def map_exports(exports, verbose=True):
""" gets an array of [(vaddress, name),..] and writes it to db"""
if verbose:
print "[+] going for %d exports" % (len(exports))
for addr, export_name in exports:
print "[+] creating export", export_name
# check that there are no existing segments in that address
if idc.SegStart(addr) == idc.BADADDR:
print "[+] creating seg: 0x%08X: %d" % (addr, 4)
idc.AddSegEx(addr,
addr + 4, 0, 0,
idaapi.saRelPara, idaapi.scPub,
idc.ADDSEG_FILLGAP)
elif verbose:
print "[!] Skipping creation of existing segment.."
# set it as execuable
idc.SetSegmentAttr(addr, idc.SEGATTR_PERM, SEGPERM_EXEC)
if verbose:
print "[+] making name: %s" % (export_name)
make_name(addr, export_name)
python类scPub()的实例源码
def main(argv=None):
if argv is None:
argv = sys.argv[:]
try:
seg = prompt_for_segment()
except BadInputError:
logger.error('bad input, exiting...')
return -1
with open(seg.path, 'rb') as f:
buf = f.read()
seglen = len(buf)
if seglen % 0x1000 != 0:
seglen = seglen + (0x1000 - (seglen % 0x1000))
if not idc.AddSeg(seg.addr, seg.addr + seglen, 0, 1, 0, idaapi.scPub):
logger.error('failed to add segment: 0x%x', seg.addr)
return -1
if not idc.RenameSeg(seg.addr, seg.name):
logger.warning('failed to rename segment: %s', seg.name)
if not idc.SetSegClass(seg.addr, 'CODE'):
logger.warning('failed to set segment class CODE: %s', seg.name)
if not idc.SegAlign(seg.addr, idc.saRelPara):
logger.warning('failed to align segment: %s', seg.name)
idaapi.patch_many_bytes(seg.addr, buf)
def map_segments(segments, dsc_file, verbose=True):
for segaddr, segsize, segdata in segments:
print "[+] creating seg: 0x%08X: %d" % (segaddr, segsize)
# check that there are no existing segments in that address
if idc.SegStart(segaddr) == idc.BADADDR:
idc.AddSegEx(segaddr,
segaddr + segsize, 0, 0,
idaapi.saRelPara, idaapi.scPub,
idc.ADDSEG_FILLGAP)
# set it as read-only
idc.SetSegmentAttr(segaddr, idc.SEGATTR_PERM, SEGPERM_READ)
else:
print "[!] Skipping creation of existing segment.."
# after mapping the segment, write the data to the db.
try:
for addr, size, macho_offset in segdata:
dsc_file.seek(macho_offset)
memcpy(addr, dsc_file.read(size))
if verbose:
print "0x%X, 0x%06X, 0x%06X: %s" % (addr,
size,
macho_offset,
dsc_file.read(size))
except Exception:
print segdata
raise
def readToSegment(li, src, size, target, name):
li.seek(src)
data = li.read(size)
idaapi.mem2base(data, target)
AddSeg(target,target + size,0,1,idaapi.saRelWord, idaapi.scPub)
RenameSeg(target, name)
# -----------------------------------------------------------------------
def new(offset, size, name, **kwds):
"""Create a segment at ``offset`` with ``size`` and name it according to ``name``.
``bits`` can be used to specify the bit size of the segment
``comb`` can be used to specify any flags (idaapi.sc*)
``align`` can be used to specify paragraph alignment (idaapi.sa*)
``org`` specifies the origin of the segment (must be paragraph aligned due to ida)
"""
s = idaapi.get_segm_by_name(name)
if s is not None:
logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : a segment with the specified name already exists : {:s}".format(__name__, offset, size, name, kwds, name))
return None
bits = kwds.get( 'bits', 32 if idaapi.getseg(offset) is None else idaapi.getseg(offset).abits()) # FIXME: use disassembler default bit length instead of 32
if bits == 16:
## create a selector with the requested origin
org = kwds.get('org',0)
if org&0xf > 0:
logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : origin (.org) is not aligned to the size of a paragraph (0x10) : {:x}".format(__name__, offset, size, name, kwds, org))
return None
para = offset/16
sel = idaapi.allocate_selector(para)
idaapi.set_selector(sel, (para-kwds.get('org',0)/16)&0xffffffff)
else:
## auto-create a selector for everything else
sel = idaapi.setup_selector(kwds['selector']) if 'selector' in kwds else idaapi.find_free_selector()
# create segment. ripped from idc
s = idaapi.segment_t()
s.startEA = offset
s.endEA = offset+size
s.sel = sel
s.bitness = {16:0,32:1,64:2}[bits]
s.comb = kwds.get('comb', idaapi.scPub) # public
s.align = kwds.get('align', idaapi.saRelByte) # paragraphs
res = idaapi.add_segm_ex(s, name, "", idaapi.ADDSEG_NOSREG|idaapi.ADDSEG_SPARSE)
if res == 0:
logging.warn("{:s}.new({:x}, {:x}, {!r}, {!r}) : unable to add a new segment".format(__name__, offset, size, name, kwds))
res = idaapi.del_selector(sel)
#assert res != 0
return None
return s
def map_shared_bridges(dsc_file, adrfind):
""" finds branch islands in a given dyld_shared_cache file,
maps them to IDA's db and extract its addresses """
dsc_file.seek(0, 2)
filesize = dsc_file.tell()
dsc_file.seek(0)
ACCESS_READ = 1
a = mmap.mmap(dsc_file.fileno(), length=filesize, access=ACCESS_READ)
reexp = re.compile("\xcf\xfa\xed\xfe.{340,360}dyld_shared_cache_branch_islands")
print "[+] scanning dsc for BRANCH ISLANDS"
# this list will hold all our branch_islands segments
branch_islands_segments = []
jmp_to_code = collections.defaultdict(list)
for ma in reexp.finditer(a):
print "[+] WRITING BRANCH ISLAND: 0x%08X" % (ma.start())
fif = FileInFile(dsc_file, ma.start())
m = MachO_patched(fif)
if _IN_IDA:
for seg in m.segments:
for sec in seg.sections:
idc.AddSegEx(sec.addr,
sec.addr + sec.size, 0, 0,
idaapi.saRelPara, idaapi.scPub,
idc.ADDSEG_FILLGAP)
name = "branch_islands_%X%s%s" % (ma.start(), seg.segname, sec.sectname)
idc.RenameSeg(sec.addr, name)
idc.SetSegClass(sec.addr, "CODE")
idc.SetSegAddressing(sec.addr, 2)
dsc_file.seek(sec.offset)
memcpy(sec.addr, dsc_file.read(sec.size))
branch_islands_segments.append(sec.addr)
# make code
codeea = sec.addr
print "Going through the code!"
while codeea < (sec.addr + sec.size):
res = idc.MakeCode(codeea)
if not res:
print "[!] EA:0x%X ERR while making code" % codeea
codeea += 4
continue
d = idc.GetDisasm(codeea)
# if it's a "B 0x4dd13550"
if d.startswith("B "):
addr = d.split()[1]
if addr.startswith("0x"):
branchaddr = int(addr, 16)
jmp_to_code[branchaddr].append(codeea)
# idc.MakeRptCmt(codeea, "0x%X was taken!" % branchaddr)
codeea = idc.FindUnexplored(codeea, idc.SEARCH_DOWN)
label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code)
