Created
March 31, 2013 02:05
-
-
Save endeav0r/5279181 to your computer and use it in GitHub Desktop.
requires darm ( https://github.com/jbremer/darm ). set start and end to the beginning of PLT entries, and end to the end of PLT. will go through and label PLT entries in hopper.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import darm | |
| start = 0xbac0 | |
| end = 0xc860 | |
| doc = Document.getCurrentDocument() | |
| seg = doc.getCurrentSegment() | |
| def label_plt_entry(adr) : | |
| def dis_at_addr(adr) : | |
| insbytes = seg.readByte(adr) | |
| insbytes |= seg.readByte(adr + 1) << 8 | |
| insbytes |= seg.readByte(adr + 2) << 16 | |
| insbytes |= seg.readByte(adr + 3) << 24 | |
| return darm.disasm(insbytes) | |
| d = dis_at_addr(adr) | |
| targetaddr = adr + d.imm + 8 | |
| d = dis_at_addr(adr + 4) | |
| targetaddr += d.imm | |
| d = dis_at_addr(adr + 8) | |
| targetaddr += d.imm | |
| gotname = doc.getNameAtAddress(targetaddr) | |
| if gotname[:7] == '__imp__' : | |
| pltname = gotname[7:] + '_at_plt' | |
| print 'creating plt function for ' + pltname | |
| doc.setNameAtAddress(adr, pltname) | |
| else : | |
| doc.log("gotname not found") | |
| doc.log("targetaddr = " + hex(targetaddr)) | |
| i = start | |
| while i < end : | |
| label_plt_entry(i) | |
| i = i + 12 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment