averne/applypattern-ghidra.py

## applypattern-ghidra.py
#!/bin/python2

import os, sys
import re
import lib.nxo64 as nxo64

def main(pattern, filename):
    f = nxo64.load_nxo(open(filename, 'rb'))

    f.binfile.seek(0)
    target_text = f.binfile.read(f.textsize)

    rows = eval('[' + open(pattern).read() + ']')

    path = os.path.join(os.path.expanduser("~"), "ghidra_scripts", os.path.basename(filename) + '-sdk-syms.py')
    with open(path, "wb") as f:

        f.write('syms = [\n')
        for value, size, regex, name in rows:
            #print '(0x%X, 0x%X, %r, %r),' % (sym.value, sym.size, regex, sym.name)
            positions = [m.start() for m in re.finditer(regex, target_text)]
            if len(positions) == 1:
                f.write('    (0x%X, %r),\n' % (0x7100000000 + positions[0], name))
        f.write(']\n')

        f.write("""
from ghidra.program.model.symbol import SourceType
from ghidra.app.cmd.label import DemanglerCmd

class FunctionIterator():
    cur_func = getFunctionAt(currentProgram.getMinAddress())

    def __iter__(self):
        return self

    def next(self):
        self.cur_func = getFunctionAfter(self.cur_func)
        if self.cur_func is None:
            raise StopIteration
        return self.cur_func


def set_demangled_name(addr, name):
    cmd = DemanglerCmd(addr, name)
    return cmd.applyTo(currentProgram, monitor), cmd.getResult()


failed = []
for i, (addr, name) in enumerate(syms):
    addr = toAddr(addr)

    f = getFunctionAt(addr)
    if f is None:
        f = createFunction(addr, name)
    if f is None:
        failed.append((addr, name))

    res, demangled = set_demangled_name(addr, name)
    if demangled is None:                       # Demangle failed, likely because the name was not mangled
        f.setName(name, SourceType.ANALYSIS)    # Fall back to the original name
        demangled = name

    if res:
        print("[%d/%d] Applied symbol at %s (%s)" % (i + 1, len(syms), addr, demangled))
    else:
        failed.append((addr, name))

# Created functions will not get renamed to their demangled symbol
# Forcefully set it
for func in FunctionIterator():
    name, addr = str(func), func.getEntryPoint()
    if (name.startswith("_Z")):
        removeSymbol(addr, name)
        res, demangled = set_demangled_name(addr, name)
        if res:
            print("Forcefully demangled symbol at %s (%s)" % (addr, demangled))
        else:
            failed.append((addr, name))

for addr, name in failed:
    print("FAILED to apply symbol at %s (%s)" % (addr, name))
""")

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print 'usage: applypattern.py pattern.txt [nxo files...]'
        print 'writes output to input ~/ghidra_scripts + filename + "-sdk-syms.py"'
    for filename in sys.argv[2:]:
        main(sys.argv[1], filename)
	#!/bin/python2

	import os, sys
	import re
	import lib.nxo64 as nxo64

	def main(pattern, filename):
	f = nxo64.load_nxo(open(filename, 'rb'))

	f.binfile.seek(0)
	target_text = f.binfile.read(f.textsize)

	rows = eval('[' + open(pattern).read() + ']')

	path = os.path.join(os.path.expanduser("~"), "ghidra_scripts", os.path.basename(filename) + '-sdk-syms.py')
	with open(path, "wb") as f:

	f.write('syms = [\n')
	for value, size, regex, name in rows:
	#print '(0x%X, 0x%X, %r, %r),' % (sym.value, sym.size, regex, sym.name)
	positions = [m.start() for m in re.finditer(regex, target_text)]
	if len(positions) == 1:
	f.write(' (0x%X, %r),\n' % (0x7100000000 + positions[0], name))
	f.write(']\n')

	f.write("""
	from ghidra.program.model.symbol import SourceType
	from ghidra.app.cmd.label import DemanglerCmd

	class FunctionIterator():
	cur_func = getFunctionAt(currentProgram.getMinAddress())

	def __iter__(self):
	return self

	def next(self):
	self.cur_func = getFunctionAfter(self.cur_func)
	if self.cur_func is None:
	raise StopIteration
	return self.cur_func


	def set_demangled_name(addr, name):
	cmd = DemanglerCmd(addr, name)
	return cmd.applyTo(currentProgram, monitor), cmd.getResult()


	failed = []
	for i, (addr, name) in enumerate(syms):
	addr = toAddr(addr)

	f = getFunctionAt(addr)
	if f is None:
	f = createFunction(addr, name)
	if f is None:
	failed.append((addr, name))

	res, demangled = set_demangled_name(addr, name)
	if demangled is None: # Demangle failed, likely because the name was not mangled
	f.setName(name, SourceType.ANALYSIS) # Fall back to the original name
	demangled = name

	if res:
	print("[%d/%d] Applied symbol at %s (%s)" % (i + 1, len(syms), addr, demangled))
	else:
	failed.append((addr, name))

	# Created functions will not get renamed to their demangled symbol
	# Forcefully set it
	for func in FunctionIterator():
	name, addr = str(func), func.getEntryPoint()
	if (name.startswith("_Z")):
	removeSymbol(addr, name)
	res, demangled = set_demangled_name(addr, name)
	if res:
	print("Forcefully demangled symbol at %s (%s)" % (addr, demangled))
	else:
	failed.append((addr, name))

	for addr, name in failed:
	print("FAILED to apply symbol at %s (%s)" % (addr, name))
	""")

	if __name__ == '__main__':
	if len(sys.argv) < 2:
	print 'usage: applypattern.py pattern.txt [nxo files...]'
	print 'writes output to input ~/ghidra_scripts + filename + "-sdk-syms.py"'
	for filename in sys.argv[2:]:
	main(sys.argv[1], filename)