.op_offset(src, 0, idc.REF_OFF32)
if aggressive:
ida_bytes.del_items(dest, 0, self.addressSize())
idc.create_insn(self.cleanPtr(dest))