def make_func(func, name): t_reg = func & 1 # 0 = ARM, 1 = THUMB func -= t_reg for i in range(4): idc.SetReg(func + i, "T", t_reg) idc.MakeFunction(func) if name: idc.MakeName(func, name)
def setCodeType(self, ea_start, ea_end, code_type): """Set the code type for the given address range. Args: ea_start (int): effective address for the start of the range ea_end (int): effective address for the end of the range code_type (int): wanted code type for the code range """ for offset in xrange(ea_end - ea_start): idc.SetReg(ea_start + offset, 'T', code_type)
def load_file(li, neflags, fmt): # Assume BCM20734 == cortex-m3 idaapi.set_processor_type('arm:armv7-m', idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL) parser = FwParser(li) fw_index = parser.active_fw if len(parser.fw) > 1: msg = ['SPI dump has more than one PatchRAM image.\n\nEnter the index of the one to load:'] for i in range(len(parser.fw)): if parser.fw_present(i): msg.append('%i @ 0x%08x %s' % (i, parser.fw_offsets[i], '[active]' if i == parser.active_fw else '')) fw_index = ida_kernwin.asklong(parser.active_fw, '\n'.join(msg)) # Create known memory regions make_seg([0x0, 0xC8000], 1) make_seg([0x260000, 0x26C000], 1) make_seg([0xD0000, 0xE0000]) make_seg([0x200000, 0x248000]) load_bin_file(0x0, "Choose ROM 1 (@0x000000)") load_bin_file(0x260000, "Choose ROM 2 (@0x260000)") load_bin_file(0xD0000, "Choose RAM_LO (@0x0D0000)") load_bin_file(0x200000, "Choose RAM_HI (@0x200000)") # The PatchRAM changes will show up as patched bytes load_rampatch = 0 if ram_loaded == 0: load_rampatch = ida_kernwin.askbuttons_c('Yes', 'No', 'Not sure', 1,'Do you want to patch ROM 1 and RAM regions with the provided PatchRAM?\n\n') if load_rampatch == 1: print('Patching ROM1, RAM_LO and RAM_HI:') parser.process({0x08 : lambda r: idaapi.patch_many_bytes(r.addr, r.data), 0x0a : lambda r: idaapi.patch_many_bytes(r.addr, r.data)}, fw_index) print('ROM 1, RAM_LO and RAM_HI regions were patched.') elif ram_loaded == 1: print('Patching ROM1:') parser.process({0x08 : lambda r: idaapi.patch_many_bytes(r.addr, r.data)}, fw_index) print('Only one RAM region loaded. ROM 1 was patched.') elif ram_loaded == 2: load_rampatch = ida_kernwin.askbuttons_c('Yes', 'No', 'Not sure', 0,'RAM_LO and RAM_HI were loaded.\n\nDo you want to patch them with the provided PatchRAM?\n\n') if load_rampatch == -1 or load_rampatch == 0: print('Patching ROM1:') parser.process({0x08 : lambda r: idaapi.patch_many_bytes(r.addr, r.data)}, fw_index) print('RAM_LO and RAM_HI loaded. ROM 1 was patched.') elif load_rampatch == 1: print('Patching ROM1, RAM_LO and RAM_HI:') parser.process({0x08 : lambda r: idaapi.patch_many_bytes(r.addr, r.data), 0x0a : lambda r: idaapi.patch_many_bytes(r.addr, r.data)}, fw_index) print('RAM_LO and RAM_HI loaded. ROM 1 and both RAM regions were patched.') # Code is THUMB only idc.SetReg(0x0, 't', 1) return 1
def load_dbg_file(fn): with open(fn, "rb") as fin: magic = fin.read(4) if magic != FILE_MAGIC: print "[ERROR] File magic is incorrect: " + magic + ", provide valid DBG file!" return -1 junk = fin.read(8) dump_info(fin) junk = fin.read(8) i = 0 pMode = THUMB idc.SetReg(0x0, "T", THUMB) while i < 10: fname, begin, end, mode = get_symbol(fin) if "/" in fname: print "[#] End of symbol region is reached. We are done!" break if DBG: print "[*] Name: " + fname + " Start: " + hex( begin) + " End: " + hex(end) + " ARM mode: " + str(mode) i += 1 # if pMode != mode: # ret = idc.SetReg(begin, "T", mode) # if not ret: # print "[ERROR] Failed to set segment register" # continue # else: # pMode = mode ret = idc.SetReg(begin, "T", mode) if not ret: print "[ERROR] Failed to set segment register" continue create_function(fname, begin, end, mode) print_stat()
def make_func (self, ea): """ creates a function starting at address ea any existing functions/code will be undefined at this address """ funcEA = idaapi.get_func (ea) if funcEA: DelFunction (funcEA.startEA) # FIXME if (isArm): ea = ea & -2 # make sure it is aligned MakeUnknown (ea, self.maxInsCnt, idc.DOUNK_EXPAND) for i in range (ea, ea+self.maxInsCnt): idc.SetReg(i, "T", 1) # set thumb mode AnalyzeArea (ea, ea+self.maxInsCnt) return MakeCode (ea) else: MakeUnknown (ea, 100, idc.DOUNK_EXPAND) AnalyzeArea (ea, ea+100) MakeCode (ea) return MakeFunction (ea, BADADDR)
def set_breakpoint(ea, isthumb=1): idc.SetReg(ea, "T", 1) idc.MakeCode(ea) idc.add_bpt(ea)