Last active
April 29, 2018 13:29
-
-
Save SilverBut/a9208472c967cac42144cbc6661187b0 to your computer and use it in GitHub Desktop.
[AutoMakeFunc] Solve an IDA problem when liner-down scan can not identify functions directly attached to the current function. Only work under IDA 6.95. Now works for PowerPC. #tags: IDAPython, IDA, reverse, powerpc, ppc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import logging | |
| logger = logging.getLogger(__name__) | |
| lv = logging.DEBUG | |
| map(logger.removeHandler, logger.handlers[:]) | |
| map(logger.removeFilter, logger.filters[:]) | |
| logger.setLevel(lv) | |
| ch = logging.StreamHandler() | |
| ch.setLevel(lv) | |
| formatter = logging.Formatter("[%(levelname)s] %(asctime)-2s <%(funcName)s:%(lineno)s> %(message)s", "%H:%M:%S") | |
| ch.setFormatter(formatter) | |
| logger.addHandler(ch) | |
| START_FLAG = [0x1821,0x580D,0x590D,0x1C6D,0x0134,0x7465,0x7460]+range(0x8803,0x8807)+range(0x4803,0x4825) | |
| def AutoMakeFunc(start_ea=None): | |
| if start_ea == None: | |
| start_ea = ida_kernwin.get_screen_ea() | |
| ealist = [start_ea] | |
| logger.info("Called with ea=0x%X"%start_ea) | |
| while ealist: | |
| ea = ealist.pop() | |
| ida_kernwin.jumpto(ea) | |
| if ida_funcs.get_func(ea): # already a func, skip | |
| func = get_func(ea) | |
| if type(func.endEA) == list: | |
| ealist += func.endEA | |
| elif type(func.endEA) == long: | |
| ealist.append(func.endEA) | |
| continue | |
| if not get_word(ea) in START_FLAG: | |
| ida_kernwin.beep() | |
| ret = ida_kernwin.askbuttons_c( | |
| "Force", "Ignore", "Preview", | |
| -1, | |
| "Met a bad start flag %X at 0x%x. How to process?"%( | |
| get_word(ea), | |
| ea | |
| )) | |
| if ret == -1: | |
| plen = ida_ua.create_insn(ea) | |
| ida_auto.autoWait() | |
| ida_kernwin.beep() | |
| ida_kernwin.jumpto(ea) | |
| ret = ida_kernwin.askyn_c( | |
| 1, | |
| "HIDECANCEL\nSure?") | |
| if not ret: | |
| ida_bytes.do_unknown_range(ea,plen,1) | |
| if ret: | |
| choosen = "Forced" | |
| else: | |
| choosen = "Ignored" | |
| logger.warn("Met a bad start flag %X at 0x%x. %s."%( | |
| get_word(ea), | |
| ea, | |
| choosen | |
| )) | |
| if not ret: | |
| continue | |
| ida_ua.create_insn(ea) | |
| ida_funcs.add_func(ea, BADADDR) | |
| func = get_func(ea) | |
| assert func | |
| logger.debug("Added function from 0x%x to 0x%x"%( | |
| func.startEA, | |
| func.endEA | |
| )) | |
| if type(func.endEA) == list: | |
| ealist += func.endEA | |
| elif type(func.endEA) == long: | |
| ealist.append(func.endEA) | |
| else: | |
| logger.warning("Met a string endEA type %s at 0x%x. Exit."%( | |
| type(func.endEA), | |
| ea | |
| )) | |
| break | |
| logger.info("Initialize finished.") | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment