def get_guid(address):
"""get GUID located by address"""
guid = list()
guid.append(idc.get_wide_dword(address))
guid.append(idc.get_wide_word(address + 4))
guid.append(idc.get_wide_word(address + 6))
for addr in range(address + 8, address + 16, 1):
guid.append(idc.get_wide_byte(addr))
return guid
def GetDyn():
phoff = idc.get_wide_dword(ida_ida.inf_get_min_ea() +
0x1c) + ida_ida.inf_get_min_ea()
phnum = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x2c)
phentsize = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x2a)
for i in range(phnum):
p_type = idc.get_wide_dword(phoff + phentsize * i)
if p_type == 2: # PY_DYNAMIC
dyn_addr = idc.get_wide_dword(phoff + phentsize * i + 8)
return dyn_addr
def get_data_guids(self):
'''
rename GUIDs in idb
'''
EFI_GUID = 'EFI_GUID *'
EFI_GUID_ID = idc.get_struc_id('EFI_GUID')
segments = ['.text', '.data']
for segment in segments:
seg_start, seg_end = 0, 0
for seg in idautils.Segments():
if idc.get_segm_name(seg) == segment:
seg_start = idc.get_segm_start(seg)
seg_end = idc.get_segm_end(seg)
break
ea = seg_start
while (ea <= seg_end - 15):
prot_name = ''
if idc.get_name(ea, ida_name.GN_VISIBLE).find('unk_') != -1:
find = False
cur_guid = []
cur_guid.append(idc.get_wide_dword(ea))
cur_guid.append(idc.get_wide_word(ea + 4))
cur_guid.append(idc.get_wide_word(ea + 6))
for addr in range(ea + 8, ea + 16, 1):
cur_guid.append(idc.get_wide_byte(addr))
if cur_guid == [0] * 11:
ea += 1
continue
for guid_place in [
'ami_guids', 'asrock_guids', 'dell_guids',
'edk_guids', 'edk2_guids', 'lenovo_guids'
]:
for name in self.Protocols[guid_place]:
if self.Protocols[guid_place][name] == cur_guid:
prot_name = name + '_' + \
'{addr:#x}'.format(addr=ea)
record = {
'address': ea,
'service': 'unknown',
'guid': cur_guid,
'protocol_name': name,
'protocol_place': guid_place
}
find = True
break
if find:
break
if find and (idc.get_name(ea, ida_name.GN_VISIBLE) !=
prot_name):
idc.SetType(ea, EFI_GUID)
self.apply_struct(ea, 16, EFI_GUID_ID)
idc.set_name(ea, prot_name)
self.Protocols['data'].append(record)
ea += 1
def get_data_guids(self):
"""rename GUIDs in idb"""
EFI_GUID = "EFI_GUID"
EFI_GUID_ID = idc.get_struc_id("EFI_GUID")
segments = [".text", ".data"]
for segment in segments:
seg_start, seg_end = 0, 0
for seg in idautils.Segments():
if idc.get_segm_name(seg) == segment:
seg_start = idc.get_segm_start(seg)
seg_end = idc.get_segm_end(seg)
break
ea = seg_start
while ea <= seg_end - 15:
prot_name = str()
if "unk" in idc.get_name(ea, ida_name.GN_VISIBLE):
find = False
cur_guid = list()
cur_guid.append(idc.get_wide_dword(ea))
cur_guid.append(idc.get_wide_word(ea + 4))
cur_guid.append(idc.get_wide_word(ea + 6))
for addr in range(ea + 8, ea + 16, 1):
cur_guid.append(idc.get_wide_byte(addr))
if cur_guid == [0] * 11:
ea += 1
continue
for guid_place in [
"ami_guids",
"asrock_guids",
"dell_guids",
"edk_guids",
"edk2_guids",
"lenovo_guids",
]:
for name in self.Protocols[guid_place]:
if self.Protocols[guid_place][name] == cur_guid:
prot_name = f"{name}_{ea:016X}"
record = {
"address": ea,
"service": "unknown",
"guid": cur_guid,
"protocol_name": name,
"protocol_place": guid_place,
}
find = True
break
if find:
break
if find and (idc.get_name(ea, ida_name.GN_VISIBLE) != prot_name):
idc.SetType(ea, EFI_GUID)
self.apply_struct(ea, 16, EFI_GUID_ID)
idc.set_name(ea, prot_name)
self.Protocols["data"].append(record)
ea += 1
def get_cmmt(ea,offset):
addr = idc.get_wide_word(offset)+0x400000
text = idc.get_strlit_contents(addr)
if text is not None:
text = str(text,encoding="utf-8")
print("0x%x %s addr:0x%x "%(offset,text,addr))
set_cmmts(ea,text)
def run(self, arg):
arch = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x12)
if arch == 0x3E: # EM_X86_64
PltResolver64()
elif arch == 0x3: # EM_386
PltResolver32()
else:
print('[-] Only support EM_X86_64 and EM_386')
return 1
def activate(self, ctx):
print(ctx)
arch = idc.get_wide_word(ida_ida.inf_get_min_ea() + 0x12)
if arch == 0x3E: # EM_X86_64
PltResolver64(self.debug_mode)
elif arch == 0x3: # EM_386
PltResolver32(self.debug_mode)
else:
print('[-] Only support EM_X86_64 and EM_386')
return 1
def find_bl_targets(text_start, text_end):
targets = set()
for pc in range(text_start, text_end, 4):
d = idc.get_wide_word(pc)
if (d & 0xfc000000) == 0x94000000:
imm = d & 0x3ffffff
if imm & 0x2000000:
imm |= ~0x1ffffff
if 0 <= imm <= 2:
continue
target = pc + imm * 4
if target >= text_start and target < text_end:
targets.add(target)
return targets
def load(self, addr, dtyp):
if addr is Unknown:
return Unknown
if not is_mapped_data(addr):
return Unknown
if dtyp == idaapi.dt_qword:
return idc.get_qword(addr)
elif dtyp == idaapi.dt_dword:
return idc.get_wide_dword(addr)
elif dtyp == idaapi.dt_word:
return idc.get_wide_word(addr)
elif dtyp == idaapi.dt_byte:
return idc.get_wide_byte(addr)
return Unknown
def read_word(ea, wordsize=WORD_SIZE):
"""Get the word at the given address.
Words are read using Byte(), Word(), Dword(), or Qword(), as appropriate. Addresses are checked
using is_mapped(). If the address isn't mapped, then None is returned.
"""
if not is_mapped(ea, wordsize):
return None
if wordsize == 1:
return idc.get_wide_byte(ea)
if wordsize == 2:
return idc.get_wide_word(ea)
if wordsize == 4:
return idc.get_wide_dword(ea)
if wordsize == 8:
return idc.get_qword(ea)
raise ValueError('Invalid argument: wordsize={}'.format(wordsize))
def resolve_calls_through_register(ea):
next_instr_addr = idc.get_wide_dword(ea + 1)
# Check if that's just a parameter passing through stack
if ea & 0xFFFF0000 != next_instr_addr & 0xFFFF0000:
return
if next_instr_addr - ea > 0x100:
return
if idc.get_wide_byte(ea + 6) & 0xF0 in [0x20, 0xE0]:
call_param = 0x9000 + idc.get_wide_byte(ea + 6) ^ 0x30
else:
call_param = idc.get_wide_word(ea + 6) ^ 0x30
fill_with_nops(ea, next_instr_addr)
idc.patch_byte(ea, 0xFF)
idc.patch_word(ea + 1, call_param)
idc.create_insn(ea)
return True
def getWordValue(self, addr):
return idc.get_wide_word(addr)
def cmd_get_word(self, addr):
return str(idc.get_wide_word(int(addr, 0)))
def load_file(li, neflags, format):
li.seek(0)
magic = li.read(3)
version = ord(li.read(1))
size = struct.unpack("<L", li.read(4))[0]
selector = 0
offset = 0
set_processor_type("SWF-AS3", SETPROC_LOADER)
if (magic == "CWS"):
compressed = li.read(size-8)
data = zlib.decompress(compressed)
set_selector(selector, 0)
add_segm(selector, offset, size, None, None, ADDSEG_QUIET)
set_segm_addressing(getseg(offset), 1)
put_bytes(0, "F")
put_bytes(1, "W")
put_bytes(2, "S")
put_bytes(3, chr(version))
put_bytes(4, struct.pack("<L", size))
put_bytes(8, data)
else:
li.file2base(offset, offset, size, idaapi.FILEREG_PATCHABLE)
end = 0xC + read_rect_size(li)
set_selector(selector, 0)
add_segm(selector, offset, end, "Header", "UNDEF")
set_segm_addressing(getseg(offset), 1)
while (offset < size):
try:
selector += 1
offset = end
tag_code_and_length = idc.get_wide_word(offset)
tag_type = tag_code_and_length >> 6
length = tag_code_and_length & 0x3F
if (length == 0x3F):
length = idc.get_wide_dword(offset + 2)
end = offset + 6 + length
else:
end = offset + 2 + length
set_selector(selector, 0)
if (tag_type in types):
if (types[tag_type] in code):
add_segm(selector, offset, end, types[tag_type], "CODE")
else:
add_segm(selector, offset, end, types[tag_type], "DATA")
set_segm_addressing(getseg(offset), 1)
if (types[tag_type] == "End"):
break
else:
add_segm(selector, offset, end, "Tag%02X" % tag_type, "DATA")
set_segm_addressing(getseg(offset), 1)
except:
break
disable_auto(0 , size)
return 1
